From f16c558b46f01468d12ae51b0e62f5010334dab1 Mon Sep 17 00:00:00 2001 From: abhishekbhatia1710 Date: Tue, 22 Oct 2024 12:14:18 +0530 Subject: [PATCH 1/3] Initial commit for compTemplate not spacescoped --- .../risk_score/configurations.ts | 3 + .../risk_score/risk_score_data_client.test.ts | 679 +++++++++--------- .../risk_score/risk_score_data_client.ts | 46 +- .../init_and_status_apis.ts | 257 ++++++- 4 files changed, 658 insertions(+), 327 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts index 6dbf68c699fd5..1ec7d659ae82e 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts @@ -129,6 +129,9 @@ export const riskScoreFieldMap: FieldMap = { } as const; export const mappingComponentName = '.risk-score-mappings'; +export const nameSpaceAwareMappingComponentName = (namespace: string): string => { + return `${mappingComponentName}-${namespace}`; +}; export const totalFieldsLimit = 1000; export const getIndexPatternDataStream = (namespace: string): IIndexPatternString => ({ diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts index 2ddd04a766944..94511c9b34ec5 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts @@ -40,9 +40,11 @@ jest.spyOn(transforms, 'scheduleTransformNow').mockResolvedValue(Promise.resolve describe('RiskScoreDataClient', () => { let riskScoreDataClient: RiskScoreDataClient; + let riskScoreDataClientWithNameSpace: RiskScoreDataClient; let mockSavedObjectClient: ReturnType; let logger: ReturnType; const esClient = elasticsearchServiceMock.createScopedClusterClient().asCurrentUser; + // const esClient = elasticsearchServiceMock.createElasticsearchClient(); const totalFieldsLimit = 1000; beforeEach(() => { @@ -55,7 +57,15 @@ describe('RiskScoreDataClient', () => { soClient: mockSavedObjectClient, namespace: 'default', }; + const optionsWithNamespace = { + logger, + kibanaVersion: '8.9.0', + esClient, + soClient: mockSavedObjectClient, + namespace: 'space-1', + }; riskScoreDataClient = new RiskScoreDataClient(options); + riskScoreDataClientWithNameSpace = new RiskScoreDataClient(optionsWithNamespace); }); afterEach(() => { @@ -80,369 +90,394 @@ describe('RiskScoreDataClient', () => { }); describe('init success', () => { - it('should initialize risk engine resources', async () => { - await riskScoreDataClient.init(); + it('should initialize risk engine resources in the appropriate space', async () => { + const assertComponentTemplate = (namespace: string) => { + expect(createOrUpdateComponentTemplate).toHaveBeenCalledWith( + expect.objectContaining({ + logger, + esClient, + template: expect.objectContaining({ + name: `.risk-score-mappings-${namespace}`, + _meta: { + managed: true, + }, + }), + totalFieldsLimit: 1000, + }) + ); + }; - expect(createOrUpdateComponentTemplate).toHaveBeenCalledWith( - expect.objectContaining({ + const assertIndexTemplate = (namespace: string) => { + expect(createOrUpdateIndexTemplate).toHaveBeenCalledWith({ logger, esClient, - template: expect.objectContaining({ - name: '.risk-score-mappings', - _meta: { - managed: true, - }, - }), - totalFieldsLimit: 1000, - }) - ); - expect((createOrUpdateComponentTemplate as jest.Mock).mock.lastCall[0].template.template) - .toMatchInlineSnapshot(` - Object { - "mappings": Object { - "dynamic": "strict", - "properties": Object { - "@timestamp": Object { - "ignore_malformed": false, - "type": "date", + template: { + name: `.risk-score.risk-score-${namespace}-index-template`, + body: { + data_stream: { hidden: true }, + index_patterns: [`risk-score.risk-score-${namespace}`], + composed_of: [`.risk-score-mappings-${namespace}`], + template: { + lifecycle: {}, + settings: { + 'index.mapping.total_fields.limit': totalFieldsLimit, + }, + mappings: { + dynamic: false, + _meta: { + kibana: { + version: '8.9.0', + }, + managed: true, + namespace, }, - "host": Object { - "properties": Object { - "name": Object { - "type": "keyword", - }, - "risk": Object { - "properties": Object { - "calculated_level": Object { - "type": "keyword", - }, - "calculated_score": Object { - "type": "float", - }, - "calculated_score_norm": Object { - "type": "float", - }, - "category_1_count": Object { - "type": "long", - }, - "category_1_score": Object { - "type": "float", - }, - "id_field": Object { - "type": "keyword", - }, - "id_value": Object { - "type": "keyword", - }, - "inputs": Object { - "properties": Object { - "category": Object { - "type": "keyword", - }, - "description": Object { - "type": "keyword", - }, - "id": Object { - "type": "keyword", - }, - "index": Object { - "type": "keyword", - }, - "risk_score": Object { - "type": "float", - }, - "timestamp": Object { - "type": "date", - }, + }, + }, + _meta: { + kibana: { + version: '8.9.0', + }, + managed: true, + namespace, + }, + }, + }, + }); + }; + + const assertDataStream = (namespace: string) => { + expect(createDataStream).toHaveBeenCalledWith({ + logger, + esClient, + totalFieldsLimit, + indexPatterns: { + template: `.risk-score.risk-score-${namespace}-index-template`, + alias: `risk-score.risk-score-${namespace}`, + }, + }); + }; + + const assertIndex = (namespace: string) => { + expect(createOrUpdateIndex).toHaveBeenCalledWith({ + logger, + esClient, + options: { + index: `risk-score.risk-score-latest-${namespace}`, + mappings: { + dynamic: false, + properties: { + '@timestamp': { + ignore_malformed: false, + type: 'date', + }, + host: { + properties: { + name: { + type: 'keyword', + }, + risk: { + properties: { + calculated_level: { + type: 'keyword', + }, + calculated_score: { + type: 'float', + }, + calculated_score_norm: { + type: 'float', + }, + category_1_count: { + type: 'long', + }, + category_1_score: { + type: 'float', + }, + id_field: { + type: 'keyword', + }, + id_value: { + type: 'keyword', + }, + inputs: { + properties: { + category: { + type: 'keyword', + }, + description: { + type: 'keyword', + }, + id: { + type: 'keyword', + }, + index: { + type: 'keyword', + }, + risk_score: { + type: 'float', + }, + timestamp: { + type: 'date', }, - "type": "object", - }, - "notes": Object { - "type": "keyword", }, + type: 'object', + }, + notes: { + type: 'keyword', }, - "type": "object", }, + type: 'object', }, }, - "user": Object { - "properties": Object { - "name": Object { - "type": "keyword", - }, - "risk": Object { - "properties": Object { - "calculated_level": Object { - "type": "keyword", - }, - "calculated_score": Object { - "type": "float", - }, - "calculated_score_norm": Object { - "type": "float", - }, - "category_1_count": Object { - "type": "long", - }, - "category_1_score": Object { - "type": "float", - }, - "id_field": Object { - "type": "keyword", - }, - "id_value": Object { - "type": "keyword", - }, - "inputs": Object { - "properties": Object { - "category": Object { - "type": "keyword", - }, - "description": Object { - "type": "keyword", - }, - "id": Object { - "type": "keyword", - }, - "index": Object { - "type": "keyword", - }, - "risk_score": Object { - "type": "float", - }, - "timestamp": Object { - "type": "date", - }, + }, + user: { + properties: { + name: { + type: 'keyword', + }, + risk: { + properties: { + calculated_level: { + type: 'keyword', + }, + calculated_score: { + type: 'float', + }, + calculated_score_norm: { + type: 'float', + }, + category_1_count: { + type: 'long', + }, + category_1_score: { + type: 'float', + }, + id_field: { + type: 'keyword', + }, + id_value: { + type: 'keyword', + }, + inputs: { + properties: { + category: { + type: 'keyword', + }, + description: { + type: 'keyword', + }, + id: { + type: 'keyword', + }, + index: { + type: 'keyword', + }, + risk_score: { + type: 'float', + }, + timestamp: { + type: 'date', }, - "type": "object", - }, - "notes": Object { - "type": "keyword", }, + type: 'object', + }, + notes: { + type: 'keyword', }, - "type": "object", }, + type: 'object', }, }, }, }, - "settings": Object {}, - } - `); + }, + }, + }); + }; - expect(createOrUpdateIndexTemplate).toHaveBeenCalledWith({ - logger, - esClient, - template: { - name: '.risk-score.risk-score-default-index-template', - body: { - data_stream: { hidden: true }, - index_patterns: ['risk-score.risk-score-default'], - composed_of: ['.risk-score-mappings'], - template: { - lifecycle: {}, - settings: { - 'index.mapping.total_fields.limit': totalFieldsLimit, - }, - mappings: { - dynamic: false, - _meta: { - kibana: { - version: '8.9.0', - }, - managed: true, - namespace: 'default', - }, + const assertTransform = (namespace: string) => { + expect(transforms.createTransform).toHaveBeenCalledWith({ + logger, + esClient, + transform: { + dest: { + index: `risk-score.risk-score-latest-${namespace}`, + }, + frequency: '1h', + latest: { + sort: '@timestamp', + unique_key: ['host.name', 'user.name'], + }, + source: { + index: [`risk-score.risk-score-${namespace}`], + }, + sync: { + time: { + delay: '0s', + field: '@timestamp', }, }, + transform_id: `risk_score_latest_transform_${namespace}`, + settings: { + unattended: true, + }, _meta: { - kibana: { - version: '8.9.0', - }, + version: 2, managed: true, - namespace: 'default', + managed_by: 'security-entity-analytics', }, }, - }, - }); + }); + }; - expect(createDataStream).toHaveBeenCalledWith({ - logger, - esClient, - totalFieldsLimit, - indexPatterns: { - template: `.risk-score.risk-score-default-index-template`, - alias: `risk-score.risk-score-default`, - }, - }); + // Default namespace + await riskScoreDataClient.init(); + assertComponentTemplate('default'); + assertIndexTemplate('default'); + assertDataStream('default'); + assertIndex('default'); + assertTransform('default'); - expect(createOrUpdateIndex).toHaveBeenCalledWith({ - logger, - esClient, - options: { - index: `risk-score.risk-score-latest-default`, - mappings: { - dynamic: false, - properties: { - '@timestamp': { - ignore_malformed: false, - type: 'date', - }, - host: { - properties: { - name: { - type: 'keyword', - }, - risk: { - properties: { - calculated_level: { - type: 'keyword', - }, - calculated_score: { - type: 'float', - }, - calculated_score_norm: { - type: 'float', - }, - category_1_count: { - type: 'long', - }, - category_1_score: { - type: 'float', - }, - id_field: { - type: 'keyword', - }, - id_value: { - type: 'keyword', - }, - inputs: { - properties: { - category: { - type: 'keyword', - }, - description: { - type: 'keyword', - }, - id: { - type: 'keyword', - }, - index: { - type: 'keyword', - }, - risk_score: { - type: 'float', - }, - timestamp: { - type: 'date', + // Space-1 namespace + await riskScoreDataClientWithNameSpace.init(); + assertComponentTemplate('space-1'); + assertIndexTemplate('space-1'); + assertDataStream('space-1'); + assertIndex('space-1'); + assertTransform('space-1'); + + expect((createOrUpdateComponentTemplate as jest.Mock).mock.lastCall[0].template.template) + .toMatchInlineSnapshot(` + Object { + "mappings": Object { + "dynamic": "strict", + "properties": Object { + "@timestamp": Object { + "ignore_malformed": false, + "type": "date", + }, + "host": Object { + "properties": Object { + "name": Object { + "type": "keyword", + }, + "risk": Object { + "properties": Object { + "calculated_level": Object { + "type": "keyword", + }, + "calculated_score": Object { + "type": "float", + }, + "calculated_score_norm": Object { + "type": "float", + }, + "category_1_count": Object { + "type": "long", + }, + "category_1_score": Object { + "type": "float", + }, + "id_field": Object { + "type": "keyword", + }, + "id_value": Object { + "type": "keyword", + }, + "inputs": Object { + "properties": Object { + "category": Object { + "type": "keyword", + }, + "description": Object { + "type": "keyword", + }, + "id": Object { + "type": "keyword", + }, + "index": Object { + "type": "keyword", + }, + "risk_score": Object { + "type": "float", + }, + "timestamp": Object { + "type": "date", + }, }, + "type": "object", + }, + "notes": Object { + "type": "keyword", }, - type: 'object', - }, - notes: { - type: 'keyword', }, + "type": "object", }, - type: 'object', }, }, - }, - user: { - properties: { - name: { - type: 'keyword', - }, - risk: { - properties: { - calculated_level: { - type: 'keyword', - }, - calculated_score: { - type: 'float', - }, - calculated_score_norm: { - type: 