-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Actions] Set system actions on Kibana start #160983
[Actions] Set system actions on Kibana start #160983
Conversation
…ana into system_actions_registration
@@ -85,13 +85,15 @@ export const fetchActionTypes = async (): Promise<ActionType[]> => { | |||
enabled_in_license: enabledInLicense, | |||
minimum_license_required: minimumLicenseRequired, | |||
supported_feature_ids: supportedFeatureIds, | |||
is_system_action_type: isSystemActionType, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Related: #160753 (comment)
Pinging @elastic/uptime (Team:uptime) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security Assistant changes LGTM, thank you!
Pinging @elastic/response-ops (Team:ResponseOps) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, some nits with messages and some questions, no blockers
); | ||
}); | ||
|
||
it('throws when creating a system connector where the action type is not registered but a system connector exists in the in-memory list', async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How could this happen? Doesn't seem like it matters that there's an existing inMemoryConnector
of this type, which presumably would have had to been registered before hand.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it is impossible for this to happen. I added it in case we introduce a bug in the future and somehow becomes possible. Extreme scenario though 🙂.
source: asHttpRequestExecutionSource(request), | ||
}); | ||
|
||
expect(mockedActionTypeRegistry.ensureActionTypeEnabled).not.toHaveBeenCalled(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm ... this feels like we're not allowing system actions to be deny-listed (by not including them in the allow-list). I guess I can see that, but ... not sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We discussed it offline and it seems there is a use-case scenario where you can disallow an action type but not a preconfigured connector. This does not apply to system actions. I will address it in another PR.
018d83a
to
03aab4a
Compare
03aab4a
to
abc6014
Compare
💛 Build succeeded, but was flaky
Failed CI Steps
Test Failures
Metrics [docs]Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @cnasikas |
## Summary This PR adds the ability for system actions to be able to define their own Kibana privileges that need to be authorized before execution. Depends on: #160983 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary This PR adds the ability for system actions to be able to define their own Kibana privileges that need to be authorized before execution. Depends on: elastic#160983 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary This PR: - Handles the references for system actions in the rule - Forbids the creation of system actions through the `kibana.yml` - Adds telemetry for system actions - Allow system action types to be disabled from the `kibana.yml` Depends on: #160983, #161341 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary This PR adds the ability for system actions to be able to define their own Kibana privileges that need to be authorized before execution. Depends on: elastic#160983 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary This PR: - Handles the references for system actions in the rule - Forbids the creation of system actions through the `kibana.yml` - Adds telemetry for system actions - Allow system action types to be disabled from the `kibana.yml` Depends on: elastic#160983, elastic#161341 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
This PR:
start
from the system action typesChecklist
Delete any items that are not applicable to this PR.
For maintainers