[Ingest Manager] validate agent route using AJV instead kbn-config-schema

x-pack/plugins/ingest_manager/package.json

@@ -5,6 +5,7 @@
   "private": true,
   "license": "Elastic-License",
   "dependencies": {
-    "abort-controller": "^3.0.0"
+    "abort-controller": "^3.0.0",
+    "ajv": "^6.12.4"
   }
 }

x-pack/plugins/ingest_manager/server/routes/agent/acks_handlers.ts

@@ -7,19 +7,13 @@
 // handlers that handle events from agents in response to actions received
 
 import { RequestHandler } from 'kibana/server';
-import { TypeOf } from '@kbn/config-schema';
-import { PostAgentAcksRequestSchema } from '../../types/rest_spec';
 import { AcksService } from '../../services/agents';
 import { AgentEvent } from '../../../common/types/models';
-import { PostAgentAcksResponse } from '../../../common/types/rest_spec';
+import { PostAgentAcksRequest, PostAgentAcksResponse } from '../../../common/types/rest_spec';
 
 export const postAgentAcksHandlerBuilder = function (
   ackService: AcksService
-): RequestHandler<
-  TypeOf<typeof PostAgentAcksRequestSchema.params>,
-  undefined,
-  TypeOf<typeof PostAgentAcksRequestSchema.body>
-> {
+): RequestHandler<PostAgentAcksRequest['params'], undefined, PostAgentAcksRequest['body']> {
   return async (context, request, response) => {
     try {
       const soClient = ackService.getSavedObjectsClientContract(request);

x-pack/plugins/ingest_manager/server/routes/agent/handlers.ts

@@ -15,15 +15,15 @@ import {
   PostAgentEnrollResponse,
   GetAgentStatusResponse,
   PutAgentReassignResponse,
+  PostAgentEnrollRequest,
 } from '../../../common/types';
 import {
   GetAgentsRequestSchema,
   GetOneAgentRequestSchema,
   UpdateAgentRequestSchema,
   DeleteAgentRequestSchema,
   GetOneAgentEventsRequestSchema,
-  PostAgentCheckinRequestSchema,
-  PostAgentEnrollRequestSchema,
+  PostAgentCheckinRequest,
   GetAgentStatusRequestSchema,
   PutAgentReassignRequestSchema,
 } from '../../types';
@@ -159,9 +159,9 @@ export const updateAgentHandler: RequestHandler<
 };
 
 export const postAgentCheckinHandler: RequestHandler<
-  TypeOf<typeof PostAgentCheckinRequestSchema.params>,
+  PostAgentCheckinRequest['params'],
   undefined,
-  TypeOf<typeof PostAgentCheckinRequestSchema.body>
+  PostAgentCheckinRequest['body']
 > = async (context, request, response) => {
   try {
     const soClient = appContextService.getInternalUserSOClient(request);
@@ -218,7 +218,7 @@ export const postAgentCheckinHandler: RequestHandler<
 export const postAgentEnrollHandler: RequestHandler<
   undefined,
   undefined,
-  TypeOf<typeof PostAgentEnrollRequestSchema.body>
+  PostAgentEnrollRequest['body']
 > = async (context, request, response) => {
   try {
     const soClient = appContextService.getInternalUserSOClient(request);

x-pack/plugins/ingest_manager/server/routes/agent/index.ts

@@ -9,21 +9,24 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { IRouter } from 'src/core/server';
+import { IRouter, RouteValidationResultFactory } from 'src/core/server';
+import Ajv from 'ajv';
 import { PLUGIN_ID, AGENT_API_ROUTES, LIMITED_CONCURRENCY_ROUTE_TAG } from '../../constants';
 import {
   GetAgentsRequestSchema,
   GetOneAgentRequestSchema,
   GetOneAgentEventsRequestSchema,
   UpdateAgentRequestSchema,
   DeleteAgentRequestSchema,
-  PostAgentCheckinRequestSchema,
-  PostAgentEnrollRequestSchema,
-  PostAgentAcksRequestSchema,
+  PostAgentCheckinRequestBodyJSONSchema,
+  PostAgentCheckinRequestParamsJSONSchema,
+  PostAgentAcksRequestParamsJSONSchema,
+  PostAgentAcksRequestBodyJSONSchema,
   PostAgentUnenrollRequestSchema,
   GetAgentStatusRequestSchema,
   PostNewAgentActionRequestSchema,
   PutAgentReassignRequestSchema,
+  PostAgentEnrollRequestBodyJSONSchema,
 } from '../../types';
 import {
   getAgentsHandler,
@@ -43,6 +46,29 @@ import { appContextService } from '../../services';
 import { postAgentsUnenrollHandler } from './unenroll_handler';
 import { IngestManagerConfigType } from '../..';
 
+const ajv = new Ajv({
+  coerceTypes: true,
+  useDefaults: true,
+  removeAdditional: true,
+  allErrors: false,
+  nullable: true,
+});
+
+function schemaErrorsText(errors: Ajv.ErrorObject[], dataVar: any) {
+  return errors.map((e) => `${dataVar + (e.dataPath || '')} ${e.message}`).join(', ');
+}
+
+function makeValidator(jsonSchema: any) {
+  const validator = ajv.compile(jsonSchema);
+  return function validateWithAJV(data: any, r: RouteValidationResultFactory) {
+    if (validator(data)) {
+      return r.ok(data);
+    }
+
+    return r.badRequest(schemaErrorsText(validator.errors || [], data));
+  };
+}
+
 export const registerRoutes = (router: IRouter, config: IngestManagerConfigType) => {
   // Get one
   router.get(
@@ -86,7 +112,10 @@ export const registerRoutes = (router: IRouter, config: IngestManagerConfigType)
   router.post(
     {
       path: AGENT_API_ROUTES.CHECKIN_PATTERN,
-      validate: PostAgentCheckinRequestSchema,
+      validate: {
+        params: makeValidator(PostAgentCheckinRequestParamsJSONSchema),
+        body: makeValidator(PostAgentCheckinRequestBodyJSONSchema),
+      },
       options: {
         tags: [],
         ...(pollingRequestTimeout
@@ -105,7 +134,9 @@ export const registerRoutes = (router: IRouter, config: IngestManagerConfigType)
   router.post(
     {
       path: AGENT_API_ROUTES.ENROLL_PATTERN,
-      validate: PostAgentEnrollRequestSchema,
+      validate: {
+        body: makeValidator(PostAgentEnrollRequestBodyJSONSchema),
+      },
       options: { tags: [LIMITED_CONCURRENCY_ROUTE_TAG] },
     },
     postAgentEnrollHandler
@@ -115,7 +146,10 @@ export const registerRoutes = (router: IRouter, config: IngestManagerConfigType)
   router.post(
     {
       path: AGENT_API_ROUTES.ACKS_PATTERN,
-      validate: PostAgentAcksRequestSchema,
+      validate: {
+        params: makeValidator(PostAgentAcksRequestParamsJSONSchema),
+        body: makeValidator(PostAgentAcksRequestBodyJSONSchema),
+      },
       options: { tags: [LIMITED_CONCURRENCY_ROUTE_TAG] },
     },
     postAgentAcksHandlerBuilder({

x-pack/plugins/ingest_manager/server/types/index.tsx

@@ -63,6 +63,9 @@ export {
   IndexTemplateMappings,
   Settings,
   SettingsSOAttributes,
+  // Agent Request types
+  PostAgentEnrollRequest,
+  PostAgentCheckinRequest,
 } from '../../common';
 
 export type CallESAsCurrentUser = LegacyScopedClusterClient['callAsCurrentUser'];

x-pack/plugins/ingest_manager/server/types/rest_spec/agent.ts

@@ -5,12 +5,7 @@
  */
 
 import { schema } from '@kbn/config-schema';
-import {
-  AckEventSchema,
-  NewAgentEventSchema,
-  AgentTypeSchema,
-  NewAgentActionSchema,
-} from '../models';
+import { NewAgentActionSchema } from '../models';
 
 export const GetAgentsRequestSchema = {
   query: schema.object({
@@ -27,37 +22,134 @@ export const GetOneAgentRequestSchema = {
   }),
 };
 
-export const PostAgentCheckinRequestSchema = {
-  params: schema.object({
-    agentId: schema.string(),
-  }),
-  body: schema.object({
-    status: schema.maybe(
-      schema.oneOf([schema.literal('online'), schema.literal('error'), schema.literal('degraded')])
-    ),
-    local_metadata: schema.maybe(schema.recordOf(schema.string(), schema.any())),
-    events: schema.maybe(schema.arrayOf(NewAgentEventSchema)),
-  }),
+export const PostAgentCheckinRequestParamsJSONSchema = {
+  type: 'object',
+  properties: {
+    agentId: { type: 'string' },
+  },
+  required: ['agentId'],
 };
 
