Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SLOs] remove manage_transform and manage_ingest_pipeline privilege requirements #190572

Merged
merged 25 commits into from
Aug 29, 2024
Merged

[SLOs] remove manage_transform and manage_ingest_pipeline privilege requirements #190572

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
05f0e25
slo - remove manage_transform and manage_ingest_pipeline privilege re…
dominiqueclarke Aug 15, 2024
1e24783
adjust tests
dominiqueclarke Aug 15, 2024
501b9ba
update slo health
dominiqueclarke Aug 15, 2024
56902e5
adjust requirements for write user
dominiqueclarke Aug 20, 2024
1f7883f
update privilege set and tests
dominiqueclarke Aug 20, 2024
3afcd42
fix(security, http): expose authentication headers in the authenticat…
azasypkin Aug 21, 2024
8a99097
adjust jest test
dominiqueclarke Aug 21, 2024
47b7ef4
adjust tests and types
dominiqueclarke Aug 21, 2024
9f2ef6d
Merge branch 'main' into feat/slo-transforms-remove-transform-and-ing…
dominiqueclarke Aug 21, 2024
2edb72f
fix test types
shahzad31 Aug 22, 2024
50876af
fix check types
mgiota Aug 22, 2024
fb37216
adjust global diagnosis
dominiqueclarke Aug 22, 2024
7429098
Merge branch 'feat/slo-transforms-remove-transform-and-ingest-pipelin…
dominiqueclarke Aug 22, 2024
157b394
Merge branch 'main' into feat/slo-transforms-remove-transform-and-ing…
dominiqueclarke Aug 22, 2024
d838b3c
adjust content and index pattern
dominiqueclarke Aug 22, 2024
c0fe40a
Merge branch 'main' into feat/slo-transforms-remove-transform-and-ing…
dominiqueclarke Aug 22, 2024
55e1828
Merge branch 'main' into feat/slo-transforms-remove-transform-and-ing…
shahzad31 Aug 26, 2024
dfa5e65
adjust content
dominiqueclarke Aug 26, 2024
ffbea83
Merge branch 'feat/slo-transforms-remove-transform-and-ingest-pipelin…
dominiqueclarke Aug 26, 2024
febb9bf
Merge branch 'main' into feat/slo-transforms-remove-transform-and-ing…
dominiqueclarke Aug 26, 2024
3f27516
remove unnecessary autoconfigure privilege
dominiqueclarke Aug 28, 2024
c93e9a1
Merge branch 'feat/slo-transforms-remove-transform-and-ingest-pipelin…
dominiqueclarke Aug 28, 2024
b18ceb2
Merge branch 'main' into feat/slo-transforms-remove-transform-and-ing…
dominiqueclarke Aug 28, 2024
d979dba
adjust get tests
dominiqueclarke Aug 28, 2024
c1c9224
Merge branch 'feat/slo-transforms-remove-transform-and-ingest-pipelin…
dominiqueclarke Aug 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 52 additions & 31 deletions x-pack/plugins/observability_solution/slo/server/routes/slo/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,27 +105,30 @@ const createSLORoute = createSloServerRoute({
const dataViews = await dependencies.getDataViewsStart();
const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';

const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const basePath = dependencies.pluginsSetup.core.http.basePath;
const soClient = (await context.core).savedObjects.client;
const soClient = core.savedObjects.client;
const repository = new KibanaSavedObjectsSLORepository(soClient, logger);

const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
const transformManager = new DefaultTransformManager(
transformGenerators,
esClient,
scopedClusterClient,
logger,
spaceId,
dataViewsService
);
const summaryTransformManager = new DefaultSummaryTransformManager(
new DefaultSummaryTransformGenerator(),
esClient,
scopedClusterClient,
logger
);

