github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Event log][7.x] Updated event log client to search across legacy IDs (#109365)

Browse source 
* [Event log][7.x] Updated event log client to search across legacy IDs

* fixed tests

* extended kibana null version check

* added logic to alerting plugin

* fixed typechecks

* fixed typechecks

* Revert "fixed typechecks"

This reverts commit 6f6770fa4b.

* removed legacyId for routes

* fixed typechecks

* fixed position

* fixed query

* fixed query

* fixed tests

* fixed types place

* fixed due to comments

* fixed due to comments

* fixed eslint

* fixed due to comments

* splitted test data

* fixed test data

* increased the delay time to await the search

* removed version for 7.9 docs

* Update x-pack/plugins/event_log/server/es/cluster_client_adapter.ts

Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>

* fixed unit test

* fixed test data

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Mike Côté <mikecote@users.noreply.github.com>
This commit is contained in:
Yuliia Naumenko 2021-09-02 22:18:48 -07:00 committed by GitHub
parent 9c165a1bc4
commit d421c4dda7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 1554 additions and 299 deletions
Download patch file Download diff file Expand all files Collapse all files

63
x-pack/plugins/alerting/server/rules_client/rules_client.ts
View file

@ -35,6 +35,9 @@ import {
AlertNotifyWhenType,
AlertTypeParams,
ResolvedSanitizedRule,
AlertWithLegacyId,
SanitizedAlertWithLegacyId,
PartialAlertWithLegacyId,
} from '../types';
import {
validateAlertTypeParams,
@ -383,9 +386,11 @@ export class RulesClient {
public async get<Params extends AlertTypeParams = never>({
id,
includeLegacyId = false,
}: {
id: string;
}): Promise<SanitizedAlert<Params>> {
includeLegacyId?: boolean;
}): Promise<SanitizedAlert<Params> | SanitizedAlertWithLegacyId<Params>> {
const result = await this.unsecuredSavedObjectsClient.get<RawAlert>('alert', id);
try {
await this.authorization.ensureAuthorized({
@ -414,7 +419,8 @@ export class RulesClient {
result.id,
result.attributes.alertTypeId,
result.attributes,
result.references
result.references,
includeLegacyId
);
}
@ -486,7 +492,8 @@ export class RulesClient {
dateStart,
}: GetAlertInstanceSummaryParams): Promise<AlertInstanceSummary> {
this.logger.debug(`getAlertInstanceSummary(): getting alert ${id}`);
const alert = await this.get({ id });
const alert = (await this.get({ id, includeLegacyId: true })) as SanitizedAlertWithLegacyId;
await this.authorization.ensureAuthorized({
ruleTypeId: alert.alertTypeId,
consumer: alert.consumer,
@ -505,13 +512,18 @@ export class RulesClient {
this.logger.debug(`getAlertInstanceSummary(): search the event log for alert ${id}`);
let events: IEvent[];
try {
const queryResults = await eventLogClient.findEventsBySavedObjectIds('alert', [id], {
page: 1,
per_page: 10000,
start: parsedDateStart.toISOString(),
end: dateNow.toISOString(),
sort_order: 'desc',
});
const queryResults = await eventLogClient.findEventsBySavedObjectIds(
'alert',
[id],
{
page: 1,
per_page: 10000,
start: parsedDateStart.toISOString(),
end: dateNow.toISOString(),
sort_order: 'desc',
},
alert.legacyId !== null ? [alert.legacyId] : undefined
);
events = queryResults.data;
} catch (err) {
this.logger.debug(
@ -1533,13 +1545,26 @@ export class RulesClient {
id: string,
ruleTypeId: string,
rawAlert: RawAlert,
references: SavedObjectReference[] | undefined
): Alert {
references: SavedObjectReference[] | undefined,
includeLegacyId: boolean = false
): Alert | AlertWithLegacyId {
const ruleType = this.ruleTypeRegistry.get(ruleTypeId);
// In order to support the partial update API of Saved Objects we have to support
// partial updates of an Alert, but when we receive an actual RawAlert, it is safe
// to cast the result to an Alert
return this.getPartialAlertFromRaw<Params>(id, ruleType, rawAlert, references) as Alert;
const res = this.getPartialAlertFromRaw<Params>(
id,
ruleType,
rawAlert,
references,
includeLegacyId
);
// include to result because it is for internal rules client usage
if (includeLegacyId) {
return res as AlertWithLegacyId;
}
// exclude from result because it is an internal variable
return omit(res, ['legacyId']) as Alert;
}
private getPartialAlertFromRaw<Params extends AlertTypeParams>(
@ -1550,17 +1575,18 @@ export class RulesClient {
updatedAt,
meta,
notifyWhen,
legacyId,
scheduledTaskId,
params,
legacyId, // exclude from result because it is an internal variable
executionStatus,
schedule,
actions,
...partialRawAlert
}: Partial<RawAlert>,
references: SavedObjectReference[] | undefined
): PartialAlert<Params> {
return {
references: SavedObjectReference[] | undefined,
includeLegacyId: boolean = false
): PartialAlert<Params> | PartialAlertWithLegacyId<Params> {
const rule = {
id,
notifyWhen,
...partialRawAlert,
@ -1576,6 +1602,9 @@ export class RulesClient {
? { executionStatus: alertExecutionStatusFromRaw(this.logger, id, executionStatus) }
: {}),
};
return includeLegacyId
? ({ ...rule, legacyId } as PartialAlertWithLegacyId<Params>)
: (rule as PartialAlert<Params>);
}
private async validateActions(

33
x-pack/plugins/alerting/server/rules_client/tests/get_alert_instance_summary.test.ts
View file

