* Initial work
* Fix type check and jest failures
* Add unit tests
* No need to notifyUsage from alert execution handler
* Fix ESLint
* Log action usage from alerts
* Add integration tests
* Fix jest test
* Skip feature usage of basic action types
* Fix types
* Fix ESLint issue
* Clarify comment
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Marks all Alerts with a `versionApiKeyLastmodified ` field that tracks what version the alert's Api Key was last updated in. We then use this field to exempt legacy alerts (created pre `7.10.0`) in order to use a _dialed down_ version of RBAC which should allow old alerts to continue to function after the upgrade, until they are updates (at which point they will no longer be **Legacy**).
More details here: https://github.com/elastic/kibana/issues/74858#issuecomment-688324039
This PR adds _Role Based Access-Control_ to the Alerting framework & Actions feature using Kibana Feature Controls, addressing most of the Meta issue: https://github.com/elastic/kibana/issues/43994
This also closes https://github.com/elastic/kibana/issues/62438
This PR includes the following:
1. Adds `alerting` specific Security Actions (not to be confused with Alerting Actions) to the `security` plugin which allows us to assign alerting specific privileges to users of other plugins using the `features` plugin.
2. Removes the security wrapper from the savedObjectsClient in AlertsClient and instead plugs in the new AlertsAuthorization which performs the privilege checks on each api call made to the AlertsClient.
3. Adds privileges in each plugin that is already using the Alerting Framework which mirror (as closely as possible) the existing api-level tag-based privileges and plugs them into the AlertsClient.
4. Adds feature granted privileges arounds Actions (by relying on Saved Object privileges under the hood) and plugs them into the ActionsClient
5. Removes the legacy api-level tag-based privilege system from both the Alerts and Action HTTP APIs
This PR adds an API to the AlertsClient which allows users to execute actions immediately, rather than via TaskManager.
This also moves the TaskManager based execution to a new api on ActionsClient along side the immediate execution.
* Extended existing alerting functionality to support preconfigured only action types
* fixed functional test
* Adding documentation
* Fixed UI part due to comments
* added missing tests
* fixed action type execution
* Fixed documentation
* Fixed due to comments
* fixed type checks
* extended isActionExecutable to check exact action id if it is in the preconfigured list
This removes unneeded use of `any` throughout:
1. alerting
2. alerting_builtin
3. actions
4. task manager
5. event log
It also adds a linting rule that will prevent us from adding more `any` in the future unless an explicit exemption is made.
resolves https://github.com/elastic/kibana/issues/63162
Most of the support for pre-configured actions has already been added
to Kibana, except for one small piece. The ability for them to be
executed. This PR adds that support.
* Define minimum license required for each action type (#58668)
* Add minimum required license
* Require at least gold license as a minimum license required on third party action types
* Use strings for license references
* Ensure license type is valid
* Fix some tests
* Add servicenow to gold
* Add tests
* Set license requirements on other built in action types
* Use jest.Mocked<ActionType> instead
* Change servicenow to platinum
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Make actions config mock and license state mock use factory pattern and jest mocks (#59370)
* Add license checks to action HTTP APIs (#59153)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Add license checks within alerting / actions framework (#59699)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Verify action type before scheduling action task
* Make actions plugin.execute throw error if action type is disabled
* Bug fixes
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Stop action task from re-running when license check fails
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Fix confusing assertion
* Add comment explaining double mock
* Log warning when alert action isn't scheduled
* Disable action types in UI when license doesn't support it (#59819)
* Initial work
* Handle errors in update action API
* Add unit tests for APIs
* Verify action type before scheduling action task
* Make actions plugin.execute throw error if action type is disabled
* Bug fixes
* Make action executor throw when action type isn't enabled
* Add test suite for basic license
* Fix ESLint errors
* Stop action task from re-running when license check fails
* Fix failing tests
* Attempt 1 to fix CI
* ESLint fixes
* Return enabledInConfig and enabledInLicense from actions get types API
* Disable cards that have invalid license in create connector flyout
* Create sendResponse function on ActionTypeDisabledError
* Make disabled action types by config return 403
* Remove switch case
* Fix ESLint
* Disable when creating alert action
* Return minimumLicenseRequired in /types API
* Disable row in connectors when action type is disabled
* Fix failing jest test
* Some refactoring
* Card in edit alert flyout
* Sort action types by name
* Add tooltips to create connector action type selector
* Add tooltips to alert flyout action type selector
* Add get more actions link in alert flyout
* Add callout when creating a connector
* Typos
* remove float right and use flexgroup
* replace pixels with eui variables
* turn on sass lint for triggers_actions_ui dir
* trying to add padding around cards
* Add callout in edit alert screen when some actions are disabled
* improve card selection for Add Connector flyout
* Fix cards for create connector
* Add tests
* ESLint issue
* Cleanup
* Cleanup pt2
* Fix type check errors
* moving to 3-columns cards for connector selection
* Change re-enable to enable terminology
* Revert "Change re-enable to enable terminology"
This reverts commit b497dfd6b6.
* Add re-enable comment
* Remove unecessary fragment
* Add type to actionTypeNodes
* Fix EuiLink to not have opacity of 0.7 when not hovered
* design cleanup in progress
* updating classNames
* using EuiIconTip
* Remove label on icon tip
* Fix failing jest test
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
* Add index to .index action type test
* PR feedback
* Add isErrorThatHandlesItsOwnResponse
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Andrea Del Rio <delrio.andre@gmail.com>
* Disable actions client when ESO using generated key
* Add test for getActionsClientWithRequest
* Add other part to plugin.test.ts
* Cleanup tests a bit
* Cleanup tests
* plugin.test.ts cleanup
* Add warning logs on setup
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
