[8.12] [Response Ops][Actions] Adding configuration to override default MS Graph API Scope and Exchange URL values (#175812)

docs/settings/alert-action-settings.asciidoc

@@ -142,6 +142,15 @@ A list of action types that are enabled. It defaults to `["*"]`, enabling all ty
 +
 Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.
 
+`xpack.actions.microsoftExchangeUrl`::
+The URL for the Microsoft Azure Active Directory endpoint to use for MS Exchange email authentication. Default: `https://login.microsoftonline.com`.
+
+`xpack.actions.microsoftGraphApiUrl`::
+The URL for the Microsoft Graph API endpoint to use for MS Exchange email authentication. Default: `https://graph.microsoft.com/v1.0`.
+
+`xpack.actions.microsoftGraphApiScope`::
+The URL for the Microsoft Graph API scope endpoint to use for MS Exchange email authentication. Default: `https://graph.microsoft.com/.default`.
+
 `xpack.actions.proxyUrl` {ess-icon}::
 Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used.
 +

x-pack/plugins/actions/common/index.ts

@@ -19,3 +19,7 @@ export * from './execution_log_types';
 export const BASE_ACTION_API_PATH = '/api/actions';
 export const INTERNAL_BASE_ACTION_API_PATH = '/internal/actions';
 export const ACTIONS_FEATURE_ID = 'actions';
+
+export const DEFAULT_MICROSOFT_EXCHANGE_URL = 'https://login.microsoftonline.com';
+export const DEFAULT_MICROSOFT_GRAPH_API_URL = 'https://graph.microsoft.com/v1.0';
+export const DEFAULT_MICROSOFT_GRAPH_API_SCOPE = 'https://graph.microsoft.com/.default';

x-pack/plugins/actions/server/actions_client/actions_client.test.ts

@@ -8,7 +8,11 @@
 import { schema } from '@kbn/config-schema';
 import moment from 'moment';
 import { ByteSizeValue } from '@kbn/config-schema';
-
+import {
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+} from '../../common';
 import { ActionTypeRegistry, ActionTypeRegistryOpts } from '../action_type_registry';
 import { ActionsClient } from './actions_client';
 import { ExecutorType, ActionType } from '../types';
@@ -596,6 +600,9 @@ describe('create()', () => {
         proxyVerificationMode: 'full',
       },
       enableFooterInEmail: true,
+      microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+      microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+      microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
     });
 
     const localActionTypeRegistryParams = {

x-pack/plugins/actions/server/actions_config.mock.ts

@@ -5,6 +5,11 @@
  * 2.0.
  */
 
+import {
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+} from '../common';
 import { ActionsConfigurationUtilities } from './actions_config';
 
 const createActionsConfigMock = () => {
@@ -24,7 +29,9 @@ const createActionsConfigMock = () => {
       timeout: 360000,
     }),
     getCustomHostSettings: jest.fn().mockReturnValue(undefined),
-    getMicrosoftGraphApiUrl: jest.fn().mockReturnValue(undefined),
+    getMicrosoftGraphApiUrl: jest.fn().mockReturnValue(DEFAULT_MICROSOFT_GRAPH_API_URL),
+    getMicrosoftGraphApiScope: jest.fn().mockReturnValue(DEFAULT_MICROSOFT_GRAPH_API_SCOPE),
+    getMicrosoftExchangeUrl: jest.fn().mockReturnValue(DEFAULT_MICROSOFT_EXCHANGE_URL),
     validateEmailAddresses: jest.fn().mockReturnValue(undefined),
     getMaxAttempts: jest.fn().mockReturnValue(3),
     enableFooterInEmail: jest.fn().mockReturnValue(true),

x-pack/plugins/actions/server/actions_config.test.ts

@@ -7,6 +7,11 @@
 
 import { ByteSizeValue } from '@kbn/config-schema';
 import { ActionsConfig } from './config';
+import {
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+} from '../common';
 import {
   getActionsConfigurationUtilities,
   AllowedHosts,
@@ -34,6 +39,9 @@ const defaultActionsConfig: ActionsConfig = {
     verificationMode: 'full',
   },
   enableFooterInEmail: true,
+  microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+  microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
 };
 
