maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Event Log] Adding type_id to saved object array in event log (#100939)

Browse source 
* Adding new fields to event log mapping

* Populating new event log fields when executing rules and actions

* Fixing functional tests

* Adding actionTypeId

* Putting type ids into saved object array

* Fixing functional tests

* Cleanup

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
ymao1 2021-06-04 18:55:18 -04:00 committed by GitHub
parent f7b5f00289
commit c13ae7ea64
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 81 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
x-pack/plugins/actions/server/lib/action_executor.ts
View file

@ -147,6 +147,7 @@ export class ActionExecutor {
rel: SAVED_OBJECT_REL_PRIMARY, rel: SAVED_OBJECT_REL_PRIMARY,
type: 'action', type: 'action',
id: actionId, id: actionId,
type_id: actionTypeId,
...namespace, ...namespace,
}, },
], ],

2
x-pack/plugins/alerting/server/task_runner/create_execution_handler.test.ts
View file

@ -166,10 +166,12 @@ test('enqueues execution per selected action', async () => {
"id": "1", "id": "1",
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
Object { Object {
"id": "1", "id": "1",
"type": "action", "type": "action",
"type_id": "test",
}, },
], ],
}, },

10
x-pack/plugins/alerting/server/task_runner/create_execution_handler.ts
View file

@ -182,8 +182,14 @@ export function createExecutionHandler<
action_subgroup: actionSubgroup, action_subgroup: actionSubgroup,
}, },
saved_objects: [ saved_objects: [
{ rel: SAVED_OBJECT_REL_PRIMARY, type: 'alert', id: alertId, ...namespace }, {
{ type: 'action', id: action.id, ...namespace }, rel: SAVED_OBJECT_REL_PRIMARY,
type: 'alert',
id: alertId,
type_id: alertType.id,
...namespace,
},
{ type: 'action', id: action.id, type_id: action.actionTypeId, ...namespace },
], ],
}, },
}; };

24
x-pack/plugins/alerting/server/task_runner/task_runner.test.ts
View file

@ -278,6 +278,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -385,6 +386,7 @@ describe('Task Runner', () => {
namespace: undefined, namespace: undefined,
rel: 'primary', rel: 'primary',
type: 'alert', type: 'alert',
type_id: 'test',
}, },
], ],
}, },
@ -406,6 +408,7 @@ describe('Task Runner', () => {
namespace: undefined, namespace: undefined,
rel: 'primary', rel: 'primary',
type: 'alert', type: 'alert',
type_id: 'test',
}, },
], ],
}, },
@ -428,11 +431,13 @@ describe('Task Runner', () => {
namespace: undefined, namespace: undefined,
rel: 'primary', rel: 'primary',
type: 'alert', type: 'alert',
type_id: 'test',
}, },
{ {
id: '1', id: '1',
namespace: undefined, namespace: undefined,
type: 'action', type: 'action',
type_id: 'action',
}, },
], ],
}, },
@ -455,6 +460,7 @@ describe('Task Runner', () => {
namespace: undefined, namespace: undefined,
rel: 'primary', rel: 'primary',
type: 'alert', type: 'alert',
type_id: 'test',
}, },
], ],
}, },
@ -531,6 +537,7 @@ describe('Task Runner', () => {
namespace: undefined, namespace: undefined,
rel: 'primary', rel: 'primary',
type: 'alert', type: 'alert',
type_id: 'test',
}, },
], ],
}, },
@ -551,6 +558,7 @@ describe('Task Runner', () => {
namespace: undefined, namespace: undefined,
rel: 'primary', rel: 'primary',
type: 'alert', type: 'alert',
type_id: 'test',
}, },
], ],
}, },
@ -572,6 +580,7 @@ describe('Task Runner', () => {
namespace: undefined, namespace: undefined,
rel: 'primary', rel: 'primary',
type: 'alert', type: 'alert',
type_id: 'test',
}, },
], ],
}, },
@ -702,6 +711,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -725,6 +735,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -931,6 +942,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -953,6 +965,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -976,11 +989,13 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
Object { Object {
"id": "1", "id": "1",
"namespace": undefined, "namespace": undefined,
"type": "action", "type": "action",
"type_id": "action",
}, },
], ],
}, },
@ -1004,6 +1019,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1386,6 +1402,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1408,6 +1425,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1431,6 +1449,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1641,6 +1660,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1700,6 +1720,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1767,6 +1788,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1834,6 +1856,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },
@ -1900,6 +1923,7 @@ describe('Task Runner', () => {
"namespace": undefined, "namespace": undefined,
"rel": "primary", "rel": "primary",
"type": "alert", "type": "alert",
"type_id": "test",
}, },
], ],
}, },

