maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

don't do a full failure because cross cluster search could be giving us a false negative, also update the text to better reflect this (#88763)

Browse source 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Devin W. Hurley 2021-01-20 00:58:11 -05:00 committed by GitHub
parent 170a2956c8
commit 4435006217
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
View file

@ -226,7 +226,7 @@ describe('rules_notification_alert_type', () => {
await alert.executor(payload);
expect(ruleStatusService.partialFailure).toHaveBeenCalled();
expect(ruleStatusService.partialFailure.mock.calls[0][0]).toContain(
'Missing required read permissions on indexes: ["some*"]'
'Missing required read privileges on the following indices: ["some*"]'
);
});
@ -247,9 +247,9 @@ describe('rules_notification_alert_type', () => {
});
payload.params.index = ['some*', 'myfa*'];
await alert.executor(payload);
expect(ruleStatusService.error).toHaveBeenCalled();
expect(ruleStatusService.error.mock.calls[0][0]).toContain(
'The rule does not have read privileges to any of the following indices: ["myfa*","some*"]'
expect(ruleStatusService.partialFailure).toHaveBeenCalled();
expect(ruleStatusService.partialFailure.mock.calls[0][0]).toContain(
'This rule may not have the required read privileges to the following indices: ["myfa*","some*"]'
);
});

6
x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
View file

@ -78,7 +78,7 @@ export const hasReadIndexPrivileges = async (
if (indexesWithReadPrivileges.length > 0 && indexesWithNoReadPrivileges.length > 0) {
// some indices have read privileges others do not.
// set a partial failure status
const errorString = `Missing required read permissions on indexes: ${JSON.stringify(
const errorString = `Missing required read privileges on the following indices: ${JSON.stringify(
indexesWithNoReadPrivileges
)}`;
logger.error(buildRuleMessage(errorString));
@ -90,11 +90,11 @@ export const hasReadIndexPrivileges = async (
) {
// none of the indices had read privileges so set the status to failed
// since we can't search on any indices we do not have read privileges on
const errorString = `The rule does not have read privileges to any of the following indices: ${JSON.stringify(
const errorString = `This rule may not have the required read privileges to the following indices: ${JSON.stringify(
indexesWithNoReadPrivileges
)}`;
logger.error(buildRuleMessage(errorString));
await ruleStatusService.error(errorString);
await ruleStatusService.partialFailure(errorString);
return true;
}
return false;