Skip to content

Commit

Permalink
[SIEM] New Platform Saved Objects Registration (#64029)
Browse files Browse the repository at this point in the history 
* WIP: Register saved objects types in NP

This works, but responsibilities are spread around. Refactor incoming.

* Moves new SO definitions into corresponding folders

This way our top-level file still acts as the index, but these are
more/less unconnected if/when we split these out into separate
applications.

* Replace raw SO updates with our ruleStatusSavedObjectsClient

This mainly consolidates the SO type name and the attributes type to a single
file so that we don't have to import both any time we want to work with
RuleStatus SavedObjects.
  • Loading branch information
@rylnd
rylnd authored Apr 21, 2020
1 parent ed91275 commit 592a0ff
Show file tree
Hide file tree
Showing 24 changed files with 464 additions and 529 deletions.
4 changes: 0 additions & 4 deletions x-pack/legacy/plugins/siem/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,6 @@ import { i18n } from '@kbn/i18n';
import { resolve } from 'path';
import { Root } from 'joi';

// eslint-disable-next-line @kbn/eslint/no-restricted-paths
import { savedObjectMappings } from '../../../plugins/siem/server/saved_objects';

import { APP_ID, APP_NAME } from '../../../plugins/siem/common/constants';
import { DEFAULT_APP_CATEGORIES } from '../../../../src/core/utils';

Expand Down Expand Up @@ -46,7 +43,6 @@ export const siem = (kibana: any) => {
category: DEFAULT_APP_CATEGORIES.security,
},
],
mappings: savedObjectMappings,
},
config(Joi: Root) {
return Joi.object()
Expand Down
8 changes: 2 additions & 6 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,8 @@ import uuid from 'uuid';
import { IRouter } from '../../../../../../../../src/core/server';
import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants';
import { createRules } from '../../rules/create_rules';
import { IRuleSavedAttributesSavedObjectAttributes } from '../../rules/types';
import { readRules } from '../../rules/read_rules';
import { RuleAlertParamsRest } from '../../types';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { transformValidate } from './validate';
import { getIndexExists } from '../../index/get_index_exists';
import { createRulesSchema } from '../schemas/create_rules_schema';
Expand All @@ -23,6 +21,7 @@ import {
validateLicenseForRuleType,
} from '../utils';
import { updateRulesNotifications } from '../../rules/update_rules_notifications';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const createRulesRoute = (router: IRouter): void => {
router.post(
Expand Down Expand Up @@ -145,10 +144,7 @@ export const createRulesRoute = (router: IRouter): void => {
name,
});

const ruleStatuses = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const ruleStatuses = await ruleStatusSavedObjectsClientFactory(savedObjectsClient).find({
perPage: 1,
sortField: 'statusDate',
sortOrder: 'desc',
Expand Down
18 changes: 6 additions & 12 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_bulk_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,11 @@ import { rulesBulkSchema } from '../schemas/response/rules_bulk_schema';
import { getIdBulkError } from './utils';
import { transformValidateBulkError, validate } from './validate';
import { transformBulkError, buildRouteValidation, buildSiemResponse } from '../utils';
import {
IRuleSavedAttributesSavedObjectAttributes,
DeleteRulesRequestParams,
} from '../../rules/types';
import { DeleteRulesRequestParams } from '../../rules/types';
import { deleteRules } from '../../rules/delete_rules';
import { deleteNotifications } from '../../notifications/delete_notifications';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { deleteRuleActionsSavedObject } from '../../rule_actions/delete_rule_actions_saved_object';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

type Config = RouteConfig<unknown, unknown, DeleteRulesRequestParams, 'delete' | 'post'>;
type Handler = RequestHandler<unknown, unknown, DeleteRulesRequestParams, 'delete' | 'post'>;
Expand All @@ -44,6 +41,8 @@ export const deleteRulesBulkRoute = (router: IRouter) => {
return siemResponse.error({ statusCode: 404 });
}

const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);

const rules = await Promise.all(
request.body.map(async payloadRule => {
const { id, rule_id: ruleId } = payloadRule;
Expand All @@ -61,17 +60,12 @@ export const deleteRulesBulkRoute = (router: IRouter) => {
ruleAlertId: rule.id,
savedObjectsClient,
});
const ruleStatuses = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const ruleStatuses = await ruleStatusClient.find({
perPage: 6,
search: rule.id,
searchFields: ['alertId'],
});
ruleStatuses.saved_objects.forEach(async obj =>
savedObjectsClient.delete(ruleStatusSavedObjectType, obj.id)
);
ruleStatuses.saved_objects.forEach(async obj => ruleStatusClient.delete(obj.id));
return transformValidateBulkError(idOrRuleIdOrUnknown, rule, undefined, ruleStatuses);
} else {
return getIdBulkError({ id, ruleId });
Expand Down
17 changes: 5 additions & 12 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,10 @@ import { queryRulesSchema } from '../schemas/query_rules_schema';
import { getIdError } from './utils';
import { transformValidate } from './validate';
import { buildRouteValidation, transformError, buildSiemResponse } from '../utils';
import {
DeleteRuleRequestParams,
IRuleSavedAttributesSavedObjectAttributes,
} from '../../rules/types';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { DeleteRuleRequestParams } from '../../rules/types';
import { deleteNotifications } from '../../notifications/delete_notifications';
import { deleteRuleActionsSavedObject } from '../../rule_actions/delete_rule_actions_saved_object';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const deleteRulesRoute = (router: IRouter) => {
router.delete(
Expand All @@ -44,6 +41,7 @@ export const deleteRulesRoute = (router: IRouter) => {
return siemResponse.error({ statusCode: 404 });
}

