[Endpoint] Remove dependency on ingest for the index patterns (#69058)
* Remove dependency on ingest for the index patterns * Fixing the tests * Fixing test * Use variable instead of class
This commit is contained in:
parent
e3ba5e5e1f
commit
dc5f448076
|
@ -0,0 +1,10 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
|
||||
export const eventsIndexPattern = 'events-endpoint-*';
|
||||
export const metadataIndexPattern = 'metrics-endpoint.metadata-*';
|
||||
export const policyIndexPattern = 'metrics-endpoint.policy-*';
|
||||
export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*';
|
|
@ -9,14 +9,6 @@ export class AlertConstants {
|
|||
* The prefix for all Alert APIs
|
||||
*/
|
||||
static BASE_API_URL = '/api/endpoint';
|
||||
/**
|
||||
* The path for the Alert's Index Pattern API.
|
||||
*/
|
||||
static INDEX_PATTERN_ROUTE = `${AlertConstants.BASE_API_URL}/index_pattern`;
|
||||
/**
|
||||
* A paramter passed to Alert's Index Pattern.
|
||||
*/
|
||||
static EVENT_DATASET = 'events';
|
||||
/**
|
||||
* Alert's Search API default page size
|
||||
*/
|
||||
|
|
|
@ -4,13 +4,13 @@
|
|||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
|
||||
import { eventsIndexPattern } from '../../../common/endpoint/constants';
|
||||
import { IIndexPattern } from '../../../../../../src/plugins/data/public';
|
||||
import {
|
||||
AlertResultList,
|
||||
AlertDetails,
|
||||
AlertListState,
|
||||
} from '../../../common/endpoint_alerts/types';
|
||||
import { AlertConstants } from '../../../common/endpoint_alerts/alert_constants';
|
||||
import { ImmutableMiddlewareFactory } from '../../common/store';
|
||||
import { cloneHttpFetchQuery } from '../../common/utils/clone_http_fetch_query';
|
||||
import {
|
||||
|
@ -27,14 +27,11 @@ export const alertMiddlewareFactory: ImmutableMiddlewareFactory<AlertListState>
|
|||
) => {
|
||||
async function fetchIndexPatterns(): Promise<IIndexPattern[]> {
|
||||
const { indexPatterns } = depsStart.data;
|
||||
const eventsPattern: { indexPattern: string } = await coreStart.http.get(
|
||||
`${AlertConstants.INDEX_PATTERN_ROUTE}/${AlertConstants.EVENT_DATASET}`
|
||||
);
|
||||
const fields = await indexPatterns.getFieldsForWildcard({
|
||||
pattern: eventsPattern.indexPattern,
|
||||
pattern: eventsIndexPattern,
|
||||
});
|
||||
const indexPattern: IIndexPattern = {
|
||||
title: eventsPattern.indexPattern,
|
||||
title: eventsIndexPattern,
|
||||
fields,
|
||||
};
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ import {
|
|||
} from '../../../../../../../src/core/server/mocks';
|
||||
import { registerAlertRoutes } from '../routes';
|
||||
import { alertingIndexGetQuerySchema } from '../../../../common/endpoint_alerts/schema/alert_index';
|
||||
import { createMockAgentService, createMockIndexPatternRetriever } from '../../mocks';
|
||||
import { createMockAgentService } from '../../mocks';
|
||||
import { EndpointAppContextService } from '../../endpoint_app_context_services';
|
||||
import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__';
|
||||
|
||||
|
@ -29,7 +29,6 @@ describe('test alerts route', () => {
|
|||
|
||||
endpointAppContextService = new EndpointAppContextService();
|
||||
endpointAppContextService.start({
|
||||
indexPatternRetriever: createMockIndexPatternRetriever('events-endpoint-*'),
|
||||
agentService: createMockAgentService(),
|
||||
});
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
*/
|
||||
import { GetResponse } from 'elasticsearch';
|
||||
import { KibanaRequest, RequestHandler } from 'kibana/server';
|
||||
import { eventsIndexPattern } from '../../../../../common/endpoint/constants';
|
||||
import { AlertEvent } from '../../../../../common/endpoint/types';
|
||||
import { EndpointAppContext } from '../../../types';
|
||||
import { AlertDetailsRequestParams } from '../../../../../common/endpoint_alerts/types';
|
||||
|
@ -27,17 +28,13 @@ export const alertDetailsHandlerWrapper = function (
|
|||
id: alertId.id,
|
||||
})) as GetResponse<AlertEvent>;
|
||||
|
||||
const indexPattern = await endpointAppContext.service
|
||||
.getIndexPatternRetriever()
|
||||
.getEventIndexPattern(ctx);
|
||||
|
||||
