Merge branch 'main' of github.com:elastic/kibana into feat/enable-esl…

…int-rule-for-ai-assistant
elastic · Sep 5, 2023 · c0cea1c · c0cea1c
2 parents fd7a1eb + 528884c
commit c0cea1c
Show file tree

Hide file tree

Showing 6 changed files with 240 additions and 12 deletions.
diff --git a/x-pack/plugins/actions/kibana.jsonc b/x-pack/plugins/actions/kibana.jsonc
@@ -21,7 +21,8 @@
       "usageCollection",
       "spaces",
       "security",
-      "monitoringCollection"
+      "monitoringCollection",
+      "serverless"
     ],
     "extraPublicDirs": [
       "common"

diff --git a/x-pack/plugins/actions/server/config.ts b/x-pack/plugins/actions/server/config.ts
@@ -64,19 +64,23 @@ const connectorTypeSchema = schema.object({
   maxAttempts: schema.maybe(schema.number({ min: MIN_MAX_ATTEMPTS, max: MAX_MAX_ATTEMPTS })),
 });
 
+// We leverage enabledActionTypes list by allowing the other plugins to overwrite it by using "setEnabledConnectorTypes" in the plugin setup.
+// The list can be overwritten only if it's not already been set in the config.
+const enabledConnectorTypesSchema = schema.arrayOf(
+  schema.oneOf([schema.string(), schema.literal(EnabledActionTypes.Any)]),
+  {
+    defaultValue: [AllowedHosts.Any],
+  }
+);
+
 export const configSchema = schema.object({
   allowedHosts: schema.arrayOf(
     schema.oneOf([schema.string({ hostname: true }), schema.literal(AllowedHosts.Any)]),
     {
       defaultValue: [AllowedHosts.Any],
     }
   ),
-  enabledActionTypes: schema.arrayOf(
-    schema.oneOf([schema.string(), schema.literal(EnabledActionTypes.Any)]),
-    {
-      defaultValue: [AllowedHosts.Any],
-    }
-  ),
+  enabledActionTypes: enabledConnectorTypesSchema,
   preconfiguredAlertHistoryEsIndex: schema.boolean({ defaultValue: false }),
   preconfigured: schema.recordOf(schema.string(), preconfiguredActionSchema, {
     defaultValue: {},
@@ -129,6 +133,7 @@ export const configSchema = schema.object({
 });
 
 export type ActionsConfig = TypeOf<typeof configSchema>;
+export type EnabledConnectorTypes = TypeOf<typeof enabledConnectorTypesSchema>;
 
 // It would be nicer to add the proxyBypassHosts / proxyOnlyHosts restriction on
 // simultaneous usage in the config validator directly, but there's no good way to express

diff --git a/x-pack/plugins/actions/server/mocks.ts b/x-pack/plugins/actions/server/mocks.ts
@@ -31,6 +31,7 @@ const createSetupMock = () => {
     getCaseConnectorClass: jest.fn(),
     getActionsHealth: jest.fn(),
     getActionsConfigurationUtilities: jest.fn(),
+    setEnabledConnectorTypes: jest.fn(),
   };
   return mock;
 };