const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);
const rule = await deleteRules({
actionsClient,
alertsClient,
Expand All @@ -56,17 +54,12 @@ export const deleteRulesRoute = (router: IRouter) => {
ruleAlertId: rule.id,
savedObjectsClient,
});
const ruleStatuses = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const ruleStatuses = await ruleStatusClient.find({
perPage: 6,
search: rule.id,
searchFields: ['alertId'],
});
ruleStatuses.saved_objects.forEach(async obj =>
savedObjectsClient.delete(ruleStatusSavedObjectType, obj.id)
);
ruleStatuses.saved_objects.forEach(async obj => ruleStatusClient.delete(obj.id));
const [validated, errors] = transformValidate(
rule,
undefined,
Expand Down
13 changes: 4 additions & 9 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,12 @@
import { IRouter } from '../../../../../../../../src/core/server';
import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants';
import { findRules } from '../../rules/find_rules';
import {
FindRulesRequestParams,
IRuleSavedAttributesSavedObjectAttributes,
} from '../../rules/types';
import { FindRulesRequestParams } from '../../rules/types';
import { findRulesSchema } from '../schemas/find_rules_schema';
import { transformValidateFindAlerts } from './validate';
import { buildRouteValidation, transformError, buildSiemResponse } from '../utils';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { getRuleActionsSavedObject } from '../../rule_actions/get_rule_actions_saved_object';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const findRulesRoute = (router: IRouter) => {
router.get(
Expand All @@ -40,6 +37,7 @@ export const findRulesRoute = (router: IRouter) => {
return siemResponse.error({ statusCode: 404 });
}

const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);
const rules = await findRules({
alertsClient,
perPage: query.per_page,
Expand All @@ -50,10 +48,7 @@ export const findRulesRoute = (router: IRouter) => {
});
const ruleStatuses = await Promise.all(
rules.data.map(async rule => {
const results = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const results = await ruleStatusClient.find({
perPage: 1,
sortField: 'statusDate',
sortOrder: 'desc',
Expand Down
9 changes: 3 additions & 6 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/find_rules_status_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,16 @@ import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants';
import { findRulesStatusesSchema } from '../schemas/find_rules_statuses_schema';
import {
FindRulesStatusesRequestParams,
IRuleSavedAttributesSavedObjectAttributes,
RuleStatusResponse,
IRuleStatusAttributes,
} from '../../rules/types';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import {
buildRouteValidation,
transformError,
convertToSnakeCase,
buildSiemResponse,
} from '../utils';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const findRulesStatusesRoute = (router: IRouter) => {
router.post(
Expand Down Expand Up @@ -50,12 +49,10 @@ export const findRulesStatusesRoute = (router: IRouter) => {
}
*/
try {
const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);
const statuses = await body.ids.reduce<Promise<RuleStatusResponse | {}>>(
async (acc, id) => {
const lastFiveErrorsForId = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const lastFiveErrorsForId = await ruleStatusClient.find({
perPage: 6,
sortField: 'statusDate',
sortOrder: 'desc',
Expand Down
13 changes: 4 additions & 9 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,7 @@

import { IRouter } from '../../../../../../../../src/core/server';
import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants';
import {
IRuleSavedAttributesSavedObjectAttributes,
PatchRuleAlertParamsRest,
} from '../../rules/types';
import { PatchRuleAlertParamsRest } from '../../rules/types';
import {
transformBulkError,
buildRouteValidation,
Expand All @@ -21,8 +18,8 @@ import { transformValidateBulkError, validate } from './validate';
import { patchRulesBulkSchema } from '../schemas/patch_rules_bulk_schema';
import { rulesBulkSchema } from '../schemas/response/rules_bulk_schema';
import { patchRules } from '../../rules/patch_rules';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { updateRulesNotifications } from '../../rules/update_rules_notifications';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const patchRulesBulkRoute = (router: IRouter) => {
router.patch(
Expand All @@ -46,6 +43,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
return siemResponse.error({ statusCode: 404 });
}