const config = await endpointAppContext.config();
|
||||
const pagination: AlertDetailsPagination = new AlertDetailsPagination(
|
||||
config,
|
||||
ctx,
|
||||
req.params,
|
||||
response,
|
||||
indexPattern
|
||||
eventsIndexPattern
|
||||
);
|
||||
|
||||
const currentHostInfo = await getHostData(
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
|
||||
import { Logger, RequestHandler } from 'kibana/server';
|
||||
import { EndpointAppContext } from '../../types';
|
||||
import { IndexPatternGetParamsResult } from '../../../../common/endpoint_alerts/types';
|
||||
|
||||
export function handleIndexPattern(
|
||||
log: Logger,
|
||||
endpointAppContext: EndpointAppContext
|
||||
): RequestHandler<IndexPatternGetParamsResult> {
|
||||
return async (context, req, res) => {
|
||||
try {
|
||||
const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
|
||||
return res.ok({
|
||||
body: {
|
||||
indexPattern: await indexRetriever.getIndexPattern(context, req.params.datasetPath),
|
||||
},
|
||||
});
|
||||
} catch (error) {
|
||||
log.warn(error);
|
||||
return res.notFound({ body: error });
|
||||
}
|
||||
};
|
||||
}
|
|
@ -4,6 +4,7 @@
|
|||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
import { RequestHandler } from 'kibana/server';
|
||||
import { eventsIndexPattern } from '../../../../../common/endpoint/constants';
|
||||
import { EndpointAppContext } from '../../../types';
|
||||
import { searchESForAlerts } from '../lib';
|
||||
import { getRequestData, mapToAlertResultList } from './lib';
|
||||
|
@ -18,14 +19,11 @@ export const alertListHandlerWrapper = function (
|
|||
res
|
||||
) => {
|
||||
try {
|
||||
const indexPattern = await endpointAppContext.service
|
||||
.getIndexPatternRetriever()
|
||||
.getEventIndexPattern(ctx);
|
||||
const reqData = await getRequestData(req, endpointAppContext);
|
||||
const response = await searchESForAlerts(
|
||||
ctx.core.elasticsearch.legacy.client,
|
||||
reqData,
|
||||
indexPattern
|
||||
eventsIndexPattern
|
||||
);
|
||||
const mappedBody = await mapToAlertResultList(ctx, endpointAppContext, reqData, response);
|
||||
return res.ok({ body: mappedBody });
|
||||
|
|
|
@ -1,83 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
import { Logger, LoggerFactory, RequestHandlerContext } from 'kibana/server';
|
||||
import { AlertConstants } from '../../../common/endpoint_alerts/alert_constants';
|
||||
import { ESIndexPatternService } from '../../../../ingest_manager/server';
|
||||
|
||||
export interface IndexPatternRetriever {
|
||||
getIndexPattern(ctx: RequestHandlerContext, datasetPath: string): Promise<string>;
|
||||
getEventIndexPattern(ctx: RequestHandlerContext): Promise<string>;
|
||||
getMetadataIndexPattern(ctx: RequestHandlerContext): Promise<string>;
|
||||
getPolicyResponseIndexPattern(ctx: RequestHandlerContext): Promise<string>;
|
||||
}
|
||||
|
||||
/**
|
||||
* This class is used to retrieve an index pattern. It should be used in the server side code whenever
|
||||
* an index pattern is needed to query data within ES. The index pattern is constructed by the Ingest Manager
|
||||
* based on the contents of the Endpoint Package in the Package Registry.
|
||||
*/
|
||||
export class IngestIndexPatternRetriever implements IndexPatternRetriever {
|
||||
private static endpointPackageName = 'endpoint';
|
||||
private static metadataDataset = 'metadata';
|
||||
private static policyDataset = 'policy';
|
||||
private readonly log: Logger;
|
||||
constructor(private readonly service: ESIndexPatternService, loggerFactory: LoggerFactory) {
|
||||
this.log = loggerFactory.get('index-pattern-retriever');
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the index pattern for querying events within elasticsearch.
|
||||
*
|
||||
* @param ctx a RequestHandlerContext from a route handler
|
||||
* @returns a string representing the index pattern (e.g. `events-endpoint-*`)
|
||||
*/
|
||||
async getEventIndexPattern(ctx: RequestHandlerContext) {
|
||||
return this.getIndexPattern(ctx, AlertConstants.EVENT_DATASET);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the index pattern for querying endpoint metadata within elasticsearch.