 describe('ensureUriAllowed', () => {

x-pack/plugins/actions/server/actions_config.ts

@@ -47,7 +47,9 @@ export interface ActionsConfigurationUtilities {
   getProxySettings: () => undefined | ProxySettings;
   getResponseSettings: () => ResponseSettings;
   getCustomHostSettings: (targetUrl: string) => CustomHostSettings | undefined;
-  getMicrosoftGraphApiUrl: () => undefined | string;
+  getMicrosoftGraphApiUrl: () => string;
+  getMicrosoftGraphApiScope: () => string;
+  getMicrosoftExchangeUrl: () => string;
   getMaxAttempts: ({
     actionTypeMaxAttempts,
     actionTypeId,
@@ -127,10 +129,18 @@ function getProxySettingsFromConfig(config: ActionsConfig): undefined | ProxySet
   };
 }
 
-function getMicrosoftGraphApiUrlFromConfig(config: ActionsConfig): undefined | string {
+function getMicrosoftGraphApiUrlFromConfig(config: ActionsConfig): string {
   return config.microsoftGraphApiUrl;
 }
 
+function getMicrosoftGraphApiScopeFromConfig(config: ActionsConfig): string {
+  return config.microsoftGraphApiScope;
+}
+
+function getMicrosoftExchangeUrlFromConfig(config: ActionsConfig): string {
+  return config.microsoftExchangeUrl;
+}
+
 function arrayAsSet<T>(arr: T[] | undefined): Set<T> | undefined {
   if (!arr) return;
   return new Set(arr);
@@ -209,6 +219,8 @@ export function getActionsConfigurationUtilities(
     },
     getCustomHostSettings: (targetUrl: string) => getCustomHostSettings(config, targetUrl),
     getMicrosoftGraphApiUrl: () => getMicrosoftGraphApiUrlFromConfig(config),
+    getMicrosoftGraphApiScope: () => getMicrosoftGraphApiScopeFromConfig(config),
+    getMicrosoftExchangeUrl: () => getMicrosoftExchangeUrlFromConfig(config),
     validateEmailAddresses: (addresses: string[], options: ValidateEmailAddressesOptions) =>
       validatedEmailCurried(addresses, options),
     getMaxAttempts: ({ actionTypeMaxAttempts, actionTypeId }) => {

x-pack/plugins/actions/server/config.test.ts

@@ -30,6 +30,9 @@ describe('config validation', () => {
         "maxResponseContentLength": ByteSizeValue {
           "valueInBytes": 1048576,
         },
+        "microsoftExchangeUrl": "https://login.microsoftonline.com",
+        "microsoftGraphApiScope": "https://graph.microsoft.com/.default",
+        "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0",
         "preconfigured": Object {},
         "preconfiguredAlertHistoryEsIndex": false,
         "proxyRejectUnauthorizedCertificates": true,
@@ -65,6 +68,9 @@ describe('config validation', () => {
         "maxResponseContentLength": ByteSizeValue {
           "valueInBytes": 1048576,
         },
+        "microsoftExchangeUrl": "https://login.microsoftonline.com",
+        "microsoftGraphApiScope": "https://graph.microsoft.com/.default",
+        "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0",
         "preconfigured": Object {
           "mySlack1": Object {
             "actionTypeId": ".slack",
@@ -147,7 +153,7 @@ describe('config validation', () => {
     expect(mockLogger.warn.mock.calls).toMatchInlineSnapshot(`
       Array [
         Array [
-          "The confgurations xpack.actions.proxyBypassHosts and xpack.actions.proxyOnlyHosts can not be used at the same time. The configuration xpack.actions.proxyOnlyHosts will be ignored.",
+          "The configurations xpack.actions.proxyBypassHosts and xpack.actions.proxyOnlyHosts can not be used at the same time. The configuration xpack.actions.proxyOnlyHosts will be ignored.",
         ],
       ]
     `);
@@ -169,7 +175,7 @@ describe('config validation', () => {
     expect(mockLogger.warn.mock.calls).toMatchInlineSnapshot(`
       Array [
         Array [
-          "The confguration xpack.actions.proxyUrl: bad url is invalid.",
+          "The configuration xpack.actions.proxyUrl: bad url is invalid.",
         ],
       ]
     `);
@@ -207,6 +213,9 @@ describe('config validation', () => {
         "maxResponseContentLength": ByteSizeValue {
           "valueInBytes": 1048576,
         },
+        "microsoftExchangeUrl": "https://login.microsoftonline.com",
+        "microsoftGraphApiScope": "https://graph.microsoft.com/.default",
+        "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0",
         "preconfigured": Object {},
         "preconfiguredAlertHistoryEsIndex": false,
         "proxyRejectUnauthorizedCertificates": true,

