Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] Add a new validation rule to ensure capability security is defined #809

Closed
mrodm opened this issue Oct 2, 2024 · 0 comments · Fixed by #820
Closed

[Enhancement] Add a new validation rule to ensure capability security is defined #809

mrodm opened this issue Oct 2, 2024 · 0 comments · Fixed by #820
Assignees
@mrodm
Labels
Team:Ecosystem Label for the Packages Ecosystem team

Comments

@mrodm
Copy link
Contributor

mrodm commented Oct 2, 2024

Currently, there are packages that define security-rule kibana assets but it is not enforced that the capability security is defined in the package manifest.

Those assets can be added into kibana/security_rule/*.json.

If that happens, those packages would be available in Observability Serverless projects, but they cannot be installed in those kind of projects. Example of the error raised (link):

Error: can't install the package: could not zip-install package; API status code = 400; response body = {"statusCode":400,"error":"Bad Request","message":"Encountered 17 errors creating saved objects: [{\"type\":\"security-rule\",\"id\":\"0c5a9660-eaa9-11ee-a30d-e7740197132d\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"10359860-1139-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"2140f083-6e39-4df4-ba41-aa1f41cb81b8\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"2e5a7e20-1137-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"2e9c9ac0-1138-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"55faa99b-ce17-4a41-9f63-4a7439e3543a\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"5be38411-3902-4686-8209-1ab75a6d3847\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"6040cb5c-5e01-4f4d-af7f-9ca9c11dbdc7\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"6839b82b-22bf-418f-a86b-7e7a4cd074d7\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"6d34f6dc-4a36-46cd-a4bb-ea2f1a01ab8a\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"867e3450-1139-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"934a39a0-1138-11ee-af86-538da1394f27\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"bdf083c5-63cb-41ae-bb7a-563cc4e8719f\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"beeea32f-31ba-4be8-9e2c-14de47280aac\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"c40eaba1-7507-4fe7-aae5-78e59cd7b8f2\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"ccffb8f0-601f-46f6-8ae9-ab8af5e6bbf4\",\"error\":{\"type\":\"unsupported_type\"}},{\"type\":\"security-rule\",\"id\":\"d0d735ed-08fe-4393-9aa6-120236995152\",\"error\":{\"type\":\"unsupported_type\"}}]"}

Given that, it would be nice to add a new validation rule into the spec that ensures that if there is any security-rule asset, the package manifest must define the security capability too.

conditions:
  elastic:
    capabilities:
      - security

Relates:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mrodm mrodm

Labels
Team:Ecosystem Label for the Packages Ecosystem team
Projects
None yet
Milestone
No milestone
1 participant
@mrodm