|
||||
*
|
||||
* @param ctx a RequestHandlerContext from a route handler
|
||||
* @returns a string representing the index pattern (e.g. `metrics-endpoint-*`)
|
||||
*/
|
||||
async getMetadataIndexPattern(ctx: RequestHandlerContext) {
|
||||
return this.getIndexPattern(ctx, IngestIndexPatternRetriever.metadataDataset);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the index pattern for a specific dataset for querying endpoint data.
|
||||
*
|
||||
* @param ctx a RequestHandlerContext from a route handler
|
||||
* @param datasetPath a string of the path being used for a dataset within the Endpoint Package
|
||||
* (e.g. `events`, `metadata`)
|
||||
* @returns a string representing the index pattern (e.g. `metrics-endpoint-*`)
|
||||
*/
|
||||
async getIndexPattern(ctx: RequestHandlerContext, datasetPath: string) {
|
||||
try {
|
||||
const pattern = await this.service.getESIndexPattern(
|
||||
ctx.core.savedObjects.client,
|
||||
IngestIndexPatternRetriever.endpointPackageName,
|
||||
datasetPath
|
||||
);
|
||||
|
||||
if (!pattern) {
|
||||
const msg = `Unable to retrieve the index pattern for dataset: ${datasetPath}`;
|
||||
this.log.warn(msg);
|
||||
throw new Error(msg);
|
||||
}
|
||||
return pattern;
|
||||
} catch (error) {
|
||||
const errMsg = `Error occurred while retrieving pattern for: ${datasetPath} error: ${error}`;
|
||||
this.log.warn(errMsg);
|
||||
throw new Error(errMsg);
|
||||
}
|
||||
}
|
||||
|
||||
async getPolicyResponseIndexPattern(ctx: RequestHandlerContext): Promise<string> {
|
||||
return this.getIndexPattern(ctx, IngestIndexPatternRetriever.policyDataset);
|
||||
}
|
||||
}
|
|
@ -10,8 +10,6 @@ import { alertListHandlerWrapper } from './handlers/list';
|
|||
import { alertDetailsHandlerWrapper } from './handlers/details';
|
||||
import { alertDetailsReqSchema } from './handlers/details/schemas';
|
||||
import { alertingIndexGetQuerySchema } from '../../../common/endpoint_alerts/schema/alert_index';
|
||||
import { indexPatternGetParamsSchema } from '../../../common/endpoint_alerts/schema/index_pattern';
|
||||
import { handleIndexPattern } from './handlers/index_pattern';
|
||||
|
||||
export const BASE_ALERTS_ROUTE = `${AlertConstants.BASE_API_URL}/alerts`;
|
||||
|
||||
|
@ -37,15 +35,4 @@ export function registerAlertRoutes(router: IRouter, endpointAppContext: Endpoin
|
|||
},
|
||||
alertDetailsHandlerWrapper(endpointAppContext)
|
||||
);
|
||||
|
||||
const log = endpointAppContext.logFactory.get('index_pattern');
|
||||
|
||||
router.get(
|
||||
{
|
||||
path: `${AlertConstants.INDEX_PATTERN_ROUTE}/{datasetPath}`,
|
||||
validate: { params: indexPatternGetParamsSchema },
|
||||
options: { authRequired: true },
|
||||
},
|
||||
handleIndexPattern(log, endpointAppContext)
|
||||
);
|
||||
}
|
||||
|
|
|
@ -8,7 +8,6 @@ import { EndpointAppContextService } from './endpoint_app_context_services';
|
|||
describe('test endpoint app context services', () => {
|
||||
it('should throw error if start is not called', async () => {
|
||||
const endpointAppContextService = new EndpointAppContextService();
|
||||
expect(() => endpointAppContextService.getIndexPatternRetriever()).toThrow(Error);
|
||||
expect(() => endpointAppContextService.getAgentService()).toThrow(Error);
|
||||
});
|
||||
});
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
import { IndexPatternRetriever } from './alerts/index_pattern';
|
||||
import { AgentService } from '../../../ingest_manager/server';
|
||||
|
||||
/**
|
||||
|
@ -11,14 +10,9 @@ import { AgentService } from '../../../ingest_manager/server';
|
|||
* of the plugin lifecycle. And stop during the stop phase, if needed.