const createSLO = new CreateSLO(
esClient,
scopedClusterClient,
repository,
transformManager,
summaryTransformManager,
Expand Down Expand Up @@ -154,25 +157,28 @@ const inspectSLORoute = createSloServerRoute({
const dataViews = await dependencies.getDataViewsStart();
const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
const basePath = dependencies.pluginsSetup.core.http.basePath;
const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const soClient = (await context.core).savedObjects.client;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const soClient = core.savedObjects.client;
const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
const transformManager = new DefaultTransformManager(
transformGenerators,
esClient,
scopedClusterClient,
logger,
spaceId,
dataViewsService
);
const summaryTransformManager = new DefaultSummaryTransformManager(
new DefaultSummaryTransformGenerator(),
esClient,
scopedClusterClient,
logger
);

const createSLO = new CreateSLO(
esClient,
scopedClusterClient,
repository,
transformManager,
summaryTransformManager,
Expand Down Expand Up @@ -200,20 +206,22 @@ const updateSLORoute = createSloServerRoute({
const dataViews = await dependencies.getDataViewsStart();

const basePath = dependencies.pluginsSetup.core.http.basePath;
const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const soClient = (await context.core).savedObjects.client;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const soClient = core.savedObjects.client;
const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
const transformManager = new DefaultTransformManager(
transformGenerators,
esClient,
scopedClusterClient,
logger,
spaceId,
dataViewsService
);
const summaryTransformManager = new DefaultSummaryTransformManager(
new DefaultSummaryTransformGenerator(),
esClient,
scopedClusterClient,
logger
);

Expand All @@ -222,6 +230,7 @@ const updateSLORoute = createSloServerRoute({
transformManager,
summaryTransformManager,
esClient,
scopedClusterClient,
logger,
spaceId,
basePath
Expand All @@ -247,24 +256,26 @@ const deleteSLORoute = createSloServerRoute({
const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
const dataViews = await dependencies.getDataViewsStart();

const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const soClient = (await context.core).savedObjects.client;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const soClient = core.savedObjects.client;
const rulesClient = await dependencies.getRulesClientWithRequest(request);

const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);

const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
const transformManager = new DefaultTransformManager(
transformGenerators,
esClient,
scopedClusterClient,
logger,
spaceId,
dataViewsService
);

const summaryTransformManager = new DefaultSummaryTransformManager(
new DefaultSummaryTransformGenerator(),
esClient,
scopedClusterClient,
logger
);

Expand All @@ -273,6 +284,7 @@ const deleteSLORoute = createSloServerRoute({
transformManager,
summaryTransformManager,
esClient,
scopedClusterClient,
rulesClient
);

Expand Down Expand Up @@ -319,20 +331,22 @@ const enableSLORoute = createSloServerRoute({
const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
const dataViews = await dependencies.getDataViewsStart();

const soClient = (await context.core).savedObjects.client;
const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const soClient = core.savedObjects.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
const transformManager = new DefaultTransformManager(
transformGenerators,
esClient,
scopedClusterClient,
logger,
spaceId,
dataViewsService
);
const summaryTransformManager = new DefaultSummaryTransformManager(
new DefaultSummaryTransformGenerator(),
esClient,
scopedClusterClient,
logger
);

Expand All @@ -358,20 +372,22 @@ const disableSLORoute = createSloServerRoute({
const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
const dataViews = await dependencies.getDataViewsStart();

const soClient = (await context.core).savedObjects.client;
const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const soClient = core.savedObjects.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
const transformManager = new DefaultTransformManager(
transformGenerators,
esClient,
scopedClusterClient,
logger,
spaceId,
dataViewsService
);
const summaryTransformManager = new DefaultSummaryTransformManager(
new DefaultSummaryTransformGenerator(),
esClient,
scopedClusterClient,
logger
);

