Merge remote-tracking branch 'upstream/main' into max-signals-field-f…

…orm-component
elastic · May 2, 2024 · 8d02476 · 8d02476
2 parents 9244392 + 6423fae
commit 8d02476
Show file tree

Hide file tree

Showing 32 changed files with 276 additions and 24 deletions.
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
@@ -82,6 +82,8 @@ Fleet::
 * Fixes managed agent policy preconfiguration update ({kibana-pull}181624[#181624]).
 * Use lowercase dataset in template names ({kibana-pull}180887[#180887]).
 * Fixes KQL/kuery for getting Fleet Server agent count ({kibana-pull}180650[#180650]).
+Index Management::
+* Fixes `allow_auto_create` field in the Index Template form ({kibana-pull}178321[#178321]).
 Lens & Visualizations::
 * Fixes controls on fields with custom label ({kibana-pull}180615[#180615]).
 Machine Learning::

diff --git a/packages/core/plugins/core-plugins-server-internal/src/plugin_context.ts b/packages/core/plugins/core-plugins-server-internal/src/plugin_context.ts
@@ -367,6 +367,7 @@ export function createPluginStartContext<TPlugin, TPluginDependencies>({
     },
     security: {
       authc: deps.security.authc,
+      audit: deps.security.audit,
     },
     userProfile: deps.userProfile,
   };

diff --git a/packages/core/security/core-security-server-internal/src/security_route_handler_context.ts b/packages/core/security/core-security-server-internal/src/security_route_handler_context.ts
@@ -10,12 +10,13 @@ import type { KibanaRequest } from '@kbn/core-http-server';
 import type {
   SecurityRequestHandlerContext,
   AuthcRequestHandlerContext,
+  AuditRequestHandlerContext,
 } from '@kbn/core-security-server';
 import type { InternalSecurityServiceStart } from './internal_contracts';
 
 export class CoreSecurityRouteHandlerContext implements SecurityRequestHandlerContext {
   #authc?: AuthcRequestHandlerContext;
-
+  #audit?: AuditRequestHandlerContext;
   constructor(
     private readonly securityStart: InternalSecurityServiceStart,
     private readonly request: KibanaRequest
@@ -29,4 +30,13 @@ export class CoreSecurityRouteHandlerContext implements SecurityRequestHandlerCo
     }
     return this.#authc;
   }
+
+  public get audit() {
+    if (this.#audit == null) {
+      this.#audit = {
+        logger: this.securityStart.audit.asScoped(this.request),
+      };
+    }
+    return this.#audit;
+  }
 }
diff --git a/.../core/security/core-security-server-internal/src/test_helpers/create_audit_logger.mock.ts b/.../core/security/core-security-server-internal/src/test_helpers/create_audit_logger.mock.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { AuditLogger } from '@kbn/core-security-server';
+
+export type MockedAuditLogger = jest.Mocked<AuditLogger>;
+
+export const createAuditLoggerMock = {
+  create(): MockedAuditLogger {
+    return {
+      log: jest.fn(),
+      enabled: true,
+    };
+  },
+};
diff --git a/packages/core/security/core-security-server-internal/src/utils/convert_security_api.test.ts b/packages/core/security/core-security-server-internal/src/utils/convert_security_api.test.ts
@@ -8,11 +8,22 @@
 
 import type { CoreSecurityDelegateContract } from '@kbn/core-security-server';
 import { convertSecurityApi } from './convert_security_api';
+import { createAuditLoggerMock } from '../test_helpers/create_audit_logger.mock';
 
 describe('convertSecurityApi', () => {
   it('returns the API from the source', () => {
-    const source: CoreSecurityDelegateContract = { authc: { getCurrentUser: jest.fn() } };
+    const source: CoreSecurityDelegateContract = {
+      authc: {
+        getCurrentUser: jest.fn(),
+      },
+      audit: {
+        asScoped: jest.fn().mockReturnValue(createAuditLoggerMock.create()),
+        withoutRequest: createAuditLoggerMock.create(),
+      },
+    };
     const output = convertSecurityApi(source);
     expect(output.authc.getCurrentUser).toBe(source.authc.getCurrentUser);
+    expect(output.audit.asScoped).toBe(source.audit.asScoped);
+    expect(output.audit.withoutRequest).toBe(source.audit.withoutRequest);
   });
 });
diff --git a/...ages/core/security/core-security-server-internal/src/utils/default_implementation.test.ts b/...ages/core/security/core-security-server-internal/src/utils/default_implementation.test.ts
@@ -22,4 +22,19 @@ describe('getDefaultSecurityImplementation', () => {
       expect(user).toBeNull();
     });
   });
+
+  describe('audit.asScoped', () => {
+    it('returns null', async () => {
+      const logger = implementation.audit.asScoped({} as any);
+      expect(logger.log({ message: 'something' })).toBeUndefined();
+    });
+  });
+
+  describe('audit.withoutRequest', () => {
+    it('does not log', async () => {
+      const logger = implementation.audit.withoutRequest;
+      expect(logger.enabled).toBe(false);
+      expect(logger.log({ message: 'no request' })).toBeUndefined();
+    });
+  });
 });
diff --git a/packages/core/security/core-security-server-internal/src/utils/default_implementation.ts b/packages/core/security/core-security-server-internal/src/utils/default_implementation.ts
@@ -13,5 +13,14 @@ export const getDefaultSecurityImplementation = (): CoreSecurityDelegateContract
     authc: {
       getCurrentUser: () => null,
     },
+    audit: {
+      asScoped: () => {
+        return { log: () => undefined, enabled: false };
+      },
+      withoutRequest: {
+        log: () => undefined,
+        enabled: false,
+      },
+    },
   };
 };
diff --git a/packages/core/security/core-security-server-mocks/index.ts b/packages/core/security/core-security-server-mocks/index.ts
@@ -7,3 +7,5 @@
  */
 
