mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
[ReaponseOps] Add name property to audit logs SO (#193323)
Issue: https://github.com/elastic/enhancements/issues/19823 So the purpose of this PR is to add a rule name to each audit log in alerting API. Previously if with a rule was done some action (like create, delete, etc.), the user could see it in an audit log. But this log included only rule SO id, but not name. Users wanted to see a rule name associated with the audit log. So here I added it. The principle I follow here to accelerate development (agreed with @cnasikas): if it is easy (name easy to extract in the code the `savedObject`) to pass it. If it is not do not. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
This commit is contained in:
Julia
GitHub
parent
1f8a91bd3e
commit
45b4089371
52 changed files with 374 additions and 153 deletions
|
|
@ -70,6 +70,8 @@ const rulesClientParams: jest.Mocked<ConstructorOptions> = {
|
|||
uiSettings: uiSettingsServiceMock.createStartContract(),
|
||||
};
|
||||
|
||||
const fakeRuleName = 'fakeRuleName';
|
||||
|
||||
const mockAdHocRunSO: SavedObject<AdHocRunSO> = {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
|
|
@ -80,7 +82,7 @@ const mockAdHocRunSO: SavedObject<AdHocRunSO> = {
|
|||
duration: '12h',
|
||||
enabled: true,
|
||||
rule: {
|
||||
name: 'my rule name',
|
||||
name: fakeRuleName,
|
||||
tags: ['foo'],
|
||||
alertTypeId: 'myType',
|
||||
// @ts-expect-error
|
||||
|
|
@ -149,10 +151,11 @@ describe('deleteBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User is deleting ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User is deleting ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
expect(unsecuredSavedObjectsClient.delete).toHaveBeenLastCalledWith(
|
||||
AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
|
|
@ -212,10 +215,11 @@ describe('deleteBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'Failed attempt to delete ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'Failed attempt to delete ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -229,6 +233,7 @@ describe('deleteBackfill()', () => {
|
|||
message: 'Unable to get',
|
||||
statusCode: 404,
|
||||
},
|
||||
attributes: { rule: { name: fakeRuleName } },
|
||||
});
|
||||
|
||||
await expect(rulesClient.deleteBackfill('1')).rejects.toThrowErrorMatchingInlineSnapshot(
|
||||
|
|
@ -246,8 +251,15 @@ describe('deleteBackfill()', () => {
|
|||
outcome: 'failure',
|
||||
type: ['deletion'],
|
||||
},
|
||||
kibana: { saved_object: { id: '1', type: AD_HOC_RUN_SAVED_OBJECT_TYPE } },
|
||||
message: 'Failed attempt to delete ad hoc run for ad_hoc_run_params [id=1]',
|
||||
kibana: {
|
||||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message:
|
||||
'Failed attempt to delete ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,11 @@ async function deleteWithOCC(context: RulesClientContext, { id }: { id: string }
|
|||
context.auditLogger?.log(
|
||||
adHocRunAuditEvent({
|
||||
action: AdHocRunAuditAction.DELETE,
|
||||
savedObject: { type: AD_HOC_RUN_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: {
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
id,
|
||||
name: `backfill for rule "${result.attributes.rule.name}"`,
|
||||
},
|
||||
error: new Error(result.error.message),
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -171,6 +171,8 @@ const rulesClientParams: jest.Mocked<ConstructorOptions> = {
|
|||
uiSettings: uiSettingsServiceMock.createStartContract(),
|
||||
};
|
||||
|
||||
const fakeRuleName = 'fakeRuleName';
|
||||
|
||||
const mockAdHocRunSO: SavedObject<AdHocRunSO> = {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
|
|
@ -181,7 +183,7 @@ const mockAdHocRunSO: SavedObject<AdHocRunSO> = {
|
|||
duration: '12h',
|
||||
enabled: true,
|
||||
rule: {
|
||||
name: 'my rule name',
|
||||
name: fakeRuleName,
|
||||
tags: ['foo'],
|
||||
alertTypeId: 'myType',
|
||||
// @ts-expect-error
|
||||
|
|
@ -266,10 +268,11 @@ describe('findBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User has found ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has found ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
|
||||
expect(result).toEqual({
|
||||
|
|
@ -311,10 +314,11 @@ describe('findBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User has found ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has found ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
|
||||
expect(result).toEqual({
|
||||
|
|
@ -374,10 +378,11 @@ describe('findBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User has found ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has found ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
|
||||
expect(result).toEqual({
|
||||
|
|
@ -437,10 +442,11 @@ describe('findBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User has found ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has found ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
|
||||
expect(result).toEqual({
|
||||
|
|
@ -516,10 +522,11 @@ describe('findBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User has found ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has found ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
|
||||
expect(result).toEqual({
|
||||
|
|
@ -597,10 +604,11 @@ describe('findBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User has found ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has found ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
|
||||
expect(result).toEqual({
|
||||
|
|
@ -648,10 +656,11 @@ describe('findBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'User has found ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has found ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
|
||||
