maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Event Log] Adding type_id to saved object array in event log (#100939)

Browse source 
* Adding new fields to event log mapping

* Populating new event log fields when executing rules and actions

* Fixing functional tests

* Adding actionTypeId

* Putting type ids into saved object array

* Fixing functional tests

* Cleanup

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
ymao1 2021-06-04 18:55:18 -04:00 committed by GitHub
parent f7b5f00289
commit c13ae7ea64
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 81 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
x-pack/plugins/actions/server/lib/action_executor.ts
View file

@ -147,6 +147,7 @@ export class ActionExecutor {
rel: SAVED_OBJECT_REL_PRIMARY,
type: 'action',
id: actionId,
type_id: actionTypeId,
...namespace,
},
],

2
x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts
View file

@ -166,10 +166,12 @@ test('enqueues execution per selected action', async () => {
"id": "1",
"rel": "primary",
"type": "alert",
"type_id": "test",
},
Object {
"id": "1",
"type": "action",
"type_id": "test",
},
],
},

10
x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts
View file

@ -182,8 +182,14 @@ export function createExecutionHandler<
action_subgroup: actionSubgroup,
},
saved_objects: [
{ rel: SAVED_OBJECT_REL_PRIMARY, type: 'alert', id: alertId, ...namespace },
{ type: 'action', id: action.id, ...namespace },
{
rel: SAVED_OBJECT_REL_PRIMARY,
type: 'alert',
id: alertId,
type_id: alertType.id,
...namespace,
},
{ type: 'action', id: action.id, type_id: action.actionTypeId, ...namespace },
],
},
};

24
x-pack/plugins/alerting/server/task_runner/task_runner.test.ts
View file

@ -278,6 +278,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -385,6 +386,7 @@ describe('Task Runner', () => {
namespace: undefined,
rel: 'primary',
type: 'alert',
type_id: 'test',
},
],
},
@ -406,6 +408,7 @@ describe('Task Runner', () => {
namespace: undefined,
rel: 'primary',
type: 'alert',
type_id: 'test',
},
],
},
@ -428,11 +431,13 @@ describe('Task Runner', () => {
namespace: undefined,
rel: 'primary',
type: 'alert',
type_id: 'test',
},
{
id: '1',
namespace: undefined,
type: 'action',
type_id: 'action',
},
],
},
@ -455,6 +460,7 @@ describe('Task Runner', () => {
namespace: undefined,
rel: 'primary',
type: 'alert',
type_id: 'test',
},
],
},
@ -531,6 +537,7 @@ describe('Task Runner', () => {
namespace: undefined,
rel: 'primary',
type: 'alert',
type_id: 'test',
},
],
},
@ -551,6 +558,7 @@ describe('Task Runner', () => {
namespace: undefined,
rel: 'primary',
type: 'alert',
type_id: 'test',
},
],
},
@ -572,6 +580,7 @@ describe('Task Runner', () => {
namespace: undefined,
rel: 'primary',
type: 'alert',
type_id: 'test',
},
],
},
@ -702,6 +711,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -725,6 +735,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -931,6 +942,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -953,6 +965,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -976,11 +989,13 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
Object {
"id": "1",
"namespace": undefined,
"type": "action",
"type_id": "action",
},
],
},
@ -1004,6 +1019,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1386,6 +1402,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1408,6 +1425,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1431,6 +1449,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1641,6 +1660,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1700,6 +1720,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1767,6 +1788,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1834,6 +1856,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},
@ -1900,6 +1923,7 @@ describe('Task Runner', () => {
"namespace": undefined,
"rel": "primary",
"type": "alert",
"type_id": "test",
},
],
},

5
x-pack/plugins/alerting/server/task_runner/task_runner.ts
View file

@ -331,6 +331,7 @@ export class TaskRunner<
alertId,
alertLabel,
namespace,
ruleTypeId: alert.alertTypeId,
});
if (!muteAll) {
@ -493,6 +494,7 @@ export class TaskRunner<
rel: SAVED_OBJECT_REL_PRIMARY,
type: 'alert',
id: alertId,
type_id: this.alertType.id,
namespace,
},
],
@ -598,6 +600,7 @@ interface GenerateNewAndRecoveredInstanceEventsParams<
alertId: string;
alertLabel: string;
namespace: string | undefined;
ruleTypeId: string;
}
function generateNewAndRecoveredInstanceEvents<
@ -611,6 +614,7 @@ function generateNewAndRecoveredInstanceEvents<
currentAlertInstances,
originalAlertInstances,
recoveredAlertInstances,
ruleTypeId,
} = params;
const originalAlertInstanceIds = Object.keys(originalAlertInstances);
const currentAlertInstanceIds = Object.keys(currentAlertInstances);
@ -664,6 +668,7 @@ function generateNewAndRecoveredInstanceEvents<
rel: SAVED_OBJECT_REL_PRIMARY,
type: 'alert',
id: alertId,
type_id: ruleTypeId,
namespace,
},
],

4
x-pack/plugins/event_log/generated/mappings.json
View file

@ -275,6 +275,10 @@
"type": {
"type": "keyword",
"ignore_above": 1024
},
"type_id": {
"type": "keyword",
"ignore_above": 1024
}
}
}

1
x-pack/plugins/event_log/generated/schemas.ts
View file

@ -116,6 +116,7 @@ export const EventSchema = schema.maybe(
namespace: ecsString(),
id: ecsString(),
type: ecsString(),
type_id: ecsString(),
})
)
),

4
x-pack/plugins/event_log/scripts/mappings.js
View file

@ -60,6 +60,10 @@ exports.EcsCustomPropertyMappings = {
type: 'keyword',
ignore_above: 1024,
},
type_id: {
type: 'keyword',
ignore_above: 1024,
},
},
},
},