'float', - }, - category_1_count: { - type: 'long', - }, - category_1_score: { - type: 'float', - }, - id_field: { - type: 'keyword', - }, - id_value: { - type: 'keyword', - }, - inputs: { - properties: { - category: { - type: 'keyword', - }, - description: { - type: 'keyword', - }, - id: { - type: 'keyword', - }, - index: { - type: 'keyword', - }, - risk_score: { - type: 'float', - }, - timestamp: { - type: 'date', + "user": Object { + "properties": Object { + "name": Object { + "type": "keyword", + }, + "risk": Object { + "properties": Object { + "calculated_level": Object { + "type": "keyword", + }, + "calculated_score": Object { + "type": "float", + }, + "calculated_score_norm": Object { + "type": "float", + }, + "category_1_count": Object { + "type": "long", + }, + "category_1_score": Object { + "type": "float", + }, + "id_field": Object { + "type": "keyword", + }, + "id_value": Object { + "type": "keyword", + }, + "inputs": Object { + "properties": Object { + "category": Object { + "type": "keyword", + }, + "description": Object { + "type": "keyword", + }, + "id": Object { + "type": "keyword", + }, + "index": Object { + "type": "keyword", + }, + "risk_score": Object { + "type": "float", + }, + "timestamp": Object { + "type": "date", + }, }, + "type": "object", + }, + "notes": Object { + "type": "keyword", }, - type: 'object', - }, - notes: { - type: 'keyword', }, + "type": "object", }, - type: 'object', }, }, }, }, - }, - }, - }); - - expect(transforms.createTransform).toHaveBeenCalledWith({ - logger, - esClient, - transform: { - dest: { - index: 'risk-score.risk-score-latest-default', - }, - frequency: '1h', - latest: { - sort: '@timestamp', - unique_key: ['host.name', 'user.name'], - }, - source: { - index: ['risk-score.risk-score-default'], - }, - sync: { - time: { - delay: '0s', - field: '@timestamp', - }, - }, - transform_id: 'risk_score_latest_transform_default', - settings: { - unattended: true, - }, - _meta: { - version: 2, - managed: true, - managed_by: 'security-entity-analytics', - }, - }, - }); + "settings": Object {}, + } + `); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts index 10ec42fa7f543..03bb461d7c720 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts @@ -22,6 +22,7 @@ import { getIndexPatternDataStream, getTransformOptions, mappingComponentName, + nameSpaceAwareMappingComponentName, riskScoreFieldMap, totalFieldsLimit, } from './configurations'; @@ -103,12 +104,41 @@ export class RiskScoreDataClient { namespace, }; + // Check if there are any existing component templates with the namespace in the name + + const oldComponentTemplateExists = await esClient.cluster.existsComponentTemplate({ + name: mappingComponentName, + }); + + // If present then copy the contents to a new component template with the namespace in the name + if (oldComponentTemplateExists === true) { + const oldComponentTemplateResponse = await esClient.cluster.getComponentTemplate({ + name: mappingComponentName, + }); + + const oldComponentTemplate = oldComponentTemplateResponse?.component_templates[0]; + const newComponentTemplateName = nameSpaceAwareMappingComponentName(namespace); + await esClient.cluster.putComponentTemplate({ + name: newComponentTemplateName, + body: oldComponentTemplate.component_template, + }); + } + + // Delete the component template without the namespace in the name + await esClient.cluster.deleteComponentTemplate( + { + name: mappingComponentName, + }, + { ignore: [404] } + ); + + // Update the new component template with the required data await Promise.all([ createOrUpdateComponentTemplate({ logger: this.options.logger, esClient, template: { - name: mappingComponentName, + name: nameSpaceAwareMappingComponentName(namespace), _meta: { managed: true, }, @@ -121,6 +151,7 @@ export class RiskScoreDataClient { }), ]); + // Reference the new component template in the index template await createOrUpdateIndexTemplate({ logger: this.options.logger, esClient, @@ -129,7 +160,7 @@ export class RiskScoreDataClient { body: { data_stream: { hidden: true }, index_patterns: [indexPatterns.alias], - composed_of: [mappingComponentName], + composed_of: [nameSpaceAwareMappingComponentName(namespace)], template: { lifecycle: {}, settings: { @@ -231,6 +262,17 @@ export class RiskScoreDataClient { ) .catch(addError); + if (namespace !