Skip to content

Commit

Permalink
[RAC] Disable RAC multi-tenancy (#108506) (#108765)
Browse files Browse the repository at this point in the history
* Disable RAC multi-tenancy

Co-authored-by: Kerry Gallagher <[email protected]>
  • Loading branch information
kibanamachine and Kerry350 authored Aug 16, 2021
1 parent 919d59f commit 22e637d
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 10 deletions.
3 changes: 0 additions & 3 deletions packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,6 @@ import type { EsQueryConfig } from '@kbn/es-query';
* registering a new instance of the rule data client
* in a new plugin will require updating the below data structure
* to include the index name where the alerts as data will be written to.
*
* This doesn't work in combination with the `xpack.ruleRegistry.index`
* setting, with which the user can change the index prefix.
*/

export const AlertConsumers = {
Expand Down
8 changes: 7 additions & 1 deletion x-pack/plugins/rule_registry/server/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,14 @@ export const config = {
write: schema.object({
enabled: schema.boolean({ defaultValue: false }),
}),
index: schema.string({ defaultValue: '.alerts' }),
unsafe: schema.object({
legacyMultiTenancy: schema.object({
enabled: schema.boolean({ defaultValue: false }),
}),
}),
}),
};

export type RuleRegistryPluginConfig = TypeOf<typeof config.schema>;

export const INDEX_PREFIX = '.alerts' as const;
27 changes: 23 additions & 4 deletions x-pack/plugins/rule_registry/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,13 @@ import {
KibanaRequest,
CoreStart,
IContextProvider,
SharedGlobalConfig,
} from 'src/core/server';

import { PluginStartContract as AlertingStart } from '../../alerting/server';
import { SecurityPluginSetup } from '../../security/server';

import { RuleRegistryPluginConfig } from './config';
import { INDEX_PREFIX, RuleRegistryPluginConfig } from './config';
import { RuleDataPluginService } from './rule_data_plugin_service';
import { AlertsClientFactory } from './alert_data_client/alerts_client_factory';
import { AlertsClient } from './alert_data_client/alerts_client';
Expand Down Expand Up @@ -51,13 +52,16 @@ export class RuleRegistryPlugin
RuleRegistryPluginStartDependencies
> {
private readonly config: RuleRegistryPluginConfig;
private readonly legacyConfig: SharedGlobalConfig;
private readonly logger: Logger;
private readonly alertsClientFactory: AlertsClientFactory;
private ruleDataService: RuleDataPluginService | null;
private security: SecurityPluginSetup | undefined;

constructor(initContext: PluginInitializerContext) {
this.config = initContext.config.get<RuleRegistryPluginConfig>();
// TODO: Can be removed in 8.0.0. Exists to work around multi-tenancy users.
this.legacyConfig = initContext.config.legacy.get();
this.logger = initContext.logger.get();
this.ruleDataService = null;
this.alertsClientFactory = new AlertsClientFactory();
Expand All @@ -67,7 +71,7 @@ export class RuleRegistryPlugin
core: CoreSetup<RuleRegistryPluginStartDependencies, RuleRegistryPluginStartContract>,
plugins: RuleRegistryPluginSetupDependencies
): RuleRegistryPluginSetupContract {
const { config, logger } = this;
const { logger } = this;

const startDependencies = core.getStartServices().then(([coreStart, pluginStart]) => {
return {
Expand All @@ -78,10 +82,25 @@ export class RuleRegistryPlugin

this.security = plugins.security;

const isWriteEnabled = (config: RuleRegistryPluginConfig, legacyConfig: SharedGlobalConfig) => {
const hasEnabledWrite = config.write.enabled;
const hasSetCustomKibanaIndex = legacyConfig.kibana.index !== '.kibana';
const hasSetUnsafeAccess = config.unsafe.legacyMultiTenancy.enabled;

if (!hasEnabledWrite) return false;

// Not using legacy multi-tenancy
if (!hasSetCustomKibanaIndex) {
return hasEnabledWrite;
} else {
return hasSetUnsafeAccess;
}
};

this.ruleDataService = new RuleDataPluginService({
logger,
isWriteEnabled: config.write.enabled,
index: config.index,
isWriteEnabled: isWriteEnabled(this.config, this.legacyConfig),
index: INDEX_PREFIX,
getClusterClient: async () => {
const deps = await startDependencies;
return deps.core.elasticsearch.client.asInternalUser;
Expand Down
1 change: 0 additions & 1 deletion x-pack/test/apm_api_integration/configs/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ const apmFtrConfigs = {
license: 'trial' as const,
kibanaConfig: {
'migrations.enableV2': 'false',
'xpack.ruleRegistry.index': '.kibana-alerts',
'xpack.ruleRegistry.write.enabled': 'true',
},
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
const BULK_INDEX_DELAY = 1000;
const INDEXING_DELAY = 5000;

const ALERTS_INDEX_TARGET = '.kibana-alerts-observability.apm.alerts*';
const ALERTS_INDEX_TARGET = '.alerts-observability.apm.alerts*';
const APM_METRIC_INDEX_NAME = 'apm-8.0.0-transaction';

const createTransactionMetric = (override: Record<string, any>) => {
Expand Down

0 comments on commit 22e637d

Please sign in to comment.