Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Entity Analytics] Internal API to upload asset criticality records via CSV file #179930

Merged
merged 43 commits into from
Apr 11, 2024
Merged

[Entity Analytics] Internal API to upload asset criticality records via CSV file #179930

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
57206a2
working e2e
hop-dev Apr 3, 2024
142a742
rename results to stats
hop-dev Apr 3, 2024
86b178b
unit tests
hop-dev Apr 3, 2024
80c8835
use config for batch size and max file size
hop-dev Apr 3, 2024
71f393c
move line validation to common folder for UI to use
hop-dev Apr 3, 2024
a744ac1
update validation to match architecture spec
hop-dev Apr 4, 2024
d2956d5
allow case in criticality level to be wrong
hop-dev Apr 4, 2024
21c9741
add data client tests
hop-dev Apr 4, 2024
84548a8
remove csv folder
hop-dev Apr 4, 2024
5b1ebb2
fix config type error
hop-dev Apr 4, 2024
5e002b0
move to constant for max file size
hop-dev Apr 4, 2024
0143d76
AssetCriticalityCsvUploadResponse common type
hop-dev Apr 4, 2024
b5e4725
fix: errors not counting towards total
hop-dev Apr 5, 2024
ceb1615
fix error indexes
hop-dev Apr 5, 2024
325cea3
API integration tests
hop-dev Apr 5, 2024
49e25ce
add test file import
hop-dev Apr 5, 2024
21ca9cd
add test for catastrophic es error
hop-dev Apr 5, 2024
4440c62
fix test types
hop-dev Apr 5, 2024
bfd1f74
Add OpenAPI spec
hop-dev Apr 5, 2024
fd76077
Add telemetry event
hop-dev Apr 5, 2024
faab392
use generator in bulkUpsertFromStream
hop-dev Apr 5, 2024
415ebfb
Merge branch 'main' into asset-criticality-csv-upoad-api
kibanamachine Apr 5, 2024
9e93fb6
add missing awaits
hop-dev Apr 8, 2024
1f4d866
check advanced setting is enabled on criticality API
hop-dev Apr 8, 2024
511265b
make csv validation errors clearer
hop-dev Apr 8, 2024
e66f9d2
fix wrong status code for file too large
hop-dev Apr 8, 2024
addec44
Merge branch 'main' into asset-criticality-csv-upoad-api
hop-dev Apr 8, 2024
cdcc28c
Merge branch 'asset-criticality-csv-upoad-api' of github.com:hop-dev/…
hop-dev Apr 8, 2024
f3c2c96
remove redundant else
hop-dev Apr 8, 2024
8a2d350
run batches in paralell
hop-dev Apr 9, 2024
007bd8c
remove unused generator
hop-dev Apr 9, 2024
5ee0498
use translations for csv parsing errors
hop-dev Apr 9, 2024
a29a775
fix types
hop-dev Apr 9, 2024
e391d0f
remove api from translation IDs
hop-dev Apr 9, 2024
46fb379
send 403 if setting is disabled
hop-dev Apr 9, 2024
9d975a7
use stream helper
hop-dev Apr 9, 2024
c142c8b
update config to match new client
hop-dev Apr 9, 2024
feb235b
remove fileSizeBytes telemetry field
hop-dev Apr 9, 2024
bc5198d
jareds error message feedback
hop-dev Apr 10, 2024
9a70627
Merge branch 'main' into asset-criticality-csv-upoad-api
hop-dev Apr 10, 2024
e871b6a
report telemetry event on total error
hop-dev Apr 10, 2024
8630d07
Merge branch 'main' into asset-criticality-csv-upoad-api
hop-dev Apr 10, 2024
539ecc7
use helper for validation errors
hop-dev Apr 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/common/api/entity_analytics/asset_criticality/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@

export * from './common.gen';
export * from './get_asset_criticality_status.gen';
export * from './upload_asset_criticality_csv.gen';
36 changes: 36 additions & 0 deletions ...olution/common/api/entity_analytics/asset_criticality/upload_asset_criticality_csv.gen.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { z } from 'zod';

/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Asset Criticality Create Record Schema
* version: 1.0.0
*/

export type ErrorItem = z.infer<typeof ErrorItem>;
export const ErrorItem = z.object({
message: z.string(),
index: z.number().int(),
});

export type Stats = z.infer<typeof Stats>;
export const Stats = z.object({
successful: z.number().int(),
failed: z.number().int(),
total: z.number().int(),
});

export type AssetCriticalityCsvUploadResponse = z.infer<typeof AssetCriticalityCsvUploadResponse>;
export const AssetCriticalityCsvUploadResponse = z.object({
errors: z.array(ErrorItem),
stats: Stats,
});
73 changes: 73 additions & 0 deletions ...on/common/api/entity_analytics/asset_criticality/upload_asset_criticality_csv.schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
openapi: 3.0.0
info:
version: 1.0.0
title: Asset Criticality Create Record Schema
servers:
- url: 'http://{kibana_host}:{port}'
variables:
kibana_host:
default: localhost
port:
default: '5601'
paths:
/internal/asset_criticality/upload_csv:
post:
summary: Uploads a CSV file containing asset criticality data
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
file:
type: string
format: binary
description: The CSV file to upload.
required:
- file
responses:
'200':
description: CSV upload successful
content:
application/json:
schema:
$ref: '#/components/schemas/AssetCriticalityCsvUploadResponse'
'413':
description: File too large
components:
schemas:
ErrorItem:
type: object
properties:
message:
type: string
index:
type: integer
required:
- message
- index
Stats:
type: object
properties:
successful:
type: integer
failed:
type: integer
total:
type: integer
required:
- successful
- failed
- total
AssetCriticalityCsvUploadResponse:
type: object
properties:
errors:
type: array
items:
$ref: '#/components/schemas/ErrorItem'
stats:
$ref: '#/components/schemas/Stats'
required:
- errors
- stats
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/common/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,7 @@ export const RISK_ENGINE_SETTINGS_URL = `${RISK_ENGINE_URL}/settings`;
export const ASSET_CRITICALITY_URL = `/internal/asset_criticality`;
export const ASSET_CRITICALITY_PRIVILEGES_URL = `/internal/asset_criticality/privileges`;
export const ASSET_CRITICALITY_STATUS_URL = `${ASSET_CRITICALITY_URL}/status`;
export const ASSET_CRITICALITY_CSV_UPLOAD_URL = `${ASSET_CRITICALITY_URL}/upload_csv`;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend to move ASSET_CRITICALITY... constants into Asset criticality domain. Create common/asset_criticality folder with constants.ts. It will help to define proper ownership avoid expanding common/constants.ts with not really common constants.


