Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.12] [Security Solution] Fix importing rules referencing preconfigured connectors (#176284) #176887

Merged
merged 3 commits into from
Feb 14, 2024
Merged

[8.12] [Security Solution] Fix importing rules referencing preconfigured connectors (#176284) #176887

merged 3 commits into from
Feb 14, 2024

Conversation

maximpn
Copy link
Contributor

@maximpn maximpn commented Feb 14, 2024

Backport

This will backport the following commits from main to 8.12:

Questions ?

Please refer to the Backport tool documentation

@maximpn
[Security Solution] Fix importing rules referencing preconfigured con…
b8aac4d 
…nectors (elastic#176284)

**Fixes:** elastic#157253

## Summary

This PR fixes rules import with `overwrite_action_connectors` set to true when ndjson contains rules with actions referencing preconfigured action connectors.

## Details

A user can preconfigure action connectors as described [here](https://www.elastic.co/guide/en/kibana/current/pre-configured-connectors.html). At the same time Elastic Could instances have Elastic-cloud-SMTP connector preconfigured. In particular import doesn't work as expected in Elastic Cloud for rules having actions referencing the preconfigured Elastic-cloud-SMTP connector.

This is fixed by filtering out preconfigured connector ids so importing logic only handles custom action connectors.

On top of this functional tests have been added to make sure the problem won't come back.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
- [x] [Ran](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5139) in Flaky test runner for ESS and Serverless and no flakiness has been revealed

(cherry picked from commit 934a06c)

# Conflicts:
#	x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_connectors.ts
#	x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/index.ts
@maximpn maximpn enabled auto-merge (squash) February 14, 2024 08:58
@maximpn maximpn mentioned this pull request Feb 14, 2024
Merged
2 tasks
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #35 / Alerting eventLog alerts should generate expected alert events for normal operation

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@maximpn maximpn merged commit 78cb16c into elastic:8.12 Feb 14, 2024
29 checks passed
@maximpn maximpn deleted the backport/8.12/pr-176284 branch February 14, 2024 12:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@banderror banderror banderror approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@maximpn @kibana-ci @banderror