|
||||
*/
|
||||
export class EndpointAppContextService {
|
||||
private indexPatternRetriever: IndexPatternRetriever | undefined;
|
||||
private agentService: AgentService | undefined;
|
||||
|
||||
public start(dependencies: {
|
||||
indexPatternRetriever: IndexPatternRetriever;
|
||||
agentService: AgentService;
|
||||
}) {
|
||||
this.indexPatternRetriever = dependencies.indexPatternRetriever;
|
||||
public start(dependencies: { agentService: AgentService }) {
|
||||
this.agentService = dependencies.agentService;
|
||||
}
|
||||
|
||||
|
@ -30,11 +24,4 @@ export class EndpointAppContextService {
|
|||
}
|
||||
return this.agentService;
|
||||
}
|
||||
|
||||
public getIndexPatternRetriever(): IndexPatternRetriever {
|
||||
if (!this.indexPatternRetriever) {
|
||||
throw new Error(`must call start on ${EndpointAppContextService.name} to call getter`);
|
||||
}
|
||||
return this.indexPatternRetriever;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,32 +7,6 @@
|
|||
import { IScopedClusterClient, SavedObjectsClientContract } from 'kibana/server';
|
||||
import { xpackMocks } from '../../../../mocks';
|
||||
import { AgentService, IngestManagerStartContract } from '../../../ingest_manager/server';
|
||||
import { IndexPatternRetriever } from './alerts/index_pattern';
|
||||
|
||||
/**
|
||||
* Creates a mock IndexPatternRetriever for use in tests.
|
||||
*
|
||||
* @param indexPattern a string index pattern to return when any of the mock's public methods are called.
|
||||
* @returns the same string passed in via `indexPattern`
|
||||
*/
|
||||
export const createMockIndexPatternRetriever = (indexPattern: string): IndexPatternRetriever => {
|
||||
const mockGetFunc = jest.fn().mockResolvedValue(indexPattern);
|
||||
return {
|
||||
getIndexPattern: mockGetFunc,
|
||||
getEventIndexPattern: mockGetFunc,
|
||||
getMetadataIndexPattern: mockGetFunc,
|
||||
getPolicyResponseIndexPattern: mockGetFunc,
|
||||
};
|
||||
};
|
||||
|
||||
export const MetadataIndexPattern = 'metrics-endpoint-*';
|
||||
|
||||
/**
|
||||
* Creates a mock IndexPatternRetriever for use in tests that returns `metrics-endpoint-*`
|
||||
*/
|
||||
export const createMockMetadataIndexPatternRetriever = () => {
|
||||
return createMockIndexPatternRetriever(MetadataIndexPattern);
|
||||
};
|
||||
|
||||
/**
|
||||
* Creates a mock AgentService
|
||||
|
|
|
@ -8,6 +8,7 @@ import { IRouter, Logger, RequestHandlerContext } from 'kibana/server';
|
|||
import { SearchResponse } from 'elasticsearch';
|
||||
import { schema } from '@kbn/config-schema';
|
||||
|
||||
import { metadataIndexPattern } from '../../../../common/endpoint/constants';
|
||||
import { getESQueryHostMetadataByID, kibanaRequestToMetadataListESQuery } from './query_builders';
|
||||
import {
|
||||
HostInfo,
|
||||
|
@ -67,13 +68,10 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
|
|||
},
|
||||
async (context, req, res) => {
|
||||
try {
|
||||
const index = await endpointAppContext.service
|
||||
.getIndexPatternRetriever()
|
||||
.getMetadataIndexPattern(context);
|
||||
const queryParams = await kibanaRequestToMetadataListESQuery(
|
||||
req,
|
||||
endpointAppContext,
|
||||
index
|
||||
metadataIndexPattern
|
||||
);
|
||||
const response = (await context.core.elasticsearch.legacy.client.callAsCurrentUser(
|
||||
'search',
|
||||
|
@ -125,10 +123,7 @@ export async function getHostData(
|
|||
metadataRequestContext: MetadataRequestContext,
|
||||
id: string
|
||||
): Promise<HostInfo | undefined> {
|
||||
const index = await metadataRequestContext.endpointAppContext.service
|
||||
.getIndexPatternRetriever()
|
||||
.getMetadataIndexPattern(metadataRequestContext.requestHandlerContext);
|
||||
const query = getESQueryHostMetadataByID(id, index);
|
||||
const query = getESQueryHostMetadataByID(id, metadataIndexPattern);
|
||||
const response = (await metadataRequestContext.requestHandlerContext.core.elasticsearch.legacy.client.callAsCurrentUser(
|
||||
'search',
|
||||
query
|
||||
|
|
|
@ -27,11 +27,7 @@ import {
|
|||
} from '../../../../common/endpoint/types';
|
||||