expect(result).toEqual({
|
||||
|
|
|
|||
|
|
@ -70,6 +70,8 @@ const rulesClientParams: jest.Mocked<ConstructorOptions> = {
|
|||
uiSettings: uiSettingsServiceMock.createStartContract(),
|
||||
};
|
||||
|
||||
const fakeRuleName = 'fakeRuleName';
|
||||
|
||||
const mockAdHocRunSO: SavedObject<AdHocRunSO> = {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
|
|
@ -80,7 +82,7 @@ const mockAdHocRunSO: SavedObject<AdHocRunSO> = {
|
|||
duration: '12h',
|
||||
enabled: true,
|
||||
rule: {
|
||||
name: 'my rule name',
|
||||
name: fakeRuleName,
|
||||
tags: ['foo'],
|
||||
alertTypeId: 'myType',
|
||||
// @ts-expect-error
|
||||
|
|
@ -148,10 +150,11 @@ describe('getBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: `backfill for rule "fakeRuleName"`,
|
||||
},
|
||||
},
|
||||
message: 'User has got ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'User has got ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
expect(logger.error).not.toHaveBeenCalled();
|
||||
|
||||
|
|
@ -194,10 +197,11 @@ describe('getBackfill()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: `backfill for rule "my rule name"`,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message: 'Failed attempt to get ad hoc run for ad_hoc_run_params [id=1]',
|
||||
message:
|
||||
'Failed attempt to get ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -211,6 +215,7 @@ describe('getBackfill()', () => {
|
|||
message: 'Unable to get',
|
||||
statusCode: 404,
|
||||
},
|
||||
attributes: { rule: { name: fakeRuleName } },
|
||||
});
|
||||
|
||||
await expect(rulesClient.getBackfill('1')).rejects.toThrowErrorMatchingInlineSnapshot(
|
||||
|
|
@ -228,8 +233,15 @@ describe('getBackfill()', () => {
|
|||
outcome: 'failure',
|
||||
type: ['access'],
|
||||
},
|
||||
kibana: { saved_object: { id: '1', type: AD_HOC_RUN_SAVED_OBJECT_TYPE } },
|
||||
message: 'Failed attempt to get ad hoc run for ad_hoc_run_params [id=1]',
|
||||
kibana: {
|
||||
saved_object: {
|
||||
id: '1',
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
name: 'backfill for rule "fakeRuleName"',
|
||||
},
|
||||
},
|
||||
message:
|
||||
'Failed attempt to get ad hoc run for ad_hoc_run_params [id=1] backfill for rule "fakeRuleName"',
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -30,7 +30,11 @@ export async function getBackfill(context: RulesClientContext, id: string): Prom
|
|||
context.auditLogger?.log(
|
||||
adHocRunAuditEvent({
|
||||
action: AdHocRunAuditAction.GET,
|
||||
savedObject: { type: AD_HOC_RUN_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: {
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
id,
|
||||
name: `backfill for rule "${result.attributes.rule.name}"`,
|
||||
},
|
||||
error: new Error(result.error.message),
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -73,6 +73,8 @@ const rulesClientParams: jest.Mocked<ConstructorOptions> = {
|
|||
uiSettings: uiSettingsServiceMock.createStartContract(),
|
||||
};
|
||||
|
||||
const fakeRuleName = 'fakeRuleName';
|
||||
|
||||
const existingRule = {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
|
|
@ -99,7 +101,7 @@ const existingRule = {
|
|||
notifyWhen: null,
|
||||
actions: [],
|
||||
systemActions: [],
|
||||
name: 'my rule name',
|
||||
name: fakeRuleName,
|
||||
revision: 0,
|
||||
},
|
||||
references: [],
|
||||
|
|
@ -382,8 +384,8 @@ describe('scheduleBackfill()', () => {
|
|||
outcome: 'success',
|
||||
type: ['access'],
|
||||
},
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
message: 'User has scheduled backfill for rule [id=1]',
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeRuleName' } },
|
||||
message: 'User has scheduled backfill for rule [id=1] [name=fakeRuleName]',
|
||||
});
|
||||
expect(auditLogger.log).toHaveBeenNthCalledWith(2, {
|
||||
event: {
|
||||
|
|
@ -392,8 +394,8 @@ describe('scheduleBackfill()', () => {
|
|||
outcome: 'success',
|
||||
type: ['access'],
|
||||
},
|
||||
kibana: { saved_object: { id: '2', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
message: 'User has scheduled backfill for rule [id=2]',
|
||||
kibana: { saved_object: { id: '2', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeRuleName' } },
|
||||
message: 'User has scheduled backfill for rule [id=2] [name=fakeRuleName]',
|
||||
});
|
||||
|
||||
expect(backfillClient.bulkQueue).toHaveBeenCalledWith({
|
||||
|
|
@ -578,6 +580,7 @@ describe('scheduleBackfill()', () => {
|
|||
await expect(
|
||||
rulesClient.scheduleBackfill(mockData)
|
||||
).rejects.toThrowErrorMatchingInlineSnapshot(`"Unauthorized"`);
|
||||
|
||||
expect(auditLogger?.log).toHaveBeenCalledWith({
|
||||
error: { code: 'Error', message: 'Unauthorized' },
|
||||
event: {
|
||||
|
|
|
|||
|
|
@ -131,7 +131,11 @@ export async function scheduleBackfill(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.SCHEDULE_BACKFILL,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: rule.id },
|
||||
savedObject: {
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
id: rule.id,
|
||||
name: rule.attributes.name,
|
||||
},
|
||||
})
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -595,12 +595,12 @@ describe('bulkDelete', () => {
|
|||
expect(auditLogger.log.mock.calls[0][0]?.event?.action).toEqual('rule_delete');
|
||||
expect(auditLogger.log.mock.calls[0][0]?.event?.outcome).toEqual('unknown');
|
||||
expect(auditLogger.log.mock.calls[0][0]?.kibana).toEqual({
|
||||
saved_object: { id: 'id1', type: RULE_SAVED_OBJECT_TYPE },
|
||||
saved_object: { id: 'id1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeName' },
|
||||
});
|
||||
expect(auditLogger.log.mock.calls[1][0]?.event?.action).toEqual('rule_delete');
|
||||
expect(auditLogger.log.mock.calls[1][0]?.event?.outcome).toEqual('unknown');
|
||||
expect(auditLogger.log.mock.calls[1][0]?.kibana).toEqual({
