Security usage data

src/core/server/core_usage_data/core_usage_data_service.test.ts

@@ -6,6 +6,7 @@
  * Side Public License, v 1.
  */
 
+import type { ConfigPath } from '@kbn/config';
 import { BehaviorSubject, Observable } from 'rxjs';
 import { HotObservable } from 'rxjs/internal/testing/HotObservable';
 import { TestScheduler } from 'rxjs/testing';
@@ -29,12 +30,31 @@ import { CORE_USAGE_STATS_TYPE } from './constants';
 import { CoreUsageStatsClient } from './core_usage_stats_client';
 
 describe('CoreUsageDataService', () => {
+  function getConfigServiceAtPathMockImplementation() {
+    return (path: ConfigPath) => {
+      if (path === 'elasticsearch') {
+        return new BehaviorSubject(RawElasticsearchConfig.schema.validate({}));
+      } else if (path === 'server') {
+        return new BehaviorSubject(RawHttpConfig.schema.validate({}));
+      } else if (path === 'logging') {
+        return new BehaviorSubject(RawLoggingConfig.schema.validate({}));
+      } else if (path === 'savedObjects') {
+        return new BehaviorSubject(RawSavedObjectsConfig.schema.validate({}));
+      } else if (path === 'kibana') {
+        return new BehaviorSubject(RawKibanaConfig.schema.validate({}));
+      }
+      return new BehaviorSubject({});
+    };
+  }
+
   const getTestScheduler = () =>
     new TestScheduler((actual, expected) => {
       expect(actual).toEqual(expected);
     });
 
   let service: CoreUsageDataService;
+  let configService: ReturnType<typeof configServiceMock.create>;
+
   const mockConfig = {
     unused_config: {},
     elasticsearch: { username: 'kibana_system', password: 'changeme' },
@@ -60,27 +80,11 @@ describe('CoreUsageDataService', () => {
     },
   };
 
-  const configService = configServiceMock.create({
-    getConfig$: mockConfig,
-  });
-
-  configService.atPath.mockImplementation((path) => {
-    if (path === 'elasticsearch') {
-      return new BehaviorSubject(RawElasticsearchConfig.schema.validate({}));
-    } else if (path === 'server') {
-      return new BehaviorSubject(RawHttpConfig.schema.validate({}));
-    } else if (path === 'logging') {
-      return new BehaviorSubject(RawLoggingConfig.schema.validate({}));
-    } else if (path === 'savedObjects') {
-      return new BehaviorSubject(RawSavedObjectsConfig.schema.validate({}));
-    } else if (path === 'kibana') {
-      return new BehaviorSubject(RawKibanaConfig.schema.validate({}));
-    }
-    return new BehaviorSubject({});
-  });
-  const coreContext = mockCoreContext.create({ configService });
-
   beforeEach(() => {
+    configService = configServiceMock.create({ getConfig$: mockConfig });
+    configService.atPath.mockImplementation(getConfigServiceAtPathMockImplementation());
+
+    const coreContext = mockCoreContext.create({ configService });
     service = new CoreUsageDataService(coreContext);
   });
 
@@ -150,7 +154,7 @@ describe('CoreUsageDataService', () => {
 
   describe('start', () => {
     describe('getCoreUsageData', () => {
-      it('returns core metrics for default config', async () => {
+      function setup() {
         const http = httpServiceMock.createInternalSetupContract();
         const metrics = metricsServiceMock.createInternalSetupContract();
         const savedObjectsStartPromise = Promise.resolve(
@@ -208,6 +212,11 @@ describe('CoreUsageDataService', () => {
           exposedConfigsToUsage: new Map(),
           elasticsearch,
         });
+        return { getCoreUsageData };
+      }
+
+      it('returns core metrics for default config', async () => {
+        const { getCoreUsageData } = setup();
         expect(getCoreUsageData()).resolves.toMatchInlineSnapshot(`
           Object {
             "config": Object {
@@ -241,6 +250,7 @@ describe('CoreUsageDataService', () => {
                   "truststoreConfigured": false,
                   "verificationMode": "full",
                 },
+                "username": "none",
               },
               "http": Object {
                 "basePathConfigured": false,
@@ -354,6 +364,42 @@ describe('CoreUsageDataService', () => {
           }
         `);
       });
+
+      describe('elasticsearch.username', () => {
+        async function doTest({ username, expected }: { username: string; expected: string }) {
+          const defaultMockImplementation = getConfigServiceAtPathMockImplementation();
+          configService.atPath.mockImplementation((path) => {
+            if (path === 'elasticsearch') {
+              return new BehaviorSubject(RawElasticsearchConfig.schema.validate({ username }));
+            }
+            return defaultMockImplementation(path);
+          });
+          const { getCoreUsageData } = setup();
+          return expect(getCoreUsageData()).resolves.toEqual(
+            expect.objectContaining({
+              config: expect.objectContaining({
+                elasticsearch: expect.objectContaining({ username: expected }),
+              }),
+            })
+          );
+        }
+
+        it('returns expected usage data for "elastic"', async () => {
+          return doTest({ username: 'elastic', expected: 'elastic' });
+        });
+
+        it('returns expected usage data for "kibana"', async () => {
+          return doTest({ username: 'kibana', expected: 'kibana' });
+        });
+
+        it('returns expected usage data for "kibana_system"', async () => {
+          return doTest({ username: 'kibana_system', expected: 'kibana_system' });
+        });
+
+        it('returns expected usage data for anything else', async () => {
+          return doTest({ username: 'anything else', expected: 'other' });
+        });
+      });
     });
 