import { SearchResponse } from 'elasticsearch';
|
||||
import { registerEndpointRoutes } from './index';
|
||||
import {
|
||||
createMockAgentService,
|
||||
createMockMetadataIndexPatternRetriever,
|
||||
createRouteHandlerContext,
|
||||
} from '../../mocks';
|
||||
import { createMockAgentService, createRouteHandlerContext } from '../../mocks';
|
||||
import { AgentService } from '../../../../../ingest_manager/server';
|
||||
import Boom from 'boom';
|
||||
import { EndpointAppContextService } from '../../endpoint_app_context_services';
|
||||
|
@ -63,7 +59,6 @@ describe('test endpoint route', () => {
|
|||
mockAgentService = createMockAgentService();
|
||||
endpointAppContextService = new EndpointAppContextService();
|
||||
endpointAppContextService.start({
|
||||
indexPatternRetriever: createMockMetadataIndexPatternRetriever(),
|
||||
agentService: mockAgentService,
|
||||
});
|
||||
|
||||
|
|
|
@ -5,9 +5,9 @@
|
|||
*/
|
||||
import { httpServerMock, loggingServiceMock } from '../../../../../../../src/core/server/mocks';
|
||||
import { kibanaRequestToMetadataListESQuery, getESQueryHostMetadataByID } from './query_builders';
|
||||
import { MetadataIndexPattern } from '../../mocks';
|
||||
import { EndpointAppContextService } from '../../endpoint_app_context_services';
|
||||
import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__';
|
||||
import { metadataIndexPattern } from '../../../../common/endpoint/constants';
|
||||
|
||||
describe('query builder', () => {
|
||||
describe('MetadataListESQuery', () => {
|
||||
|
@ -22,7 +22,7 @@ describe('query builder', () => {
|
|||
service: new EndpointAppContextService(),
|
||||
config: () => Promise.resolve(createMockConfig()),
|
||||
},
|
||||
MetadataIndexPattern
|
||||
metadataIndexPattern
|
||||
);
|
||||
expect(query).toEqual({
|
||||
body: {
|
||||
|
@ -54,7 +54,7 @@ describe('query builder', () => {
|
|||
},
|
||||
from: 0,
|
||||
size: 10,
|
||||
index: MetadataIndexPattern,
|
||||
index: metadataIndexPattern,
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
} as Record<string, any>);
|
||||
});
|
||||
|
@ -74,7 +74,7 @@ describe('query builder', () => {
|
|||
service: new EndpointAppContextService(),
|
||||
config: () => Promise.resolve(createMockConfig()),
|
||||
},
|
||||
MetadataIndexPattern
|
||||
metadataIndexPattern
|
||||
);
|
||||
expect(query).toEqual({
|
||||
body: {
|
||||
|
@ -119,7 +119,7 @@ describe('query builder', () => {
|
|||
},
|
||||
from: 0,
|
||||
size: 10,
|
||||
index: MetadataIndexPattern,
|
||||
index: metadataIndexPattern,
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
} as Record<string, any>);
|
||||
});
|
||||
|
@ -128,7 +128,7 @@ describe('query builder', () => {
|
|||
describe('MetadataGetQuery', () => {
|
||||
it('searches for the correct ID', () => {
|
||||
const mockID = 'AABBCCDD-0011-2233-AA44-DEADBEEF8899';
|
||||
const query = getESQueryHostMetadataByID(mockID, MetadataIndexPattern);
|
||||
const query = getESQueryHostMetadataByID(mockID, metadataIndexPattern);
|
||||
|
||||
expect(query).toEqual({
|
||||
body: {
|
||||
|
@ -136,7 +136,7 @@ describe('query builder', () => {
|
|||
sort: [{ 'event.created': { order: 'desc' } }],
|
||||
size: 1,
|
||||
},
|
||||
index: MetadataIndexPattern,
|
||||
index: metadataIndexPattern,
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -4,11 +4,7 @@
|
|||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
import { EndpointAppContextService } from '../../endpoint_app_context_services';
|
||||
import {
|
||||
createMockAgentService,
|
||||
createMockIndexPatternRetriever,
|
||||
createRouteHandlerContext,
|
||||
} from '../../mocks';
|
||||
import { createMockAgentService, createRouteHandlerContext } from '../../mocks';
|
||||
import { getHostPolicyResponseHandler } from './handlers';
|
||||
import {
|
||||
IScopedClusterClient,
|
||||
|
@ -41,7 +37,6 @@ describe('test policy response handler', () => {
|
|||
endpointAppContextService = new EndpointAppContextService();
|
||||
mockAgentService = createMockAgentService();
|
||||
endpointAppContextService.start({
|
||||