|
||||
saved_object: { id: 'id2', type: RULE_SAVED_OBJECT_TYPE },
|
||||
saved_object: { id: 'id2', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeName' },
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -167,8 +167,9 @@ const bulkDeleteWithOCC = async (
|
|||
if (rule.attributes.apiKey && !rule.attributes.apiKeyCreatedByUser) {
|
||||
apiKeyToRuleIdMapping[rule.id] = rule.attributes.apiKey;
|
||||
}
|
||||
if (rule.attributes.name) {
|
||||
ruleNameToRuleIdMapping[rule.id] = rule.attributes.name;
|
||||
const ruleName = rule.attributes.name;
|
||||
if (ruleName) {
|
||||
ruleNameToRuleIdMapping[rule.id] = ruleName;
|
||||
}
|
||||
if (rule.attributes.scheduledTaskId) {
|
||||
taskIdToRuleIdMapping[rule.id] = rule.attributes.scheduledTaskId;
|
||||
|
|
@ -179,7 +180,11 @@ const bulkDeleteWithOCC = async (
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.DELETE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: rule.id },
|
||||
savedObject: {
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
id: rule.id,
|
||||
name: ruleName,
|
||||
},
|
||||
})
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -740,12 +740,12 @@ describe('bulkDisableRules', () => {
|
|||
expect(auditLogger.log.mock.calls[0][0]?.event?.action).toEqual('rule_disable');
|
||||
expect(auditLogger.log.mock.calls[0][0]?.event?.outcome).toEqual('unknown');
|
||||
expect(auditLogger.log.mock.calls[0][0]?.kibana).toEqual({
|
||||
saved_object: { id: 'id1', type: RULE_SAVED_OBJECT_TYPE },
|
||||
saved_object: { id: 'id1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeName' },
|
||||
});
|
||||
expect(auditLogger.log.mock.calls[1][0]?.event?.action).toEqual('rule_disable');
|
||||
expect(auditLogger.log.mock.calls[1][0]?.event?.outcome).toEqual('unknown');
|
||||
expect(auditLogger.log.mock.calls[1][0]?.kibana).toEqual({
|
||||
saved_object: { id: 'id2', type: RULE_SAVED_OBJECT_TYPE },
|
||||
saved_object: { id: 'id2', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeName' },
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -159,13 +159,15 @@ const bulkDisableRulesWithOCC = async (
|
|||
async () => {
|
||||
for await (const response of rulesFinder.find()) {
|
||||
await pMap(response.saved_objects, async (rule) => {
|
||||
const ruleName = rule.attributes.name;
|
||||
|
||||
try {
|
||||
if (untrack) {
|
||||
await untrackRuleAlerts(context, rule.id, rule.attributes);
|
||||
}
|
||||
|
||||
if (rule.attributes.name) {
|
||||
ruleNameToRuleIdMapping[rule.id] = rule.attributes.name;
|
||||
if (ruleName) {
|
||||
ruleNameToRuleIdMapping[rule.id] = ruleName;
|
||||
}
|
||||
|
||||
// migrate legacy actions only for SIEM rules
|
||||
|
|
@ -212,7 +214,7 @@ const bulkDisableRulesWithOCC = async (
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.DISABLE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: rule.id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: rule.id, name: ruleName },
|
||||
})
|
||||
);
|
||||
} catch (error) {
|
||||
|
|
@ -220,12 +222,17 @@ const bulkDisableRulesWithOCC = async (
|
|||
message: error.message,
|
||||
rule: {
|
||||
id: rule.id,
|
||||
name: rule.attributes?.name,
|
||||
name: ruleName,
|
||||
},
|
||||
});
|
||||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.DISABLE,
|
||||
savedObject: {
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
id: rule.id,
|
||||
name: ruleName,
|
||||
},
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -595,6 +595,7 @@ async function updateRuleAttributesAndParamsInMemory<Params extends RuleParams>(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.BULK_EDIT,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: rule.id, name: rule.attributes?.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -839,12 +839,12 @@ describe('bulkEnableRules', () => {
|
|||
expect(auditLogger.log.mock.calls[0][0]?.event?.action).toEqual('rule_enable');
|
||||
expect(auditLogger.log.mock.calls[0][0]?.event?.outcome).toEqual('unknown');
|
||||
expect(auditLogger.log.mock.calls[0][0]?.kibana).toEqual({
|
||||
saved_object: { id: 'id1', type: RULE_SAVED_OBJECT_TYPE },
|
||||
saved_object: { id: 'id1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeName' },
|
||||
});
|
||||
expect(auditLogger.log.mock.calls[1][0]?.event?.action).toEqual('rule_enable');
|
||||
expect(auditLogger.log.mock.calls[1][0]?.event?.outcome).toEqual('unknown');
|
||||
expect(auditLogger.log.mock.calls[1][0]?.kibana).toEqual({
|
||||
saved_object: { id: 'id2', type: RULE_SAVED_OBJECT_TYPE },
|
||||
saved_object: { id: 'id2', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeName' },
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
|||
|
|
@ -204,6 +204,8 @@ const bulkEnableRulesWithOCC = async (
|
|||
await pMap(
|
||||
rulesFinderRules,
|
||||
async (rule) => {
|
||||
const ruleName = rule.attributes.name;
|
||||
|
||||
try {
|
||||
if (scheduleValidationError) {
|
||||
throw Error(scheduleValidationError);
|
||||
|
|
@ -215,8 +217,8 @@ const bulkEnableRulesWithOCC = async (
|
|||
throw Error(`Rule not authorized for bulk enable - ${error.message}`);
|
||||
}
|
||||
}
|
||||
if (rule.attributes.name) {
|
||||
ruleNameToRuleIdMapping[rule.id] = rule.attributes.name;
|
||||
if (ruleName) {
|
||||
ruleNameToRuleIdMapping[rule.id] = ruleName;
|
||||
}
|
||||
|
||||
// TODO (http-versioning) Remove RawRuleAction and RawRule casts
|
||||
|
|
@ -232,7 +234,7 @@ const bulkEnableRulesWithOCC = async (
|
|||
...(!rule.attributes.apiKey &&
|
||||
(await createNewAPIKeySet(context, {
|
||||
id: rule.attributes.alertTypeId,
|
||||
ruleName: rule.attributes.name,
|
||||
ruleName,
|
||||
username,
|
||||
shouldUpdateApiKey: true,
|
||||
}))),
|
||||
|
|
@ -293,7 +295,11 @@ const bulkEnableRulesWithOCC = async (