@ -212,6 +212,7 @@ describe('getAlertInstanceSummary()', () => {
"sort_order": "desc",
"start": "2019-02-12T21:00:22.479Z",
},
undefined,
]
`);
// calculate the expected start/end date for one test
@ -225,6 +226,38 @@ describe('getAlertInstanceSummary()', () => {
expect(endMillis - startMillis).toBeLessThan(expectedDuration + 2);
});
test('calls event log client with legacy ids param', async () => {
unsecuredSavedObjectsClient.get.mockResolvedValueOnce(
getAlertInstanceSummarySavedObject({ legacyId: '99999' })
);
eventLogClient.findEventsBySavedObjectIds.mockResolvedValueOnce(
AlertInstanceSummaryFindEventsResult
);
await rulesClient.getAlertInstanceSummary({ id: '1' });
expect(unsecuredSavedObjectsClient.get).toHaveBeenCalledTimes(1);
expect(eventLogClient.findEventsBySavedObjectIds).toHaveBeenCalledTimes(1);
expect(eventLogClient.findEventsBySavedObjectIds.mock.calls[0]).toMatchInlineSnapshot(`
Array [
"alert",
Array [
"1",
],
Object {
"end": "2019-02-12T21:01:22.479Z",
"page": 1,
"per_page": 10000,
"sort_order": "desc",
"start": "2019-02-12T21:00:22.479Z",
},
Array [
"99999",
],
]
`);
});
test('calls event log client with start date', async () => {
unsecuredSavedObjectsClient.get.mockResolvedValueOnce(getAlertInstanceSummarySavedObject());
eventLogClient.findEventsBySavedObjectIds.mockResolvedValueOnce(

15
x-pack/plugins/alerting/server/types.ts
View file

@ -192,6 +192,21 @@ export interface RawAlertExecutionStatus extends SavedObjectAttributes {
export type PartialAlert<Params extends AlertTypeParams = never> = Pick<Alert<Params>, 'id'> &
Partial<Omit<Alert<Params>, 'id'>>;
export interface AlertWithLegacyId<Params extends AlertTypeParams = never> extends Alert<Params> {
legacyId: string | null;
}
export type SanitizedAlertWithLegacyId<Params extends AlertTypeParams = never> = Omit<
AlertWithLegacyId<Params>,
'apiKey'
>;
export type PartialAlertWithLegacyId<Params extends AlertTypeParams = never> = Pick<
AlertWithLegacyId<Params>,
'id'
> &
Partial<Omit<AlertWithLegacyId<Params>, 'id'>>;
export interface RawAlert extends SavedObjectAttributes {
enabled: boolean;
name: string;