 export { securityServiceMock } from './src/security_service.mock';
+export type { InternalSecurityStartMock, SecurityStartMock } from './src/security_service.mock';
+export { auditLoggerMock } from './src/audit.mock';
diff --git a/packages/core/security/core-security-server-mocks/src/audit.mock.ts b/packages/core/security/core-security-server-mocks/src/audit.mock.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import type { KibanaRequest } from '@kbn/core-http-server';
+import type { AuditLogger } from '@kbn/core-security-server';
+
+export type MockedAuditLogger = jest.Mocked<AuditLogger>;
+
+export const auditLoggerMock = {
+  create(): MockedAuditLogger {
+    return {
+      log: jest.fn(),
+      enabled: true,
+    };
+  },
+};
+
+export interface MockedAuditService {
+  asScoped: (request: KibanaRequest) => MockedAuditLogger;
+  withoutRequest: MockedAuditLogger;
+}
+
+export const auditServiceMock = {
+  create(): MockedAuditService {
+    return {
+      asScoped: jest.fn().mockReturnValue(auditLoggerMock.create()),
+      withoutRequest: auditLoggerMock.create(),
+    };
+  },
+};
diff --git a/packages/core/security/core-security-server-mocks/src/security_service.mock.ts b/packages/core/security/core-security-server-mocks/src/security_service.mock.ts
@@ -6,7 +6,7 @@
  * Side Public License, v 1.
  */
 
-import type {
+import {
   SecurityServiceSetup,
   SecurityServiceStart,
   SecurityRequestHandlerContext,
@@ -15,6 +15,7 @@ import type {
   InternalSecurityServiceSetup,
   InternalSecurityServiceStart,
 } from '@kbn/core-security-server-internal';
+import { auditServiceMock, type MockedAuditService } from './audit.mock';
 
 const createSetupMock = () => {
   const mock: jest.Mocked<SecurityServiceSetup> = {
@@ -24,11 +25,16 @@ const createSetupMock = () => {
   return mock;
 };
 
-const createStartMock = () => {
-  const mock: jest.MockedObjectDeep<SecurityServiceStart> = {
+export type SecurityStartMock = jest.MockedObjectDeep<Omit<SecurityServiceStart, 'audit'>> & {
+  audit: MockedAuditService;
+};
+
+const createStartMock = (): SecurityStartMock => {
+  const mock = {
     authc: {
       getCurrentUser: jest.fn(),
     },
+    audit: auditServiceMock.create(),
   };
 
   return mock;
@@ -42,11 +48,18 @@ const createInternalSetupMock = () => {
   return mock;
 };
 
-const createInternalStartMock = () => {
-  const mock: jest.MockedObjectDeep<InternalSecurityServiceStart> = {
+export type InternalSecurityStartMock = jest.MockedObjectDeep<
+  Omit<InternalSecurityServiceStart, 'audit'>
+> & {
+  audit: MockedAuditService;
+};
+
+const createInternalStartMock = (): InternalSecurityStartMock => {
+  const mock = {
     authc: {
       getCurrentUser: jest.fn(),
     },
+    audit: auditServiceMock.create(),
   };
 
   return mock;
@@ -67,6 +80,12 @@ const createRequestHandlerContextMock = () => {
     authc: {
       getCurrentUser: jest.fn(),
     },
+    audit: {
+      logger: {
+        log: jest.fn(),
+        enabled: true,
+      },
+    },
   };
   return mock;
 };

diff --git a/packages/core/security/core-security-server-mocks/tsconfig.json b/packages/core/security/core-security-server-mocks/tsconfig.json
@@ -16,5 +16,6 @@
   "kbn_references": [
     "@kbn/core-security-server",
     "@kbn/core-security-server-internal",
+    "@kbn/core-http-server",
   ]
 }
diff --git a/packages/core/security/core-security-server/index.ts b/packages/core/security/core-security-server/index.ts
@@ -8,11 +8,21 @@
 
