-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Onboard Synthetics TLS rule type with FAAD (#191127)
Resolves: #169867 This is the second attempt PR 🙂 to onboard the Synthetics TLS rule type with FAAD. **To verify** 1. Create an oblt cluster with `/create-ccs-cluster` on slack. Choose `dev-oblt`. 2. Add the configuration values from the oblt command to your kibana.yml. You may have to add: ``` elasticsearch.ignoreVersionMismatch: true ``` and start Kibana 4. Navigate to `app/synthetics/settings/alerting` and add a default connector. 5. Go to `/app/synthetics/monitors/getting-started` and create a HTTP Ping monitor with whatever url you want ( I used https://github.com/) and select a location. 6. Go back to `app/synthetics` and click the Alerts & Rules link. Click TLS certificate rule. Edit the older than param to something low, such as 1 day. 7. The TLS rule should create an active alert, verify that the action message is populated. 8. Repeat step 5 update the older than param to be higher than the age of the cert. You can check your cert here `app/synthetics/certificates` 9. The TLS rule should recover, and verify that the recovery action message is populated. 10. You can also check the AAD docs in dev tools using the following command: ``` GET .internal.alerts-observability.uptime.alerts*/_search ```
- Loading branch information
Showing
6 changed files
with
259 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
167 changes: 167 additions & 0 deletions
167
...ugins/observability_solution/synthetics/server/alert_rules/tls_rule/message_utils.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,167 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
| import { IBasePath } from '@kbn/core/server'; | ||
| import { AlertsLocatorParams } from '@kbn/observability-plugin/common'; | ||
| import { LocatorPublic } from '@kbn/share-plugin/common'; | ||
| import { setTLSRecoveredAlertsContext } from './message_utils'; | ||
| import { TLSLatestPing } from './tls_rule_executor'; | ||
|
|
||
| describe('setTLSRecoveredAlertsContext', () => { | ||
| const timestamp = new Date().toISOString(); | ||
| const alertUuid = 'alert-id'; | ||
| const configId = '12345'; | ||
| const basePath = { | ||
| publicBaseUrl: 'https://localhost:5601', | ||
| } as IBasePath; | ||
| const alertsLocatorMock = { | ||
| getLocation: jest.fn().mockImplementation(() => ({ | ||
| path: 'https://localhost:5601/app/observability/alerts/alert-id', | ||
| })), | ||
| } as any as LocatorPublic<AlertsLocatorParams>; | ||
| const alertState = { | ||
| summary: 'test-summary', | ||
| status: 'has expired', | ||
| sha256: 'cert-1-sha256', | ||
| commonName: 'cert-1', | ||
| issuer: 'test-issuer', | ||
| monitorName: 'test-monitor', | ||
| monitorType: 'test-monitor-type', | ||
| locationName: 'test-location-name', | ||
| monitorUrl: 'test-monitor-url', | ||
| configId, | ||
| }; | ||
|
|
||
| it('sets context correctly when monitor cert has been updated', async () => { | ||
| const alertsClientMock = { | ||
| report: jest.fn(), | ||
| getAlertLimitValue: jest.fn().mockReturnValue(10), | ||
| setAlertLimitReached: jest.fn(), | ||
| getRecoveredAlerts: jest.fn().mockReturnValue([ | ||
| { | ||
| alert: { | ||
| getId: () => alertUuid, | ||
| getState: () => alertState, | ||
| setContext: jest.fn(), | ||
| getUuid: () => alertUuid, | ||