diff --git a/x-pack/plugins/actions/server/plugin.test.ts b/x-pack/plugins/actions/server/plugin.test.ts
@@ -348,6 +348,163 @@ describe('Actions Plugin', () => {
         expect(pluginSetup.isPreconfiguredConnector('anotherConnectorId')).toEqual(false);
       });
     });
+
+    describe('setEnabledConnectorTypes (works only on serverless)', () => {
+      function setup(config: ActionsConfig) {
+        context = coreMock.createPluginInitializerContext<ActionsConfig>(config);
+        plugin = new ActionsPlugin(context);
+        coreSetup = coreMock.createSetup();
+        pluginsSetup = {
+          taskManager: taskManagerMock.createSetup(),
+          encryptedSavedObjects: encryptedSavedObjectsMock.createSetup(),
+          licensing: licensingMock.createSetup(),
+          eventLog: eventLogMock.createSetup(),
+          usageCollection: usageCollectionPluginMock.createSetupContract(),
+          features: featuresPluginMock.createSetup(),
+          serverless: {},
+        };
+      }
+
+      it('should set connector type enabled', async () => {
+        setup(getConfig());
+        // coreMock.createSetup doesn't support Plugin generics
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const pluginSetup = await plugin.setup(coreSetup as any, pluginsSetup);
+        const coreStart = coreMock.createStart();
+        const pluginsStart = {
+          licensing: licensingMock.createStart(),
+          taskManager: taskManagerMock.createStart(),
+          encryptedSavedObjects: encryptedSavedObjectsMock.createStart(),
+          eventLog: eventLogMock.createStart(),
+        };
+        const pluginStart = plugin.start(coreStart, pluginsStart);
+
+        pluginSetup.registerType({
+          id: '.server-log',
+          name: 'Server log',
+          minimumLicenseRequired: 'basic',
+          supportedFeatureIds: ['alerting'],
+          validate: {
+            config: { schema: schema.object({}) },
+            secrets: { schema: schema.object({}) },
+            params: { schema: schema.object({}) },
+          },
+          executor,
+        });
+        pluginSetup.registerType({
+          id: '.slack',
+          name: 'Slack',
+          minimumLicenseRequired: 'gold',
+          supportedFeatureIds: ['alerting'],
+          validate: {
+            config: { schema: schema.object({}) },
+            secrets: { schema: schema.object({}) },
+            params: { schema: schema.object({}) },
+          },
+          executor,
+        });
+        pluginSetup.setEnabledConnectorTypes(['.server-log']);
+        expect(pluginStart.isActionTypeEnabled('.server-log')).toBeTruthy();
+        expect(pluginStart.isActionTypeEnabled('.slack')).toBeFalsy();
+      });
+
+      it('should set all the connector types enabled when null or ["*"] passed', async () => {
+        setup(getConfig());
+        // coreMock.createSetup doesn't support Plugin generics
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const pluginSetup = await plugin.setup(coreSetup as any, pluginsSetup);
+        const coreStart = coreMock.createStart();
+        const pluginsStart = {
+          licensing: licensingMock.createStart(),
+          taskManager: taskManagerMock.createStart(),
+          encryptedSavedObjects: encryptedSavedObjectsMock.createStart(),
+          eventLog: eventLogMock.createStart(),
+        };
+        const pluginStart = plugin.start(coreStart, pluginsStart);
+
+        pluginSetup.registerType({
+          id: '.server-log',
+          name: 'Server log',
+          minimumLicenseRequired: 'basic',
+          supportedFeatureIds: ['alerting'],
+          validate: {
+            config: { schema: schema.object({}) },
+            secrets: { schema: schema.object({}) },
+            params: { schema: schema.object({}) },
+          },
+          executor,
+        });
+        pluginSetup.registerType({
+          id: '.index',
+          name: 'Index',
+          minimumLicenseRequired: 'basic',
+          supportedFeatureIds: ['alerting'],
+          validate: {
+            config: { schema: schema.object({}) },
+            secrets: { schema: schema.object({}) },
+            params: { schema: schema.object({}) },
+          },
+          executor,
+        });
+        pluginSetup.setEnabledConnectorTypes(['*']);
+        expect(pluginStart.isActionTypeEnabled('.server-log')).toBeTruthy();
+        expect(pluginStart.isActionTypeEnabled('.index')).toBeTruthy();
+      });
+
+      it('should set all the connector types disabled when [] passed', async () => {
+        setup(getConfig());
+        // coreMock.createSetup doesn't support Plugin generics
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const pluginSetup = await plugin.setup(coreSetup as any, pluginsSetup);
+        const coreStart = coreMock.createStart();
+        const pluginsStart = {
+          licensing: licensingMock.createStart(),
+          taskManager: taskManagerMock.createStart(),
+          encryptedSavedObjects: encryptedSavedObjectsMock.createStart(),
+          eventLog: eventLogMock.createStart(),
+        };
+        const pluginStart = plugin.start(coreStart, pluginsStart);
+
+        pluginSetup.registerType({
+          id: '.server-log',
+          name: 'Server log',
+          minimumLicenseRequired: 'basic',
+          supportedFeatureIds: ['alerting'],
+          validate: {
+            config: { schema: schema.object({}) },
+            secrets: { schema: schema.object({}) },
+            params: { schema: schema.object({}) },
+          },
+          executor,
+        });
+        pluginSetup.registerType({
+          id: '.index',
+          name: 'Index',
+          minimumLicenseRequired: 'basic',
+          supportedFeatureIds: ['alerting'],
+          validate: {
+            config: { schema: schema.object({}) },
+            secrets: { schema: schema.object({}) },
+            params: { schema: schema.object({}) },
+          },
+          executor,
+        });
+        pluginSetup.setEnabledConnectorTypes([]);
+        expect(pluginStart.isActionTypeEnabled('.server-log')).toBeFalsy();
+        expect(pluginStart.isActionTypeEnabled('.index')).toBeFalsy();
+      });
+
+      it('should throw if the enabledActionTypes is already set by the config', async () => {
+        setup({ ...getConfig(), enabledActionTypes: ['.email'] });
+        // coreMock.createSetup doesn't support Plugin generics
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const pluginSetup = await plugin.setup(coreSetup as any, pluginsSetup);
+
+        expect(() => pluginSetup.setEnabledConnectorTypes(['.index'])).toThrow(
+          "Enabled connector types can be set only if they haven't already been set in the config"
+        );
+      });
+    });
   });
 