indexPatternRetriever: createMockIndexPatternRetriever('metrics-endpoint-policy-*'),
|
||||
agentService: mockAgentService,
|
||||
});
|
||||
});
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
*/
|
||||
import { RequestHandler } from 'kibana/server';
|
||||
import { TypeOf } from '@kbn/config-schema';
|
||||
import { policyIndexPattern } from '../../../../common/endpoint/constants';
|
||||
import { GetPolicyResponseSchema } from '../../../../common/endpoint/schema/policy';
|
||||
import { EndpointAppContext } from '../../types';
|
||||
import { getPolicyResponseByHostId } from './service';
|
||||
|
@ -14,12 +15,8 @@ export const getHostPolicyResponseHandler = function (
|
|||
): RequestHandler<undefined, TypeOf<typeof GetPolicyResponseSchema.query>, undefined> {
|
||||
return async (context, request, response) => {
|
||||
try {
|
||||
const index = await endpointAppContext.service
|
||||
.getIndexPatternRetriever()
|
||||
.getPolicyResponseIndexPattern(context);
|
||||
|
||||
const doc = await getPolicyResponseByHostId(
|
||||
index,
|
||||
policyIndexPattern,
|
||||
request.query.hostId,
|
||||
context.core.elasticsearch.legacy.client
|
||||
);
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
import { RequestHandler, Logger } from 'kibana/server';
|
||||
import { TypeOf } from '@kbn/config-schema';
|
||||
import { eventsIndexPattern } from '../../../../common/endpoint/constants';
|
||||
import { validateAncestry } from '../../../../common/endpoint/schema/resolver';
|
||||
import { Fetcher } from './utils/fetch';
|
||||
import { EndpointAppContext } from '../../types';
|
||||
|
@ -20,12 +21,9 @@ export function handleAncestry(
|
|||
query: { ancestors, legacyEndpointID: endpointID },
|
||||
} = req;
|
||||
try {
|
||||
const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
|
||||
|
||||
const client = context.core.elasticsearch.legacy.client;
|
||||
const indexPattern = await indexRetriever.getEventIndexPattern(context);
|
||||
|
||||
const fetcher = new Fetcher(client, id, indexPattern, endpointID);
|
||||
const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
|
||||
const ancestorInfo = await fetcher.ancestors(ancestors);
|
||||
|
||||
return res.ok({
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
import { RequestHandler, Logger } from 'kibana/server';
|
||||
import { TypeOf } from '@kbn/config-schema';
|
||||
import { eventsIndexPattern } from '../../../../common/endpoint/constants';
|
||||
import { validateChildren } from '../../../../common/endpoint/schema/resolver';
|
||||
import { Fetcher } from './utils/fetch';
|
||||
import { EndpointAppContext } from '../../types';
|
||||
|
@ -20,11 +21,8 @@ export function handleChildren(
|
|||
query: { children, generations, afterChild, legacyEndpointID: endpointID },
|
||||
} = req;
|
||||
try {
|
||||
const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
|
||||
const indexPattern = await indexRetriever.getEventIndexPattern(context);
|
||||
|
||||
const client = context.core.elasticsearch.legacy.client;
|
||||
const fetcher = new Fetcher(client, id, indexPattern, endpointID);
|
||||
const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
|
||||
|
||||
return res.ok({
|
||||
body: await fetcher.children(children, generations, afterChild),
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
import { TypeOf } from '@kbn/config-schema';
|
||||
import { RequestHandler, Logger } from 'kibana/server';
|
||||
import { eventsIndexPattern } from '../../../../common/endpoint/constants';
|
||||
import { validateEvents } from '../../../../common/endpoint/schema/resolver';
|
||||
import { Fetcher } from './utils/fetch';
|
||||
import { EndpointAppContext } from '../../types';
|
||||
|
@ -20,11 +21,9 @@ export function handleEvents(
|
|||
query: { events, afterEvent, legacyEndpointID: endpointID },
|
||||
} = req;
|
||||
try {
|
||||
const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
|
||||
const client = context.core.elasticsearch.legacy.client;
|
||||
const indexPattern = await indexRetriever.getEventIndexPattern(context);
|
||||
|
||||
