[Alerting] Hides the alert SavedObjects type#66719
Merged
gmmorris merged 23 commits intoelastic:masterfrom May 21, 2020
Merged
Conversation
* master: (191 commits) [Maps] Get number of categories from palette (elastic#66454) move oss features registration to KP (elastic#66524) [kbn/plugin-helpers] typescript-ify (elastic#66513) Add kibana-operations as codeowners for .ci/es-snapshots and vars/ (elastic#66746) FTR: move basic services under common folder (elastic#66563) Migrate Beats Management UI to KP (elastic#65791) [CI] Add 20 minutes to overall build timeout lint import from restricted zones for export exressions (elastic#66588) [SIEM][Detection Engine] Add validation for Rule Actions (elastic#63332) KP plugins shouldn't need package.json (elastic#66654) Replace agent metrics link with the new one (elastic#66632) [CI] Add one retry to setup step (elastic#66638) [CI] Add slack alerts to tracked branch jobs, change default channel, change formatting (elastic#66580) [docLinks] Add docLinks to CoreSetup. (elastic#66631) [DOCS] Rename monitoring collection from internal to legacy (elastic#65781) unskip newsfeed tests (elastic#66562) [NP] Migrate uiSettings owned by Kibana app (elastic#64321) [ML] Functional tests - stabilize typing in DFA mml input (elastic#66706) [Map] return bounding box for static feature collection without joins (elastic#66607) remove trailing slash in graph sample data links (elastic#66358) ...
* master: [ML] fix url assertion (elastic#66850) Skip failing lens test(s). elastic#66779 [SOM] Preserve saved object references when saving the object (elastic#66584) Use ES API from start contract (elastic#66157) Reorganize Management apps into Ingest, Data, Alerts and Insights, Security, Kibana, and Stack groups (elastic#65796) [Uptime] Fix flaky navigation to certs page in tests (elastic#66806) [Maps] Do not check count for blended layers when layer is not visible (elastic#66460) [SIEM] Fixes glob patterns from directory changes recently for GraphQL chore(NA): bump static-fs to 1.0.2 (elastic#66775) [Maps] Handle cross cluster index _settings resp (elastic#66797) [SIEM][Lists] Adds 90% of the REST API and client API for exception lists and exception items allow any type for customResponseHeaders config (elastic#66689) [APM] Disable map layout animation (elastic#66763) [ML] Add linking to dataframe from job management tab (elastic#65778)
… into saved-objects/scoped-client-with-extra-types * saved-objects/scoped-client-with-included-hidden-types: added support for including hidden types in saved objects client
… into saved-objects/scoped-client-with-extra-types * saved-objects/scoped-client-with-included-hidden-types: adds a getClient api to Encrypted Saved Objects cleaned up some test descriptions
Contributor
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
* master: (24 commits) [APM] agent config 'profiling_inferred_spans_min_duration' default value is '0ms' but the min value in the field is '1ms' (elastic#66886) [Canvas] Fix flaky custom element functional tests (elastic#65908) Fix IE specific flexbox min-height issue (elastic#66555) [Discover] Unskip doc link functional test (elastic#66884) Index pattern management to Kibana platform (elastic#65026) Warning and link to support matrix for IE11 (elastic#66512) [Reporting] Consolidate Server Type Defs, move some out of Legacy (elastic#66144) [SIEM] [Maps] Fixes Network Map empty tooltip (elastic#66828) [Endpoint] Encode the index of the alert in the id response (elastic#66919) [services/testSubjects] reduce retry usage, add waitForEnabled (elastic#66538) [DOCS] Identifies cloud settings for APM (elastic#66935) [SIEM][CASE] Fix configuration's page user experience (elastic#66029) Resolver: Display node 75% view submenus (elastic#64121) [SIEM] Cases] Capture timeline click and open timeline in case view (elastic#66327) [APM] Lowercase agent names so icons work (elastic#66824) [dev/cli] add support for --no-cache (elastic#66837) [Ingest Manager] Better handling of package installation problems (elastic#66541) [ML] Enhances api docs for modules endpoints (elastic#66738) dont hide errors (elastic#66764) [RFC] Global search API (elastic#64284) ...
alert SavedObjects type
* master: (33 commits) [Saved Objects] adds support for including hidden types in saved objects client (elastic#66879) [Discover] Deangularize timechart header (elastic#66532) [Discover] Improve and unskip a11y context view test (elastic#66959) [SIEM] Refactor Timeline.timelineType draft to Timeline.status draft (elastic#66864) docs: update RUM documentation link (elastic#67042) [QA] fixup coverage ingestion tests. (elastic#66905) [Metrics UI] Add support for multiple groupings to Metrics Explorer (and Alerts) (elastic#66503) [Metrics UI] Add sorting for name and value to Inventory View (elastic#66644) [Metrics UI] Change Metric Threshold Alert charts to use bar charts (elastic#66672) [Uptime] Use React.lazy for alert type registration (elastic#66829) [Reporting] Consolidate API Integration Test configs (elastic#66637) Allow histogram fields in average and sum aggregations (elastic#66891) Fix saved object share link (elastic#66771) move role reset into the top level after clause (elastic#66971) Automate the labels for any PRs affecting files for the Ingest Management team (elastic#67022) [SIEMDPOINT] Move endpoint to siem (elastic#66907) server.uuid so is not used (elastic#66963) Revert "[ci/stats] fix git metadata collection (elastic#66840)" [Uptime] Unmount uptime app properly (elastic#66950) [Visualize] Bar chart: Show missing values on chart setting (elastic#66375) ...
azasypkin
approved these changes
May 20, 2020
Contributor
azasypkin
left a comment
There was a problem hiding this comment.