Expand All @@ -396,27 +412,30 @@ const resetSLORoute = createSloServerRoute({
const spaces = await dependencies.getSpacesStart();
const dataViews = await dependencies.getDataViewsStart();
const spaceId = (await spaces?.spacesService?.getActiveSpace(request))?.id ?? 'default';
const soClient = (await context.core).savedObjects.client;
const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const soClient = core.savedObjects.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const basePath = dependencies.pluginsSetup.core.http.basePath;

const dataViewsService = await dataViews.dataViewsServiceFactory(soClient, esClient);
const repository = new KibanaSavedObjectsSLORepository(soClient, logger);
const transformManager = new DefaultTransformManager(
transformGenerators,
esClient,
scopedClusterClient,
logger,
spaceId,
dataViewsService
);
const summaryTransformManager = new DefaultSummaryTransformManager(
new DefaultSummaryTransformGenerator(),
esClient,
scopedClusterClient,
logger
);

const resetSLO = new ResetSLO(
esClient,
scopedClusterClient,
repository,
transformManager,
summaryTransformManager,
Expand Down Expand Up @@ -598,11 +617,13 @@ const fetchSloHealthRoute = createSloServerRoute({
handler: async ({ context, params, logger }) => {
await assertPlatinumLicense(context);

const soClient = (await context.core).savedObjects.client;
const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const core = await context.core;
const scopedClusterClient = core.elasticsearch.client;
const soClient = core.savedObjects.client;
const esClient = core.elasticsearch.client.asCurrentUser;
const repository = new KibanaSavedObjectsSLORepository(soClient, logger);

const getSLOHealth = new GetSLOHealth(esClient, repository);
const getSLOHealth = new GetSLOHealth(esClient, scopedClusterClient, repository);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dominiqueclarke I was checking all the routes in this file and I was wondering if we need to pass the scopedClusterClient to the getSloBurnRates route as well. I noticed that you didn't change the GET requests, but getSloBurnRates is POST request, so I thought we might need to pass the scopedClusterClient there as well. What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There aren't any transform or ingest pipeline actions in that code path.


return await getSLOHealth.execute(params.body);
},
Expand Down
20 changes: 16 additions & 4 deletions x-pack/plugins/observability_solution/slo/server/services/create_slo.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import {
elasticsearchServiceMock,
httpServiceMock,
loggingSystemMock,
ScopedClusterClientMock,
} from '@kbn/core/server/mocks';
import { MockedLogger } from '@kbn/logging-mocks';
import { CreateSLO } from './create_slo';
Expand All @@ -25,6 +26,7 @@ import { TransformManager } from './transform_manager';

describe('CreateSLO', () => {
let mockEsClient: ElasticsearchClientMock;
let mockScopedClusterClient: ScopedClusterClientMock;
let mockLogger: jest.Mocked<MockedLogger>;
let mockRepository: jest.Mocked<SLORepository>;
let mockTransformManager: jest.Mocked<TransformManager>;
Expand All @@ -35,12 +37,14 @@ describe('CreateSLO', () => {

beforeEach(() => {
mockEsClient = elasticsearchServiceMock.createElasticsearchClient();
mockScopedClusterClient = elasticsearchServiceMock.createScopedClusterClient();
mockLogger = loggingSystemMock.createLogger();
mockRepository = createSLORepositoryMock();
mockTransformManager = createTransformManagerMock();
mockSummaryTransformManager = createSummaryTransformManagerMock();
createSLO = new CreateSLO(
mockEsClient,
mockScopedClusterClient,
mockRepository,
mockTransformManager,
mockSummaryTransformManager,
Expand Down Expand Up @@ -82,7 +86,9 @@ describe('CreateSLO', () => {

expect(mockTransformManager.install).toHaveBeenCalled();
expect(mockTransformManager.start).toHaveBeenCalled();
expect(mockEsClient.ingest.putPipeline.mock.calls[0]).toMatchSnapshot();
expect(
mockScopedClusterClient.asSecondaryAuthUser.ingest.putPipeline.mock.calls[0]
).toMatchSnapshot();
expect(mockSummaryTransformManager.install).toHaveBeenCalled();
expect(mockSummaryTransformManager.start).toHaveBeenCalled();
expect(mockEsClient.index.mock.calls[0]).toMatchSnapshot();
Expand Down Expand Up @@ -165,7 +171,9 @@ describe('CreateSLO', () => {
);