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.ENABLE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: rule.id },
|
||||
savedObject: {
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
id: rule.id,
|
||||
name: ruleName,
|
||||
},
|
||||
})
|
||||
);
|
||||
} catch (error) {
|
||||
|
|
@ -307,6 +313,11 @@ const bulkEnableRulesWithOCC = async (
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.ENABLE,
|
||||
savedObject: {
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
id: rule.id,
|
||||
name: ruleName,
|
||||
},
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ export async function cloneRule<Params extends RuleParams = never>(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: ruleName },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -152,7 +152,7 @@ export async function cloneRule<Params extends RuleParams = never>(
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: ruleName },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -302,7 +302,9 @@ describe('create()', () => {
|
|||
action: 'rule_create',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: 'mock-saved-object-id', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: {
|
||||
saved_object: { id: 'mock-saved-object-id', type: RULE_SAVED_OBJECT_TYPE, name: 'abc' },
|
||||
},
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -328,6 +330,7 @@ describe('create()', () => {
|
|||
saved_object: {
|
||||
id: 'mock-saved-object-id',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'abc',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ export async function createRule<Params extends RuleParams = never>(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: data.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -89,12 +89,15 @@ beforeEach(() => {
|
|||
(auditLogger.log as jest.Mock).mockClear();
|
||||
});
|
||||
|
||||
const fakeRuleName = 'fakeRuleName';
|
||||
|
||||
describe('delete()', () => {
|
||||
let rulesClient: RulesClient;
|
||||
const existingAlert = {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: fakeRuleName,
|
||||
alertTypeId: 'myType',
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
|
|
@ -341,7 +344,7 @@ describe('delete()', () => {
|
|||
action: 'rule_delete',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: fakeRuleName } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -360,6 +363,7 @@ describe('delete()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: fakeRuleName,
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ async function deleteRuleWithOCC(context: RulesClientContext, { id }: { id: stri
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.DELETE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -104,7 +104,7 @@ async function deleteRuleWithOCC(context: RulesClientContext, { id }: { id: stri
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.DELETE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
const removeResult = await deleteRuleSo({
|
||||
|
|
|
|||
|
|
@ -85,6 +85,8 @@ const rulesClientParams: jest.Mocked<ConstructorOptions> = {
|
|||
isSystemAction: jest.fn(),
|
||||
};
|
||||
|
||||
const fakeRuleName = 'fakeRuleName';
|
||||
|
||||
beforeEach(() => {
|
||||
getBeforeSetup(rulesClientParams, taskManager, ruleTypeRegistry);
|
||||
taskManager.get.mockResolvedValue({
|
||||
|
|
@ -113,6 +115,7 @@ describe('disableRule()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -195,7 +198,7 @@ describe('disableRule()', () => {
|
|||
action: 'rule_disable',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: fakeRuleName } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -214,6 +217,7 @@ describe('disableRule()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: fakeRuleName,
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
@ -239,6 +243,7 @@ describe('disableRule()', () => {
|
|||
RULE_SAVED_OBJECT_TYPE,
|
||||
'1',
|
||||
{
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -317,6 +322,7 @@ describe('disableRule()', () => {
|
|||
RULE_SAVED_OBJECT_TYPE,
|
||||
'1',
|
||||
{
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -387,6 +393,7 @@ describe('disableRule()', () => {
|
|||
id: '1',
|
||||
license: 'basic',
|
||||
ruleset: 'alerts',
|
||||
name: fakeRuleName,
|
||||
},
|
||||
});
|
||||
});
|
||||
|
|
@ -406,6 +413,7 @@ describe('disableRule()', () => {
|
|||
RULE_SAVED_OBJECT_TYPE,
|
||||
'1',
|
||||
{
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -459,6 +467,7 @@ describe('disableRule()', () => {
|
|||
RULE_SAVED_OBJECT_TYPE,
|
||||
'1',
|
||||
{
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -509,6 +518,7 @@ describe('disableRule()', () => {
|
|||
RULE_SAVED_OBJECT_TYPE,
|
||||
'1',
|
||||
{
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -626,6 +636,7 @@ describe('disableRule()', () => {
|
|||
RULE_SAVED_OBJECT_TYPE,
|
||||
'1',
|
||||
{
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -679,6 +690,7 @@ describe('disableRule()', () => {
|
|||
RULE_SAVED_OBJECT_TYPE,
|
||||
'1',
|
||||
{
|
||||
name: fakeRuleName,
|
||||
consumer: 'myApp',
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ async function disableWithOCC(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.DISABLE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -93,7 +93,7 @@ async function disableWithOCC(
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.DISABLE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -202,7 +202,7 @@ describe('enable()', () => {
|
|||
action: 'rule_enable',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'name' } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -221,6 +221,7 @@ describe('enable()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'name',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -105,7 +105,7 @@ async function enableWithOCC(context: RulesClientContext, params: EnableRulePara