const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);
const rules = await Promise.all(
request.body.map(async payloadRule => {
const {
Expand Down Expand Up @@ -131,10 +129,7 @@ export const patchRulesBulkRoute = (router: IRouter) => {
throttle,
name: rule.name,
});
const ruleStatuses = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const ruleStatuses = await ruleStatusClient.find({
perPage: 1,
sortField: 'statusDate',
sortOrder: 'desc',
Expand Down
13 changes: 4 additions & 9 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,7 @@
import { IRouter } from '../../../../../../../../src/core/server';
import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants';
import { patchRules } from '../../rules/patch_rules';
import {
PatchRuleAlertParamsRest,
IRuleSavedAttributesSavedObjectAttributes,
} from '../../rules/types';
import { PatchRuleAlertParamsRest } from '../../rules/types';
import { patchRulesSchema } from '../schemas/patch_rules_schema';
import {
buildRouteValidation,
Expand All @@ -20,8 +17,8 @@ import {
} from '../utils';
import { getIdError } from './utils';
import { transformValidate } from './validate';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { updateRulesNotifications } from '../../rules/update_rules_notifications';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const patchRulesRoute = (router: IRouter) => {
router.patch(
Expand Down Expand Up @@ -83,6 +80,7 @@ export const patchRulesRoute = (router: IRouter) => {
return siemResponse.error({ statusCode: 404 });
}

const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);
const rule = await patchRules({
actionsClient,
alertsClient,
Expand Down Expand Up @@ -127,10 +125,7 @@ export const patchRulesRoute = (router: IRouter) => {
throttle,
name: rule.name,
});
const ruleStatuses = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const ruleStatuses = await ruleStatusClient.find({
perPage: 1,
sortField: 'statusDate',
sortOrder: 'desc',
Expand Down
13 changes: 4 additions & 9 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/read_rules_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,9 @@ import { transformValidate } from './validate';
import { buildRouteValidation, transformError, buildSiemResponse } from '../utils';
import { readRules } from '../../rules/read_rules';
import { queryRulesSchema } from '../schemas/query_rules_schema';
import {
ReadRuleRequestParams,
IRuleSavedAttributesSavedObjectAttributes,
} from '../../rules/types';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { ReadRuleRequestParams } from '../../rules/types';
import { getRuleActionsSavedObject } from '../../rule_actions/get_rule_actions_saved_object';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const readRulesRoute = (router: IRouter) => {
router.get(
Expand All @@ -41,6 +38,7 @@ export const readRulesRoute = (router: IRouter) => {
return siemResponse.error({ statusCode: 404 });
}

const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);
const rule = await readRules({
alertsClient,
id,
Expand All @@ -51,10 +49,7 @@ export const readRulesRoute = (router: IRouter) => {
savedObjectsClient,
ruleAlertId: rule.id,
});
const ruleStatuses = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const ruleStatuses = await ruleStatusClient.find({
perPage: 1,
sortField: 'statusDate',
sortOrder: 'desc',
Expand Down
13 changes: 4 additions & 9 deletions x-pack/plugins/siem/server/lib/detection_engine/routes/rules/update_rules_bulk_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,7 @@

import { IRouter } from '../../../../../../../../src/core/server';
import { DETECTION_ENGINE_RULES_URL } from '../../../../../common/constants';
import {
IRuleSavedAttributesSavedObjectAttributes,
UpdateRuleAlertParamsRest,
} from '../../rules/types';
import { UpdateRuleAlertParamsRest } from '../../rules/types';
import { getIdBulkError } from './utils';
import { transformValidateBulkError, validate } from './validate';
import {
Expand All @@ -19,10 +16,10 @@ import {
validateLicenseForRuleType,
} from '../utils';
import { updateRulesBulkSchema } from '../schemas/update_rules_bulk_schema';
import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
import { updateRules } from '../../rules/update_rules';
import { rulesBulkSchema } from '../schemas/response/rules_bulk_schema';
import { updateRulesNotifications } from '../../rules/update_rules_notifications';
import { ruleStatusSavedObjectsClientFactory } from '../../signals/rule_status_saved_objects_client';

export const updateRulesBulkRoute = (router: IRouter) => {
router.put(
Expand All @@ -47,6 +44,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
return siemResponse.error({ statusCode: 404 });
}

const ruleStatusClient = ruleStatusSavedObjectsClientFactory(savedObjectsClient);
const rules = await Promise.all(
request.body.map(async payloadRule => {
const {
Expand Down Expand Up @@ -134,10 +132,7 @@ export const updateRulesBulkRoute = (router: IRouter) => {
throttle,
name,
});
const ruleStatuses = await savedObjectsClient.find<
IRuleSavedAttributesSavedObjectAttributes
>({
type: ruleStatusSavedObjectType,
const ruleStatuses = await ruleStatusClient.find({
perPage: 1,
sortField: 'statusDate',
sortOrder: 'desc',
Expand Down
Loading

0 comments on commit 592a0ff

Please sign in to comment.