5
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/execute.ts
View file

@ -119,6 +119,7 @@ export default function ({ getService }: FtrProviderContext) {
spaceId: space.id,
connectorId: createdAction.id,
outcome: 'success',
actionTypeId: 'test.index-record',
message: `action executed: test.index-record:${createdAction.id}: My action`,
});
break;
@ -502,13 +503,14 @@ export default function ({ getService }: FtrProviderContext) {
interface ValidateEventLogParams {
spaceId: string;
connectorId: string;
actionTypeId: string;
outcome: string;
message: string;
errorMessage?: string;
}
async function validateEventLog(params: ValidateEventLogParams): Promise<void> {
const { spaceId, connectorId, outcome, message, errorMessage } = params;
const { spaceId, connectorId, actionTypeId, outcome, message, errorMessage } = params;
const events: IValidatedEvent[] = await retry.try(async () => {
return await getEventLog({
@ -549,6 +551,7 @@ export default function ({ getService }: FtrProviderContext) {
rel: 'primary',
type: 'action',
id: connectorId,
type_id: actionTypeId,
namespace: spaceId,
},
]);

5
x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts
View file

@ -214,6 +214,7 @@ instanceStateValue: true
await validateEventLog({
spaceId: space.id,
alertId,
ruleTypeId: 'test.always-firing',
outcome: 'success',
message: `alert executed: test.always-firing:${alertId}: 'abc'`,
});
@ -1244,13 +1245,14 @@ instanceStateValue: true
interface ValidateEventLogParams {
spaceId: string;
alertId: string;
ruleTypeId: string;
outcome: string;
message: string;
errorMessage?: string;
}
async function validateEventLog(params: ValidateEventLogParams): Promise<void> {
const { spaceId, alertId, outcome, message, errorMessage } = params;
const { spaceId, alertId, ruleTypeId, outcome, message, errorMessage } = params;
const events: IValidatedEvent[] = await retry.try(async () => {
return await getEventLog({
@ -1291,6 +1293,7 @@ instanceStateValue: true
type: 'alert',
id: alertId,
namespace: spaceId,
type_id: ruleTypeId,
},
]);

2
x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts
View file

@ -75,7 +75,7 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, {
spaceId,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }],
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.noop' }],
outcome: 'failure',
message: `test.noop:${alertId}: execution failed`,
errorMessage: 'Unable to decrypt attribute "apiKey"',

6
x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts
View file

@ -97,6 +97,7 @@ export default function ({ getService }: FtrProviderContext) {
await validateEventLog({
spaceId: Spaces.space1.id,
actionId: createdAction.id,
actionTypeId: 'test.index-record',
outcome: 'success',
message: `action executed: test.index-record:${createdAction.id}: My action`,
});
@ -138,6 +139,7 @@ export default function ({ getService }: FtrProviderContext) {
await validateEventLog({
spaceId: Spaces.space1.id,
actionId: createdAction.id,
actionTypeId: 'test.failing',
outcome: 'failure',
message: `action execution failure: test.failing:${createdAction.id}: failing action`,
errorMessage: `an error occurred while running the action executor: expected failure for .kibana-alerting-test-data actions-failure-1:space1`,
@ -330,13 +332,14 @@ export default function ({ getService }: FtrProviderContext) {
interface ValidateEventLogParams {
spaceId: string;
actionId: string;
actionTypeId: string;
outcome: string;
message: string;
errorMessage?: string;
}
async function validateEventLog(params: ValidateEventLogParams): Promise<void> {
const { spaceId, actionId, outcome, message, errorMessage } = params;
const { spaceId, actionId, actionTypeId, outcome, message, errorMessage } = params;
const events: IValidatedEvent[] = await retry.try(async () => {
return await getEventLog({
@ -377,6 +380,7 @@ export default function ({ getService }: FtrProviderContext) {
type: 'action',
id: actionId,
namespace: 'space1',
type_id: actionTypeId,
},
]);

27
x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
View file

@ -128,7 +128,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
case 'execute':
validateEvent(event, {
spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }],
savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
outcome: 'success',
message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
status: executeStatuses[executeCount++],
@ -138,8 +140,8 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, {
spaceId: Spaces.space1.id,
savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary' },
{ type: 'action', id: createdAction.id },
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
{ type: 'action', id: createdAction.id, type_id: 'test.noop' },
],
message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup: 'default' action: test.noop:${createdAction.id}`,
instanceId: 'instance',
@ -164,7 +166,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
function validateInstanceEvent(event: IValidatedEvent, subMessage: string) {
validateEvent(event, {
spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }],
savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
instanceId: 'instance',
actionGroupId: 'default',
@ -260,7 +264,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
case 'execute':
validateEvent(event, {
spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }],
savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
outcome: 'success',
message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
status: executeStatuses[executeCount++],
@ -273,8 +279,8 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, {
spaceId: Spaces.space1.id,
savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary' },
{ type: 'action', id: createdAction.id },
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
{ type: 'action', id: createdAction.id, type_id: 'test.noop' },
],
message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})' action: test.noop:${createdAction.id}`,
instanceId: 'instance',
@ -305,7 +311,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
function validateInstanceEvent(event: IValidatedEvent, subMessage: string) {
validateEvent(event, {
spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }],
savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
instanceId: 'instance',
actionGroupId: 'default',
@ -345,7 +353,7 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, {
spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }],
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.throw' }],
outcome: 'failure',
message: `alert execution failure: test.throw:${alertId}: 'abc'`,
errorMessage: 'this alert is intended to fail',
@ -360,6 +368,7 @@ interface SavedObject {
type: string;
id: string;
rel?: string;
type_id: string;
}
interface ValidateEventLogParams {