7
x-pack/plugins/event_log/README.md
View file

@ -271,6 +271,7 @@ Request Body:
|Property|Description|Type|
|---|---|---|
|ids|The array ids of the saved object.|string array|
|legacyIds|The array legacy ids of the saved object. This filter applies to the rules creted in Kibana versions before 8.0.0.|string array|
Response body:
@ -284,7 +285,8 @@ interface EventLogClient {
findEventsBySavedObjectIds(
type: string,
ids: string[],
options?: Partial<FindOptionsType>
options?: Partial<FindOptionsType>,
legacyIds?: string[]
): Promise<QueryEventsBySavedObjectResult>;
}
@ -404,7 +406,8 @@ export interface IEventLogClient {
findEventsBySavedObjectIds(
type: string,
ids: string[],
options?: Partial<FindOptionsType>
options?: Partial<FindOptionsType>,
legacyIds?: string[]
): Promise<QueryEventsBySavedObjectResult>;
}
```

672
x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts
View file

@ -338,16 +338,106 @@ describe('queryEventsBySavedObject', () => {
},
})
);
await clusterClientAdapter.queryEventsBySavedObjects(
'index-name',
'namespace',
'saved-object-type',
['saved-object-id'],
DEFAULT_OPTIONS
);
await clusterClientAdapter.queryEventsBySavedObjects({
index: 'index-name',
namespace: 'namespace',
type: 'saved-object-type',
ids: ['saved-object-id'],
findOptions: DEFAULT_OPTIONS,
});
const [query] = clusterClient.search.mock.calls[0];
expect(query).toMatchInlineSnapshot(`
expect(query).toMatchInlineSnapshot(
{
body: {
from: 0,
query: {
bool: {
filter: [],
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
term: {
'kibana.saved_objects.rel': {
value: 'primary',
},
},
},
{
term: {
'kibana.saved_objects.type': {
value: 'saved-object-type',
},
},
},
{
term: {
'kibana.saved_objects.namespace': {
value: 'namespace',
},
},
},
],
},
},
},
},
{
bool: {
should: [
{
bool: {
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
terms: {
'kibana.saved_objects.id': ['saved-object-id'],
},
},
],
},
},
},
},
{
range: {
'kibana.version': {
gte: '8.0.0',
},
},
},
],
},
},
],
},
},
],
},
},
size: 10,
sort: [
{
'@timestamp': {
order: 'asc',
},
},
],
},
index: 'index-name',
track_total_hits: true,
},
`
Object {
"body": Object {
"from": 0,
@ -375,13 +465,6 @@ describe('queryEventsBySavedObject', () => {
},
},
},
Object {
"terms": Object {
"kibana.saved_objects.id": Array [
"saved-object-id",
],
},
},
Object {
"term": Object {
"kibana.saved_objects.namespace": Object {
@ -394,6 +477,43 @@ describe('queryEventsBySavedObject', () => {
},
},
},
Object {
"bool": Object {
"should": Array [
Object {
"bool": Object {
"must": Array [
Object {
"nested": Object {
"path": "kibana.saved_objects",
"query": Object {
"bool": Object {
"must": Array [
Object {
"terms": Object {
"kibana.saved_objects.id": Array [
"saved-object-id",
],
},
},
],
},
},
},
},
Object {
"range": Object {
"kibana.version": Object {
"gte": "8.0.0",
},
},
},
],
},
},
],
},
},
],
},
},
@ -409,7 +529,8 @@ describe('queryEventsBySavedObject', () => {
"index": "index-name",
"track_total_hits": true,
}
`);
`
);
});
test('should call cluster with proper arguments with default namespace', async () => {
@ -429,80 +550,106 @@ describe('queryEventsBySavedObject', () => {
},
})
);
await clusterClientAdapter.queryEventsBySavedObjects(
'index-name',
undefined,
'saved-object-type',
['saved-object-id'],
DEFAULT_OPTIONS
);
await clusterClientAdapter.queryEventsBySavedObjects({
index: 'index-name',
namespace: undefined,
type: 'saved-object-type',
ids: ['saved-object-id'],
findOptions: DEFAULT_OPTIONS,
});
const [query] = clusterClient.search.mock.calls[0];
expect(query).toMatchInlineSnapshot(`
Object {
"body": Object {
"from": 0,
"query": Object {
"bool": Object {
"filter": Array [],
"must": Array [
Object {
"nested": Object {
"path": "kibana.saved_objects",
"query": Object {
"bool": Object {
"must": Array [
Object {
"term": Object {
"kibana.saved_objects.rel": Object {
"value": "primary",
expect(query).toMatchObject({
body: {
from: 0,
query: {
bool: {
filter: [],
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
term: {
'kibana.saved_objects.rel': {
value: 'primary',
},
},
},
{
term: {
'kibana.saved_objects.type': {
value: 'saved-object-type',
},
},
},
{
bool: {
must_not: {
exists: {
field: 'kibana.saved_objects.namespace',
},
},
},
Object {
"term": Object {
"kibana.saved_objects.type": Object {
"value": "saved-object-type",
},
},
},
Object {
"terms": Object {
"kibana.saved_objects.id": Array [
"saved-object-id",
],
},
},
Object {
"bool": Object {
"must_not": Object {
"exists": Object {
"field": "kibana.saved_objects.namespace",
},
],
},
},
},
},
{
bool: {
should: [
{
bool: {
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
terms: {
'kibana.saved_objects.id': ['saved-object-id'],
},
},
],
},
},
},
},
{
range: {
'kibana.version': {
gte: '8.0.0',
},
},
},
],
},
},
},
],
},
],
},
],
},
},
size: 10,
sort: [
{
'@timestamp': {
order: 'asc',
},
},
"size": 10,
"sort": Array [
Object {
"@timestamp": Object {
"order": "asc",
},
},
],
},
"index": "index-name",
"track_total_hits": true,
}
`);
],
},
index: 'index-name',
track_total_hits: true,
});
});
test('should call cluster with sort', async () => {
@ -522,13 +669,13 @@ describe('queryEventsBySavedObject', () => {
},
})
);
await clusterClientAdapter.queryEventsBySavedObjects(
'index-name',
'namespace',
'saved-object-type',
['saved-object-id'],
{ ...DEFAULT_OPTIONS, sort_field: 'event.end', sort_order: 'desc' }
);
await clusterClientAdapter.queryEventsBySavedObjects({
index: 'index-name',
namespace: 'namespace',
type: 'saved-object-type',
ids: ['saved-object-id'],
findOptions: { ...DEFAULT_OPTIONS, sort_field: 'event.end', sort_order: 'desc' },
});
const [query] = clusterClient.search.mock.calls[0];
expect(query).toMatchObject({
@ -559,85 +706,111 @@ describe('queryEventsBySavedObject', () => {
const start = '2020-07-08T00:52:28.350Z';
await clusterClientAdapter.queryEventsBySavedObjects(