   describe('start()', () => {
@@ -396,6 +553,38 @@ describe('Actions Plugin', () => {
       };
     });
 
+    it('should throw when there is an invalid connector type in enabledActionTypes', async () => {
+      const pluginSetup = await plugin.setup(coreSetup, {
+        ...pluginsSetup,
+        encryptedSavedObjects: {
+          ...pluginsSetup.encryptedSavedObjects,
+          canEncrypt: true,
+        },
+        serverless: {},
+      });
+
+      pluginSetup.registerType({
+        id: '.server-log',
+        name: 'Server log',
+        minimumLicenseRequired: 'basic',
+        supportedFeatureIds: ['alerting'],
+        validate: {
+          config: { schema: schema.object({}) },
+          secrets: { schema: schema.object({}) },
+          params: { schema: schema.object({}) },
+        },
+        executor,
+      });
+
+      pluginSetup.setEnabledConnectorTypes(['.server-log', 'non-existing']);
+
+      await expect(async () =>
+        plugin.start(coreStart, { ...pluginsStart, serverless: {} })
+      ).rejects.toThrowErrorMatchingInlineSnapshot(
+        `"Action type \\"non-existing\\" is not registered."`
+      );
+    });
+
     describe('getActionsClientWithRequest()', () => {
       it('should not throw error when ESO plugin has encryption key', async () => {
         await plugin.setup(coreSetup, {

diff --git a/x-pack/plugins/actions/server/plugin.ts b/x-pack/plugins/actions/server/plugin.ts
@@ -40,7 +40,8 @@ import {
 } from '@kbn/event-log-plugin/server';
 import { MonitoringCollectionSetup } from '@kbn/monitoring-collection-plugin/server';
 