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.ENABLE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -116,7 +116,7 @@ async function enableWithOCC(context: RulesClientContext, params: EnableRulePara
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.ENABLE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -125,6 +125,7 @@ describe('find()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fakeRuleName',
|
||||
alertTypeId: 'myType',
|
||||
schedule: { interval: '10s' },
|
||||
params: {
|
||||
|
|
@ -211,6 +212,7 @@ describe('find()', () => {
|
|||
"status": "pending",
|
||||
},
|
||||
"id": "1",
|
||||
"name": "fakeRuleName",
|
||||
"notifyWhen": "onActiveAlert",
|
||||
"params": Object {
|
||||
"bar": true,
|
||||
|
|
@ -1003,7 +1005,7 @@ describe('find()', () => {
|
|||
action: 'rule_find',
|
||||
outcome: 'success',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeRuleName' } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -1042,7 +1044,7 @@ describe('find()', () => {
|
|||
action: 'rule_find',
|
||||
outcome: 'failure',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeRuleName' } },
|
||||
error: {
|
||||
code: 'Error',
|
||||
message: 'Unauthorized',
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ export async function findRules<Params extends RuleParams = never>(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.FIND,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -168,11 +168,11 @@ export async function findRules<Params extends RuleParams = never>(
|
|||
return rule;
|
||||
});
|
||||
|
||||
authorizedData.forEach(({ id }) =>
|
||||
authorizedData.forEach(({ id, name }) =>
|
||||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.FIND,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name },
|
||||
})
|
||||
)
|
||||
);
|
||||
|
|
|
|||
|
|
@ -630,6 +630,7 @@ describe('get()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fakeRuleName',
|
||||
alertTypeId: '123',
|
||||
schedule: { interval: '10s' },
|
||||
params: {
|
||||
|
|
@ -654,7 +655,7 @@ describe('get()', () => {
|
|||
action: 'rule_get',
|
||||
outcome: 'success',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeRuleName' } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -674,6 +675,7 @@ describe('get()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'fakeRuleName',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ export async function getRule<Params extends RuleParams = never>(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: result.attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -66,7 +66,7 @@ export async function getRule<Params extends RuleParams = never>(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: result.attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ async function muteInstanceWithOCC(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.MUTE_ALERT,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -70,7 +70,7 @@ async function muteInstanceWithOCC(
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.MUTE_ALERT,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ Promise<ResolvedSanitizedRule<Params>> {
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.RESOLVE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: result.attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -62,7 +62,7 @@ Promise<ResolvedSanitizedRule<Params>> {
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.RESOLVE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: result.attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ async function snoozeWithOCC(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.SNOOZE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -83,7 +83,7 @@ async function snoozeWithOCC(
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.SNOOZE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -223,6 +223,7 @@ describe('unmuteInstance()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fake_rule_name',
|
||||
actions: [],
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: '2',
|
||||
|
|
@ -240,7 +241,9 @@ describe('unmuteInstance()', () => {
|
|||
action: 'rule_alert_unmute',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: {
|
||||
saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fake_rule_name' },
|
||||
},
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -251,6 +254,7 @@ describe('unmuteInstance()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fake_rule_name',
|
||||
actions: [],
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: '2',
|
||||
|
|
@ -276,6 +280,7 @@ describe('unmuteInstance()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'fake_rule_name',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ async function unmuteInstanceWithOCC(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UNMUTE_ALERT,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -69,7 +69,7 @@ async function unmuteInstanceWithOCC(
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UNMUTE_ALERT,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ async function unsnoozeWithOCC(context: RulesClientContext, { id, scheduleIds }:
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UNSNOOZE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -74,7 +74,7 @@ async function unsnoozeWithOCC(context: RulesClientContext, { id, scheduleIds }:
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UNSNOOZE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -118,6 +118,7 @@ describe('update()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fakeRuleName',
|
||||
enabled: true,
|
||||
tags: ['foo'],
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -3001,6 +3002,7 @@ describe('update()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fakeRuleName',