== 'default') { + await esClient.cluster + .deleteComponentTemplate( + { + name: nameSpaceAwareMappingComponentName(namespace), + }, + { ignore: [404] } + ) + .catch(addError); + } + await esClient.cluster .deleteComponentTemplate( { diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts index 19a9bb85326fa..ec3a89bc4bada 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts @@ -23,18 +23,43 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); const supertest = getService('supertest'); const kibanaServer = getService('kibanaServer'); + const customSpaceName = 'ea-customspace-it'; const riskEngineRoutes = riskEngineRouteHelpersFactory(supertest); + const riskEngineRoutesWithNamespace = riskEngineRouteHelpersFactory(supertest, customSpaceName); const log = getService('log'); + const createNamespace = async (spaceName: string) => { + const response = await supertest.post('/api/spaces/space').set('kbn-xsrf', 'true').send({ + id: spaceName, + name: spaceName, + description: 'Space for ${spaceName}', + disabledFeatures: [], + }); + + // console.log(response.body) + }; + + const deleteNameSpace = async (spaceName: string) => { + const response = await supertest + .delete(`/api/spaces/space/${spaceName}`) + .set('kbn-xsrf', 'true'); + + // console.log(response.body) + }; + describe('@ess @serverless @serverlessQA init_and_status_apis', () => { before(async () => { + await createNamespace(customSpaceName); await riskEngineRoutes.cleanUp(); + await riskEngineRoutesWithNamespace.cleanUp(); }); afterEach(async () => { await riskEngineRoutes.cleanUp(); + await riskEngineRoutesWithNamespace.cleanUp(); await clearLegacyTransforms({ es, log }); await clearLegacyDashboards({ supertest, log }); + await deleteNameSpace(customSpaceName); }); describe('init api', () => { @@ -49,10 +74,21 @@ export default ({ getService }: FtrProviderContext) => { risk_engine_resources_installed: true, }, }); + + const customNamespaceResponse = await riskEngineRoutesWithNamespace.init(); + expect(customNamespaceResponse.body).to.eql({ + result: { + errors: [], + legacy_risk_engine_disabled: true, + risk_engine_configuration_created: true, + risk_engine_enabled: true, + risk_engine_resources_installed: true, + }, + }); }); - it('should install resources on init call', async () => { - const componentTemplateName = '.risk-score-mappings'; + it('should install resources on init call in the default namespace', async () => { + const componentTemplateName = '.risk-score-mappings-default'; const indexTemplateName = '.risk-score.risk-score-default-index-template'; const dataStreamName = 'risk-score.risk-score-default'; const latestIndexName = 'risk-score.risk-score-latest-default'; @@ -205,7 +241,7 @@ export default ({ getService }: FtrProviderContext) => { expect(indexTemplate.index_template.index_patterns).to.eql([ 'risk-score.risk-score-default', ]); - expect(indexTemplate.index_template.composed_of).to.eql(['.risk-score-mappings']); + expect(indexTemplate.index_template.composed_of).to.eql(['.risk-score-mappings-default']); expect(indexTemplate.index_template.template!.mappings?.dynamic).to.eql(false); expect(indexTemplate.index_template.template!.mappings?._meta?.managed).to.eql(true); expect(indexTemplate.index_template.template!.mappings?._meta?.namespace).to.eql('default'); @@ -262,6 +298,221 @@ export default ({ getService }: FtrProviderContext) => { expect(transformStats.transforms[0].state).to.eql('stopped'); }); + it('should install resources on init call in the custom namespace', async () => { + const componentTemplateName = `.risk-score-mappings-${customSpaceName}`; + const indexTemplateName = `.risk-score.risk-score-${customSpaceName}-index-template`; + const dataStreamName = `risk-score.risk-score-${customSpaceName}`; + const latestIndexName = `risk-score.risk-score-latest-${customSpaceName}`; + const transformId = `risk_score_latest_transform_${customSpaceName}`; + + await riskEngineRoutesWithNamespace.init(); + + const { component_templates: componentTemplates1 } = await es.cluster.getComponentTemplate({ + name: componentTemplateName, + }); + + expect(componentTemplates1.length).to.eql(1); + const componentTemplate = componentTemplates1[0]; + + expect(componentTemplate.name).to.eql(componentTemplateName); + expect(componentTemplate.component_template.template.mappings).to.eql({ + dynamic: 'strict', + properties: { + '@timestamp': { + ignore_malformed: false, + type: 'date', + }, + host: { + properties: { + name: { + type: 'keyword', + }, + risk: { + properties: { + calculated_level: { + type: 'keyword', + }, + calculated_score: { + type: 'float', + }, + calculated_score_norm: { + type: 'float', + }, + category_1_count: { + type: 'long', + }, + category_1_score: { + type: 'float', + }, + id_field: { + type: 'keyword', + }, + id_value: { + type: 'keyword', + }, + notes: { + type: 'keyword', + }, + inputs: { + properties: { + id: { + type: 'keyword', + }, + index: { + type: 'keyword', + }, + category: { + type: 'keyword', + }, + description: { + type: 'keyword', + }, + risk_score: { + type: 'float', + }, + timestamp: { + type: 'date', + }, + }, + type: 'object', + }, + }, + type: 'object', + }, + }, + }, + user: { + properties: { + name: { + type: 'keyword', + }, + risk: { + properties: { + calculated_level: { + type: 'keyword', + }, + calculated_score: { + type: 'float', + }, + calculated_score_norm: { + type: 'float', + }, + category_1_count: { + type: 'long', + }, + category_1_score: { + type: 'float', + }, + id_field: { + type: 'keyword', + }, + id_value: { + type: 'keyword', + }, + notes: { + type: 'keyword', + }, + inputs: { + properties: { + id: { + type: 'keyword', + }, + index: { + type: 'keyword', + }, + category: { + type: 'keyword', + }, + description: { + type: 'keyword', + }, + risk_score: { + type: 'float', + }, + timestamp: { + type: 'date', + }, + }, + type: 'object', + }, + }, + type: 'object', + }, + }, + }, + }, + }); + + const { index_templates: indexTemplates } = await es.indices.getIndexTemplate({ + name: indexTemplateName, + }); + expect(indexTemplates.length).to.eql(1); + const indexTemplate = indexTemplates[0]; + expect(indexTemplate.name).to.eql(indexTemplateName); + expect(indexTemplate.index_template.index_patterns).to.eql([ + `risk-score.risk-score-${customSpaceName}`, + ]); + expect(indexTemplate.index_template.composed_of).to.eql([ + `.risk-score-mappings-${customSpaceName}`, + ]); + expect(indexTemplate.index_template.template!.mappings?.dynamic).to.eql(false); + expect(indexTemplate.index_template.template!.mappings?._meta?.managed).to.eql(true); + expect(indexTemplate.index_template.template!.mappings?._meta?.namespace).to.eql( + customSpaceName + ); + expect(indexTemplate.index_template.template!.mappings?._meta?.kibana?.version).to.be.a( + 'string' + ); + + expect(indexTemplate.index_template.template!.settings).to.eql({ + index: { + mapping: { + total_fields: { + limit: '1000', + }, + }, + }, + }); + + expect(indexTemplate.index_template.template!.lifecycle).to.eql({ + enabled: true, + }); + + const dsResponse = await es.indices.get({ + index: dataStreamName, + }); + + const dataStream = Object.values(dsResponse).find( + (ds) => ds.data_stream === dataStreamName + ); + + expect(dataStream?.mappings?._meta?.managed).to.eql(true); + expect(dataStream?.mappings?._meta?.namespace).to.eql(customSpaceName); + expect(dataStream?.mappings?._meta?.kibana?.version).to.be.a('string'); + expect(dataStream?.mappings?.dynamic).to.eql('false'); + + expect(dataStream?.settings?.index?.mapping).to.eql({ + total_fields: { + limit: '1000', + }, + }); + + expect(dataStream?.settings?.index?.hidden).to.eql('true'); + expect(dataStream?.settings?.index?.number_of_shards).to.eql(1); + + const indexExist = await es.indices.exists({ + index: latestIndexName, + }); + + expect(indexExist).to.eql(true); + + const transformStats = await