/**
* Public Risk Score routes
Expand Down
7 changes: 7 additions & 0 deletions x-pack/plugins/security_solution/common/entity_analytics/asset_criticality/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ export enum CriticalityLevels {
LOW_IMPACT = 'low_impact',
}

export const ValidCriticalityLevels = Object.values(CriticalityLevels);

/**
* CriticalityModifiers are used to adjust the risk score based on the criticality of the asset.
*/
Expand All @@ -31,3 +33,8 @@ export const CriticalityModifiers: Record<CriticalityLevels, number> = {
[CriticalityLevels.MEDIUM_IMPACT]: 1,
[CriticalityLevels.LOW_IMPACT]: 0.5,
};

export const CRITICALITY_CSV_MAX_SIZE_BYTES = 1024 * 1024; // 1MB
export const CRITICALITY_CSV_SIZE_TOLERANCE_BYTES = 1024 * 50; // ~= 50kb
export const CRITICALITY_CSV_MAX_SIZE_BYTES_WITH_TOLERANCE =
CRITICALITY_CSV_MAX_SIZE_BYTES + CRITICALITY_CSV_SIZE_TOLERANCE_BYTES;
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/common/entity_analytics/asset_criticality/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@

export * from './indices';
export * from './constants';
export * from './parse_asset_criticality_csv_row';
133 changes: 133 additions & 0 deletions ...olution/common/entity_analytics/asset_criticality/parse_asset_criticality_csv_row.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { parseAssetCriticalityCsvRow } from './parse_asset_criticality_csv_row';

describe('parseAssetCriticalityCsvRow', () => {
it('should return valid false if the row has no columns', () => {
const result = parseAssetCriticalityCsvRow([]);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(`"Expected 3 columns, got 0"`);
});

it('should return valid false if the row has 2 columns', () => {
const result = parseAssetCriticalityCsvRow(['host', 'host-1']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(`"Expected 3 columns, got 2"`);
});

it('should return valid false if the row has 4 columns', () => {
const result = parseAssetCriticalityCsvRow(['host', 'host-1', 'low_impact', 'extra']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(`"Expected 3 columns, got 4"`);
});

it('should return valid false if the entity type is missing', () => {
const result = parseAssetCriticalityCsvRow(['', 'host-1', 'low_impact']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(`"Missing entity type"`);
});

it('should return valid false if the entity type is invalid', () => {
const result = parseAssetCriticalityCsvRow(['invalid', 'host-1', 'low_impact']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(
`"Invalid entity type \\"invalid\\", expected host or user"`
);
});

it('should return valid false if the entity type is invalid and only log 1000 characters', () => {
const invalidEntityType = 'x'.repeat(1001);
const result = parseAssetCriticalityCsvRow([invalidEntityType, 'host-1', 'low_impact']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(
`"Invalid entity type \\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...\\", expected host or user"`
);
});

it('should return valid false if the ID is missing', () => {
const result = parseAssetCriticalityCsvRow(['host', '', 'low_impact']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(`"Missing identifier"`);
});

it('should return valid false if the criticality level is missing', () => {
const result = parseAssetCriticalityCsvRow(['host', 'host-1', '']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(`"Missing criticality level"`);
});

it('should return valid false if the criticality level is invalid', () => {
const result = parseAssetCriticalityCsvRow(['host', 'host-1', 'invalid']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(
`"Invalid criticality level \\"invalid\\", expected one of extreme_impact, high_impact, medium_impact, low_impact"`
);
});

it('should return valid false if the criticality level is invalid and only log 1000 characters', () => {
const invalidCriticalityLevel = 'x'.repeat(1001);
const result = parseAssetCriticalityCsvRow(['host', 'host-1', invalidCriticalityLevel]);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(
`"Invalid criticality level \\"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...\\", expected one of extreme_impact, high_impact, medium_impact, low_impact"`
);
});

it('should return valid false if the ID is too long', () => {
const idValue = 'x'.repeat(1001);
const result = parseAssetCriticalityCsvRow(['host', idValue, 'low_impact']);
expect(result.valid).toBe(false);

// @ts-ignore result can now only be InvalidRecord
expect(result.error).toMatchInlineSnapshot(
`"Identifier is too long, expected less than 1000 characters, got 1001"`
);
});

it('should return the parsed row', () => {
expect(parseAssetCriticalityCsvRow(['host', 'host-1', 'low_impact'])).toEqual({
valid: true,
record: {
idField: 'host.name',
idValue: 'host-1',
criticalityLevel: 'low_impact',
},
});
});

it('should return the parsed row if criticality level is the wrong case', () => {
expect(parseAssetCriticalityCsvRow(['host', 'host-1', 'LOW_IMPACT'])).toEqual({
valid: true,
record: {
idField: 'host.name',
idValue: 'host-1',
criticalityLevel: 'low_impact',
},
});
});
});
Loading