     describe('getConfigsUsageData', () => {

src/core/server/core_usage_data/core_usage_data_service.ts

@@ -29,6 +29,7 @@ import type {
   CoreUsageDataStart,
   CoreUsageDataSetup,
   ConfigUsageData,
+  CoreConfigUsageData,
 } from './types';
 import { isConfigured } from './is_configured';
 import { ElasticsearchServiceStart } from '../elasticsearch';
@@ -253,6 +254,7 @@ export class CoreUsageDataService implements CoreService<CoreUsageDataSetup, Cor
             truststoreConfigured: isConfigured.record(es.ssl.truststore),
             keystoreConfigured: isConfigured.record(es.ssl.keystore),
           },
+          username: getEsUsernameUsage(es.username),
         },
         http: {
           basePathConfigured: isConfigured.string(http.basePath),
@@ -512,3 +514,19 @@ export class CoreUsageDataService implements CoreService<CoreUsageDataSetup, Cor
     this.stop$.complete();
   }
 }
+
+function getEsUsernameUsage(username: string | undefined) {
+  let value: CoreConfigUsageData['elasticsearch']['username'] = 'none';
+  if (isConfigured.string(username)) {
+    switch (username) {
+      case 'elastic': // deprecated
+      case 'kibana': // deprecated
+      case 'kibana_system':
+        value = username;
+        break;
+      default:
+        value = 'other';
+    }
+  }
+  return value;
+}

src/core/server/core_usage_data/types.ts

@@ -205,6 +205,7 @@ export interface CoreConfigUsageData {
     };
     apiVersion: string;
     healthCheckDelayMs: number;
+    username: 'none' | 'elastic' | 'kibana' | 'kibana_system' | 'other';
   };
 
   http: {

src/core/server/server.api.md

@@ -293,6 +293,7 @@ export interface CoreConfigUsageData {
         };
         apiVersion: string;
         healthCheckDelayMs: number;
+        username: 'none' | 'elastic' | 'kibana' | 'kibana_system' | 'other';
     };
     // (undocumented)
     http: {

src/plugins/kibana_usage_collection/server/collectors/core/core_usage_collector.ts

@@ -131,6 +131,10 @@ export function getCoreUsageCollector(
                 'The interval in miliseconds between health check requests Kibana sends to the Elasticsearch.',
             },
           },
+          username: {
+            type: 'keyword',
+            _meta: { description: 'Indicates what elasticsearch username is configured, if any.' },
+          },
         },
 
         http: {

src/plugins/telemetry/schema/oss_plugins.json

@@ -5957,6 +5957,12 @@
                   "_meta": {
                     "description": "The interval in miliseconds between health check requests Kibana sends to the Elasticsearch."
                   }
+                },
+                "username": {
+                  "type": "keyword",
+                  "_meta": {
+                    "description": "Indicates what elasticsearch username is configured, if any."
+                  }
                 }
               }
             },

x-pack/plugins/security/server/usage_collector/security_usage_collector.test.ts

@@ -357,16 +357,53 @@ describe('Security UsageCollector', () => {
   });
 
