From 85e07662d8f3981b9db32ae2b74600b8a816d983 Mon Sep 17 00:00:00 2001 From: Kerry Gallagher <471693+Kerry350@users.noreply.github.com> Date: Mon, 16 Aug 2021 20:01:27 +0100 Subject: [PATCH] [RAC] Disable RAC multi-tenancy (#108506) * Disable RAC multi-tenancy --- .../src/alerts_as_data_rbac.ts | 3 --- x-pack/plugins/rule_registry/server/config.ts | 8 +++++- x-pack/plugins/rule_registry/server/plugin.ts | 27 ++++++++++++++++--- .../test/apm_api_integration/configs/index.ts | 1 - .../tests/alerts/rule_registry.ts | 2 +- 5 files changed, 31 insertions(+), 10 deletions(-) diff --git a/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts b/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts index 3295f7a971aa1..719301bce8e06 100644 --- a/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts +++ b/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts @@ -13,9 +13,6 @@ import type { EsQueryConfig } from '@kbn/es-query'; * registering a new instance of the rule data client * in a new plugin will require updating the below data structure * to include the index name where the alerts as data will be written to. - * - * This doesn't work in combination with the `xpack.ruleRegistry.index` - * setting, with which the user can change the index prefix. */ export const AlertConsumers = { diff --git a/x-pack/plugins/rule_registry/server/config.ts b/x-pack/plugins/rule_registry/server/config.ts index ce1d44cdb94ee..3b9155f319032 100644 --- a/x-pack/plugins/rule_registry/server/config.ts +++ b/x-pack/plugins/rule_registry/server/config.ts @@ -13,8 +13,14 @@ export const config = { write: schema.object({ enabled: schema.boolean({ defaultValue: false }), }), - index: schema.string({ defaultValue: '.alerts' }), + unsafe: schema.object({ + legacyMultiTenancy: schema.object({ + enabled: schema.boolean({ defaultValue: false }), + }), + }), }), }; export type RuleRegistryPluginConfig = TypeOf; + +export const INDEX_PREFIX = '.alerts' as const; diff --git a/x-pack/plugins/rule_registry/server/plugin.ts b/x-pack/plugins/rule_registry/server/plugin.ts index 2325e5dd20233..ed6f19cd3af56 100644 --- a/x-pack/plugins/rule_registry/server/plugin.ts +++ b/x-pack/plugins/rule_registry/server/plugin.ts @@ -13,12 +13,13 @@ import { KibanaRequest, CoreStart, IContextProvider, + SharedGlobalConfig, } from 'src/core/server'; import { PluginStartContract as AlertingStart } from '../../alerting/server'; import { SecurityPluginSetup } from '../../security/server'; -import { RuleRegistryPluginConfig } from './config'; +import { INDEX_PREFIX, RuleRegistryPluginConfig } from './config'; import { RuleDataPluginService } from './rule_data_plugin_service'; import { AlertsClientFactory } from './alert_data_client/alerts_client_factory'; import { AlertsClient } from './alert_data_client/alerts_client'; @@ -51,6 +52,7 @@ export class RuleRegistryPlugin RuleRegistryPluginStartDependencies > { private readonly config: RuleRegistryPluginConfig; + private readonly legacyConfig: SharedGlobalConfig; private readonly logger: Logger; private readonly alertsClientFactory: AlertsClientFactory; private ruleDataService: RuleDataPluginService | null; @@ -58,6 +60,8 @@ export class RuleRegistryPlugin constructor(initContext: PluginInitializerContext) { this.config = initContext.config.get(); + // TODO: Can be removed in 8.0.0. Exists to work around multi-tenancy users. + this.legacyConfig = initContext.config.legacy.get(); this.logger = initContext.logger.get(); this.ruleDataService = null; this.alertsClientFactory = new AlertsClientFactory(); @@ -67,7 +71,7 @@ export class RuleRegistryPlugin core: CoreSetup, plugins: RuleRegistryPluginSetupDependencies ): RuleRegistryPluginSetupContract { - const { config, logger } = this; + const { logger } = this; const startDependencies = core.getStartServices().then(([coreStart, pluginStart]) => { return { @@ -78,10 +82,25 @@ export class RuleRegistryPlugin this.security = plugins.security; + const isWriteEnabled = (config: RuleRegistryPluginConfig, legacyConfig: SharedGlobalConfig) => { + const hasEnabledWrite = config.write.enabled; + const hasSetCustomKibanaIndex = legacyConfig.kibana.index !== '.kibana'; + const hasSetUnsafeAccess = config.unsafe.legacyMultiTenancy.enabled; + + if (!hasEnabledWrite) return false; + + // Not using legacy multi-tenancy + if (!hasSetCustomKibanaIndex) { + return hasEnabledWrite; + } else { + return hasSetUnsafeAccess; + } + }; + this.ruleDataService = new RuleDataPluginService({ logger, - isWriteEnabled: config.write.enabled, - index: config.index, + isWriteEnabled: isWriteEnabled(this.config, this.legacyConfig), + index: INDEX_PREFIX, getClusterClient: async () => { const deps = await startDependencies; return deps.core.elasticsearch.client.asInternalUser; diff --git a/x-pack/test/apm_api_integration/configs/index.ts b/x-pack/test/apm_api_integration/configs/index.ts index 793197e9fc1b8..51bcb30a0c176 100644 --- a/x-pack/test/apm_api_integration/configs/index.ts +++ b/x-pack/test/apm_api_integration/configs/index.ts @@ -27,7 +27,6 @@ const apmFtrConfigs = { license: 'trial' as const, kibanaConfig: { 'migrations.enableV2': 'false', - 'xpack.ruleRegistry.index': '.kibana-alerts', 'xpack.ruleRegistry.write.enabled': 'true', }, }, diff --git a/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts b/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts index 7ff81defe5ff2..e1bd5a8d05b48 100644 --- a/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts +++ b/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts @@ -42,7 +42,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { const BULK_INDEX_DELAY = 1000; const INDEXING_DELAY = 5000; - const ALERTS_INDEX_TARGET = '.kibana-alerts-observability.apm.alerts*'; + const ALERTS_INDEX_TARGET = '.alerts-observability.apm.alerts*'; const APM_METRIC_INDEX_NAME = 'apm-8.0.0-transaction'; const createTransactionMetric = (override: Record) => {