|
||||
enabled: true,
|
||||
schedule: { interval: '1m' },
|
||||
params: {
|
||||
|
|
@ -3041,7 +3043,9 @@ describe('update()', () => {
|
|||
action: 'rule_update',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: {
|
||||
saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fakeRuleName' },
|
||||
},
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -3075,6 +3079,7 @@ describe('update()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'fakeRuleName',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@ async function updateWithOCC<Params extends RuleParams = never>(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UPDATE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -159,7 +159,7 @@ async function updateWithOCC<Params extends RuleParams = never>(
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UPDATE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -41,6 +41,8 @@ const auditLogger = auditLoggerMock.create();
|
|||
const internalSavedObjectsRepository = savedObjectsRepositoryMock.create();
|
||||
|
||||
const kibanaVersion = 'v7.10.0';
|
||||
const ruleName = 'fakeRuleName';
|
||||
|
||||
const rulesClientParams: jest.Mocked<ConstructorOptions> = {
|
||||
taskManager,
|
||||
ruleTypeRegistry,
|
||||
|
|
@ -83,6 +85,7 @@ describe('updateRuleApiKey()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: ruleName,
|
||||
revision: 0,
|
||||
schedule: { interval: '10s' },
|
||||
alertTypeId: 'myType',
|
||||
|
|
@ -137,6 +140,7 @@ describe('updateRuleApiKey()', () => {
|
|||
'1',
|
||||
{
|
||||
schedule: { interval: '10s' },
|
||||
name: ruleName,
|
||||
alertTypeId: 'myType',
|
||||
consumer: 'myApp',
|
||||
enabled: true,
|
||||
|
|
@ -198,6 +202,7 @@ describe('updateRuleApiKey()', () => {
|
|||
'1',
|
||||
{
|
||||
schedule: { interval: '10s' },
|
||||
name: ruleName,
|
||||
alertTypeId: 'myType',
|
||||
consumer: 'myApp',
|
||||
enabled: true,
|
||||
|
|
@ -254,6 +259,7 @@ describe('updateRuleApiKey()', () => {
|
|||
'1',
|
||||
{
|
||||
schedule: { interval: '10s' },
|
||||
name: ruleName,
|
||||
alertTypeId: 'myType',
|
||||
consumer: 'myApp',
|
||||
enabled: true,
|
||||
|
|
@ -324,6 +330,7 @@ describe('updateRuleApiKey()', () => {
|
|||
'1',
|
||||
{
|
||||
schedule: { interval: '10s' },
|
||||
name: ruleName,
|
||||
alertTypeId: 'myType',
|
||||
consumer: 'myApp',
|
||||
enabled: true,
|
||||
|
|
@ -434,7 +441,9 @@ describe('updateRuleApiKey()', () => {
|
|||
action: 'rule_update_api_key',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: {
|
||||
saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: ruleName },
|
||||
},
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -453,6 +462,7 @@ describe('updateRuleApiKey()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: ruleName,
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ async function updateApiKeyWithOCC(context: RulesClientContext, { id }: UpdateAp
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UPDATE_API_KEY,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -109,7 +109,7 @@ async function updateApiKeyWithOCC(context: RulesClientContext, { id }: UpdateAp
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UPDATE_API_KEY,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ describe('#ruleAuditEvent', () => {
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: 'ALERT_ID' },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: 'ALERT_ID', name: 'fake_name' },
|
||||
})
|
||||
).toMatchInlineSnapshot(`
|
||||
Object {
|
||||
|
|
@ -37,10 +37,11 @@ describe('#ruleAuditEvent', () => {
|
|||
"kibana": Object {
|
||||
"saved_object": Object {
|
||||
"id": "ALERT_ID",
|
||||
"name": "fake_name",
|
||||
"type": "alert",
|
||||
},
|
||||
},
|
||||
"message": "User is creating rule [id=ALERT_ID]",
|
||||
"message": "User is creating rule [id=ALERT_ID] [name=fake_name]",
|
||||
}
|
||||
`);
|
||||
});
|
||||
|
|
@ -49,7 +50,7 @@ describe('#ruleAuditEvent', () => {
|
|||
expect(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: 'ALERT_ID' },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: 'ALERT_ID', name: 'fake_name' },
|
||||
})
|
||||
).toMatchInlineSnapshot(`
|
||||
Object {
|
||||
|
|
@ -67,15 +68,51 @@ describe('#ruleAuditEvent', () => {
|
|||
"kibana": Object {
|
||||
"saved_object": Object {
|
||||
"id": "ALERT_ID",
|
||||
"name": "fake_name",
|
||||
"type": "alert",
|
||||
},
|
||||
},
|
||||
"message": "User has created rule [id=ALERT_ID]",
|
||||
"message": "User has created rule [id=ALERT_ID] [name=fake_name]",
|
||||
}
|
||||
`);
|
||||
});
|
||||
|
||||
test('creates event with `failure` outcome', () => {
|
||||
expect(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: 'ALERT_ID', name: 'fake_name' },
|
||||
error: new Error('ERROR_MESSAGE'),
|
||||
})
|
||||
).toMatchInlineSnapshot(`
|
||||
Object {
|
||||
"error": Object {
|
||||
"code": "Error",
|
||||
"message": "ERROR_MESSAGE",
|
||||
},
|
||||
"event": Object {
|
||||
"action": "rule_create",
|
||||
"category": Array [
|
||||
"database",
|
||||
],
|
||||
"outcome": "failure",
|
||||
"type": Array [
|
||||
"creation",
|
||||
],
|
||||
},
|
||||
"kibana": Object {
|
||||
"saved_object": Object {
|
||||
"id": "ALERT_ID",
|
||||
"name": "fake_name",
|
||||
"type": "alert",
|
||||
},
|
||||
},
|
||||
"message": "Failed attempt to create rule [id=ALERT_ID] [name=fake_name]",
|
||||
}
|
||||
`);
|
||||
});
|
||||
|
||||
test('creates event without known name', () => {
|
||||
expect(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
|
|
@ -116,7 +153,11 @@ describe('#adHocRunAuditEvent', () => {
|
|||
adHocRunAuditEvent({
|
||||
action: AdHocRunAuditAction.GET,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: AD_HOC_RUN_SAVED_OBJECT_TYPE, id: 'AD_HOC_RUN_ID' },
|
||||
savedObject: {