'index-name',
'namespace',
'saved-object-type',
['saved-object-id'],
{ ...DEFAULT_OPTIONS, start }
);
await clusterClientAdapter.queryEventsBySavedObjects({
index: 'index-name',
namespace: 'namespace',
type: 'saved-object-type',
ids: ['saved-object-id'],
findOptions: { ...DEFAULT_OPTIONS, start },
});
const [query] = clusterClient.search.mock.calls[0];
expect(query).toMatchInlineSnapshot(`
Object {
"body": Object {
"from": 0,
"query": Object {
"bool": Object {
"filter": Array [],
"must": Array [
Object {
"nested": Object {
"path": "kibana.saved_objects",
"query": Object {
"bool": Object {
"must": Array [
Object {
"term": Object {
"kibana.saved_objects.rel": Object {
"value": "primary",
expect(query).toMatchObject({
body: {
from: 0,
query: {
bool: {
filter: [],
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
term: {
'kibana.saved_objects.rel': {
value: 'primary',
},
},
},
{
term: {
'kibana.saved_objects.type': {
value: 'saved-object-type',
},
},
},
{
term: {
'kibana.saved_objects.namespace': {
value: 'namespace',
},
},
},
],
},
},
},
},
{
bool: {
should: [
{
bool: {
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
terms: {
'kibana.saved_objects.id': ['saved-object-id'],
},
},
],
},
},
},
},
Object {
"term": Object {
"kibana.saved_objects.type": Object {
"value": "saved-object-type",
},
},
},
Object {
"terms": Object {
"kibana.saved_objects.id": Array [
"saved-object-id",
],
},
},
Object {
"term": Object {
"kibana.saved_objects.namespace": Object {
"value": "namespace",
{
range: {
'kibana.version': {
gte: '8.0.0',
},
},
},
],
},
},
],
},
},
{
range: {
'@timestamp': {
gte: '2020-07-08T00:52:28.350Z',
},
},
Object {
"range": Object {
"@timestamp": Object {
"gte": "2020-07-08T00:52:28.350Z",
},
},
},
],
},
],
},
},
size: 10,
sort: [
{
'@timestamp': {
order: 'asc',
},
},
"size": 10,
"sort": Array [
Object {
"@timestamp": Object {
"order": "asc",
},
},
],
},
"index": "index-name",
"track_total_hits": true,
}
`);
],
},
index: 'index-name',
track_total_hits: true,
});
});
test('supports optional date range', async () => {
@ -661,92 +834,163 @@ describe('queryEventsBySavedObject', () => {
const start = '2020-07-08T00:52:28.350Z';
const end = '2020-07-08T00:00:00.000Z';
await clusterClientAdapter.queryEventsBySavedObjects(
'index-name',
'namespace',
'saved-object-type',
['saved-object-id'],
{ ...DEFAULT_OPTIONS, start, end }
);
await clusterClientAdapter.queryEventsBySavedObjects({
index: 'index-name',
namespace: 'namespace',
type: 'saved-object-type',
ids: ['saved-object-id'],
findOptions: { ...DEFAULT_OPTIONS, start, end },
legacyIds: ['legacy-id'],
});
const [query] = clusterClient.search.mock.calls[0];
expect(query).toMatchInlineSnapshot(`
Object {
"body": Object {
"from": 0,
"query": Object {
"bool": Object {
"filter": Array [],
"must": Array [
Object {
"nested": Object {
"path": "kibana.saved_objects",
"query": Object {
"bool": Object {
"must": Array [
Object {
"term": Object {
"kibana.saved_objects.rel": Object {
"value": "primary",
expect(query).toMatchObject({
body: {
from: 0,
query: {
bool: {
filter: [],
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
term: {
'kibana.saved_objects.rel': {
value: 'primary',
},
},
},
{
term: {
'kibana.saved_objects.type': {
value: 'saved-object-type',
},
},
},
{
term: {
'kibana.saved_objects.namespace': {
value: 'namespace',
},
},
},
],
},
},
},
},
{
bool: {
should: [
{
bool: {
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
terms: {
'kibana.saved_objects.id': ['saved-object-id'],
},
},
],
},
},
},
},
Object {
"term": Object {
"kibana.saved_objects.type": Object {
"value": "saved-object-type",
},
},
},
Object {
"terms": Object {
"kibana.saved_objects.id": Array [
"saved-object-id",
],
},
},
Object {
"term": Object {
"kibana.saved_objects.namespace": Object {
"value": "namespace",
{
range: {
'kibana.version': {
gte: '8.0.0',
},
},
},
],
},
},
},
},
Object {
"range": Object {
"@timestamp": Object {
"gte": "2020-07-08T00:52:28.350Z",
{
bool: {
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
terms: {
'kibana.saved_objects.id': ['legacy-id'],
},
},
],
},
},
},
},
{
bool: {
should: [
{
range: {
'kibana.version': {
lt: '8.0.0',
},
},
},
{
bool: {
must_not: {
exists: {
field: 'kibana.version',
},
},
},
},
],
},
},
],
},
},
],
},
},
{
range: {
'@timestamp': {
gte: '2020-07-08T00:52:28.350Z',
},
},
Object {
"range": Object {
"@timestamp": Object {
"lte": "2020-07-08T00:00:00.000Z",
},
},
{
range: {
'@timestamp': {
lte: '2020-07-08T00:00:00.000Z',
},
},
],
},
],
},
},
size: 10,
sort: [
{
'@timestamp': {
order: 'asc',
},
},
"size": 10,
"sort": Array [
Object {
"@timestamp": Object {
"order": "asc",
},
},
],
},
"index": "index-name",
"track_total_hits": true,
}
`);
],
},
index: 'index-name',
track_total_hits: true,
});
});
});

154
x-pack/plugins/event_log/server/es/cluster_client_adapter.ts
View file

@ -41,9 +41,20 @@ export interface QueryEventsBySavedObjectResult {
data: IValidatedEvent[];
}
interface QueryOptionsEventsBySavedObjectFilter {
index: string;
namespace: string | undefined;
type: string;
ids: string[];
findOptions: FindOptionsType;
legacyIds?: string[];
}
// eslint-disable-next-line @typescript-eslint/no-explicit-any
type AliasAny = any;
const LEGACY_ID_CUTOFF_VERSION = '8.0.0';
export class ClusterClientAdapter<TDoc extends { body: AliasAny; index: string } = Doc> {
private readonly logger: Logger;
private readonly elasticsearchClientPromise: Promise<ElasticsearchClient>;
@ -202,13 +213,12 @@ export class ClusterClientAdapter<TDoc extends { body: AliasAny; index: string }
}
public async queryEventsBySavedObjects(
index: string,
namespace: string | undefined,
type: string,
ids: string[],
// eslint-disable-next-line @typescript-eslint/naming-convention
{ page, per_page: perPage, start, end, sort_field, sort_order, filter }: FindOptionsType
queryOptions: QueryOptionsEventsBySavedObjectFilter
): Promise<QueryEventsBySavedObjectResult> {
const { index, namespace, type, ids, findOptions, legacyIds } = queryOptions;
// eslint-disable-next-line @typescript-eslint/naming-convention
const { page, per_page: perPage, start, end, sort_field, sort_order, filter } = findOptions;
const defaultNamespaceQuery = {
bool: {
must_not: {
@ -238,41 +248,125 @@ export class ClusterClientAdapter<TDoc extends { body: AliasAny; index: string }
});
throw err;
}
const savedObjectsQueryMust: estypes.QueryDslQueryContainer[] = [
{
term: {
'kibana.saved_objects.rel': {
value: SAVED_OBJECT_REL_PRIMARY,
},
},
},
{
term: {
'kibana.saved_objects.type': {
value: type,
},
},
},
// @ts-expect-error undefined is not assignable as QueryDslTermQuery value
namespaceQuery,
];
const musts: estypes.QueryDslQueryContainer[] = [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
term: {
'kibana.saved_objects.rel': {
value: SAVED_OBJECT_REL_PRIMARY,
},
},
},
{
term: {
'kibana.saved_objects.type': {
value: type,
},
},
},
{
terms: {
// default maximum of 65,536 terms, configurable by index.max_terms_count
'kibana.saved_objects.id': ids,
},
},
// @ts-expect-error undefined is not assignable as QueryDslTermQuery value
namespaceQuery,
],
must: reject(savedObjectsQueryMust, isUndefined),
},
},
},
},
];
const shouldQuery = [];
shouldQuery.push({
bool: {
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
terms: {
// default maximum of 65,536 terms, configurable by index.max_terms_count
'kibana.saved_objects.id': ids,
},
},
],
},
},
},
},
{
range: {
'kibana.version': {
gte: LEGACY_ID_CUTOFF_VERSION,
},
},
},
],
},
});
if (legacyIds && legacyIds.length > 0) {
shouldQuery.push({
bool: {
must: [
{
nested: {
path: 'kibana.saved_objects',
query: {
bool: {
must: [
{
terms: {
// default maximum of 65,536 terms, configurable by index.max_terms_count
'kibana.saved_objects.id': legacyIds,
},
},
],
},
},
},
},
{
bool: {
should: [
{
range: {
'kibana.version': {
lt: LEGACY_ID_CUTOFF_VERSION,
},
},
},
{
bool: {
must_not: {
exists: {
field: 'kibana.version',
},
},
},
},
],
},
},
],
},
});
}
musts.push({
bool: {
should: shouldQuery,
},
});
if (start) {
musts.push({
range: {

54
x-pack/plugins/event_log/server/event_log_client.test.ts
View file

@ -111,21 +111,27 @@ describe('EventLogStart', () => {
esContext.esAdapter.queryEventsBySavedObjects.mockResolvedValue(result);
expect(
await eventLogClient.findEventsBySavedObjectIds('saved-object-type', ['saved-object-id'])
await eventLogClient.findEventsBySavedObjectIds(
'saved-object-type',
['saved-object-id'],
undefined,
['legacy-id']
)
).toEqual(result);
expect(esContext.esAdapter.queryEventsBySavedObjects).toHaveBeenCalledWith(
esContext.esNames.indexPattern,
undefined,
'saved-object-type',
['saved-object-id'],
{
expect(esContext.esAdapter.queryEventsBySavedObjects).toHaveBeenCalledWith({
index: esContext.esNames.indexPattern,
namespace: undefined,
type: 'saved-object-type',
ids: ['saved-object-id'],
findOptions: {
page: 1,
per_page: 10,
sort_field: '@timestamp',
sort_order: 'asc',
}
);
},
legacyIds: ['legacy-id'],
});
});
test('fetches all events in time frame that reference the saved object', async () => {
@ -189,26 +195,32 @@ describe('EventLogStart', () => {
const end = moment().add(1, 'days').toISOString();
expect(
await eventLogClient.findEventsBySavedObjectIds('saved-object-type', ['saved-object-id'], {
start,
end,
})
await eventLogClient.findEventsBySavedObjectIds(
'saved-object-type',
['saved-object-id'],
{
start,
end,
},
['legacy-id']
)
).toEqual(result);
expect(esContext.esAdapter.queryEventsBySavedObjects).toHaveBeenCalledWith(
esContext.esNames.indexPattern,
undefined,
'saved-object-type',
['saved-object-id'],
{
expect(esContext.esAdapter.queryEventsBySavedObjects).toHaveBeenCalledWith({
index: esContext.esNames.indexPattern,
namespace: undefined,
type: 'saved-object-type',
ids: ['saved-object-id'],
findOptions: {
page: 1,
per_page: 10,
sort_field: '@timestamp',
sort_order: 'asc',
start,
end,
}
);
},
legacyIds: ['legacy-id'],
});
});
test('validates that the start date is valid', async () => {

12
x-pack/plugins/event_log/server/event_log_client.ts
View file

@ -83,7 +83,8 @@ export class EventLogClient implements IEventLogClient {
async findEventsBySavedObjectIds(
type: string,
ids: string[],
options?: Partial<FindOptionsType>
options?: Partial<FindOptionsType>,
legacyIds?: string[]
): Promise<QueryEventsBySavedObjectResult> {
const findOptions = findOptionsSchema.validate(options ?? {});
@ -93,12 +94,13 @@ export class EventLogClient implements IEventLogClient {
// verify the user has the required permissions to view this saved objects
await this.savedObjectGetter(type, ids);
return await this.esContext.esAdapter.queryEventsBySavedObjects(
this.esContext.esNames.indexPattern,
return await this.esContext.esAdapter.queryEventsBySavedObjects({
index: this.esContext.esNames.indexPattern,
namespace,
type,
ids,
findOptions
);
findOptions,
legacyIds,
});
}
}

5
x-pack/plugins/event_log/server/routes/find_by_ids.test.ts
View file

@ -41,7 +41,7 @@ describe('find_by_ids', () => {
eventLogClient,
{
params: { type: 'action' },
body: { ids: ['1'] },
body: { ids: ['1'], legacyIds: ['2'] },
},
['ok']
);
@ -50,9 +50,10 @@ describe('find_by_ids', () => {
expect(eventLogClient.findEventsBySavedObjectIds).toHaveBeenCalledTimes(1);
const [type, ids] = eventLogClient.findEventsBySavedObjectIds.mock.calls[0];
const [type, ids, , legacyIds] = eventLogClient.findEventsBySavedObjectIds.mock.calls[0];
expect(type).toEqual(`action`);
expect(ids).toEqual(['1']);
expect(legacyIds).toEqual(['2']);
expect(res.ok).toHaveBeenCalledWith({
body: result,

5
x-pack/plugins/event_log/server/routes/find_by_ids.ts
View file

@ -23,6 +23,7 @@ const paramSchema = schema.object({
const bodySchema = schema.object({
ids: schema.arrayOf(schema.string(), { defaultValue: [] }),
legacyIds: schema.arrayOf(schema.string(), { defaultValue: [] }),
});
export const findByIdsRoute = (router: EventLogRouter, systemLogger: Logger) => {
@ -46,13 +47,13 @@ export const findByIdsRoute = (router: EventLogRouter, systemLogger: Logger) =>
const eventLogClient = context.eventLog.getEventLogClient();
const {
params: { type },
body: { ids },
body: { ids, legacyIds },
query,
} = req;
try {
return res.ok({
body: await eventLogClient.findEventsBySavedObjectIds(type, ids, query),
body: await eventLogClient.findEventsBySavedObjectIds(type, ids, query, legacyIds),
});
} catch (err) {
const call = `findEventsBySavedObjectIds(${type}, [${ids}], ${JSON.stringify(query)})`;

3
x-pack/plugins/event_log/server/types.ts
View file

@ -45,7 +45,8 @@ export interface IEventLogClient {
findEventsBySavedObjectIds(
type: string,
ids: string[],
options?: Partial<FindOptionsType>
options?: Partial<FindOptionsType>,
legacyIds?: string[]
): Promise<QueryEventsBySavedObjectResult>;
}

164
x-pack/test/functional/es_archives/event_log_legacy_ids/data.json Normal file
View file

@ -0,0 +1,164 @@
{
"type": "doc",
"value": {
"id": "X6bLb3UBt6Z_MVvSTfYk",
"index": ".kibana-event-log-8.0.0-000001",
"source": {
"@timestamp": "2020-10-28T15:19:55.933Z",
"ecs": {
"version": "1.5.0"
},
"event": {
"action": "test",
"duration": 0,
"end": "2020-10-28T15:19:55.933Z",
"provider": "event_log_fixture",
"start": "2020-10-28T15:19:55.933Z"
},
"kibana": {
"saved_objects": [
{
"id": "621f2511-5cd1-44fd-95df-e0df83e354d5",
"rel": "primary",
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "8.0.0"
},
"message": "test 2020-10-28T15:19:55.913Z"
}
}
}
{
"type": "doc",
"value": {
"id": "X6bLb3UBt6Z_MVvSTfYk0000",
"index": ".kibana-event-log-8.0.0-000001",
"source": {
"@timestamp": "2020-10-28T15:19:55.933Z",
"ecs": {
"version": "1.5.0"
},
"event": {
"action": "test legacy",
"duration": 0,
"end": "2020-10-28T15:19:55.933Z",
"provider": "event_log_fixture",
"start": "2020-10-28T15:19:55.933Z"
},
"kibana": {
"saved_objects": [
{
"id": "521f2511-5cd1-44fd-95df-e0df83e354d5",
"rel": "primary",
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "7.14.0"
},
"message": "test legacy 2020-10-28T15:19:55.913Z"
}
}
}
{
"type": "doc",
"value": {
"id": "YKbLb3UBt6Z_MVvSTfY8",
"index": ".kibana-event-log-8.0.0-000001",
"source": {
"@timestamp": "2020-10-28T15:19:55.957Z",
"ecs": {
"version": "1.5.0"
},
"event": {
"action": "test",
"duration": 0,
"end": "2020-10-28T15:19:55.957Z",
"provider": "event_log_fixture",
"start": "2020-10-28T15:19:55.957Z"
},
"kibana": {
"saved_objects": [
{
"id": "621f2511-5cd1-44fd-95df-e0df83e354d5",
"rel": "primary",
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "8.0.0"
},
"message": "test 2020-10-28T15:19:55.938Z"
}
}
}
{
"type": "doc",
"value": {
"id": "YabLb3UBt6Z_MVvSTfZc0000",
"index": ".kibana-event-log-8.0.0-000001",
"source": {
"@timestamp": "2020-10-28T15:19:55.991Z",
"ecs": {
"version": "1.5.0"
},
"event": {
"action": "test",
"duration": 0,
"end": "2020-10-28T15:19:55.991Z",
"provider": "event_log_fixture",
"start": "2020-10-28T15:19:55.991Z"
},
"kibana": {
"saved_objects": [
{
"id": "521f2511-5cd1-44fd-95df-e0df83e354d5",
"rel": "primary",
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "7.0.0"
},
"message": "test legacy 2020-10-28T15:19:55.962Z"
}
}
}
{
"type": "doc",
"value": {
"id": "YabLb3UBt6Z_MVvSTfZc",
"index": ".kibana-event-log-8.0.0-000001",
"source": {
"@timestamp": "2020-10-28T15:19:55.991Z",
"ecs": {
"version": "1.5.0"
},
"event": {
"action": "test",
"duration": 0,
"end": "2020-10-28T15:19:55.991Z",
"provider": "event_log_fixture",
"start": "2020-10-28T15:19:55.991Z"
},
"kibana": {
"saved_objects": [
{
"id": "621f2511-5cd1-44fd-95df-e0df83e354d5",
"rel": "primary",
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "8.0.0"
},
"message": "test 2020-10-28T15:19:55.962Z"
}
}
}

579
x-pack/test/functional/es_archives/event_log_legacy_ids/mappings.json Normal file
View file

@ -0,0 +1,579 @@
{
"type": "index",
"value": {
"aliases": {
".kibana": {
}
},
"index": ".kibana_1",
"mappings": {
"_meta": {
"migrationMappingPropertyHashes": {
"action": "6e96ac5e648f57523879661ea72525b7",
"action_task_params": "a9d49f184ee89641044be0ca2950fa3a",
"alert": "eaf6f5841dbf4cb5e3045860f75f53ca",
"apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd",
"apm-telemetry": "3d1b76c39bfb2cc8296b024d73854724",
"app_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724",
"application_usage_daily": "43b8830d5d0df85a6823d290885fc9fd",
"application_usage_totals": "3d1b76c39bfb2cc8296b024d73854724",
"application_usage_transactional": "3d1b76c39bfb2cc8296b024d73854724",
"canvas-element": "7390014e1091044523666d97247392fc",
"canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231",
"canvas-workpad-template": "ae2673f678281e2c055d764b153e9715",
"cases": "477f214ff61acc3af26a7b7818e380c1",
"cases-comments": "c2061fb929f585df57425102fa928b4b",
"cases-configure": "387c5f3a3bda7e0ae0dd4e106f914a69",
"cases-user-actions": "32277330ec6b721abe3b846cfd939a71",
"config": "c63748b75f39d0c54de12d12c1ccbc20",
"dashboard": "40554caf09725935e2c02e02563a2d07",
"endpoint:user-artifact": "4a11183eee21e6fbad864f7a30b39ad0",
"endpoint:user-artifact-manifest": "a0d7b04ad405eed54d76e279c3727862",
"enterprise_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724",
"epm-packages": "2b83397e3eaaaa8ef15e38813f3721c3",
"event_log_test": "bef808d4a9c27f204ffbda3359233931",
"exception-list": "67f055ab8c10abd7b2ebfd969b836788",
"exception-list-agnostic": "67f055ab8c10abd7b2ebfd969b836788",
"file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e",
"fleet-agent-actions": "9511b565b1cc6441a42033db3d5de8e9",
"fleet-agent-events": "e20a508b6e805189356be381dbfac8db",
"fleet-agents": "cb661e8ede2b640c42c8e5ef99db0683",
"fleet-enrollment-api-keys": "a69ef7ae661dab31561d6c6f052ef2a7",
"graph-workspace": "cd7ba1330e6682e9cc00b78850874be1",
"index-pattern": "45915a1ad866812242df474eb0479052",
"infrastructure-ui-source": "3d1b76c39bfb2cc8296b024d73854724",
"ingest-agent-policies": "8b0733cce189659593659dad8db426f0",
"ingest-outputs": "8854f34453a47e26f86a29f8f3b80b4e",
"ingest-package-policies": "f74dfe498e1849267cda41580b2be110",
"ingest_manager_settings": "02a03095f0e05b7a538fa801b88a217f",
"inventory-view": "3d1b76c39bfb2cc8296b024d73854724",
"kql-telemetry": "d12a98a6f19a2d273696597547e064ee",
"lens": "52346cfec69ff7b47d5f0c12361a2797",
"lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327",
"map": "4a05b35c3a3a58fbc72dd0202dc3487f",
"maps-telemetry": "5ef305b18111b77789afefbd36b66171",
"metrics-explorer-view": "3d1b76c39bfb2cc8296b024d73854724",
"migrationVersion": "4a1746014a75ade3a714e1db5763276f",
"ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9",
"monitoring-telemetry": "2669d5ec15e82391cf58df4294ee9c68",
"namespace": "2f4316de49999235636386fe51dc06c1",
"namespaces": "2f4316de49999235636386fe51dc06c1",
"originId": "2f4316de49999235636386fe51dc06c1",
"query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9",
"references": "7997cf5a56cc02bdc9c93361bde732b0",
"sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4",
"search": "43012c7ebc4cb57054e0a490e4b43023",
"search-telemetry": "3d1b76c39bfb2cc8296b024d73854724",
"siem-detection-engine-rule-actions": "6569b288c169539db10cb262bf79de18",
"siem-detection-engine-rule-status": "ae783f41c6937db6b7a2ef5c93a9e9b0",
"siem-ui-timeline": "d12c5474364d737d17252acf1dc4585c",
"siem-ui-timeline-note": "8874706eedc49059d4cf0f5094559084",
"siem-ui-timeline-pinned-event": "20638091112f0e14f0e443d512301c29",
"space": "c5ca8acafa0beaa4d08d014a97b6bc6b",
"telemetry": "36a616f7026dfa617d6655df850fe16d",
"timelion-sheet": "9a2a2748877c7a7b582fef201ab1d4cf",
"tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215",
"type": "2f4316de49999235636386fe51dc06c1",
"ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3",
"updated_at": "00da57df13e94e9d98437d13ace4bfe0",
"upgrade-assistant-reindex-operation": "215107c281839ea9b3ad5f6419819763",
"upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b",
"uptime-dynamic-settings": "3d1b76c39bfb2cc8296b024d73854724",
"url": "c7f66a0df8b1b52f17c28c4adb111105",
"visualization": "f819cf6636b75c9e76ba733a0c6ef355",
"workplace_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724"
}
},
"dynamic": "strict",
"properties": {
"config": {
"dynamic": "false",
"properties": {
"buildNum": {
"type": "keyword"
}
}
},
"event_log_test": {
"type": "object"
},
"migrationVersion": {
"dynamic": "true",
"properties": {
"config": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
},
"space": {
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
},
"type": "text"
}
}
},
"ml-telemetry": {
"properties": {
"file_data_visualizer": {
"properties": {
"index_creation_count": {
"type": "long"
}
}
}
}
},
"monitoring-telemetry": {
"properties": {
"reportedClusterUuids": {
"type": "keyword"
}
}
},
"namespace": {
"type": "keyword"
},
"namespaces": {
"type": "keyword"
},
"originId": {
"type": "keyword"
},
"query": {
"properties": {
"description": {
"type": "text"
},
"filters": {
"enabled": false,
"type": "object"
},
"query": {
"properties": {
"language": {
"type": "keyword"
},
"query": {
"index": false,
"type": "keyword"
}
}
},
"timefilter": {
"enabled": false,
"type": "object"
},
"title": {
"type": "text"
}
}
},
"references": {
"properties": {
"id": {
"type": "keyword"
},
"name": {
"type": "keyword"
},
"type": {
"type": "keyword"
}
},
"type": "nested"
},
"type": {
"type": "keyword"
},
"space": {
"properties": {
"_reserved": {
"type": "boolean"
},
"color": {
"type": "keyword"
},
"description": {
"type": "text"
},
"disabledFeatures": {
"type": "keyword"
},
"imageUrl": {
"index": false,
"type": "text"
},
"initials": {
"type": "keyword"
},
"name": {
"fields": {
"keyword": {
"ignore_above": 2048,
"type": "keyword"
}
},
"type": "text"
}
}
},
"ui-metric": {
"properties": {
"count": {
"type": "integer"
}
}
},
"updated_at": {
"type": "date"
},
"url": {
"properties": {
"accessCount": {
"type": "long"
},
"accessDate": {
"type": "date"
},
"createDate": {
"type": "date"
},
"url": {
"fields": {
"keyword": {
"ignore_above": 2048,
"type": "keyword"
}
},
"type": "text"
}
}
},
"visualization": {
"properties": {
"description": {
"type": "text"
},
"kibanaSavedObjectMeta": {
"properties": {
"searchSourceJSON": {
"index": false,
"type": "text"
}
}
},
"savedSearchRefName": {
"doc_values": false,
"index": false,
"type": "keyword"
},
"title": {
"type": "text"
},
"uiStateJSON": {
"index": false,
"type": "text"
},
"version": {
"type": "integer"
},
"visState": {
"index": false,
"type": "text"
}
}
},
"workplace_search_telemetry": {
"dynamic": "false",
"type": "object"
}
}
},
"settings": {
"index": {
"auto_expand_replicas": "0-1",
"number_of_replicas": "0",
"number_of_shards": "1"
}
}
}
}
{
"type": "index",
"value": {
"aliases": {
".kibana-event-log-7.9.0": {
"is_write_index": true
}
},
"index": ".kibana-event-log-7.9.0-000001",
"mappings": {
"dynamic": "false",
"properties": {
"@timestamp": {
"type": "date"
},
"ecs": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"error": {
"properties": {
"message": {
"norms": false,
"type": "text"
}
}
},
"event": {
"properties": {
"action": {
"ignore_above": 1024,
"type": "keyword"
},
"duration": {
"type": "long"
},
"end": {
"type": "date"
},
"outcome": {
"ignore_above": 1024,
"type": "keyword"
},
"provider": {
"ignore_above": 1024,
"type": "keyword"
},
"start": {
"type": "date"
}
}
},
"kibana": {
"properties": {
"alerting": {
"properties": {
"instance_id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"saved_objects": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"namespace": {
"ignore_above": 1024,
"type": "keyword"
},
"rel": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
},
"type": "nested"
},
"server_uuid": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"message": {
"norms": false,
"type": "text"
},
"tags": {
"ignore_above": 1024,
"meta": {
"isArray": "true"
},
"type": "keyword"
},
"user": {
"properties": {
"name": {
"fields": {
"text": {
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"settings": {
"index": {
"auto_expand_replicas": "0-1",
"lifecycle": {
"name": "kibana-event-log-policy",
"rollover_alias": ".kibana-event-log-7.9.0"
},
"number_of_replicas": "0",
"number_of_shards": "1"
}
}
}
}
{
"type": "index",
"value": {
"aliases": {
".kibana-event-log-8.0.0": {
"is_write_index": true
}
},
"index": ".kibana-event-log-8.0.0-000001",
"mappings": {
"dynamic": "false",
"properties": {
"@timestamp": {
"type": "date"
},
"ecs": {
"properties": {
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"error": {
"properties": {
"message": {
"norms": false,
"type": "text"
}
}
},
"event": {
"properties": {
"action": {
"ignore_above": 1024,
"type": "keyword"
},
"duration": {
"type": "long"
},
"end": {
"type": "date"
},
"outcome": {
"ignore_above": 1024,
"type": "keyword"
},
"provider": {
"ignore_above": 1024,
"type": "keyword"
},
"start": {
"type": "date"
}
}
},
"kibana": {
"properties": {
"alerting": {
"properties": {
"instance_id": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"saved_objects": {
"properties": {
"id": {
"ignore_above": 1024,
"type": "keyword"
},
"namespace": {
"ignore_above": 1024,
"type": "keyword"
},
"rel": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
},
"type": "nested"
},
"server_uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"type": "version"
}
}
},
"message": {
"norms": false,
"type": "text"
},
"tags": {
"ignore_above": 1024,
"meta": {
"isArray": "true"
},
"type": "keyword"
},
"user": {
"properties": {
"name": {
"fields": {
"text": {
"norms": false,
"type": "text"
}
},
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"settings": {
"index": {
"auto_expand_replicas": "0-1",
"lifecycle": {
"name": "kibana-event-log-policy",
"rollover_alias": ".kibana-event-log-8.0.0"
},
"number_of_replicas": "0",
"number_of_shards": "1"
}
}
}
}

9
x-pack/test/functional/es_archives/event_log_multiple_indicies/data.json
View file

@ -202,7 +202,8 @@
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d"
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "8.0.0"
},
"message": "test 2020-10-28T15:19:55.913Z"
}
@ -234,7 +235,8 @@
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d"
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "8.0.0"
},
"message": "test 2020-10-28T15:19:55.938Z"
}
@ -266,7 +268,8 @@
"type": "event_log_test"
}
],
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d"
"server_uuid": "5b2de169-2785-441b-ae8c-186a1936b17d",
"version": "8.0.0"
},
"message": "test 2020-10-28T15:19:55.962Z"
}

5
x-pack/test/functional/es_archives/event_log_multiple_indicies/mappings.json
View file

@ -397,7 +397,7 @@
"server_uuid": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
},
"message": {
@ -531,6 +531,9 @@
"server_uuid": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"type": "version"
}
}
},

73
x-pack/test/plugin_api_integration/test_suites/event_log/public_api_integration.ts
View file

@ -167,7 +167,7 @@ export default function ({ getService }: FtrProviderContext) {
const {
body: { data, total },
} = await findEvents(undefined, id, {});
} = await findEventsByIds(undefined, [id], {}, [id]);
expect(data.length).to.be(6);
expect(total).to.be(6);
@ -184,6 +184,51 @@ export default function ({ getService }: FtrProviderContext) {
await esArchiver.unload('x-pack/test/functional/es_archives/event_log_multiple_indicies');
});
});
describe(`Legacy Ids`, () => {
before(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/event_log_legacy_ids');
});
after(async () => {
await esArchiver.unload('x-pack/test/functional/es_archives/event_log_legacy_ids');
});
it('should support search event by ids and legacyIds', async () => {
const legacyId = `521f2511-5cd1-44fd-95df-e0df83e354d5`;
const id = `621f2511-5cd1-44fd-95df-e0df83e354d5`;
const {
body: { data, total },
} = await findEventsByIds(undefined, [id], {}, [legacyId]);
expect(data.length).to.be(5);
expect(total).to.be(5);
expect(data.map((foundEvent: IEvent) => foundEvent?.message)).to.eql([
'test 2020-10-28T15:19:55.913Z',
'test legacy 2020-10-28T15:19:55.913Z',
'test 2020-10-28T15:19:55.938Z',
'test legacy 2020-10-28T15:19:55.962Z',
'test 2020-10-28T15:19:55.962Z',
]);
});
it('should search event only by ids if no legacyIds are provided', async () => {
const id = `621f2511-5cd1-44fd-95df-e0df83e354d5`;
const {
body: { data, total },
} = await findEventsByIds(undefined, [id], {});
expect(data.length).to.be(3);
expect(total).to.be(3);
expect(data.map((foundEvent: IEvent) => foundEvent?.message)).to.eql([
'test 2020-10-28T15:19:55.913Z',
'test 2020-10-28T15:19:55.938Z',
'test 2020-10-28T15:19:55.962Z',
]);
});
});
});
async function findEvents(
@ -204,6 +249,32 @@ export default function ({ getService }: FtrProviderContext) {
return await supertest.get(url).set('kbn-xsrf', 'foo').expect(200);
}
async function findEventsByIds(
namespace: string | undefined,
ids: string[],
query: Record<string, any> = {},
legacyIds: string[] = []
) {
const urlPrefix = urlPrefixFromNamespace(namespace);
const url = `${urlPrefix}/api/event_log/event_log_test/_find${
isEmpty(query)
? ''
: `?${Object.entries(query)
.map(([key, val]) => `${key}=${val}`)
.join('&')}`
}`;
await delay(1000); // wait for buffer to be written
log.debug(`Finding Events for Saved Object with ${url}`);
return await supertest
.post(url)
.set('kbn-xsrf', 'foo')
.send({
ids,
legacyIds,
})
.expect(200);
}
function assertEventsFromApiMatchCreatedEvents(
foundEvents: IValidatedEvent[],
expectedEvents: IEvent[]