Skip to content

Don't create API key for disabled alerts when calling create API#57041

Merged
mikecote merged 5 commits intoelastic:masterfrom
mikecote:alerting/api-key-on-create-fix
Feb 10, 2020
Merged

Don't create API key for disabled alerts when calling create API#57041
mikecote merged 5 commits intoelastic:masterfrom
mikecote:alerting/api-key-on-create-fix

Conversation

@mikecote
Copy link
Copy Markdown
Contributor

@mikecote mikecote commented Feb 6, 2020

Fixes #57036.

In this PR, I'm changing the create function within the alerts client to not create an API key when the alert is created as disabled.

I'm also refactoring a bit of the unit tests for alerts client create function.

@mikecote mikecote added review Feature:Alerting v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.7.0 Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t// labels Feb 6, 2020
@mikecote mikecote requested a review from a team as a code owner February 6, 2020 21:10
@mikecote mikecote self-assigned this Feb 6, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 6, 2020

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 6, 2020

💔 Build Failed

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Alerting API Integration Tests.x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/find·ts.alerting api integration security and spaces enabled Alerting find superuser at space1 should handle find alert request with filter appropriately

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: alerting api integration security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:00:00]           └-> "before all" hook
[00:00:00]             │ debg creating space
[00:00:01]             │ debg created space
[00:00:01]             │ debg creating space
[00:00:02]             │ debg created space
[00:00:02]             │ debg creating space
[00:00:03]             │ debg created space
[00:00:03]             │ debg creating user no_kibana_privileges
[00:00:04]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [no_kibana_privileges]
[00:00:04]             │ debg created user no_kibana_privileges
[00:00:04]             │ debg creating role no_kibana_privileges
[00:00:04]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added role [no_kibana_privileges]
[00:00:04]             │ debg created role no_kibana_privileges
[00:00:04]             │ debg creating user superuser
[00:00:04]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [superuser]
[00:00:04]             │ debg created user superuser
[00:00:04]             │ debg creating user global_read
[00:00:04]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [global_read]
[00:00:04]             │ debg created user global_read
[00:00:04]             │ debg creating role global_read_role
[00:00:04]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added role [global_read_role]
[00:00:04]             │ debg created role global_read_role
[00:00:04]             │ debg creating user space_1_all
[00:00:04]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [space_1_all]
[00:00:04]             │ debg created user space_1_all
[00:00:04]             │ debg creating role space_1_all_role
[00:00:04]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added role [space_1_all_role]
[00:00:04]             │ debg created role space_1_all_role
[00:03:03]           └-: Alerting
[00:03:03]             └-> "before all" hook
[00:04:47]             └-: find
[00:04:47]               └-> "before all" hook
[00:04:57]               └-: superuser at space1
[00:04:57]                 └-> "before all" hook
[00:04:57]                 └-> should handle find alert request appropriately
[00:04:57]                   └-> "before each" hook: global before each
[00:04:59]                   └- ✓ pass  (2.3s) "alerting api integration security and spaces enabled Alerting find superuser at space1 should handle find alert request appropriately"
[00:04:59]                 └-> "after each" hook
[00:04:59]                   │ proc [kibana]   log   [23:01:43.866] [error][alerting][plugins] Executing Alert "66d8a863-84ca-4523-be01-0ced4ffb8c21" has resulted in Error: Saved object [alert/66d8a863-84ca-4523-be01-0ced4ffb8c21] not found
[00:05:01]                 └-> should handle find alert request with filter appropriately
[00:05:01]                   └-> "before each" hook: global before each
[00:05:02]                   └- ✖ fail: "alerting api integration security and spaces enabled Alerting find superuser at space1 should handle find alert request with filter appropriately"
[00:05:02]                   │

