force any plugin registering rules to register the feature id into th…

…e master list which maps feature id to index names
dhurley14 · Jun 30, 2021 · 3377e4b · 3377e4b
1 parent 35a102c
commit 3377e4b
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 12 deletions.
diff --git a/x-pack/plugins/apm/server/plugin.ts b/x-pack/plugins/apm/server/plugin.ts
@@ -19,7 +19,7 @@ import { mapValues, once } from 'lodash';
 import { TECHNICAL_COMPONENT_TEMPLATE_NAME } from '../../rule_registry/common/assets';
 import { mappingFromFieldMap } from '../../rule_registry/common/mapping_from_field_map';
 import { RuleDataClient } from '../../rule_registry/server';
-import { APMConfig, APMXPackConfig } from '.';
+import { APMConfig, APMXPackConfig, APM_SERVER_FEATURE_ID } from '.';
 import { mergeConfigs } from './index';
 import { UI_SETTINGS } from '../../../../src/plugins/data/common';
 import { APM_FEATURE, registerFeaturesUsage } from './feature';
@@ -181,6 +181,7 @@ export class APMPlugin
     });
 
     const ruleDataClient = new RuleDataClient({
+      feature: APM_SERVER_FEATURE_ID,
       alias: ruleDataService.getFullAssetName('observability-apm'),
       getClusterClient: async () => {
         const coreStart = await getCoreStart();

diff --git a/x-pack/plugins/observability/server/plugin.ts b/x-pack/plugins/observability/server/plugin.ts
@@ -105,7 +105,13 @@ export class ObservabilityPlugin implements Plugin<ObservabilityPluginSetup> {
         return coreStart.elasticsearch.client.asInternalUser;
       },
       ready: () => Promise.resolve(),
+      // For the line below this comment...
+      // so just .alerts? That doesn't seem right...
+      // I'm imagining this should be .alerts-observability and so
+      // ...ruleDataService.getFullAssetName('observability');
+      // otherwise .alerts could return top alerts for everything?
       alias: plugins.ruleRegistry.ruleDataService.getFullAssetName(),
+      feature: 'observability',
     });
 
     registerRoutes({

diff --git a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts
@@ -46,6 +46,12 @@ interface GetAlertParams {
   index?: string;
 }
 
+export const mapConsumerToIndexName = {
+  observability: '.alerts-observability',
+  apm: '.alerts-observability-apm',
+  siem: ['.alerts-security-solution', '.siem-signals'],
+};
+
 /**
  * Provides apis to interact with alerts as data
  * ensures the request is authorized to perform read / write actions
@@ -69,7 +75,7 @@ export class AlertsClient {
     operations: Array<ReadOperations | WriteOperations>
   ) {
     return this.authorization.getAugmentRuleTypesWithAuthorization(
-      featureIds.length !== 0 ? featureIds : ['apm', 'siem'],
+      featureIds.length !== 0 ? featureIds : Object.keys(mapConsumerToIndexName),
       operations,
       AlertingAuthorizationEntity.Alert
     );
@@ -196,7 +202,9 @@ export class AlertsClient {
     }
   }
 
-  public async getAuthorizedAlertsIndices(featureIds: string[]): Promise<string[] | undefined> {
+  public async getAuthorizedAlertsIndices(
+    featureIds: Array<keyof typeof mapConsumerToIndexName>
+  ): Promise<string[] | undefined> {
     const augmentedRuleTypes = await this.authorization.getAugmentRuleTypesWithAuthorization(
       featureIds,
       [ReadOperations.Find, ReadOperations.Get, WriteOperations.Update],
@@ -206,20 +214,17 @@ export class AlertsClient {
     // As long as the user can read a minimum of one type of rule type produced by the provided feature,
     // the user should be provided that features' alerts index.
     // Limiting which alerts that user can read on that index will be done via the findAuthorizationFilter
-    const authorizedFeatures = new Set();
+    const authorizedFeatures = new Set<string>();
     for (const ruleType of augmentedRuleTypes.authorizedRuleTypes) {
       authorizedFeatures.add(ruleType.producer);
     }
 
+    const typeguard = (a: string): a is keyof typeof mapConsumerToIndexName =>
+      a in Object.keys(mapConsumerToIndexName);
+
     const toReturn = Array.from(authorizedFeatures).flatMap((feature) => {
-      switch (feature) {
-        case 'apm':
-          return '.alerts-observability-apm';
-        case 'siem':
-          return ['.alerts-security-solution', '.siem-signals'];
-        default:
-          return [];
-      }
+      if (typeguard(feature)) return mapConsumerToIndexName[feature];
+      return [];
     });
 
     return toReturn;

diff --git a/x-pack/plugins/rule_registry/server/rule_data_client/types.ts b/x-pack/plugins/rule_registry/server/rule_data_client/types.ts
@@ -11,6 +11,7 @@ import { ElasticsearchClient } from 'kibana/server';
 import { FieldDescriptor } from 'src/plugins/data/server';
 import { ESSearchRequest, ESSearchResponse } from 'src/core/types/elasticsearch';
 import { TechnicalRuleDataFieldName } from '../../common/technical_rule_data_field_names';
+import { mapConsumerToIndexName } from '../alert_data_client/alerts_client';
 
 export interface RuleDataReader {
   search<TSearchRequest extends ESSearchRequest>(
@@ -37,8 +38,11 @@ export interface IRuleDataClient {
   createOrUpdateWriteTarget(options: { namespace?: string }): Promise<void>;
 }
 
+type ValidFeatureIds = keyof typeof mapConsumerToIndexName;
+
 export interface RuleDataClientConstructorOptions {
   getClusterClient: () => Promise<ElasticsearchClient>;
   ready: () => Promise<void>;
   alias: string;
+  feature: ValidFeatureIds;
 }
diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
@@ -237,6 +237,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
       });
 
       ruleDataClient = new RuleDataClient({
+        feature: SERVER_APP_ID,
         alias: plugins.ruleRegistry.ruleDataService.getFullAssetName('security-solution'),
         getClusterClient: async () => {
           const coreStart = await start();