5
x-pack/plugins/alerting/server/task_runner/task_runner.ts
View file

@ -331,6 +331,7 @@ export class TaskRunner<
alertId, alertId,
alertLabel, alertLabel,
namespace, namespace,
ruleTypeId: alert.alertTypeId,
}); });
if (!muteAll) { if (!muteAll) {
@ -493,6 +494,7 @@ export class TaskRunner<
rel: SAVED_OBJECT_REL_PRIMARY, rel: SAVED_OBJECT_REL_PRIMARY,
type: 'alert', type: 'alert',
id: alertId, id: alertId,
type_id: this.alertType.id,
namespace, namespace,
}, },
], ],
@ -598,6 +600,7 @@ interface GenerateNewAndRecoveredInstanceEventsParams<
alertId: string; alertId: string;
alertLabel: string; alertLabel: string;
namespace: string | undefined; namespace: string | undefined;
ruleTypeId: string;
} }
function generateNewAndRecoveredInstanceEvents< function generateNewAndRecoveredInstanceEvents<
@ -611,6 +614,7 @@ function generateNewAndRecoveredInstanceEvents<
currentAlertInstances, currentAlertInstances,
originalAlertInstances, originalAlertInstances,
recoveredAlertInstances, recoveredAlertInstances,
ruleTypeId,
} = params; } = params;
const originalAlertInstanceIds = Object.keys(originalAlertInstances); const originalAlertInstanceIds = Object.keys(originalAlertInstances);
const currentAlertInstanceIds = Object.keys(currentAlertInstances); const currentAlertInstanceIds = Object.keys(currentAlertInstances);
@ -664,6 +668,7 @@ function generateNewAndRecoveredInstanceEvents<
rel: SAVED_OBJECT_REL_PRIMARY, rel: SAVED_OBJECT_REL_PRIMARY,
type: 'alert', type: 'alert',
id: alertId, id: alertId,
type_id: ruleTypeId,
namespace, namespace,
}, },
], ],

4
x-pack/plugins/event_log/generated/mappings.json
View file

@ -275,6 +275,10 @@
"type": { "type": {
"type": "keyword", "type": "keyword",
"ignore_above": 1024 "ignore_above": 1024
},
"type_id": {
"type": "keyword",
"ignore_above": 1024
} }
} }
} }

1
x-pack/plugins/event_log/generated/schemas.ts
View file

@ -116,6 +116,7 @@ export const EventSchema = schema.maybe(
namespace: ecsString(), namespace: ecsString(),
id: ecsString(), id: ecsString(),
type: ecsString(), type: ecsString(),
type_id: ecsString(),
}) })
) )
), ),

4
x-pack/plugins/event_log/scripts/mappings.js
View file

@ -60,6 +60,10 @@ exports.EcsCustomPropertyMappings = {
type: 'keyword', type: 'keyword',
ignore_above: 1024, ignore_above: 1024,
}, },
type_id: {
type: 'keyword',
ignore_above: 1024,
},
}, },
}, },
}, },

5
x-pack/test/alerting_api_integration/security_and_spaces/tests/actions/execute.ts
View file

@ -119,6 +119,7 @@ export default function ({ getService }: FtrProviderContext) {
spaceId: space.id, spaceId: space.id,
connectorId: createdAction.id, connectorId: createdAction.id,
outcome: 'success', outcome: 'success',
actionTypeId: 'test.index-record',
message: `action executed: test.index-record:${createdAction.id}: My action`, message: `action executed: test.index-record:${createdAction.id}: My action`,
}); });
break; break;
@ -502,13 +503,14 @@ export default function ({ getService }: FtrProviderContext) {
interface ValidateEventLogParams { interface ValidateEventLogParams {
spaceId: string; spaceId: string;
connectorId: string; connectorId: string;
actionTypeId: string;
outcome: string; outcome: string;
message: string; message: string;
errorMessage?: string; errorMessage?: string;
} }
async function validateEventLog(params: ValidateEventLogParams): Promise<void> { async function validateEventLog(params: ValidateEventLogParams): Promise<void> {
const { spaceId, connectorId, outcome, message, errorMessage } = params; const { spaceId, connectorId, actionTypeId, outcome, message, errorMessage } = params;
const events: IValidatedEvent[] = await retry.try(async () => { const events: IValidatedEvent[] = await retry.try(async () => {
return await getEventLog({ return await getEventLog({
@ -549,6 +551,7 @@ export default function ({ getService }: FtrProviderContext) {
rel: 'primary', rel: 'primary',
type: 'action', type: 'action',
id: connectorId, id: connectorId,
type_id: actionTypeId,
namespace: spaceId, namespace: spaceId,
}, },
]); ]);