Stack Trace

{ Error: expected { id: '472a8f01-36d2-44ec-97b2-99fa52be3f4a',
  enabled: false,
  name: 'abc',
  tags: [ 'foo' ],
  alertTypeId: 'test.noop',
  consumer: 'bar',
  schedule: { interval: '1m' },
  throttle: '1m',
  actions: 
   [ { group: 'default',
       params: {},
       actionTypeId: 'test.noop',
       id: 'eb613efd-eefe-41b4-a702-e1f51b5c93f6' } ],
  params: {},
  apiKeyOwner: null,
  createdBy: 'elastic',
  updatedBy: 'elastic',
  createdAt: '2020-02-06T23:01:45.634Z',
  muteAll: false,
  mutedInstanceIds: [],
  updatedAt: '2020-02-06T23:01:45.639Z' } to sort of equal { id: '472a8f01-36d2-44ec-97b2-99fa52be3f4a',
  name: 'abc',
  tags: [ 'foo' ],
  alertTypeId: 'test.noop',
  consumer: 'bar',
  schedule: { interval: '1m' },
  enabled: false,
  actions: 
   [ { id: 'eb613efd-eefe-41b4-a702-e1f51b5c93f6',
       group: 'default',
       actionTypeId: 'test.noop',
       params: {} } ],
  params: {},
  createdBy: 'elastic',
  throttle: '1m',
  updatedBy: 'elastic',
  apiKeyOwner: 'elastic',
  muteAll: false,
  mutedInstanceIds: [],
  createdAt: '2020-02-06T23:01:45.634Z',
  updatedAt: '2020-02-06T23:01:45.639Z' }
    at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
    at Context.it (test/alerting_api_integration/security_and_spaces/tests/alerting/find.ts:141:32)
  actual:
   '{\n  "actions": [\n    {\n      "actionTypeId": "test.noop"\n      "group": "default"\n      "id": "eb613efd-eefe-41b4-a702-e1f51b5c93f6"\n      "params": {}\n    }\n  ]\n  "alertTypeId": "test.noop"\n  "apiKeyOwner": [null]\n  "consumer": "bar"\n  "createdAt": "2020-02-06T23:01:45.634Z"\n  "createdBy": "elastic"\n  "enabled": false\n  "id": "472a8f01-36d2-44ec-97b2-99fa52be3f4a"\n  "muteAll": false\n  "mutedInstanceIds": []\n  "name": "abc"\n  "params": {}\n  "schedule": {\n    "interval": "1m"\n  }\n  "tags": [\n    "foo"\n  ]\n  "throttle": "1m"\n  "updatedAt": "2020-02-06T23:01:45.639Z"\n  "updatedBy": "elastic"\n}',
  expected:
   '{\n  "actions": [\n    {\n      "actionTypeId": "test.noop"\n      "group": "default"\n      "id": "eb613efd-eefe-41b4-a702-e1f51b5c93f6"\n      "params": {}\n    }\n  ]\n  "alertTypeId": "test.noop"\n  "apiKeyOwner": "elastic"\n  "consumer": "bar"\n  "createdAt": "2020-02-06T23:01:45.634Z"\n  "createdBy": "elastic"\n  "enabled": false\n  "id": "472a8f01-36d2-44ec-97b2-99fa52be3f4a"\n  "muteAll": false\n  "mutedInstanceIds": []\n  "name": "abc"\n  "params": {}\n  "schedule": {\n    "interval": "1m"\n  }\n  "tags": [\n    "foo"\n  ]\n  "throttle": "1m"\n  "updatedAt": "2020-02-06T23:01:45.639Z"\n  "updatedBy": "elastic"\n}',
  showDiff: true }
Kibana Pipeline / kibana-xpack-agent / X-Pack Alerting API Integration Tests.x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/find·ts.alerting api integration security and spaces enabled Alerting find superuser at space1 should handle find alert request with filter appropriately

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: alerting api integration security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:00:00]           └-> "before all" hook
[00:00:00]             │ debg creating space
[00:00:02]             │ debg created space
[00:00:02]             │ debg creating space
[00:00:03]             │ debg created space
[00:00:03]             │ debg creating space
[00:00:04]             │ debg created space
[00:00:04]             │ debg creating user no_kibana_privileges
[00:00:04]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [no_kibana_privileges]
[00:00:04]             │ debg created user no_kibana_privileges
[00:00:04]             │ debg creating role no_kibana_privileges
[00:00:04]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added role [no_kibana_privileges]
[00:00:04]             │ debg created role no_kibana_privileges
[00:00:04]             │ debg creating user superuser
[00:00:05]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [superuser]
[00:00:05]             │ debg created user superuser
[00:00:05]             │ debg creating user global_read
[00:00:05]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [global_read]
[00:00:05]             │ debg created user global_read
[00:00:05]             │ debg creating role global_read_role
[00:00:05]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added role [global_read_role]
[00:00:05]             │ debg created role global_read_role
[00:00:05]             │ debg creating user space_1_all
[00:00:05]             │ info [o.e.x.s.a.u.TransportPutUserAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added user [space_1_all]
[00:00:05]             │ debg created user space_1_all
[00:00:05]             │ debg creating role space_1_all_role
[00:00:05]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [kibana-ci-immutable-oraclelinux-tests-xl-1581023622738853009] added role [space_1_all_role]
[00:00:05]             │ debg created role space_1_all_role
[00:03:05]           └-: Alerting
[00:03:05]             └-> "before all" hook
[00:04:49]             └-: find
[00:04:49]               └-> "before all" hook
[00:04:59]               └-: superuser at space1
[00:04:59]                 └-> "before all" hook
[00:04:59]                 └-> should handle find alert request appropriately
[00:04:59]                   └-> "before each" hook: global before each
[00:05:02]                   └- ✓ pass  (2.5s) "alerting api integration security and spaces enabled Alerting find superuser at space1 should handle find alert request appropriately"
[00:05:02]                 └-> "after each" hook
[00:05:02]                   │ proc [kibana]   log   [22:22:15.175] [error][alerting][plugins] Executing Alert "3047f72c-0f39-4b34-a4a5-525f57779fdf" has resulted in Error: Saved object [alert/3047f72c-0f39-4b34-a4a5-525f57779fdf] not found
[00:05:03]                 └-> should handle find alert request with filter appropriately
[00:05:03]                   └-> "before each" hook: global before each
[00:05:05]                   └- ✖ fail: "alerting api integration security and spaces enabled Alerting find superuser at space1 should handle find alert request with filter appropriately"
[00:05:05]                   │

