Skip to content

Commit

Permalink
[8.x] Adding telemetry for the fips config (#201282) (#202454)
Browse files Browse the repository at this point in the history 
# Backport

This will backport the following commits from `main` to `8.x`:
- [Adding telemetry for the fips config
(#201282)](#201282)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Kurt","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-02T12:50:40Z","message":"Adding
telemetry for the fips config (#201282)\n\n## Summary\r\n\r\nAdding
telemetry for the `fipsMode.enabled`
config","sha":"8f12d521385f6b61f1782685acaca89c9910809d","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:version","v8.17.0","v8.18.0"],"title":"Adding
telemetry for the fips
config","number":201282,"url":"https://github.com/elastic/kibana/pull/201282","mergeCommit":{"message":"Adding
telemetry for the fips config (#201282)\n\n## Summary\r\n\r\nAdding
telemetry for the `fipsMode.enabled`
config","sha":"8f12d521385f6b61f1782685acaca89c9910809d"}},"sourceBranch":"main","suggestedTargetBranches":["8.17","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201282","number":201282,"mergeCommit":{"message":"Adding
telemetry for the fips config (#201282)\n\n## Summary\r\n\r\nAdding
telemetry for the `fipsMode.enabled`
config","sha":"8f12d521385f6b61f1782685acaca89c9910809d"}},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Kurt <[email protected]>
  • Loading branch information
@kibanamachine @kc13greiner
kibanamachine and kc13greiner authored Dec 2, 2024
1 parent cce113f commit 7ed5b12
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 1 deletion.
53 changes: 53 additions & 0 deletions x-pack/plugins/security/server/usage_collector/security_usage_collector.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ describe('Security UsageCollector', () => {
allowAccessAgreement = true,
allowAuditLogging = true,
allowRbac = true,
allowFips = true,
isLicenseAvailable,
}: Partial<SecurityLicenseFeatures> & { isLicenseAvailable: boolean }) => {
const license = licenseMock.create();
Expand All @@ -34,6 +35,7 @@ describe('Security UsageCollector', () => {
allowAccessAgreement,
allowAuditLogging,
allowRbac,
allowFips,
} as SecurityLicenseFeatures);
return license;
};
Expand All @@ -44,6 +46,7 @@ describe('Security UsageCollector', () => {
accessAgreementEnabled: false,
authProviderCount: 1,
enabledAuthProviders: ['basic'],
fipsModeEnabled: false,
loginSelectorEnabled: false,
httpAuthSchemes: ['apikey', 'bearer'],
sessionIdleTimeoutInMinutes: 4320,
Expand Down Expand Up @@ -106,6 +109,7 @@ describe('Security UsageCollector', () => {
accessAgreementEnabled: false,
authProviderCount: 0,
enabledAuthProviders: [],
fipsModeEnabled: false,
loginSelectorEnabled: false,
httpAuthSchemes: [],
sessionIdleTimeoutInMinutes: 0,
Expand Down Expand Up @@ -426,6 +430,55 @@ describe('Security UsageCollector', () => {
});
});

describe('fipsMode enabled', () => {
it('reports when fipsMode is enabled', async () => {
const config = createSecurityConfig(
ConfigSchema.validate({
fipsMode: {
enabled: true,
},
})
);
const usageCollection = usageCollectionPluginMock.createSetupContract();
const license = createSecurityLicense({
isLicenseAvailable: true,
allowFips: true,
});
registerSecurityUsageCollector({ usageCollection, config, license });

const usage = await usageCollection
.getCollectorByType('security')
?.fetch(collectorFetchContext);

expect(usage).toEqual({
...DEFAULT_USAGE,
fipsModeEnabled: true,
});
});

it('does not report fipsMode when the license does not permit it', async () => {
const config = createSecurityConfig(
ConfigSchema.validate({
fipsMode: {
enabled: true,
},
})
);
const usageCollection = usageCollectionPluginMock.createSetupContract();
const license = createSecurityLicense({ isLicenseAvailable: true, allowFips: false });
registerSecurityUsageCollector({ usageCollection, config, license });

const usage = await usageCollection
.getCollectorByType('security')
?.fetch(collectorFetchContext);

expect(usage).toEqual({
...DEFAULT_USAGE,
fipsModeEnabled: false,
});
});
});

describe('http auth schemes', () => {
it('reports customized http auth schemes', async () => {
const config = createSecurityConfig(
Expand Down
14 changes: 13 additions & 1 deletion x-pack/plugins/security/server/usage_collector/security_usage_collector.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ interface Usage {
accessAgreementEnabled: boolean;
authProviderCount: number;
enabledAuthProviders: string[];
fipsModeEnabled: boolean;
httpAuthSchemes: string[];
sessionIdleTimeoutInMinutes: number;
sessionLifespanInMinutes: number;
Expand Down Expand Up @@ -93,6 +94,12 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
},
},
},
fipsModeEnabled: {
type: 'boolean',
_meta: {
description: 'Indicates if Kibana is being run in FIPS mode.',
},
},
httpAuthSchemes: {
type: 'array',
items: {
Expand Down Expand Up @@ -139,14 +146,16 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
},
},
fetch: () => {
const { allowRbac, allowAccessAgreement, allowAuditLogging } = license.getFeatures();
const { allowRbac, allowAccessAgreement, allowAuditLogging, allowFips } =
license.getFeatures();
if (!allowRbac) {
return {
auditLoggingEnabled: false,
loginSelectorEnabled: false,
accessAgreementEnabled: false,
authProviderCount: 0,
enabledAuthProviders: [],
fipsModeEnabled: false,
httpAuthSchemes: [],
sessionIdleTimeoutInMinutes: 0,
sessionLifespanInMinutes: 0,
Expand All @@ -171,6 +180,8 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
WELL_KNOWN_AUTH_SCHEMES.includes(scheme.toLowerCase())
);

const fipsModeEnabled = allowFips && config.fipsMode.enabled;

const sessionExpirations = config.session.getExpirationTimeouts(undefined); // use `undefined` to get global expiration values
const sessionIdleTimeoutInMinutes = sessionExpirations.idleTimeout?.asMinutes() ?? 0;
const sessionLifespanInMinutes = sessionExpirations.lifespan?.asMinutes() ?? 0;
Expand Down Expand Up @@ -202,6 +213,7 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
accessAgreementEnabled,
authProviderCount,
enabledAuthProviders,
fipsModeEnabled,
httpAuthSchemes,
sessionIdleTimeoutInMinutes,
sessionLifespanInMinutes,
Expand Down
6 changes: 6 additions & 0 deletions x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15224,6 +15224,12 @@
}
}
},
"fipsModeEnabled": {
"type": "boolean",
"_meta": {
"description": "Indicates if Kibana is being run in FIPS mode."
}
},
"httpAuthSchemes": {
"type": "array",
"items": {
Expand Down

0 comments on commit 7ed5b12

Please sign in to comment.