| getStart: () => new Date().toISOString(), | ||
| }, | ||
| }, | ||
| ]), | ||
| setAlertData: jest.fn(), | ||
| isTrackedAlert: jest.fn(), | ||
| }; | ||
| await setTLSRecoveredAlertsContext({ | ||
| alertsClient: alertsClientMock, | ||
| basePath, | ||
| defaultStartedAt: timestamp, | ||
| spaceId: 'default', | ||
| alertsLocator: alertsLocatorMock, | ||
| latestPings: [ | ||
| { | ||
| config_id: configId, | ||
| '@timestamp': timestamp, | ||
| tls: { | ||
| server: { | ||
| hash: { | ||
| sha256: 'cert-2-sha256', | ||
| }, | ||
| x509: { | ||
| subject: { | ||
| common_name: 'cert-2', | ||
| }, | ||
| not_after: timestamp, | ||
| }, | ||
| }, | ||
| }, | ||
| } as TLSLatestPing, | ||
| ], | ||
| }); | ||
| expect(alertsClientMock.setAlertData).toBeCalledWith({ | ||
| context: { | ||
| alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id', | ||
| commonName: 'cert-1', | ||
| configId: '12345', | ||
| issuer: 'test-issuer', | ||
| locationName: 'test-location-name', | ||
| monitorName: 'test-monitor', | ||
| monitorType: 'test-monitor-type', | ||
| monitorUrl: 'test-monitor-url', | ||
| newStatus: expect.stringContaining('Certificate cert-2 Expired on'), | ||
| previousStatus: 'Certificate cert-1 test-summary', | ||
| sha256: 'cert-1-sha256', | ||
| status: 'has expired', | ||
| summary: 'Monitor certificate has been updated.', | ||
| }, | ||
| id: 'alert-id', | ||
| }); | ||
| }); | ||
|
|
||
| it('sets context correctly when monitor cert expiry/age threshold has been updated', async () => { | ||
| const alertsClientMock = { | ||
| report: jest.fn(), | ||
| getAlertLimitValue: jest.fn().mockReturnValue(10), | ||
| setAlertLimitReached: jest.fn(), | ||
| getRecoveredAlerts: jest.fn().mockReturnValue([ | ||
| { | ||
| alert: { | ||
| getId: () => alertUuid, | ||
| getState: () => alertState, | ||
| setContext: jest.fn(), | ||
| getUuid: () => alertUuid, | ||
| getStart: () => new Date().toISOString(), | ||
| }, | ||
| }, | ||
| ]), | ||
| setAlertData: jest.fn(), | ||
| isTrackedAlert: jest.fn(), | ||
| }; | ||
| await setTLSRecoveredAlertsContext({ | ||
| alertsClient: alertsClientMock, | ||
| basePath, | ||
| defaultStartedAt: timestamp, | ||
| spaceId: 'default', | ||
| alertsLocator: alertsLocatorMock, | ||
| latestPings: [ | ||
| { | ||
| config_id: configId, | ||
| '@timestamp': timestamp, | ||
| tls: { | ||
| server: { | ||
| hash: { | ||
| sha256: 'cert-1-sha256', | ||
| }, | ||
| x509: { | ||
| subject: { | ||
| common_name: 'cert-1', | ||
| }, | ||
| not_after: timestamp, | ||
| }, | ||
| }, | ||
| }, | ||
| } as TLSLatestPing, | ||
| ], | ||
| }); | ||
| expect(alertsClientMock.setAlertData).toBeCalledWith({ | ||
| context: { | ||
| alertDetailsUrl: 'https://localhost:5601/app/observability/alerts/alert-id', | ||
| commonName: 'cert-1', | ||
| configId: '12345', | ||
| issuer: 'test-issuer', | ||
| locationName: 'test-location-name', | ||
| monitorName: 'test-monitor', | ||
| monitorType: 'test-monitor-type', | ||
| monitorUrl: 'test-monitor-url', | ||
| newStatus: 'Certificate cert-1 test-summary', | ||
| previousStatus: 'Certificate cert-1 test-summary', | ||
| sha256: 'cert-1-sha256', | ||
| status: 'has expired', | ||
| summary: 'Expiry/Age threshold has been updated.', | ||
| }, | ||
| id: 'alert-id', | ||
| }); | ||
| }); | ||
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.