Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerting] Handling connectors with missing secrets during rule creation and action execution #98618

Merged
merged 23 commits into from
May 4, 2021
Merged

[Alerting] Handling connectors with missing secrets during rule creation and action execution #98618

merged 23 commits into from
May 4, 2021

Conversation

ymao1
Copy link
Contributor

@ymao1 ymao1 commented Apr 28, 2021
edited
Loading

Resolves #94128

Summary

This PR does a few things to handle connectors where isMissingSecrets: true:

  1. Removes connectors with isMissingSecrets: true from the list of available connectors during rule creation. This means imported connectors that have not been fixed will not show up in the list of available connectors in the AlertAdd flyout.
  2. Extends action validation during rule creation/update to check the isMissingSecrets value for the connector used by each action. This should prevent actions with bad connectors from being added via the rule API.
  3. Before action execution, check the isMissingSecrets value for connector used by the action and throws an error if it is true This shows up in the UI like:

Screen Shot 2021-04-28 at 8 31 45 AM

To verify

  1. Create an ndjson file with the following:
{"attributes":{"actionTypeId":".resilient","config":{"apiUrl":"https://resilient","orgId":"abc"},"isMissingSecrets":true,"name":"resilient connector","secrets":null},"coreMigrationVersion":"8.0.0","id":"b2833c90-a78b-11eb-a1a3-7ba49ae0dd71","migrationVersion":{"action":"7.14.0"},"references":[],"type":"action","updated_at":"2021-04-27T19:06:40.255Z","version":"WzIwLDFd"}
{"attributes":{"actionTypeId":".email","config":{"from":"me@me.com","hasAuth":false,"host":"hello","port":22,"secure":null,"service":null},"isMissingSecrets":true,"name":"email connector","secrets":null},"coreMigrationVersion":"8.0.0","id":"904d4d50-a78b-11eb-a1a3-7ba49ae0dd71","migrationVersion":{"action":"7.14.0"},"references":[],"type":"action","updated_at":"2021-04-27T19:06:55.575Z","version":"WzIxLDFd"}
{"attributes":{"actionTypeId":".slack","config":{},"isMissingSecrets":true,"name":"slack connector","secrets":null},"coreMigrationVersion":"8.0.0","id":"a2bcb160-a78b-11eb-a1a3-7ba49ae0dd71","migrationVersion":{"action":"7.14.0"},"references":[],"type":"action","updated_at":"2021-04-27T19:07:10.203Z","version":"WzIyLDFd"}
{"attributes":{"actionTypeId":".jira","config":{"apiUrl":"https://jira","projectKey":"foo"},"isMissingSecrets":true,"name":"jira connector","secrets":null},"coreMigrationVersion":"8.0.0","id":"ceae6340-a78b-11eb-a1a3-7ba49ae0dd71","migrationVersion":{"action":"7.14.0"},"references":[],"type":"action","updated_at":"2021-04-27T19:07:27.489Z","version":"WzIzLDFd"}
{"exportedCount":4,"missingRefCount":0,"missingReferences":[]}
  1. Import this file via the Saved Objects Management UI
  2. Create a new rule via the UI. Verify that none of the imported connectors are available to be used
  3. Create a rule via the API that has an action that uses one of the imported connectors. Verify that you get a 400 error.

Checklist

Delete any items that are not applicable to this PR.