 export type { SecurityServiceSetup, SecurityServiceStart } from './src/contracts';
 export type { CoreAuthenticationService } from './src/authc';
+export type { CoreAuditService } from './src/audit';
 export type {
   CoreSecurityDelegateContract,
   AuthenticationServiceContract,
+  AuditServiceContract,
 } from './src/api_provider';
 export type {
   SecurityRequestHandlerContext,
   AuthcRequestHandlerContext,
+  AuditRequestHandlerContext,
 } from './src/request_handler_context';
+export type {
+  AuditEvent,
+  AuditHttp,
+  AuditKibana,
+  AuditRequest,
+} from './src/audit_logging/audit_events';
+export type { AuditLogger } from './src/audit_logging/audit_logger';
diff --git a/packages/core/security/core-security-server/src/api_provider.ts b/packages/core/security/core-security-server/src/api_provider.ts
@@ -6,6 +6,7 @@
  * Side Public License, v 1.
  */
 
+import type { CoreAuditService } from './audit';
 import type { CoreAuthenticationService } from './authc';
 
 /**
@@ -16,9 +17,12 @@ import type { CoreAuthenticationService } from './authc';
  */
 export interface CoreSecurityDelegateContract {
   authc: AuthenticationServiceContract;
+  audit: AuditServiceContract;
 }
 
 /**
  * @public
  */
 export type AuthenticationServiceContract = CoreAuthenticationService;
+
+export type AuditServiceContract = CoreAuditService;
diff --git a/packages/core/security/core-security-server/src/audit.ts b/packages/core/security/core-security-server/src/audit.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import type { KibanaRequest } from '@kbn/core-http-server';
+
+import type { AuditLogger } from './audit_logging/audit_logger';
+
+export interface CoreAuditService {
+  /**
+   * Creates an {@link AuditLogger} scoped to the current request.
+   *
+   * This audit logger logs events with all required user and session info and should be used for
+   * all user-initiated actions.
+   *
+   * @example
+   * ```typescript
+   * const auditLogger = securitySetup.audit.asScoped(request);
+   * auditLogger.log(event);
+   * ```
+   */
+  asScoped: (request: KibanaRequest) => AuditLogger;
+
+  /**
+   * {@link AuditLogger} for background tasks only.
+   *
+   * This audit logger logs events without any user or session info and should never be used to log
+   * user-initiated actions.
+   *
+   * @example
+   * ```typescript
+   * securitySetup.audit.withoutRequest.log(event);
+   * ```
+   */
+  withoutRequest: AuditLogger;
+}
diff --git a/...in_types_server/src/audit/audit_events.ts → ...-server/src/audit_logging/audit_events.ts b/...in_types_server/src/audit/audit_events.ts → ...-server/src/audit_logging/audit_events.ts
@@ -1,11 +1,12 @@
 /*
  * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
  * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
  */
 
-import type { LogMeta } from '@kbn/core/server';
+import type { LogMeta } from '@kbn/logging';
 
 /**
  * Audit kibana schema using ECS format

diff --git a/...in_types_server/src/audit/audit_logger.ts → ...-server/src/audit_logging/audit_logger.ts b/...in_types_server/src/audit/audit_logger.ts → ...-server/src/audit_logging/audit_logger.ts
@@ -1,8 +1,9 @@
 /*
  * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
  * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
  */
 
 import type { AuditEvent } from './audit_events';

diff --git a/packages/core/security/core-security-server/src/contracts.ts b/packages/core/security/core-security-server/src/contracts.ts
@@ -8,7 +8,7 @@
 
 import type { CoreAuthenticationService } from './authc';
 import type { CoreSecurityDelegateContract } from './api_provider';
-
+import type { CoreAuditService } from './audit';
 /**
  * Setup contract for Core's security service.
  *
@@ -33,4 +33,8 @@ export interface SecurityServiceStart {
    * The {@link CoreAuthenticationService | authentication service}
    */
   authc: CoreAuthenticationService;
+  /**
+   * The {@link CoreAuditService | audit service}
+   */
+  audit: CoreAuditService;
 }
diff --git a/packages/core/security/core-security-server/src/request_handler_context.ts b/packages/core/security/core-security-server/src/request_handler_context.ts
@@ -7,11 +7,17 @@
  */
 
 import type { AuthenticatedUser } from '@kbn/core-security-common';
+import { AuditLogger } from './audit_logging/audit_logger';
 
 export interface SecurityRequestHandlerContext {
   authc: AuthcRequestHandlerContext;
+  audit: AuditRequestHandlerContext;
 }
 
 export interface AuthcRequestHandlerContext {
   getCurrentUser(): AuthenticatedUser | null;
 }
+
+export interface AuditRequestHandlerContext {
+  logger: AuditLogger;
+}
diff --git a/packages/core/security/core-security-server/tsconfig.json b/packages/core/security/core-security-server/tsconfig.json
@@ -16,5 +16,6 @@
   "kbn_references": [
     "@kbn/core-security-common",
     "@kbn/core-http-server",
+    "@kbn/logging",
   ]
 }