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
id: 'AD_HOC_RUN_ID',
|
||||
name: `backfill for rule "fake_name"`,
|
||||
},
|
||||
})
|
||||
).toMatchInlineSnapshot(`
|
||||
Object {
|
||||
|
|
@ -134,15 +175,90 @@ describe('#adHocRunAuditEvent', () => {
|
|||
"kibana": Object {
|
||||
"saved_object": Object {
|
||||
"id": "AD_HOC_RUN_ID",
|
||||
"name": "backfill for rule \\"fake_name\\"",
|
||||
"type": "ad_hoc_run_params",
|
||||
},
|
||||
},
|
||||
"message": "User is getting ad hoc run for ad_hoc_run_params [id=AD_HOC_RUN_ID]",
|
||||
"message": "User is getting ad hoc run for ad_hoc_run_params [id=AD_HOC_RUN_ID] backfill for rule \\"fake_name\\"",
|
||||
}
|
||||
`);
|
||||
});
|
||||
|
||||
test('creates event with `success` outcome', () => {
|
||||
expect(
|
||||
adHocRunAuditEvent({
|
||||
action: AdHocRunAuditAction.FIND,
|
||||
savedObject: {
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
id: 'AD_HOC_RUN_ID',
|
||||
name: `backfill for rule "fake_name"`,
|
||||
},
|
||||
})
|
||||
).toMatchInlineSnapshot(`
|
||||
Object {
|
||||
"error": undefined,
|
||||
"event": Object {
|
||||
"action": "ad_hoc_run_find",
|
||||
"category": Array [
|
||||
"database",
|
||||
],
|
||||
"outcome": "success",
|
||||
"type": Array [
|
||||
"access",
|
||||
],
|
||||
},
|
||||
"kibana": Object {
|
||||
"saved_object": Object {
|
||||
"id": "AD_HOC_RUN_ID",
|
||||
"name": "backfill for rule \\"fake_name\\"",
|
||||
"type": "ad_hoc_run_params",
|
||||
},
|
||||
},
|
||||
"message": "User has found ad hoc run for ad_hoc_run_params [id=AD_HOC_RUN_ID] backfill for rule \\"fake_name\\"",
|
||||
}
|
||||
`);
|
||||
});
|
||||
|
||||
test('creates event with `failure` outcome', () => {
|
||||
expect(
|
||||
adHocRunAuditEvent({
|
||||
action: AdHocRunAuditAction.DELETE,
|
||||
savedObject: {
|
||||
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
|
||||
id: 'AD_HOC_RUN_ID',
|
||||
name: `backfill for rule "fake_name"`,
|
||||
},
|
||||
error: new Error('ERROR_MESSAGE'),
|
||||
})
|
||||
).toMatchInlineSnapshot(`
|
||||
Object {
|
||||
"error": Object {
|
||||
"code": "Error",
|
||||
"message": "ERROR_MESSAGE",
|
||||
},
|
||||
"event": Object {
|
||||
"action": "ad_hoc_run_delete",
|
||||
"category": Array [
|
||||
"database",
|
||||
],
|
||||
"outcome": "failure",
|
||||
"type": Array [
|
||||
"deletion",
|
||||
],
|
||||
},
|
||||
"kibana": Object {
|
||||
"saved_object": Object {
|
||||
"id": "AD_HOC_RUN_ID",
|
||||
"name": "backfill for rule \\"fake_name\\"",
|
||||
"type": "ad_hoc_run_params",
|
||||
},
|
||||
},
|
||||
"message": "Failed attempt to delete ad hoc run for ad_hoc_run_params [id=AD_HOC_RUN_ID] backfill for rule \\"fake_name\\"",
|
||||
}
|
||||
`);
|
||||
});
|
||||
|
||||
test('creates event without known name', () => {
|
||||
expect(
|
||||
adHocRunAuditEvent({
|
||||
action: AdHocRunAuditAction.FIND,
|
||||
|
|
@ -171,38 +287,4 @@ describe('#adHocRunAuditEvent', () => {
|
|||
}
|
||||
`);
|
||||
});
|
||||
|
||||
test('creates event with `failure` outcome', () => {
|
||||
expect(
|
||||
adHocRunAuditEvent({
|
||||
action: AdHocRunAuditAction.DELETE,
|
||||
savedObject: { type: AD_HOC_RUN_SAVED_OBJECT_TYPE, id: 'AD_HOC_RUN_ID' },
|
||||
error: new Error('ERROR_MESSAGE'),
|
||||
})
|
||||
).toMatchInlineSnapshot(`
|
||||
Object {
|
||||
"error": Object {
|
||||
"code": "Error",
|
||||
"message": "ERROR_MESSAGE",
|
||||
},
|
||||
"event": Object {
|
||||
"action": "ad_hoc_run_delete",
|
||||
"category": Array [
|
||||
"database",
|
||||
],
|
||||
"outcome": "failure",
|
||||
"type": Array [
|
||||
"deletion",
|
||||
],
|
||||
},
|
||||
"kibana": Object {
|
||||
"saved_object": Object {
|
||||
"id": "AD_HOC_RUN_ID",
|
||||
"type": "ad_hoc_run_params",
|
||||
},
|
||||
},
|
||||
"message": "Failed attempt to delete ad hoc run for ad_hoc_run_params [id=AD_HOC_RUN_ID]",
|
||||
}
|
||||
`);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -161,7 +161,12 @@ export function ruleAuditEvent({
|
|||
outcome,
|
||||
error,
|
||||
}: RuleAuditEventParams): AuditEvent {
|
||||
const doc = savedObject ? `rule [id=${savedObject.id}]` : 'a rule';
|
||||
const doc = savedObject
|
||||
? [`rule [id=${savedObject.id}]`, savedObject.name && `[name=${savedObject.name}]`]
|
||||
.filter(Boolean)
|
||||
.join(' ')
|
||||
: 'a rule';
|
||||
|
||||
const [present, progressive, past] = ruleEventVerbs[action];
|
||||
const message = error
|
||||
? `Failed attempt to ${present} ${doc}`
|
||||
|
|
@ -195,7 +200,12 @@ export function adHocRunAuditEvent({
|
|||
error,
|
||||
}: AdHocRunAuditEventParams): AuditEvent {
|
||||
const doc = savedObject
|
||||
? `${AD_HOC_RUN_SAVED_OBJECT_TYPE} [id=${savedObject.id}]`
|
||||
? [
|
||||
`${AD_HOC_RUN_SAVED_OBJECT_TYPE} [id=${savedObject.id}]`,
|
||||
savedObject.name && `${savedObject.name}`,
|
||||
]
|
||||
.filter(Boolean)
|
||||
.join(' ')
|
||||
: 'an ad hoc run';
|
||||
const [present, progressive, past] = adHocRunEventVerbs[action];
|
||||
const message = error
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ export const checkAuthorizationAndGetTotal = async (
|
|||
await withSpan({ name: 'authorization.ensureAuthorized', type: 'rules' }, () =>
|
||||
pMap(
|
||||
buckets,
|
||||
async ({ key: [ruleType, consumer, actions] }) => {
|
||||
async ({ key: [ruleType, consumer] }) => {
|
||||
context.ruleTypeRegistry.ensureRuleTypeEnabled(ruleType);
|
||||
try {
|
||||
await context.authorization.ensureAuthorized({
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ export async function createRuleSavedObject<Params extends RuleTypeParams = neve