ESO changes LGMT, thanks for making this change!
mikecote
approved these changes
May 20, 2020
Contributor
mikecote
left a comment
There was a problem hiding this comment.
LGTM after file change 👍
x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts/server/alert_types.ts
Show resolved
Hide resolved
* master: [apm] Annotation API documentation (elastic#65963) [Uptime] Improve responsiveness details page (elastic#67034) skip flaky suite (elastic#66669) Revert "Integration of a static filesystem for the node_modules (elastic#47998)" (elastic#67124) Support api_integration/kibana/stats against remote hosts (elastic#53000) chore(NA): add module name mapper for src plugins on x-pack (elastic#67103) Change the error message on TSVB in order to be more user friendly (elastic#67090) [kbn/optimizer] poll parent process to avoid zombie processes (elastic#67059) [Visualize] Lazy load default editor, fix duplicated styles (elastic#66732) Bump styled-component dependencies (elastic#66611) Bump react-markdown dependencies (elastic#66615) Fix Core docs links (elastic#66977) Timelion graph is not refreshing content after searching or filtering (elastic#67023) Remove `--xpack.endpoint.enabled=true` from README.md file (elastic#67053) Move apm tutorial from apm plugin into apm_oss plugin (elastic#66432) [Logs UI] Restore call to `UsageCollector.countLogs` (elastic#67051) Remove unused license check result from LP Security plugin (elastic#66966)
Contributor
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
May 21, 2020
* make alert saved object type hidden * fix support for hidden alert type in alerting tests * updated api docs * fixed some missing types and unused imports * fixed test broken by field rename * added support for including hidden types in saved objects client * fixed merge conflict * cleaned up some test descriptions * adds a getClient api to Encrypted Saved Objects * fixed alerts fixture * added missing plugin type in alerting * removed unused field * chaged ESO api to an options object as per Security teams request * fixed usage of eso client * fixed typos and oversights * split alerts file into two - for actions and alerts
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
May 21, 2020
* master: (21 commits) [Alerting] Hides the `alert` SavedObjects type (elastic#66719) skip flaky suite (elastic#66869) fix visual baseline tests [kbn/optimizer] require fsevents on macos (elastic#67147) [APM] Fix obscured service map connections (elastic#67129) [apm] Annotation API documentation (elastic#65963) [Uptime] Improve responsiveness details page (elastic#67034) skip flaky suite (elastic#66669) Revert "Integration of a static filesystem for the node_modules (elastic#47998)" (elastic#67124) Support api_integration/kibana/stats against remote hosts (elastic#53000) chore(NA): add module name mapper for src plugins on x-pack (elastic#67103) Change the error message on TSVB in order to be more user friendly (elastic#67090) [kbn/optimizer] poll parent process to avoid zombie processes (elastic#67059) [Visualize] Lazy load default editor, fix duplicated styles (elastic#66732) Bump styled-component dependencies (elastic#66611) Bump react-markdown dependencies (elastic#66615) Fix Core docs links (elastic#66977) Timelion graph is not refreshing content after searching or filtering (elastic#67023) Remove `--xpack.endpoint.enabled=true` from README.md file (elastic#67053) Move apm tutorial from apm plugin into apm_oss plugin (elastic#66432) ...
gmmorris
added a commit
that referenced
this pull request
May 21, 2020
As part of the work towards adding RBAC & Feature Controls support in Alerting (#43994), we've decided that the AlertsClient will handle authorisation instead of relying on the SavedObjectsClient on its own. To prevent (or at least, minimise the chances of) bypassing this auth model by using the SavedObjects client this PR makes the `Alert` SavedObject type a _hidden_ type and given the AlertsClient permission to interact with it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
As part of the work towards adding RBAC & Feature Controls support in Alerting (#43994), we've decided that the AlertsClient will handle authorisation instead of relying on the SavedObjectsClient on its own.
To prevent (or at least, minimise the chances of) bypassing this auth model by using the SavedObjects client this PR makes the
AlertSavedObject type a hidden type and given the AlertsClient permission to interact with it.Checklist
Delete any items that are not applicable to this PR.
Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportThis was checked for keyboard-only and screenreader accessibilityThis renders correctly on smaller devices using a responsive layout. (You can test this in your browserThis was checked for cross-browser compatibility, including a check against IE11For maintainers
Dev Docs
The Alerting SavedObject type
alertis now a hidden type.Interaction with it requires that you tell your SavedObjectsClient to include the
alerthidden type which can be done by doing the following:That said, we would prefer that you do not and use the AlertsClient as that is the only way to ensure the correct authorisation of user interactions with alerts.