maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/x-pack
History
Georgii Gorbachev 7fd6539dca
[RAC] Rule monitoring: Event Log for Rule Registry (#98353) 
**Needed for:** rule execution log for Security https://github.com/elastic/kibana/pull/94143
**Related to:**

- alerts-as-data: https://github.com/elastic/kibana/issues/93728, https://github.com/elastic/kibana/issues/93729, https://github.com/elastic/kibana/issues/93730
- RFC for index naming https://github.com/elastic/kibana/issues/98912

## Summary

This PR adds a mechanism for writing to / reading from / bootstrapping indices for RAC project into the `rule_registry` plugin. Particularly, indices for alerts-as-data and rule execution events. This implementation is similar to existing implementations like `event_log` plugin (see https://github.com/elastic/kibana/pull/98353#issuecomment-833045980 for historical perspective), but we're going to converge all of them into 1 or 2 implementations. At least we should have a single one in `rule_registry` itself.

In this PR I tried to incorporate most of the feedback received in the RFC (https://github.com/elastic/kibana/issues/98912), but if you notice I missed/forgot something, please let me know in the comments.

Done in this PR:

- [x] Schema-agnostic APIs for working with Elasticsearch.
- [x] Schema-aware log definition and bootstrapping API (creating hierarchical logs).
- [x] Schema-aware write API (logging events).
- [x] Schema-aware read API (searching logs, filtering, sorting, pagination, aggregation).
- [x] Support for Kibana spaces, space-aware index bootstrapping (either at rule creation or rule execution time).

As for reviewing this PR, perhaps it might be easier to start with:

- checking description of https://github.com/elastic/kibana/issues/98912
- checking usage examples https://github.com/elastic/kibana/pull/98353/files#diff-c049ff2198cc69bd50a69e92d29e88da7e10b9a152bdaceaf3d41826e712c12b
- checking public api https://github.com/elastic/kibana/pull/98353/files#diff-8e9ef0dbcbc60b1861d492a03865b2ae76a56ec38ada61898c991d3a74bd6268

## Next steps

Next steps towards rule execution log in Security (https://github.com/elastic/kibana/pull/94143):

- define actual schema for rule execution events
- inject instance of rule execution log into Security rule executors and route handlers
- implement actual execution logging in rule executors
- update route handlers to start fetching execution events and metrics from the log instead of custom saved objects

Next steps in the context of RAC and unified implementation:

- converge this implementation with `RuleDataService` implementation
  - implement robust index bootstrapping
  - reconsider using FieldMap as a generic type parameter
  - implement validation for documents being indexed
- cover the final implementation with tests
- write comprehensive docs: update plugin README, add JSDoc comments to all public interfaces
2021-05-27 18:28:19 +03:00
..
build_chromium [Reporting] Update Puppeteer to version 8.0.0 and Chromium to r856583 (#98688) 2021-05-07 09:54:33 -07:00
dev-tools
examples [Screenshot mode] Create plugin to provide "screenshot mode" awareness (#99627) 2021-05-19 16:03:27 +02:00
plugins [RAC] Rule monitoring: Event Log for Rule Registry (#98353) 2021-05-27 18:28:19 +03:00
scripts
tasks
test [Index Patterns] Migrate tests to the new es client (#100760) 2021-05-27 15:47:30 +02:00
.gitignore
.i18nrc.json [Fleet] Remove beats management plugin (#99789) 2021-05-27 11:30:15 +02:00
.telemetryrc.json
gulpfile.js
package.json chore(NA): moving @kbn/i18n into bazel (#99390) 2021-05-14 21:12:20 +01:00
README.md

README.md

Elastic License Functionality

This directory tree contains files subject to the Elastic License 2.0. The files subject to the Elastic License 2.0 are grouped in this directory to clearly separate them from files dual-licensed under the Server Side Public License and the Elastic License 2.0.

Development

By default, Kibana will run with X-Pack installed as mentioned in the contributing guide.

Elasticsearch will run with a basic license. To run with a trial license, including security, you can specifying that with the yarn es command.

Example: yarn es snapshot --license trial --password changeme

By default, this will also set the password for native realm accounts to the password provided (changeme by default). This includes that of the kibana_system user which elasticsearch.username defaults to in development. If you wish to specify a password for a given native realm account, you can do that like so: --password.kibana_system=notsecure

Testing

For information on testing, see the Elastic functional test development guide.

Running functional tests

The functional UI tests, the API integration tests, and the SAML API integration tests are all run against a live browser, Kibana, and Elasticsearch install. Each set of tests is specified with a unique config that describes how to start the Elasticsearch server, the Kibana server, and what tests to run against them. The sets of tests that exist today are functional UI tests (specified by this config), API integration tests (specified by this config), and SAML API integration tests (specified by this config).

The script runs all sets of tests sequentially like so:

  • builds Elasticsearch and X-Pack
  • runs Elasticsearch with X-Pack
  • starts up the Kibana server with X-Pack
  • runs the functional UI tests against those servers
  • tears down the servers
  • repeats the same process for the API and SAML API integration test configs.

To do all of this in a single command run:

node scripts/functional_tests

Developing functional UI tests

If you are developing functional tests then you probably don't want to rebuild Elasticsearch and wait for all that setup on every test run, so instead use this command to build and start just the Elasticsearch and Kibana servers:

node scripts/functional_tests_server

After the servers are started, open a new terminal and run this command to run just the tests (without tearing down Elasticsearch or Kibana):

node scripts/functional_test_runner

For both of the above commands, it's crucial that you pass in --config to specify the same config file to both commands. This makes sure that the right tests will run against the right servers. Typically a set of tests and server configuration go together.

Read more about how the scripts work here.

For a deeper dive, read more about the way functional tests and servers work here.

Running API integration tests

API integration tests are run with a unique setup usually without UI assets built for the Kibana server.

API integration tests are intended to test only programmatic API exposed by Kibana. There is no need to run browser and simulate user actions, which significantly reduces execution time. In addition, the configuration for API integration tests typically sets optimize.enabled=false for Kibana because UI assets are usually not needed for these tests.

To run only the API integration tests:

node scripts/functional_tests --config test/api_integration/config

Running SAML API integration tests

We also have SAML API integration tests which set up Elasticsearch and Kibana with SAML support. Run only API integration tests with SAML enabled like so:

node scripts/functional_tests --config test/security_api_integration/saml.config

Running Jest integration tests

Jest integration tests can be used to test behavior with Elasticsearch and the Kibana server.

yarn test:jest_integration

Running Reporting functional tests

See here for more information on running reporting tests.

Running Security Solution Cypress E2E/integration tests

See here for information on running this test suite.