5
x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/alerts.ts
View file

@ -214,6 +214,7 @@ instanceStateValue: true
await validateEventLog({ await validateEventLog({
spaceId: space.id, spaceId: space.id,
alertId, alertId,
ruleTypeId: 'test.always-firing',
outcome: 'success', outcome: 'success',
message: `alert executed: test.always-firing:${alertId}: 'abc'`, message: `alert executed: test.always-firing:${alertId}: 'abc'`,
}); });
@ -1244,13 +1245,14 @@ instanceStateValue: true
interface ValidateEventLogParams { interface ValidateEventLogParams {
spaceId: string; spaceId: string;
alertId: string; alertId: string;
ruleTypeId: string;
outcome: string; outcome: string;
message: string; message: string;
errorMessage?: string; errorMessage?: string;
} }
async function validateEventLog(params: ValidateEventLogParams): Promise<void> { async function validateEventLog(params: ValidateEventLogParams): Promise<void> {
const { spaceId, alertId, outcome, message, errorMessage } = params; const { spaceId, alertId, ruleTypeId, outcome, message, errorMessage } = params;
const events: IValidatedEvent[] = await retry.try(async () => { const events: IValidatedEvent[] = await retry.try(async () => {
return await getEventLog({ return await getEventLog({
@ -1291,6 +1293,7 @@ instanceStateValue: true
type: 'alert', type: 'alert',
id: alertId, id: alertId,
namespace: spaceId, namespace: spaceId,
type_id: ruleTypeId,
}, },
]); ]);

2
x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts
View file

@ -75,7 +75,7 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, { validateEvent(event, {
spaceId, spaceId,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.noop' }],
outcome: 'failure', outcome: 'failure',
message: `test.noop:${alertId}: execution failed`, message: `test.noop:${alertId}: execution failed`,
errorMessage: 'Unable to decrypt attribute "apiKey"', errorMessage: 'Unable to decrypt attribute "apiKey"',

6
x-pack/test/alerting_api_integration/spaces_only/tests/actions/execute.ts
View file

@ -97,6 +97,7 @@ export default function ({ getService }: FtrProviderContext) {
await validateEventLog({ await validateEventLog({
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
actionId: createdAction.id, actionId: createdAction.id,
actionTypeId: 'test.index-record',
outcome: 'success', outcome: 'success',
message: `action executed: test.index-record:${createdAction.id}: My action`, message: `action executed: test.index-record:${createdAction.id}: My action`,
}); });
@ -138,6 +139,7 @@ export default function ({ getService }: FtrProviderContext) {
await validateEventLog({ await validateEventLog({
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
actionId: createdAction.id, actionId: createdAction.id,
actionTypeId: 'test.failing',
outcome: 'failure', outcome: 'failure',
message: `action execution failure: test.failing:${createdAction.id}: failing action`, message: `action execution failure: test.failing:${createdAction.id}: failing action`,
errorMessage: `an error occurred while running the action executor: expected failure for .kibana-alerting-test-data actions-failure-1:space1`, errorMessage: `an error occurred while running the action executor: expected failure for .kibana-alerting-test-data actions-failure-1:space1`,
@ -330,13 +332,14 @@ export default function ({ getService }: FtrProviderContext) {
interface ValidateEventLogParams { interface ValidateEventLogParams {
spaceId: string; spaceId: string;
actionId: string; actionId: string;
actionTypeId: string;
outcome: string; outcome: string;
message: string; message: string;
errorMessage?: string; errorMessage?: string;
} }
async function validateEventLog(params: ValidateEventLogParams): Promise<void> { async function validateEventLog(params: ValidateEventLogParams): Promise<void> {
const { spaceId, actionId, outcome, message, errorMessage } = params; const { spaceId, actionId, actionTypeId, outcome, message, errorMessage } = params;
const events: IValidatedEvent[] = await retry.try(async () => { const events: IValidatedEvent[] = await retry.try(async () => {
return await getEventLog({ return await getEventLog({
@ -377,6 +380,7 @@ export default function ({ getService }: FtrProviderContext) {
type: 'action', type: 'action',
id: actionId, id: actionId,
namespace: 'space1', namespace: 'space1',
type_id: actionTypeId,
}, },
]); ]);