-export const PostAgentEnrollRequestSchema = {
-  body: schema.object({
-    type: AgentTypeSchema,
-    shared_id: schema.maybe(schema.string()),
-    metadata: schema.object({
-      local: schema.recordOf(schema.string(), schema.any()),
-      user_provided: schema.recordOf(schema.string(), schema.any()),
-    }),
-  }),
+export const PostAgentCheckinRequestBodyJSONSchema = {
+  type: 'object',
+  properties: {
+    status: { type: 'string', enum: ['online', 'error', 'degraded'] },
+    local_metadata: {
+      additionalProperties: {
+        anyOf: [{ type: 'string' }, { type: 'number' }, { type: 'object' }],
+      },
+    },
+    events: {
+      type: 'array',
+      items: {
+        type: 'object',
+        properties: {
+          type: { type: 'string', enum: ['STATE', 'ERROR', 'ACTION_RESULT', 'ACTION'] },
+          subtype: {
+            type: 'string',
+            enum: [
+              'RUNNING',
+              'STARTING',
+              'IN_PROGRESS',
+              'CONFIG',
+              'FAILED',
+              'STOPPING',
+              'STOPPED',
+              'DEGRADED',
+              'DATA_DUMP',
+              'ACKNOWLEDGED',
+              'UNKNOWN',
+            ],
+          },
+          timestamp: { type: 'string' },
+          message: { type: 'string' },
+          payload: { type: 'object', additionalProperties: true },
+          agent_id: { type: 'string' },
+          action_id: { type: 'string' },
+          policy_id: { type: 'string' },
+          stream_id: { type: 'string' },
+        },
+        required: ['type', 'subtype', 'timestamp', 'message', 'agent_id'],
+        additionalProperties: false,
+      },
+    },
+  },
+  additionalProperties: false,
 };
 
-export const PostAgentAcksRequestSchema = {
-  body: schema.object({
-    events: schema.arrayOf(AckEventSchema),
-  }),
-  params: schema.object({
-    agentId: schema.string(),
-  }),
+export const PostAgentEnrollRequestBodyJSONSchema = {
+  type: 'object',
+  properties: {
+    type: { type: 'string', enum: ['EPHEMERAL', 'PERMANENT', 'TEMPORARY'] },
+    shared_id: { type: 'string' },
+    metadata: {
+      type: 'object',
+      properties: {
+        local: {
+          type: 'object',
+          additionalProperties: true,
+        },
+        user_provided: {
+          type: 'object',
+          additionalProperties: true,
+        },
+      },
+      additionalProperties: false,
+      required: ['local', 'user_provided'],
+    },
+  },
+  additionalProperties: false,
+  required: ['type', 'metadata'],
+};
+
+export const PostAgentAcksRequestParamsJSONSchema = {
+  type: 'object',
+  properties: {
+    agentId: { type: 'string' },
+  },
+  required: ['agentId'],
+};
+
+export const PostAgentAcksRequestBodyJSONSchema = {
+  type: 'object',
+  properties: {
+    events: {
+      type: 'array',
+      item: {
+        type: 'object',
+        properties: {
+          type: { type: 'string', enum: ['STATE', 'ERROR', 'ACTION_RESULT', 'ACTION'] },
+          subtype: {
+            type: 'string',
+            enum: [
+              'RUNNING',
+              'STARTING',
+              'IN_PROGRESS',
+              'CONFIG',
+              'FAILED',
+              'STOPPING',
+              'STOPPED',
+              'DEGRADED',
+              'DATA_DUMP',
+              'ACKNOWLEDGED',
+              'UNKNOWN',
+            ],
+          },
+          timestamp: { type: 'string' },
+          message: { type: 'string' },
+          payload: { type: 'object', additionalProperties: true },
+          agent_id: { type: 'string' },
+          action_id: { type: 'string' },
+          policy_id: { type: 'string' },
+          stream_id: { type: 'string' },
+        },
+        required: ['type', 'subtype', 'timestamp', 'message', 'agent_id', 'action_id'],
+        additionalProperties: false,
+      },
+    },
+  },
+  additionalProperties: false,
+  required: ['events'],
 };
 
 export const PostNewAgentActionRequestSchema = {

yarn.lock

@@ -5590,7 +5590,7 @@ ajv@^4.7.0:
     co "^4.6.0"
     json-stable-stringify "^1.0.1"
 
-ajv@^6.1.0, ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.2, ajv@^6.5.5, ajv@^6.9.1:
+ajv@^6.1.0, ajv@^6.10.0, ajv@^6.10.2, ajv@^6.12.2, ajv@^6.12.4, ajv@^6.5.5, ajv@^6.9.1:
   version "6.12.4"
   resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.4.tgz#0614facc4522127fa713445c6bfd3ebd376e2234"
   integrity sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==