es.transform.getTransformStats({ + transform_id: transformId, + }); + + expect(transformStats.transforms[0].state).to.eql('stopped'); + }); + it('should create configuration saved object', async () => { await riskEngineRoutes.init(); const response = await kibanaServer.savedObjects.find({ From e1b5074594fa85c821da5a83e8fee098ab6349fd Mon Sep 17 00:00:00 2001 From: abhishekbhatia1710 Date: Tue, 22 Oct 2024 15:25:01 +0530 Subject: [PATCH 2/3] Addressing review comments --- .../risk_score/configurations.ts | 2 +- .../risk_score/risk_score_data_client.test.ts | 13 ++----- .../risk_score/risk_score_data_client.ts | 39 +++++++++---------- .../init_and_status_apis.ts | 29 ++++---------- 4 files changed, 32 insertions(+), 51 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts index 1ec7d659ae82e..610ada87f5159 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/configurations.ts @@ -129,7 +129,7 @@ export const riskScoreFieldMap: FieldMap = { } as const; export const mappingComponentName = '.risk-score-mappings'; -export const nameSpaceAwareMappingComponentName = (namespace: string): string => { +export const nameSpaceAwareMappingsComponentName = (namespace: string): string => { return `${mappingComponentName}-${namespace}`; }; export const totalFieldsLimit = 1000; diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts index 94511c9b34ec5..cec3330af52e6 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.test.ts @@ -44,7 +44,6 @@ describe('RiskScoreDataClient', () => { let mockSavedObjectClient: ReturnType; let logger: ReturnType; const esClient = elasticsearchServiceMock.createScopedClusterClient().asCurrentUser; - // const esClient = elasticsearchServiceMock.createElasticsearchClient(); const totalFieldsLimit = 1000; beforeEach(() => { @@ -57,14 +56,8 @@ describe('RiskScoreDataClient', () => { soClient: mockSavedObjectClient, namespace: 'default', }; - const optionsWithNamespace = { - logger, - kibanaVersion: '8.9.0', - esClient, - soClient: mockSavedObjectClient, - namespace: 'space-1', - }; riskScoreDataClient = new RiskScoreDataClient(options); + const optionsWithNamespace = { ...options, namespace: 'space-1' }; riskScoreDataClientWithNameSpace = new RiskScoreDataClient(optionsWithNamespace); }); @@ -330,6 +323,7 @@ describe('RiskScoreDataClient', () => { }; // Default namespace + esClient.cluster.existsComponentTemplate.mockResolvedValue(false); await riskScoreDataClient.init(); assertComponentTemplate('default'); assertIndexTemplate('default'); @@ -338,6 +332,7 @@ describe('RiskScoreDataClient', () => { assertTransform('default'); // Space-1 namespace + esClient.cluster.existsComponentTemplate.mockResolvedValue(false); await riskScoreDataClientWithNameSpace.init(); assertComponentTemplate('space-1'); assertIndexTemplate('space-1'); @@ -514,7 +509,7 @@ describe('RiskScoreDataClient', () => { expect(esClient.transform.deleteTransform).toHaveBeenCalledTimes(1); expect(esClient.indices.deleteDataStream).toHaveBeenCalledTimes(1); expect(esClient.indices.deleteIndexTemplate).toHaveBeenCalledTimes(1); - expect(esClient.cluster.deleteComponentTemplate).toHaveBeenCalledTimes(1); + expect(esClient.cluster.deleteComponentTemplate).toHaveBeenCalledTimes(2); expect(errors).toEqual([]); }); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts index 03bb461d7c720..29c2b541ad423 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/risk_score_data_client.ts @@ -22,7 +22,7 @@ import { getIndexPatternDataStream, getTransformOptions, mappingComponentName, - nameSpaceAwareMappingComponentName, + nameSpaceAwareMappingsComponentName, riskScoreFieldMap, totalFieldsLimit, } from './configurations'; @@ -109,15 +109,16 @@ export class RiskScoreDataClient { const oldComponentTemplateExists = await esClient.cluster.existsComponentTemplate({ name: mappingComponentName, }); - // If present then copy the contents to a new component template with the namespace in the name - if (oldComponentTemplateExists === true) { - const oldComponentTemplateResponse = await esClient.cluster.getComponentTemplate({ - name: mappingComponentName, - }); - + if (oldComponentTemplateExists) { + const oldComponentTemplateResponse = await esClient.cluster.getComponentTemplate( + { + name: mappingComponentName, + }, + { ignore: [404] } + ); const oldComponentTemplate = oldComponentTemplateResponse?.component_templates[0]; - const newComponentTemplateName = nameSpaceAwareMappingComponentName(namespace); + const newComponentTemplateName = nameSpaceAwareMappingsComponentName(namespace); await esClient.cluster.putComponentTemplate({ name: newComponentTemplateName, body: oldComponentTemplate.component_template, @@ -138,7 +139,7 @@ export class RiskScoreDataClient { logger: this.options.logger, esClient, template: { - name: nameSpaceAwareMappingComponentName(namespace), + name: nameSpaceAwareMappingsComponentName(namespace), _meta: { managed: true, }, @@ -160,7 +161,7 @@ export class RiskScoreDataClient { body: { data_stream: { hidden: true }, index_patterns: [indexPatterns.alias], - composed_of: [nameSpaceAwareMappingComponentName(namespace)], + composed_of: [nameSpaceAwareMappingsComponentName(namespace)], template: { lifecycle: {}, settings: { @@ -262,16 +263,14 @@ export class RiskScoreDataClient { ) .catch(addError); - if (namespace !== 'default') { - await esClient.cluster - .deleteComponentTemplate( - { - name: nameSpaceAwareMappingComponentName(namespace), - }, - { ignore: [404] } - ) - .catch(addError); - } + await esClient.cluster + .deleteComponentTemplate( + { + name: nameSpaceAwareMappingsComponentName(namespace), + }, + { ignore: [404] } + ) + .catch(addError); await esClient.cluster .deleteComponentTemplate( diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts index ec3a89bc4bada..46c012998b05e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts @@ -23,33 +23,20 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); const supertest = getService('supertest'); const kibanaServer = getService('kibanaServer'); + const spaces = getService('spaces'); const customSpaceName = 'ea-customspace-it'; const riskEngineRoutes = riskEngineRouteHelpersFactory(supertest); const riskEngineRoutesWithNamespace = riskEngineRouteHelpersFactory(supertest, customSpaceName); const log = getService('log'); - const createNamespace = async (spaceName: string) => { - const response = await supertest.post('/api/spaces/space').set('kbn-xsrf', 'true').send({ - id: spaceName, - name: spaceName, - description: 'Space for ${spaceName}', - disabledFeatures: [], - }); - - // console.log(response.body) - }; - - const deleteNameSpace = async (spaceName: string) => { - const response = await supertest - .delete(`/api/spaces/space/${spaceName}`) - .set('kbn-xsrf', 'true'); - - // console.log(response.body) - }; - describe('@ess @serverless @serverlessQA init_and_status_apis', () => { before(async () => { - await createNamespace(customSpaceName); + await spaces.create({ + id: customSpaceName, + name: customSpaceName, + description: 'Space for ${customSpaceName}', + disabledFeatures: [], + }); await riskEngineRoutes.cleanUp(); await riskEngineRoutesWithNamespace.cleanUp(); }); @@ -59,7 +46,7 @@ export default ({ getService }: FtrProviderContext) => { await riskEngineRoutesWithNamespace.cleanUp(); await clearLegacyTransforms({ es, log }); await clearLegacyDashboards({ supertest, log }); - await deleteNameSpace(customSpaceName); + await spaces.delete(customSpaceName); }); describe('init api', () => { From 3f8cba30c79f62fc7473aa9b04d007adcd22e674 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 22 Oct 2024 10:47:21 +0000 Subject: [PATCH 3/3] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../trial_license_complete_tier/init_and_status_apis.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts index 0fc29640e5ee0..b793ec1cb1306 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/init_and_status_apis.ts @@ -34,7 +34,6 @@ export default ({ getService }: FtrProviderContext) => { const log = getService('log'); describe('@ess @serverless @serverlessQA init_and_status_apis', () => { - before(async () => { await spaces.create({ id: customSpaceName,