27
x-pack/test/alerting_api_integration/spaces_only/tests/alerting/event_log.ts
View file

@ -128,7 +128,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
case 'execute': case 'execute':
validateEvent(event, { validateEvent(event, {
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
outcome: 'success', outcome: 'success',
message: `alert executed: test.patternFiring:${alertId}: 'abc'`, message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
status: executeStatuses[executeCount++], status: executeStatuses[executeCount++],
@ -138,8 +140,8 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, { validateEvent(event, {
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
savedObjects: [ savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary' }, { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
{ type: 'action', id: createdAction.id }, { type: 'action', id: createdAction.id, type_id: 'test.noop' },
], ],
message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup: 'default' action: test.noop:${createdAction.id}`, message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup: 'default' action: test.noop:${createdAction.id}`,
instanceId: 'instance', instanceId: 'instance',
@ -164,7 +166,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
function validateInstanceEvent(event: IValidatedEvent, subMessage: string) { function validateInstanceEvent(event: IValidatedEvent, subMessage: string) {
validateEvent(event, { validateEvent(event, {
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`, message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
instanceId: 'instance', instanceId: 'instance',
actionGroupId: 'default', actionGroupId: 'default',
@ -260,7 +264,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
case 'execute': case 'execute':
validateEvent(event, { validateEvent(event, {
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
outcome: 'success', outcome: 'success',
message: `alert executed: test.patternFiring:${alertId}: 'abc'`, message: `alert executed: test.patternFiring:${alertId}: 'abc'`,
status: executeStatuses[executeCount++], status: executeStatuses[executeCount++],
@ -273,8 +279,8 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, { validateEvent(event, {
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
savedObjects: [ savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary' }, { type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
{ type: 'action', id: createdAction.id }, { type: 'action', id: createdAction.id, type_id: 'test.noop' },
], ],
message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})' action: test.noop:${createdAction.id}`, message: `alert: test.patternFiring:${alertId}: 'abc' instanceId: 'instance' scheduled actionGroup(subgroup): 'default(${event?.kibana?.alerting?.action_subgroup})' action: test.noop:${createdAction.id}`,
instanceId: 'instance', instanceId: 'instance',
@ -305,7 +311,9 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
function validateInstanceEvent(event: IValidatedEvent, subMessage: string) { function validateInstanceEvent(event: IValidatedEvent, subMessage: string) {
validateEvent(event, { validateEvent(event, {
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], savedObjects: [
{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.patternFiring' },
],
message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`, message: `test.patternFiring:${alertId}: 'abc' ${subMessage}`,
instanceId: 'instance', instanceId: 'instance',
actionGroupId: 'default', actionGroupId: 'default',
@ -345,7 +353,7 @@ export default function eventLogTests({ getService }: FtrProviderContext) {
validateEvent(event, { validateEvent(event, {
spaceId: Spaces.space1.id, spaceId: Spaces.space1.id,
savedObjects: [{ type: 'alert', id: alertId, rel: 'primary' }], savedObjects: [{ type: 'alert', id: alertId, rel: 'primary', type_id: 'test.throw' }],
outcome: 'failure', outcome: 'failure',
message: `alert execution failure: test.throw:${alertId}: 'abc'`, message: `alert execution failure: test.throw:${alertId}: 'abc'`,
errorMessage: 'this alert is intended to fail', errorMessage: 'this alert is intended to fail',
@ -360,6 +368,7 @@ interface SavedObject {
type: string; type: string;
id: string; id: string;
rel?: string; rel?: string;
type_id: string;
} }
interface ValidateEventLogParams { interface ValidateEventLogParams {