   describe('audit logging', () => {
-    it('reports when audit logging is enabled', async () => {
+    it('reports when legacy audit logging is enabled (and ECS audit logging is not enabled)', async () => {
       const config = createSecurityConfig(
         ConfigSchema.validate({
           audit: {
             enabled: true,
+            appender: undefined,
           },
         })
       );
       const usageCollection = usageCollectionPluginMock.createSetupContract();
-      const license = createSecurityLicense({ isLicenseAvailable: true, allowAuditLogging: true });
+      const license = createSecurityLicense({
+        isLicenseAvailable: true,
+        allowLegacyAuditLogging: true,
+        allowAuditLogging: true,
+      });
+      registerSecurityUsageCollector({ usageCollection, config, license });
+
+      const usage = await usageCollection
+        .getCollectorByType('security')
+        ?.fetch(collectorFetchContext);
+
+      expect(usage).toEqual({
+        auditLoggingEnabled: true,
+        auditLoggingType: 'legacy',
+        accessAgreementEnabled: false,
+        authProviderCount: 1,
+        enabledAuthProviders: ['basic'],
+        loginSelectorEnabled: false,
+        httpAuthSchemes: ['apikey'],
+      });
+    });
+
+    it('reports when ECS audit logging is enabled (and legacy audit logging is not enabled)', async () => {
+      const config = createSecurityConfig(
+        ConfigSchema.validate({
+          audit: {
+            enabled: true,
+            appender: { type: 'console', layout: { type: 'json' } },
+          },
+        })
+      );
+      const usageCollection = usageCollectionPluginMock.createSetupContract();
+      const license = createSecurityLicense({
+        isLicenseAvailable: true,
+        allowLegacyAuditLogging: true,
+        allowAuditLogging: true,
+      });
       registerSecurityUsageCollector({ usageCollection, config, license });
 
       const usage = await usageCollection
@@ -375,6 +412,7 @@ describe('Security UsageCollector', () => {
 
       expect(usage).toEqual({
         auditLoggingEnabled: true,
+        auditLoggingType: 'ecs',
         accessAgreementEnabled: false,
         authProviderCount: 1,
         enabledAuthProviders: ['basic'],

x-pack/plugins/security/server/usage_collector/security_usage_collector.ts

@@ -12,6 +12,7 @@ import type { ConfigType } from '../config';
 
 interface Usage {
   auditLoggingEnabled: boolean;
+  auditLoggingType?: 'ecs' | 'legacy';
   loginSelectorEnabled: boolean;
   accessAgreementEnabled: boolean;
   authProviderCount: number;
@@ -58,6 +59,13 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
             'Indicates if audit logging is both enabled and supported by the current license.',
         },
       },
+      auditLoggingType: {
+        type: 'keyword',
+        _meta: {
+          description:
+            'If auditLoggingEnabled is true, indicates what type is enabled (ECS or legacy).',
+        },
+      },
       loginSelectorEnabled: {
         type: 'boolean',
         _meta: {
@@ -118,9 +126,16 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
       }
 
       const legacyAuditLoggingEnabled = allowLegacyAuditLogging && config.audit.enabled;
-      const auditLoggingEnabled =
+      const ecsAuditLoggingEnabled =
         allowAuditLogging && config.audit.enabled && config.audit.appender != null;
 
+      let auditLoggingType: Usage['auditLoggingType'];
+      if (ecsAuditLoggingEnabled) {
+        auditLoggingType = 'ecs';
+      } else if (legacyAuditLoggingEnabled) {
+        auditLoggingType = 'legacy';
+      }
+
       const loginSelectorEnabled = config.authc.selector.enabled;
       const authProviderCount = config.authc.sortedProviders.length;
       const enabledAuthProviders = [
@@ -140,7 +155,8 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
       );
 
       return {
-        auditLoggingEnabled: legacyAuditLoggingEnabled || auditLoggingEnabled,
+        auditLoggingEnabled: legacyAuditLoggingEnabled || ecsAuditLoggingEnabled,
+        auditLoggingType,
         loginSelectorEnabled,
         accessAgreementEnabled,
         authProviderCount,

x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json

@@ -5455,6 +5455,12 @@
             "description": "Indicates if audit logging is both enabled and supported by the current license."
           }
         },
+        "auditLoggingType": {
+          "type": "keyword",
+          "_meta": {
+            "description": "If auditLoggingEnabled is true, indicates what type is enabled (ECS or legacy)."
+          }
+        },
         "loginSelectorEnabled": {
           "type": "boolean",
           "_meta": {