-import { ActionsConfig, getValidatedConfig } from './config';
+import { ServerlessPluginSetup } from '@kbn/serverless/server';
+import { ActionsConfig, AllowedHosts, EnabledConnectorTypes, getValidatedConfig } from './config';
 import { resolveCustomHosts } from './lib/custom_host_settings';
 import { ActionsClient } from './actions_client/actions_client';
 import { ActionTypeRegistry } from './action_type_registry';
@@ -100,10 +101,8 @@ import { createSubActionConnectorFramework } from './sub_action_framework';
 import { IServiceAbstract, SubActionConnectorType } from './sub_action_framework/types';
 import { SubActionConnector } from './sub_action_framework/sub_action_connector';
 import { CaseConnector } from './sub_action_framework/case';
-import {
-  type IUnsecuredActionsClient,
-  UnsecuredActionsClient,
-} from './unsecured_actions_client/unsecured_actions_client';
+import type { IUnsecuredActionsClient } from './unsecured_actions_client/unsecured_actions_client';
+import { UnsecuredActionsClient } from './unsecured_actions_client/unsecured_actions_client';
 import { createBulkUnsecuredExecutionEnqueuerFunction } from './create_unsecured_execute_function';
 import { createSystemConnectors } from './create_system_actions';
 
@@ -130,6 +129,7 @@ export interface PluginSetupContract {
   getCaseConnectorClass: <Config, Secrets>() => IServiceAbstract<Config, Secrets>;
   getActionsHealth: () => { hasPermanentEncryptionKey: boolean };
   getActionsConfigurationUtilities: () => ActionsConfigurationUtilities;
+  setEnabledConnectorTypes: (connectorTypes: EnabledConnectorTypes) => void;
 }
 
 export interface PluginStartContract {
@@ -169,6 +169,7 @@ export interface ActionsPluginsSetup {
   features: FeaturesPluginSetup;
   spaces?: SpacesPluginSetup;
   monitoringCollection?: MonitoringCollectionSetup;
+  serverless?: ServerlessPluginSetup;
 }
 
 export interface ActionsPluginsStart {
@@ -178,6 +179,7 @@ export interface ActionsPluginsStart {
   eventLog: IEventLogClientService;
   spaces?: SpacesPluginStart;
   security?: SecurityPluginStart;
+  serverless?: ServerlessPluginSetup;
 }
 
 const includedHiddenTypes = [
@@ -375,6 +377,20 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
         };
       },
       getActionsConfigurationUtilities: () => actionsConfigUtils,
+      setEnabledConnectorTypes: (connectorTypes) => {
+        if (
+          !!plugins.serverless &&
+          this.actionsConfig.enabledActionTypes.length === 1 &&
+          this.actionsConfig.enabledActionTypes[0] === AllowedHosts.Any
+        ) {
+          this.actionsConfig.enabledActionTypes.pop();
+          this.actionsConfig.enabledActionTypes.push(...connectorTypes);
+        } else {
+          throw new Error(
+            "Enabled connector types can be set only if they haven't already been set in the config"
+          );
+        }
+      },
     };
   }
 
@@ -542,6 +558,8 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
       });
     }
 
+    this.validateEnabledConnectorTypes(plugins);
+
     return {
       isActionTypeEnabled: (id, options = { notifyUsage: false }) => {
         return this.actionTypeRegistry!.isActionTypeEnabled(id, options);
@@ -695,6 +713,19 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
     };
   };
 
+  private validateEnabledConnectorTypes = (plugins: ActionsPluginsStart) => {
+    if (
+      !!plugins.serverless &&
+      this.actionsConfig.enabledActionTypes.length > 0 &&
+      this.actionsConfig.enabledActionTypes[0] !== AllowedHosts.Any
+    ) {
+      this.actionsConfig.enabledActionTypes.forEach((connectorType) => {
+        // Throws error if action type doesn't exist
+        this.actionTypeRegistry?.get(connectorType);
+      });
+    }
+  };
+
   public stop() {
     if (this.licenseState) {
       this.licenseState.clean();

diff --git a/x-pack/plugins/actions/tsconfig.json b/x-pack/plugins/actions/tsconfig.json
@@ -43,6 +43,7 @@
     "@kbn/core-saved-objects-api-server-mocks",
     "@kbn/core-elasticsearch-server-mocks",
     "@kbn/core-logging-server-mocks",
+    "@kbn/serverless"
   ],
   "exclude": [
     "target/**/*",