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.CREATE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id: ruleId, name: rawRule.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ export async function getActionErrorLog(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET_ACTION_ERROR_LOG,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: rule.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -64,7 +64,7 @@ export async function getActionErrorLog(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET_ACTION_ERROR_LOG,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: rule.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ export async function getRuleExecutionKPI(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET_RULE_EXECUTION_KPI,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: rule.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -65,7 +65,7 @@ export async function getRuleExecutionKPI(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET_RULE_EXECUTION_KPI,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: rule.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ export async function getExecutionLogForRule(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET_EXECUTION_LOG,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: rule.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -73,7 +73,7 @@ export async function getExecutionLogForRule(
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.GET_EXECUTION_LOG,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: rule.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ async function muteAllWithOCC(context: RulesClientContext, { id }: { id: string
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.MUTE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -55,7 +55,7 @@ async function muteAllWithOCC(context: RulesClientContext, { id }: { id: string
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.MUTE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ export async function runSoon(context: RulesClientContext, { id }: { id: string
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.RUN_SOON,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -44,7 +44,7 @@ export async function runSoon(context: RulesClientContext, { id }: { id: string
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.RUN_SOON,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ async function unmuteAllWithOCC(context: RulesClientContext, { id }: { id: strin
|
|||
context.auditLogger?.log(
|
||||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UNMUTE,
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
error,
|
||||
})
|
||||
);
|
||||
|
|
@ -58,7 +58,7 @@ async function unmuteAllWithOCC(context: RulesClientContext, { id }: { id: strin
|
|||
ruleAuditEvent({
|
||||
action: RuleAuditAction.UNMUTE,
|
||||
outcome: 'unknown',
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id },
|
||||
savedObject: { type: RULE_SAVED_OBJECT_TYPE, id, name: attributes.name },
|
||||
})
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -562,7 +562,7 @@ describe('getActionErrorLog()', () => {
|
|||
action: 'rule_get_action_error_log',
|
||||
outcome: 'success',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'rule-name' } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -585,6 +585,7 @@ describe('getActionErrorLog()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'rule-name',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -672,7 +672,7 @@ describe('getExecutionLogForRule()', () => {
|
|||
action: 'rule_get_execution_log',
|
||||
outcome: 'success',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'rule-name' } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -695,6 +695,7 @@ describe('getExecutionLogForRule()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'rule-name',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -181,6 +181,7 @@ describe('muteAll()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fake_rule_name',
|
||||
actions: [
|
||||
{
|
||||
group: 'default',
|
||||
|
|
@ -204,7 +205,9 @@ describe('muteAll()', () => {
|
|||
action: 'rule_mute',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: {
|
||||
saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fake_rule_name' },
|
||||
},
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -215,6 +218,7 @@ describe('muteAll()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fake_rule_name',
|
||||
actions: [
|
||||
{
|
||||
group: 'default',
|
||||
|
|
@ -244,6 +248,7 @@ describe('muteAll()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'fake_rule_name',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ describe('runSoon()', () => {
|
|||
action: 'rule_run_soon',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'name' } },
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -181,6 +181,7 @@ describe('runSoon()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'name',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
|
|
@ -181,6 +181,7 @@ describe('unmuteAll()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fake_rule_name',
|
||||
actions: [
|
||||
{
|
||||
group: 'default',
|
||||
|
|
@ -204,7 +205,9 @@ describe('unmuteAll()', () => {
|
|||
action: 'rule_unmute',
|
||||
outcome: 'unknown',
|
||||
}),
|
||||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } },
|
||||
kibana: {
|
||||
saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'fake_rule_name' },
|
||||
},
|
||||
})
|
||||
);
|
||||
});
|
||||
|
|
@ -215,6 +218,7 @@ describe('unmuteAll()', () => {
|
|||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
attributes: {
|
||||
name: 'fake_rule_name',
|
||||
actions: [
|
||||
{
|
||||
group: 'default',
|
||||
|
|
@ -244,6 +248,7 @@ describe('unmuteAll()', () => {
|
|||
saved_object: {
|
||||
id: '1',
|
||||
type: RULE_SAVED_OBJECT_TYPE,
|
||||
name: 'fake_rule_name',
|
||||
},
|
||||
},
|
||||
error: {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue