github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 03:01:21 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/packages/kbn-securitysolution-list-constants/index.ts
Vitalii Dmyterko 505d8265c8
[Security Solution][Detection Engine] move lists to data stream (#162508) 
## Summary

- addresses https://github.com/elastic/security-team/issues/7198
- moves list/items indices to data stream
  - adds `@timestamp` mapping to indices mappings
- migrate to data stream if indices already exist(for customers < 8.11)
or create data stream(for customers 8.11+ or serverless)
- adds
[DLM](https://www.elastic.co/guide/en/elasticsearch/reference/8.9/data-streams-put-lifecycle.html)
to index templates
- replaces update/delete queries with update_by_query/delete_by_query
which supported in data streams
  - fixes existing issues with update/patch APIs for lists/items
    - update/patch for lists didn't save `version` parameter in ES
- update and patch APIs for lists/items were identical, i.e. for both
routes was called the same `update` method w/o any changes

<details>

<summary>Technical detail on moving API to
(update/delete)_by_query</summary>


`update_by_query`, `delete_by_query` do not support refresh=wait_for,
[only false/true
values](https://www.elastic.co/guide/en/elasticsearch/reference/8.9/docs-update-by-query.html#_refreshing_shards_2).
Which might break some of the use cases on UI(when list is removed, we
refetch all lists. Deleted list will be returned for some time. [Default
refresh time is
1s](https://www.elastic.co/guide/en/elasticsearch/reference/8.9/docs-refresh.html)).
So, we retry refetching deleted/updated document before finishing
request, to return reindexed document

`update_by_query` does not support OCC [as update
API](https://www.elastic.co/guide/en/elasticsearch/reference/8.9/optimistic-concurrency-control.html).
Which is supported in both
[list](https://www.elastic.co/guide/en/security/current/lists-api-update-container.html)/[list
item
](https://www.elastic.co/guide/en/security/current/lists-api-update-item.html)updates
through _version parameter.
_version is base64 encoded "_seq_no", "_primary_term" props used for OCC

So, to keep it without breaking changes: implemented check for version
conflict within update method
</details>

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2023-08-23 19:42:57 +01:00

147 lines
5.3 KiB
TypeScript
Raw Blame History

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
import { deepFreeze } from '@kbn/std';
/**
* Value list routes
*/
export const LIST_URL = '/api/lists';
export const LIST_INDEX = `${LIST_URL}/index`;
export const LIST_ITEM_URL = `${LIST_URL}/items`;
export const LIST_PRIVILEGES_URL = `${LIST_URL}/privileges`;
/**
* Internal value list routes
*/
export const INTERNAL_LIST_URL = '/internal/lists';
export const INTERNAL_FIND_LISTS_BY_SIZE = `${INTERNAL_LIST_URL}/_find_lists_by_size` as const;
export const INTERNAL_EXCEPTION_FILTER = `${INTERNAL_LIST_URL}/_create_filter` as const;
/**
* Exception list routes
*/
export const EXCEPTION_LIST_URL = '/api/exception_lists';
export const EXCEPTION_LIST_ITEM_URL = '/api/exception_lists/items';
/**
* Internal exception list routes
*/
export const INTERNAL_EXCEPTION_LIST_URL = `/internal${EXCEPTION_LIST_URL}`;
export const INTERNAL_EXCEPTIONS_LIST_ENSURE_CREATED_URL = `${INTERNAL_EXCEPTION_LIST_URL}/_create`;
/**
* Exception list spaces
*/
export const EXCEPTION_LIST_NAMESPACE_AGNOSTIC = 'exception-list-agnostic';
export const EXCEPTION_LIST_NAMESPACE = 'exception-list';
/**
* Specific routes for the single global space agnostic endpoint list
*/
export const ENDPOINT_LIST_URL = '/api/endpoint_list';
/**
* Specific routes for the single global space agnostic endpoint list. These are convenience
* routes where they are going to try and create the global space agnostic endpoint list if it
* does not exist yet or if it was deleted at some point and re-create it before adding items to
* the list
*/
export const ENDPOINT_LIST_ITEM_URL = '/api/endpoint_list/items';
/**
* This ID is used for _both_ the Saved Object ID and for the list_id
* for the single global space agnostic endpoint list
*/
export const ENDPOINT_LIST_ID = 'endpoint_list';
/** The name of the single global space agnostic endpoint list */
export const ENDPOINT_LIST_NAME = 'Endpoint Security Exception List';
/** The description of the single global space agnostic endpoint list */
export const ENDPOINT_LIST_DESCRIPTION = 'Endpoint Security Exception List';
export const MAX_EXCEPTION_LIST_SIZE = 10000;
export const MAXIMUM_SMALL_VALUE_LIST_SIZE = 65536;
export const MAXIMUM_SMALL_IP_RANGE_VALUE_LIST_DASH_SIZE = 200;
/**
* List definitions for Endpoint Artifact
*/
export const ENDPOINT_ARTIFACT_LISTS = deepFreeze({
trustedApps: {
id: 'endpoint_trusted_apps',
name: 'Endpoint Security Trusted Apps List',
description: 'Endpoint Security Trusted Apps List',
},
eventFilters: {
id: 'endpoint_event_filters',
name: 'Endpoint Security Event Filters List',
description: 'Endpoint Security Event Filters List',
},
hostIsolationExceptions: {
id: 'endpoint_host_isolation_exceptions',
name: 'Endpoint Security Host isolation exceptions List',
description: 'Endpoint Security Host isolation exceptions List',
},
blocklists: {
id: 'endpoint_blocklists',
name: 'Endpoint Security Blocklists List',
description: 'Endpoint Security Blocklists List',
},
});
/**
* The IDs of all Endpoint artifact lists
*/
export const ENDPOINT_ARTIFACT_LIST_IDS = Object.freeze(
Object.values(ENDPOINT_ARTIFACT_LISTS).map(({ id }) => id)
);
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_TRUSTED_APPS_LIST_ID = ENDPOINT_ARTIFACT_LISTS.trustedApps.id;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_TRUSTED_APPS_LIST_NAME = ENDPOINT_ARTIFACT_LISTS.trustedApps.name;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION =
ENDPOINT_ARTIFACT_LISTS.trustedApps.description;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_EVENT_FILTERS_LIST_ID = ENDPOINT_ARTIFACT_LISTS.eventFilters.id;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_EVENT_FILTERS_LIST_NAME = ENDPOINT_ARTIFACT_LISTS.eventFilters.name;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_EVENT_FILTERS_LIST_DESCRIPTION =
ENDPOINT_ARTIFACT_LISTS.eventFilters.description;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID =
ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.id;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_NAME =
ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.name;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_DESCRIPTION =
ENDPOINT_ARTIFACT_LISTS.hostIsolationExceptions.description;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_BLOCKLISTS_LIST_ID = ENDPOINT_ARTIFACT_LISTS.blocklists.id;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_BLOCKLISTS_LIST_NAME = ENDPOINT_ARTIFACT_LISTS.blocklists.name;
/** @deprecated Use `ENDPOINT_ARTIFACT_LISTS` instead */
export const ENDPOINT_BLOCKLISTS_LIST_DESCRIPTION = ENDPOINT_ARTIFACT_LISTS.blocklists.description;
Reference in a new issue View git blame Copy permalink