Stack Trace

{ Error: expected { id: '6343779c-2fa1-450d-b5a3-17b2c87a1da9',
  enabled: false,
  name: 'abc',
  tags: [ 'foo' ],
  alertTypeId: 'test.noop',
  consumer: 'bar',
  schedule: { interval: '1m' },
  throttle: '1m',
  actions: 
   [ { group: 'default',
       params: {},
       actionTypeId: 'test.noop',
       id: '5a5806dc-daa4-4d7f-8e91-2b43c8b5e396' } ],
  params: {},
  apiKeyOwner: null,
  createdBy: 'elastic',
  updatedBy: 'elastic',
  createdAt: '2020-02-06T22:22:16.639Z',
  muteAll: false,
  mutedInstanceIds: [],
  updatedAt: '2020-02-06T22:22:16.644Z' } to sort of equal { id: '6343779c-2fa1-450d-b5a3-17b2c87a1da9',
  name: 'abc',
  tags: [ 'foo' ],
  alertTypeId: 'test.noop',
  consumer: 'bar',
  schedule: { interval: '1m' },
  enabled: false,
  actions: 
   [ { id: '5a5806dc-daa4-4d7f-8e91-2b43c8b5e396',
       group: 'default',
       actionTypeId: 'test.noop',
       params: {} } ],
  params: {},
  createdBy: 'elastic',
  throttle: '1m',
  updatedBy: 'elastic',
  apiKeyOwner: 'elastic',
  muteAll: false,
  mutedInstanceIds: [],
  createdAt: '2020-02-06T22:22:16.639Z',
  updatedAt: '2020-02-06T22:22:16.644Z' }
    at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
    at Context.it (test/alerting_api_integration/security_and_spaces/tests/alerting/find.ts:141:32)
  actual:
   '{\n  "actions": [\n    {\n      "actionTypeId": "test.noop"\n      "group": "default"\n      "id": "5a5806dc-daa4-4d7f-8e91-2b43c8b5e396"\n      "params": {}\n    }\n  ]\n  "alertTypeId": "test.noop"\n  "apiKeyOwner": [null]\n  "consumer": "bar"\n  "createdAt": "2020-02-06T22:22:16.639Z"\n  "createdBy": "elastic"\n  "enabled": false\n  "id": "6343779c-2fa1-450d-b5a3-17b2c87a1da9"\n  "muteAll": false\n  "mutedInstanceIds": []\n  "name": "abc"\n  "params": {}\n  "schedule": {\n    "interval": "1m"\n  }\n  "tags": [\n    "foo"\n  ]\n  "throttle": "1m"\n  "updatedAt": "2020-02-06T22:22:16.644Z"\n  "updatedBy": "elastic"\n}',
  expected:
   '{\n  "actions": [\n    {\n      "actionTypeId": "test.noop"\n      "group": "default"\n      "id": "5a5806dc-daa4-4d7f-8e91-2b43c8b5e396"\n      "params": {}\n    }\n  ]\n  "alertTypeId": "test.noop"\n  "apiKeyOwner": "elastic"\n  "consumer": "bar"\n  "createdAt": "2020-02-06T22:22:16.639Z"\n  "createdBy": "elastic"\n  "enabled": false\n  "id": "6343779c-2fa1-450d-b5a3-17b2c87a1da9"\n  "muteAll": false\n  "mutedInstanceIds": []\n  "name": "abc"\n  "params": {}\n  "schedule": {\n    "interval": "1m"\n  }\n  "tags": [\n    "foo"\n  ]\n  "throttle": "1m"\n  "updatedAt": "2020-02-06T22:22:16.644Z"\n  "updatedBy": "elastic"\n}',
  showDiff: true }

