WIP - re-add update function to alerts as data client (#13)

* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract * Updating alerting feature privilege builder to handle different alerting types * Converting to es query if requested * first pass at getting everything working again * working update function * fix rebase conflicts * fixes index mapping to add owner field * fixes update route, previously using wrong ruleTypeId and not building the correct index * fix getIndex function Co-authored-by: Ying Mao <[email protected]>
dhurley14 · May 25, 2021 · 5170468 · 5170468
1 parent 087dc35
commit 5170468
Show file tree

Hide file tree

Showing 57 changed files with 1,197 additions and 50 deletions.
diff --git a/packages/kbn-rule-data-utils/src/technical_field_names.ts b/packages/kbn-rule-data-utils/src/technical_field_names.ts
@@ -19,6 +19,7 @@ const RULE_NAME = 'rule.name' as const;
 const RULE_CATEGORY = 'rule.category' as const;
 const TAGS = 'tags' as const;
 const PRODUCER = `${ALERT_NAMESPACE}.producer` as const;
+const OWNER = `${ALERT_NAMESPACE}.owner` as const;
 const ALERT_ID = `${ALERT_NAMESPACE}.id` as const;
 const ALERT_UUID = `${ALERT_NAMESPACE}.uuid` as const;
 const ALERT_START = `${ALERT_NAMESPACE}.start` as const;
@@ -40,6 +41,7 @@ const fields = {
   RULE_CATEGORY,
   TAGS,
   PRODUCER,
+  OWNER,
   ALERT_ID,
   ALERT_UUID,
   ALERT_START,
@@ -62,6 +64,7 @@ export {
   RULE_CATEGORY,
   TAGS,
   PRODUCER,
+  OWNER,
   ALERT_ID,
   ALERT_UUID,
   ALERT_START,

diff --git a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts
@@ -6,10 +6,10 @@
  */
 
 import Boom from '@hapi/boom';
-import { map, mapValues, fromPairs, has } from 'lodash';
+import { map, mapValues, fromPairs, has, get } from 'lodash';
 import { KibanaRequest } from 'src/core/server';
 import { AlertTypeRegistry } from '../types';
-import { SecurityPluginSetup } from '../../../security/server';
+import { SecurityPluginSetup, AlertingActions } from '../../../security/server';
 import { RegistryAlertType } from '../alert_type_registry';
 import { PluginStartContract as FeaturesPluginStart } from '../../../features/server';
 import { AlertingAuthorizationAuditLogger, ScopeType } from './audit_logger';
@@ -145,12 +145,12 @@ export class AlertingAuthorization {
     return this.authorization?.mode?.useRbacForRequest(this.request) ?? false;
   }
 
-  public getAuthorizedAlertsIndices(owners: string[]): string {
-    return owners
-      .map((owner) => {
-        return `.alerts-${owner}*`;
-      })
-      .join(',');
+  public getAuthorizedAlertsIndices(owner: string): string | undefined {
+    return owner === 'apm'
+      ? '.alerts-observability-apm'
+      : owner === 'securitySolution'
+      ? '.siem-signals*'
+      : undefined;
   }
 
   public async ensureAuthorized({ ruleTypeId, consumer, operation, entity }: EnsureAuthorizedOpts) {
@@ -197,6 +197,7 @@ export class AlertingAuthorization {
          * as Privileged.
          * This check will ensure we don't accidentally let these through
          */
+        // This should also log the type they're trying to access rule/alert
         throw Boom.forbidden(
           this.auditLogger.logAuthorizationFailure(
             username,