x-pack/plugins/actions/server/config.ts

@@ -7,6 +7,11 @@
 
 import { schema, TypeOf } from '@kbn/config-schema';
 import { Logger } from '@kbn/core/server';
+import {
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+} from '../common';
 
 export enum AllowedHosts {
   Any = '*',
@@ -120,7 +125,9 @@ export const configSchema = schema.object({
   maxResponseContentLength: schema.byteSize({ defaultValue: '1mb' }),
   responseTimeout: schema.duration({ defaultValue: '60s' }),
   customHostSettings: schema.maybe(schema.arrayOf(customHostSettingsSchema)),
-  microsoftGraphApiUrl: schema.maybe(schema.string()),
+  microsoftGraphApiUrl: schema.string({ defaultValue: DEFAULT_MICROSOFT_GRAPH_API_URL }),
+  microsoftGraphApiScope: schema.string({ defaultValue: DEFAULT_MICROSOFT_GRAPH_API_SCOPE }),
+  microsoftExchangeUrl: schema.string({ defaultValue: DEFAULT_MICROSOFT_EXCHANGE_URL }),
   email: schema.maybe(
     schema.object({
       domain_allowlist: schema.arrayOf(schema.string()),
@@ -155,13 +162,13 @@ export function getValidatedConfig(logger: Logger, originalConfig: ActionsConfig
     try {
       new URL(proxyUrl);
     } catch (err) {
-      logger.warn(`The confguration xpack.actions.proxyUrl: ${proxyUrl} is invalid.`);
+      logger.warn(`The configuration xpack.actions.proxyUrl: ${proxyUrl} is invalid.`);
     }
   }
 
   if (proxyBypassHosts && proxyOnlyHosts) {
     logger.warn(
-      'The confgurations xpack.actions.proxyBypassHosts and xpack.actions.proxyOnlyHosts can not be used at the same time. The configuration xpack.actions.proxyOnlyHosts will be ignored.'
+      'The configurations xpack.actions.proxyBypassHosts and xpack.actions.proxyOnlyHosts can not be used at the same time. The configuration xpack.actions.proxyOnlyHosts will be ignored.'
     );
     const tmp: Record<string, unknown> = originalConfig;
     delete tmp.proxyOnlyHosts;

x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts

@@ -23,6 +23,11 @@ import { createReadySignal } from '@kbn/event-log-plugin/server/lib/ready_signal
 import { ActionsConfig } from '../config';
 import { ActionsConfigurationUtilities, getActionsConfigurationUtilities } from '../actions_config';
 import { resolveCustomHosts } from '../lib/custom_host_settings';
+import {
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+} from '../../common';
 
 const logger = loggingSystemMock.create().get() as jest.Mocked<Logger>;
 