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@peterschretlen peterschretlen self-requested a review February 7, 2020 14:11
peterschretlen
peterschretlen approved these changes Feb 7, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@peterschretlen peterschretlen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Tested with SIEM and this is a nice change for detection engine: before this fix, when you loaded the pre-built signal rules, each would create an API key even though none of them were turned on. Now we only create keys for the ones actually being used 👍

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 7, 2020

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

YulNaumenko
YulNaumenko approved these changes Feb 7, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pmuellr
pmuellr approved these changes Feb 7, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, left a comment ...

x-pack/legacy/plugins/alerting/server/alerts_client.test.ts Outdated

test(`doesn't create API key for disabled alerts`, async () => {
const data = getMockData({ enabled: false });
alertsClientParams.createAPIKey.mockResolvedValueOnce({
Copy link
Copy Markdown
Contributor

@pmuellr pmuellr Feb 7, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is needed, given

expect(alertsClientParams.createAPIKey).not.toHaveBeenCalled();

But I also suspect it could be useful if we ever start calling this, so ... it's fine. Perhaps a comment that it's not expected this will actually get called ...

Copy link
Copy Markdown
Contributor Author

@mikecote mikecote Feb 10, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch! I went ahead and removed it here: 31ead6d and maybe in a future refactor this code will move into a beforeEach for the ones that do call that function.

@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Feb 10, 2020

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@mikecote mikecote merged commit 1f87f3a into elastic:master Feb 10, 2020
mikecote added a commit to mikecote/kibana that referenced this pull request Feb 10, 2020
@mikecote
Don't create API key for disabled alerts when calling create API (ela…
ad85569 
…stic#57041)

* Don't create API key for disabled alerts when calling create API

* Fix failing test

* Remove unused code in test
@mikecote mikecote mentioned this pull request Feb 10, 2020
Merged
mikecote added a commit that referenced this pull request Feb 10, 2020
@mikecote @elasticmachine
Don't create API key for disabled alerts when calling create API (#57041
5e1b861 
) (#57239)

* Don't create API key for disabled alerts when calling create API

* Fix failing test

* Remove unused code in test

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Feb 11, 2020
@gmmorris
Merge branch 'master' into alerting/alert-instances
91bd390 
* master: (34 commits)
  [Index management] Server-side NP ready (elastic#56829)
  Webhook action - make user and password secrets optional (elastic#56823)
  [DOCS] Removes reference to IRC (elastic#57245)
  [Monitoring] NP migration: Local angular module (elastic#51823)
  [SIEM] Adds ECS link to help menu (elastic#57104)
  Ensure http interceptors are shares across lifecycle methods (elastic#57150)
  [Remote clusters] Migrate server code out of legacy (elastic#56781)
  fixes render bug in alert list (elastic#57152)
  siem 7.6 updates (elastic#57169)
  Make the update alert API key API work when AAD is out of sync (elastic#56640)
  fix(NA): MaxListenersExceededWarning on getLoggerStream (elastic#57133)
  [Metrics UI] Setup commonly used time ranges in timepicker (elastic#56701)
  [Maps] set filter.meta.key to geoFieldName so query passes filterMatchesIndex when ignoreFilterIfFieldNotInIndex is true (elastic#56692)
  Create plugin mock for event log plugin (elastic#57048)
  fix ts error on master (elastic#57236)
  Don't create API key for disabled alerts when calling create API (elastic#57041)
  Fix enable and disable API to still work when AAD is out of sync (elastic#56634)
  [DOCS] Canvas embed objects (elastic#57156)
  Delete autocomplete namespace (elastic#57187)
  Security - Inject logout url (elastic#57201)
  ...
@mikecote mikecote added release_note:fix and removed release_note:skip Skip the PR/issue when compiling release notes labels Apr 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmuellr pmuellr pmuellr approved these changes

@YulNaumenko YulNaumenko YulNaumenko approved these changes

+1 more reviewer

@peterschretlen peterschretlen peterschretlen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mikecote mikecote

Labels

Feature:Alerting release_note:fix review Team:ResponseOps Platform ResponseOps team (formerly the Cases and Alerting teams) t// v7.7.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

API key gets created for disabled alerts (create API)

6 participants

@mikecote @elasticmachine @kibanamachine @pmuellr @peterschretlen @YulNaumenko