expect(mockRepository.deleteById).toHaveBeenCalled();
expect(mockEsClient.ingest.deletePipeline).toHaveBeenCalledTimes(1);
expect(
mockScopedClusterClient.asSecondaryAuthUser.ingest.deletePipeline
).toHaveBeenCalledTimes(1);

expect(mockSummaryTransformManager.stop).not.toHaveBeenCalled();
expect(mockSummaryTransformManager.uninstall).not.toHaveBeenCalled();
Expand All @@ -186,7 +194,9 @@ describe('CreateSLO', () => {
expect(mockRepository.deleteById).toHaveBeenCalled();
expect(mockTransformManager.stop).toHaveBeenCalled();
expect(mockTransformManager.uninstall).toHaveBeenCalled();
expect(mockEsClient.ingest.deletePipeline).toHaveBeenCalledTimes(2);
expect(
mockScopedClusterClient.asSecondaryAuthUser.ingest.deletePipeline
).toHaveBeenCalledTimes(2);
expect(mockSummaryTransformManager.uninstall).toHaveBeenCalled();

expect(mockSummaryTransformManager.stop).not.toHaveBeenCalled();
Expand All @@ -203,7 +213,9 @@ describe('CreateSLO', () => {
expect(mockRepository.deleteById).toHaveBeenCalled();
expect(mockTransformManager.stop).toHaveBeenCalled();
expect(mockTransformManager.uninstall).toHaveBeenCalled();
expect(mockEsClient.ingest.deletePipeline).toHaveBeenCalledTimes(2);
expect(
mockScopedClusterClient.asSecondaryAuthUser.ingest.deletePipeline
).toHaveBeenCalledTimes(2);
expect(mockSummaryTransformManager.stop).toHaveBeenCalled();
expect(mockSummaryTransformManager.uninstall).toHaveBeenCalled();
});
Expand Down
14 changes: 9 additions & 5 deletions x-pack/plugins/observability_solution/slo/server/services/create_slo.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { IScopedClusterClient } from '@kbn/core/server';
import { TransformPutTransformRequest } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import { ElasticsearchClient, IBasePath, Logger } from '@kbn/core/server';
import { ALL_VALUE, CreateSLOParams, CreateSLOResponse } from '@kbn/slo-schema';
Expand Down Expand Up @@ -32,6 +32,7 @@ import { getTransformQueryComposite } from './utils/get_transform_compite_query'
export class CreateSLO {
constructor(
private esClient: ElasticsearchClient,
private scopedClusterClient: IScopedClusterClient,
private repository: SLORepository,
private transformManager: TransformManager,
private summaryTransformManager: TransformManager,
Expand All @@ -53,11 +54,14 @@ export class CreateSLO {
const summaryTransformId = getSLOSummaryTransformId(slo.id, slo.revision);
try {
await retryTransientEsErrors(
() => this.esClient.ingest.putPipeline(getSLOPipelineTemplate(slo)),
() =>
this.scopedClusterClient.asSecondaryAuthUser.ingest.putPipeline(
getSLOPipelineTemplate(slo)
),
{ logger: this.logger }
);
rollbackOperations.push(() =>
this.esClient.ingest.deletePipeline(
this.scopedClusterClient.asSecondaryAuthUser.ingest.deletePipeline(
{ id: getSLOPipelineId(slo.id, slo.revision) },
{ ignore: [404] }
)
Expand All @@ -71,13 +75,13 @@ export class CreateSLO {

await retryTransientEsErrors(
() =>
this.esClient.ingest.putPipeline(
this.scopedClusterClient.asSecondaryAuthUser.ingest.putPipeline(
getSLOSummaryPipelineTemplate(slo, this.spaceId, this.basePath)
),
{ logger: this.logger }
);
rollbackOperations.push(() =>
this.esClient.ingest.deletePipeline(
this.scopedClusterClient.asSecondaryAuthUser.ingest.deletePipeline(
{ id: getSLOSummaryPipelineId(slo.id, slo.revision) },
{ ignore: [404] }
)
Expand Down
Loading