const fetcher = new Fetcher(client, id, indexPattern, endpointID);
|
||||
const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
|
||||
|
||||
return res.ok({
|
||||
body: await fetcher.events(events, afterEvent),
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
import { RequestHandler, Logger } from 'kibana/server';
|
||||
import { TypeOf } from '@kbn/config-schema';
|
||||
import { eventsIndexPattern } from '../../../../common/endpoint/constants';
|
||||
import { validateTree } from '../../../../common/endpoint/schema/resolver';
|
||||
import { Fetcher } from './utils/fetch';
|
||||
import { Tree } from './utils/tree';
|
||||
|
@ -32,10 +33,8 @@ export function handleTree(
|
|||
} = req;
|
||||
try {
|
||||
const client = context.core.elasticsearch.legacy.client;
|
||||
const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
|
||||
const indexPattern = await indexRetriever.getEventIndexPattern(context);
|
||||
|
||||
const fetcher = new Fetcher(client, id, indexPattern, endpointID);
|
||||
const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
|
||||
|
||||
const [childrenNodes, ancestry, relatedEvents, relatedAlerts] = await Promise.all([
|
||||
fetcher.children(children, generations, afterChild),
|
||||
|
|
|
@ -43,7 +43,6 @@ import { registerAlertRoutes } from './endpoint/alerts/routes';
|
|||
import { registerPolicyRoutes } from './endpoint/routes/policy';
|
||||
import { EndpointAppContextService } from './endpoint/endpoint_app_context_services';
|
||||
import { EndpointAppContext } from './endpoint/types';
|
||||
import { IngestIndexPatternRetriever } from './endpoint/alerts/index_pattern';
|
||||
|
||||
export interface SetupPlugins {
|
||||
alerts: AlertingSetup;
|
||||
|
@ -219,10 +218,6 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
|
|||
|
||||
public start(core: CoreStart, plugins: StartPlugins) {
|
||||
this.endpointAppContextService.start({
|
||||
indexPatternRetriever: new IngestIndexPatternRetriever(
|
||||
plugins.ingestManager.esIndexPatternService,
|
||||
this.context.logger
|
||||
),
|
||||
agentService: plugins.ingestManager.agentService,
|
||||
});
|
||||
return {};
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
import expect from '@kbn/expect/expect.js';
|
||||
import { FtrProviderContext } from '../../../ftr_provider_context';
|
||||
import { AlertData } from '../../../../../plugins/security_solution/common/endpoint_alerts/types';
|
||||
import { eventsIndexPattern } from '../../../../../plugins/security_solution/common/endpoint/constants';
|
||||
import { deleteEventsStream, deleteMetadataStream } from '../data_stream_helper';
|
||||
|
||||
/**
|
||||
|
@ -75,7 +76,7 @@ export default function ({ getService }: FtrProviderContext) {
|
|||
await esArchiver.load('endpoint/alerts/api_feature', { useCreate: true });
|
||||
await esArchiver.load('endpoint/alerts/host_api_feature', { useCreate: true });
|
||||
const res = await es.search({
|
||||
index: 'events-endpoint-*',
|
||||
index: eventsIndexPattern,
|
||||
body: ES_QUERY_MISSING,
|
||||
});
|
||||
nullableEventId = res.hits.hits[0]._source.event.id;
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
import expect from '@kbn/expect/expect.js';
|
||||
import { FtrProviderContext } from '../../../ftr_provider_context';
|
||||
|
||||
export default function ({ getService }: FtrProviderContext) {
|
||||
const supertest = getService('supertest');
|
||||
|
||||
describe('Endpoint index pattern API', () => {
|
||||
it('should retrieve the index pattern for events', async () => {
|
||||
const { body } = await supertest.get('/api/endpoint/index_pattern/events').expect(200);
|
||||
expect(body.indexPattern).to.eql('events-endpoint-*');
|
||||
});
|
||||
|
||||
it('should retrieve the index pattern for metadata', async () => {
|
||||
const { body } = await supertest.get('/api/endpoint/index_pattern/metadata').expect(200);
|
||||
expect(body.indexPattern).to.eql('metrics-endpoint.metadata-*');
|
||||
});
|
||||
|
||||
it('should retrieve the index pattern for policy', async () => {
|
||||
const { body } = await supertest.get('/api/endpoint/index_pattern/policy').expect(200);