@@ -683,6 +688,9 @@ const BaseActionsConfig: ActionsConfig = {
   responseTimeout: momentDuration(1000 * 30),
   customHostSettings: undefined,
   enableFooterInEmail: true,
+  microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+  microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
 };
 
 function getACUfromConfig(config: Partial<ActionsConfig> = {}): ActionsConfigurationUtilities {

x-pack/plugins/actions/server/integration_tests/axios_utils_proxy.test.ts

@@ -23,6 +23,11 @@ import { createReadySignal } from '@kbn/event-log-plugin/server/lib/ready_signal
 import { ActionsConfig } from '../config';
 import { ActionsConfigurationUtilities, getActionsConfigurationUtilities } from '../actions_config';
 import { resolveCustomHosts } from '../lib/custom_host_settings';
+import {
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+} from '../../common';
 
 const logger = loggingSystemMock.create().get() as jest.Mocked<Logger>;
 
@@ -589,6 +594,9 @@ const BaseActionsConfig: ActionsConfig = {
   responseTimeout: momentDuration(1000 * 30),
   customHostSettings: undefined,
   enableFooterInEmail: true,
+  microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+  microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
 };
 
 function getACUfromConfig(config: Partial<ActionsConfig> = {}): ActionsConfigurationUtilities {

x-pack/plugins/actions/server/lib/custom_host_settings.test.ts

@@ -15,6 +15,11 @@ import { Logger } from '@kbn/core/server';
 import { loggingSystemMock } from '@kbn/core/server/mocks';
 
 import { resolveCustomHosts, getCanonicalCustomHostUrl } from './custom_host_settings';
+import {
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+} from '../../common';
 
 const CA_DIR = '../../../../../../packages/kbn-dev-utils/certs';
 const CA_FILE1 = pathResolve(__filename, pathJoin(CA_DIR, 'ca.crt'));
@@ -74,6 +79,9 @@ describe('custom_host_settings', () => {
       maxResponseContentLength: new ByteSizeValue(1000000),
       responseTimeout: moment.duration(60000),
       enableFooterInEmail: true,
+      microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+      microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+      microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
     };
 
     test('ensure it copies over the config parts that it does not touch', () => {

x-pack/plugins/actions/server/plugin.test.ts

@@ -24,7 +24,12 @@ import {
   ActionsPluginsStart,
   PluginSetupContract,
 } from './plugin';
-import { AlertHistoryEsIndexConnectorId } from '../common';
+import {
+  AlertHistoryEsIndexConnectorId,
+  DEFAULT_MICROSOFT_EXCHANGE_URL,
+  DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+  DEFAULT_MICROSOFT_GRAPH_API_URL,
+} from '../common';
 
 const executor: ExecutorType<{}, {}, {}, void> = async (options) => {
   return { status: 'ok', actionId: options.actionId };
@@ -51,6 +56,9 @@ function getConfig(overrides = {}) {
     maxResponseContentLength: new ByteSizeValue(1000000),
     responseTimeout: moment.duration('60s'),
     enableFooterInEmail: true,
+    microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+    microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+    microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
     ...overrides,
   };
 }
@@ -73,6 +81,9 @@ describe('Actions Plugin', () => {
         maxResponseContentLength: new ByteSizeValue(1000000),
         responseTimeout: moment.duration(60000),
         enableFooterInEmail: true,
+        microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+        microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+        microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
       });
       plugin = new ActionsPlugin(context);
       coreSetup = coreMock.createSetup();
@@ -534,6 +545,9 @@ describe('Actions Plugin', () => {
         maxResponseContentLength: new ByteSizeValue(1000000),
         responseTimeout: moment.duration(60000),
         enableFooterInEmail: true,
+        microsoftGraphApiUrl: DEFAULT_MICROSOFT_GRAPH_API_URL,
+        microsoftGraphApiScope: DEFAULT_MICROSOFT_GRAPH_API_SCOPE,
+        microsoftExchangeUrl: DEFAULT_MICROSOFT_EXCHANGE_URL,
       });
       plugin = new ActionsPlugin(context);
       coreSetup = coreMock.createSetup();