[RAC] Update RBAC mapping of features to index names to comply with the index naming scheme #108872
Conversation
banderror
added
bug
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
banderror
added
the
Team:Infra Monitoring UI - DEPRECATED
|
Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui) |
| infrastructure: '.alerts-observability.metrics', | ||
| apm: '.alerts-observability.apm.alerts', | ||
| logs: '.alerts-observability.logs.alerts', | ||
| infrastructure: '.alerts-observability.metrics.alerts', | ||
| observability: '.alerts-observability', |
There was a problem hiding this comment.
Does it make sense to change it to .alerts-observability.*.alerts?
There was a problem hiding this comment.
This object should be updated to append the space id in the index name as well as reading from the kibana config for observability's usage of custom prefixes. Not sure if these are still happening @peluja1012 ?
@banderror It would be ideal to implement this data structure as a saved object, this way we provide the customer with some way to mutate the index names without having to push out a new release of kibana.
There was a problem hiding this comment.
The custom index prefix setting has been removed.
Do we need this data-structure at all at this point? Can't we use the registration context as a further (non-security-relevant) filter? (not for this PR, but in future iterations)
There was a problem hiding this comment.
As long as we don't index evaluation docs the result would be the same, but the change also couldn't hurt while we're at it.
| infrastructure: '.alerts-observability.metrics', | ||
| apm: '.alerts-observability.apm.alerts', | ||
| logs: '.alerts-observability.logs.alerts', | ||
| infrastructure: '.alerts-observability.metrics.alerts', | ||
| observability: '.alerts-observability', |
There was a problem hiding this comment.
This object should be updated to append the space id in the index name as well as reading from the kibana config for observability's usage of custom prefixes. Not sure if these are still happening @peluja1012 ?
@banderror It would be ideal to implement this data structure as a saved object, this way we provide the customer with some way to mutate the index names without having to push out a new release of kibana.
| infrastructure: '.alerts-observability.metrics', | ||
| apm: '.alerts-observability.apm.alerts', | ||
| logs: '.alerts-observability.logs.alerts', | ||
| infrastructure: '.alerts-observability.metrics.alerts', | ||
| observability: '.alerts-observability', |
There was a problem hiding this comment.
The custom index prefix setting has been removed.
Do we need this data-structure at all at this point? Can't we use the registration context as a further (non-security-relevant) filter? (not for this PR, but in future iterations)
banderror
force-pushed
the
rule-registry-index-names-compliance-with-design
branch
2 times, most recently
from
b7b0a0d to
070a7d6
Compare
There was a problem hiding this comment.
Don't we either have to specify the namespace suffix in the mapConsumerToIndexName mapping or dynamically add it in the code paths that access the alerts? I think that's not happening right now and causes the alerts table query to target the wrong indices.
@yctercero are there any pending PRs that add the namespace suffix during data access?
banderror
force-pushed
the
rule-registry-index-names-compliance-with-design
branch
from
070a7d6 to
f526378
Compare
banderror
force-pushed
the
rule-registry-index-names-compliance-with-design
branch
from
f526378 to
f2b0a22
Compare
⏳ Build in-progress, with failures
Failed CI StepsHistory
To update your PR or re-run it, just comment with: cc @banderror |
|
This PR is going to be replaced by #109567 and closed. |
|
I'm closing this one, the same goal (updating index names that RAC RBAC uses - in order to comply with the index naming scheme) is addressed in #109567 in a better way. |
…atures to index names (#109567) **Ticket:** #102089 🚨 **This PR is critical for Observability 7.15** 🚨 ## Summary This PR introduces changes that fix the usage of alerts-as-data index naming in RBAC. It builds on top of #109346 and replaces #108872. TODO: - [x] Address #109346 (review) - [x] Make changes to `AlertsClient.getAuthorizedAlertsIndices()` so it starts using `RuleDataService` to get index names by feature ids. - [x] Delete the hardcoded `mapConsumerToIndexName` where we had incorrect index names. - [x] Close #108872 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…atures to index names (elastic#109567) **Ticket:** elastic#102089 🚨 **This PR is critical for Observability 7.15** 🚨 ## Summary This PR introduces changes that fix the usage of alerts-as-data index naming in RBAC. It builds on top of elastic#109346 and replaces elastic#108872. TODO: - [x] Address elastic#109346 (review) - [x] Make changes to `AlertsClient.getAuthorizedAlertsIndices()` so it starts using `RuleDataService` to get index names by feature ids. - [x] Delete the hardcoded `mapConsumerToIndexName` where we had incorrect index names. - [x] Close elastic#108872 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…atures to index names (elastic#109567) **Ticket:** elastic#102089 🚨 **This PR is critical for Observability 7.15** 🚨 ## Summary This PR introduces changes that fix the usage of alerts-as-data index naming in RBAC. It builds on top of elastic#109346 and replaces elastic#108872. TODO: - [x] Address elastic#109346 (review) - [x] Make changes to `AlertsClient.getAuthorizedAlertsIndices()` so it starts using `RuleDataService` to get index names by feature ids. - [x] Delete the hardcoded `mapConsumerToIndexName` where we had incorrect index names. - [x] Close elastic#108872 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…atures to index names (#109567) (#110068) **Ticket:** #102089 🚨 **This PR is critical for Observability 7.15** 🚨 ## Summary This PR introduces changes that fix the usage of alerts-as-data index naming in RBAC. It builds on top of #109346 and replaces #108872. TODO: - [x] Address #109346 (review) - [x] Make changes to `AlertsClient.getAuthorizedAlertsIndices()` so it starts using `RuleDataService` to get index names by feature ids. - [x] Delete the hardcoded `mapConsumerToIndexName` where we had incorrect index names. - [x] Close #108872 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Georgii Gorbachev <[email protected]>
…atures to index names (#109567) (#110067) **Ticket:** #102089 🚨 **This PR is critical for Observability 7.15** 🚨 ## Summary This PR introduces changes that fix the usage of alerts-as-data index naming in RBAC. It builds on top of #109346 and replaces #108872. TODO: - [x] Address #109346 (review) - [x] Make changes to `AlertsClient.getAuthorizedAlertsIndices()` so it starts using `RuleDataService` to get index names by feature ids. - [x] Delete the hardcoded `mapConsumerToIndexName` where we had incorrect index names. - [x] Close #108872 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Georgii Gorbachev <[email protected]>
Addresses: #102089
🚨 This PR is critical for Observability 7.15 🚨
Summary
This PR changes the
mapConsumerToIndexNameused by RAC RBAC and tests containing references to those indices.observability-apmrenamed toobservability.apm.alertssuffix was added, e.g..alerts-observability.apm.alertsand.alerts-observability.metrics.alertsobservability: '.alerts-observability'is not changed, does it make sense to make itobservability: '.alerts-observability.*.alerts'?Checklist
Delete any items that are not applicable to this PR.