YulNaumenko and others added 20 commits April 23, 2021 14:50
@YulNaumenko
[Connectors][API] Updated connectors with enabledAfterImport flag
7f3f1bf
@YulNaumenko
fixed functional tests
fe1755f
@YulNaumenko
Merge remote-tracking branch upstream/master
b5cecc1
@YulNaumenko
added new field to connectors API docs
d307369
@YulNaumenko
added update unit test
8f1a0d6
@YulNaumenko
fixed test
aaa0673
@YulNaumenko
renamed enableAfterImport to isMissingSecrets
d54d06f
@YulNaumenko
removed onExport
adf3bf0
@YulNaumenko
revert the logic of true/false for isMissingSecrets
7cfc83d
@YulNaumenko
fixed test
4f56afa
@YulNaumenko
fixed tests
b950b18
@YulNaumenko
added unit test
defad11
@YulNaumenko
fixed docs
d15d490
@YulNaumenko
fixed import text and button labels
7f11c3d
@YulNaumenko
fixed import text
236221b
@YulNaumenko
fixed text
8a4da38
@ymao1
Showing placeholder message when connector is missing secrets
92e1543
@ymao1
Merge branch 'master' of https://github.com/elastic/kibana into alert…
4761ba8 
…ing/rules-with-imported-connectors
@ymao1
Throwing error on isMissingSecrets = true before executing actions
04bdef7
@ymao1
Hiding connectors with missing secrets from dropdown
3f4a025
@ymao1 ymao1 self-assigned this Apr 28, 2021
@ymao1 ymao1 added Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.14.0 v8.0.0 labels Apr 28, 2021
@ymao1 ymao1 marked this pull request as ready for review April 28, 2021 17:50
@ymao1 ymao1 requested a review from a team as a code owner April 28, 2021 17:50
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

YulNaumenko
YulNaumenko approved these changes May 3, 2021
View reviewed changes
Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall changes LGTM! I have only question about the error message.

x-pack/plugins/actions/server/create_execute_function.ts Outdated Show resolved Hide resolved
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
triggersActionsUi 1.5MB 1.5MB +47.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
triggersActionsUi 106.1KB 106.3KB +210.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ymao1

@ymao1 ymao1 added the auto-backport Deprecated - use backport:version if exact versions are needed label May 4, 2021
@ymao1 ymao1 merged commit a17d261 into elastic:master May 4, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request May 4, 2021
@ymao1 @YulNaumenko @kibanamachine
[Alerting] Handling connectors with missing secrets during rule creat…
3afbb7e 
…ion and action execution (elastic#98618)

* [Connectors][API] Updated connectors with enabledAfterImport flag

* fixed functional tests

* added new field to connectors API docs

* added update unit test

* fixed test

* renamed enableAfterImport to isMissingSecrets

* removed onExport

* revert the logic of true/false for isMissingSecrets

* fixed test

* fixed tests

* added unit test

* fixed docs

* fixed import text and button labels

* fixed import text

* fixed text

* Showing placeholder message when connector is missing secrets

* Throwing error on isMissingSecrets = true before executing actions

* Hiding connectors with missing secrets from dropdown

* Checking for connectors with missing secrets during action validation on rule creation/update

* Updating error wording

Co-authored-by: Yuliia Naumenko <yuliia.naumenko@elastic.com>
@kibanamachine kibanamachine mentioned this pull request May 4, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request May 4, 2021
@kibanamachine @ymao1 @YulNaumenko
[Alerting] Handling connectors with missing secrets during rule creat…
078f3e0 
…ion and action execution (#98618) (#99226)

* [Connectors][API] Updated connectors with enabledAfterImport flag

* fixed functional tests

* added new field to connectors API docs

* added update unit test

* fixed test

* renamed enableAfterImport to isMissingSecrets

* removed onExport

* revert the logic of true/false for isMissingSecrets

* fixed test

* fixed tests

* added unit test

* fixed docs

* fixed import text and button labels

* fixed import text

* fixed text

* Showing placeholder message when connector is missing secrets

* Throwing error on isMissingSecrets = true before executing actions

* Hiding connectors with missing secrets from dropdown

* Checking for connectors with missing secrets during action validation on rule creation/update

* Updating error wording

Co-authored-by: Yuliia Naumenko <yuliia.naumenko@elastic.com>

Co-authored-by: ymao1 <ying.mao@elastic.co>
Co-authored-by: Yuliia Naumenko <yuliia.naumenko@elastic.com>
@ymao1 ymao1 deleted the alerting/rules-with-imported-connectors branch May 19, 2021 13:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gchaps gchaps gchaps left review comments

@YulNaumenko YulNaumenko YulNaumenko approved these changes

Assignees

@ymao1 ymao1

Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Alerting] Rules should handle actions where connectors have isMissingSecrets: true
5 participants
@ymao1 @elasticmachine @kibanamachine @gchaps @YulNaumenko