-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Only apply field aliases to legacy .siem-signals …
…indices (#115290) * Only apply field aliases to legacy .siem-signals indices * Fix unit test mocks * Add new function for special index existence check * Actually add new function for special index existence check * Undo getIndexVersion change * Add basic integration tests for field alias logic * Add back create_index to test list * Add missing markdown to readme * Revert change to delete_index_route Co-authored-by: Kibana Machine <[email protected]>
- Loading branch information
1 parent
efd043e
commit a68f3ff
Showing
10 changed files
with
261 additions
and
22 deletions.
There are no files selected for viewing
37 changes: 37 additions & 0 deletions
37
packages/kbn-securitysolution-es-utils/src/get_bootstrap_index_exists/index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
import type { ElasticsearchClient } from '../elasticsearch_client'; | ||
|
||
/** | ||
* This function is similar to getIndexExists, but is limited to searching indices that match | ||
* the index pattern used as concrete backing indices (e.g. .siem-signals-default-000001). | ||
* This allows us to separate the indices that are actually .siem-signals indices from | ||
* alerts as data indices that only share the .siem-signals alias. | ||
* | ||
* @param esClient Elasticsearch client to use to make the request | ||
* @param index Index alias name to check for existence | ||
*/ | ||
export const getBootstrapIndexExists = async ( | ||
esClient: ElasticsearchClient, | ||
index: string | ||
): Promise<boolean> => { | ||
try { | ||
const { body } = await esClient.indices.getAlias({ | ||
index: `${index}-*`, | ||
name: index, | ||
}); | ||
return Object.keys(body).length > 0; | ||
} catch (err) { | ||
if (err.body != null && err.body.status === 404) { | ||
return false; | ||
} else { | ||
throw err.body ? err.body : err; | ||
} | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
89 changes: 89 additions & 0 deletions
89
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_index.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import expect from '@kbn/expect'; | ||
import { | ||
DEFAULT_ALERTS_INDEX, | ||
DETECTION_ENGINE_INDEX_URL, | ||
} from '../../../../plugins/security_solution/common/constants'; | ||
|
||
import { FtrProviderContext } from '../../common/ftr_provider_context'; | ||
import { deleteSignalsIndex } from '../../utils'; | ||
|
||
// eslint-disable-next-line import/no-default-export | ||
export default ({ getService }: FtrProviderContext) => { | ||
const supertest = getService('supertest'); | ||
const esArchiver = getService('esArchiver'); | ||
const es = getService('es'); | ||
|
||
describe('create_index', () => { | ||
afterEach(async () => { | ||
await deleteSignalsIndex(supertest); | ||
}); | ||
|
||
describe('elastic admin', () => { | ||
describe('with another index that shares index alias', () => { | ||
before(async () => { | ||
await esArchiver.load('x-pack/test/functional/es_archives/signals/index_alias_clash'); | ||
}); | ||
|
||
after(async () => { | ||
await esArchiver.unload('x-pack/test/functional/es_archives/signals/index_alias_clash'); | ||
}); | ||
|
||
it.skip('should report that signals index does not exist', async () => { | ||
const { body } = await supertest.get(DETECTION_ENGINE_INDEX_URL).send().expect(404); | ||
expect(body).to.eql({ message: 'index for this space does not exist', status_code: 404 }); | ||
}); | ||
|
||
it('should return 200 for create_index', async () => { | ||
const { body } = await supertest | ||
.post(DETECTION_ENGINE_INDEX_URL) | ||
.set('kbn-xsrf', 'true') | ||
.send() | ||
.expect(200); | ||
expect(body).to.eql({ acknowledged: true }); | ||
}); | ||
}); | ||
|
||
describe('with an outdated signals index', () => { | ||
beforeEach(async () => { | ||
await esArchiver.load('x-pack/test/functional/es_archives/endpoint/resolver/signals'); | ||
}); | ||
|
||
afterEach(async () => { | ||
await esArchiver.unload('x-pack/test/functional/es_archives/endpoint/resolver/signals'); | ||
}); | ||
|
||
it('should report that signals index is outdated', async () => { | ||
const { body } = await supertest.get(DETECTION_ENGINE_INDEX_URL).send().expect(200); | ||
expect(body).to.eql({ | ||
index_mapping_outdated: true, | ||
name: `${DEFAULT_ALERTS_INDEX}-default`, | ||
}); | ||
}); | ||
|
||
it('should return 200 for create_index and add field aliases', async () => { | ||
const { body } = await supertest | ||
.post(DETECTION_ENGINE_INDEX_URL) | ||
.set('kbn-xsrf', 'true') | ||
.send() | ||
.expect(200); | ||
expect(body).to.eql({ acknowledged: true }); | ||
|
||
const mappings = await es.indices.get({ | ||
index: '.siem-signals-default-000001', | ||
}); | ||
// Make sure that aliases_version has been updated on the existing index | ||
expect(mappings['.siem-signals-default-000001'].mappings?._meta?.aliases_version).to.eql( | ||
1 | ||
); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 changes: 11 additions & 0 deletions
11
x-pack/test/functional/es_archives/signals/index_alias_clash/data.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"type": "doc", | ||
"value": { | ||
"id": "1", | ||
"index": "signal_name_clash", | ||
"source": { | ||
"@timestamp": "2020-10-28T05:08:53.000Z" | ||
}, | ||
"type": "_doc" | ||
} | ||
} |
24 changes: 24 additions & 0 deletions
24
x-pack/test/functional/es_archives/signals/index_alias_clash/mappings.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
{ | ||
"type": "index", | ||
"value": { | ||
"aliases": { | ||
".siem-signals-default": { | ||
"is_write_index": false | ||
} | ||
}, | ||
"index": "index_alias_clash", | ||
"mappings": { | ||
"properties": { | ||
"@timestamp": { | ||
"type": "date" | ||
} | ||
} | ||
}, | ||
"settings": { | ||
"index": { | ||
"number_of_replicas": "1", | ||
"number_of_shards": "1" | ||
} | ||
} | ||
} | ||
} |