|
||||
expect(body.indexPattern).to.eql('metrics-endpoint.policy-*');
|
||||
});
|
||||
|
||||
it('should not retrieve the index pattern for an invalid key', async () => {
|
||||
await supertest.get('/api/endpoint/index_pattern/blah').expect(404);
|
||||
});
|
||||
});
|
||||
}
|
|
@ -5,6 +5,11 @@
|
|||
*/
|
||||
|
||||
import { Client } from '@elastic/elasticsearch';
|
||||
import {
|
||||
metadataIndexPattern,
|
||||
eventsIndexPattern,
|
||||
policyIndexPattern,
|
||||
} from '../../../../plugins/security_solution/common/endpoint/constants';
|
||||
|
||||
export async function deleteDataStream(getService: (serviceName: 'es') => Client, index: string) {
|
||||
const client = getService('es');
|
||||
|
@ -20,13 +25,13 @@ export async function deleteDataStream(getService: (serviceName: 'es') => Client
|
|||
}
|
||||
|
||||
export async function deleteMetadataStream(getService: (serviceName: 'es') => Client) {
|
||||
await deleteDataStream(getService, 'metrics-endpoint.metadata-*');
|
||||
await deleteDataStream(getService, metadataIndexPattern);
|
||||
}
|
||||
|
||||
export async function deleteEventsStream(getService: (serviceName: 'es') => Client) {
|
||||
await deleteDataStream(getService, 'events-endpoint-*');
|
||||
await deleteDataStream(getService, eventsIndexPattern);
|
||||
}
|
||||
|
||||
export async function deletePolicyStream(getService: (serviceName: 'es') => Client) {
|
||||
await deleteDataStream(getService, 'metrics-endpoint.policy-*');
|
||||
await deleteDataStream(getService, policyIndexPattern);
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
|
||||
import { FtrProviderContext } from '../../ftr_provider_context';
|
||||
|
||||
export default function endpointAPIIntegrationTests({
|
||||
|
@ -16,7 +15,6 @@ export default function endpointAPIIntegrationTests({
|
|||
before(async () => {
|
||||
await ingestManager.setup();
|
||||
});
|
||||
loadTestFile(require.resolve('./alerts/index_pattern'));
|
||||
loadTestFile(require.resolve('./resolver'));
|
||||
loadTestFile(require.resolve('./metadata'));
|
||||
loadTestFile(require.resolve('./alerts'));
|
||||
|
|
|
@ -20,7 +20,7 @@ export default function ({ getService }: FtrProviderContext) {
|
|||
await esArchiver.unload('endpoint/alerts/host_api_feature');
|
||||
});
|
||||
|
||||
it('should return a 500', async () => {
|
||||
it('should not return data', async () => {
|
||||
await supertest.get('/api/endpoint/alerts').expect(500);
|
||||
});
|
||||
});
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
import { FtrProviderContext } from '../../ftr_provider_context';
|
||||
|
||||
export default function ({ getService }: FtrProviderContext) {
|
||||
const supertest = getService('supertest');
|
||||
|
||||
describe('Endpoint index pattern API without ingest manager initialized', () => {
|
||||
it('should not retrieve the index pattern for events', async () => {
|
||||
await supertest.get('/api/endpoint/index_pattern/events').expect(404);
|
||||
});
|
||||
});
|
||||
}
|
|
@ -9,7 +9,6 @@ import { FtrProviderContext } from '../ftr_provider_context';
|
|||
export default function endpointAPIIntegrationTests({ loadTestFile }: FtrProviderContext) {
|
||||
describe('Endpoint plugin', function () {
|
||||
this.tags('ciGroup7');
|
||||
loadTestFile(require.resolve('./alerts/index_pattern'));
|
||||
loadTestFile(require.resolve('./metadata'));
|
||||
loadTestFile(require.resolve('./alerts'));
|
||||
});
|
||||
|
|
|
@ -11,7 +11,7 @@ export default function ({ getService }: FtrProviderContext) {
|
|||
describe('test metadata api when ingest manager is not initialized', () => {
|
||||
before(async () => await esArchiver.load('endpoint/metadata/api_feature'));
|
||||
after(async () => await esArchiver.unload('endpoint/metadata/api_feature'));
|
||||
it('metadata api should return a 500', async () => {
|
||||
it('metadata api should not return results', async () => {
|
||||
await supertest.post('/api/endpoint/metadata').set('kbn-xsrf', 'xxx').send().expect(500);
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in a new issue