Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Entity Analytics] [Entity Store] Show errors on entity store enablement #198263

Merged
merged 8 commits into from
Oct 31, 2024
2 changes: 2 additions & 0 deletions oas_docs/output/kibana.serverless.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48345,6 +48345,8 @@ components:
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
error:
type: object
fieldHistoryLength:
type: integer
filter:
Expand Down
2 changes: 2 additions & 0 deletions oas_docs/output/kibana.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56730,6 +56730,8 @@ components:
Security_Entity_Analytics_API_EngineDescriptor:
type: object
properties:
error:
type: object
fieldHistoryLength:
type: integer
filter:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ export const EngineDescriptor = z.object({
status: EngineStatus,
filter: z.string().optional(),
fieldHistoryLength: z.number().int(),
error: z.object({}).optional(),
});

export type InspectQuery = z.infer<typeof InspectQuery>;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ components:
type: string
fieldHistoryLength:
type: integer
error:
type: object

EngineStatus:
type: string
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -785,6 +785,8 @@ components:
EngineDescriptor:
type: object
properties:
error:
type: object
fieldHistoryLength:
type: integer
filter:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -785,6 +785,8 @@ components:
EngineDescriptor:
type: object
properties:
error:
type: object
fieldHistoryLength:
type: integer
filter:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import {
EuiLoadingLogo,
EuiPanel,
EuiImage,
EuiCallOut,
} from '@elastic/eui';

import { FormattedMessage } from '@kbn/i18n-react';
Expand Down Expand Up @@ -50,9 +51,25 @@ const EntityStoreDashboardPanelsComponent = () => {
const entityStore = useEntityEngineStatus();
const riskEngineStatus = useRiskEngineStatus();

const { enable: enableStore } = useEntityStoreEnablement();
const { enable: enableStore, query } = useEntityStoreEnablement();

const { mutate: initRiskEngine } = useInitRiskEngineMutation();

const callouts = entityStore.errors.map((err, i) => (
<EuiCallOut
title={
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.entityStore.enablement.errors.title"
defaultMessage={'An error occurred during entity store resource initialization'}
/>
}
color="danger"
iconType="error"
>
<p>{err?.message}</p>
</EuiCallOut>
));

const enableEntityStore = (enable: Enablements) => () => {
setModalState({ visible: false });
if (enable.riskScore) {
Expand All @@ -74,6 +91,26 @@ const EntityStoreDashboardPanelsComponent = () => {
}
};

if (query.error) {
return (
<>
<EuiCallOut
title={
<FormattedMessage
id="xpack.securitySolution.entityAnalytics.entityStore.enablement.errors.queryErrorTitle"
defaultMessage={'There was a problem initializing the entity store'}
/>
}
color="danger"
iconType="error"
>
<p>{(query.error as { body: { message: string } }).body.message}</p>
</EuiCallOut>
{callouts}
</>
);
}

if (entityStore.status === 'loading') {
return (
<EuiPanel hasBorder>
Expand Down Expand Up @@ -110,6 +147,29 @@ const EntityStoreDashboardPanelsComponent = () => {

return (
<EuiFlexGroup direction="column" data-test-subj="entityStorePanelsGroup">
{entityStore.status === 'error' && isRiskScoreAvailable && (
<>
{callouts}
<EuiFlexItem>
<EntityAnalyticsRiskScores riskEntity={RiskScoreEntity.user} />
</EuiFlexItem>
<EuiFlexItem>
<EntityAnalyticsRiskScores riskEntity={RiskScoreEntity.host} />
</EuiFlexItem>
</>
)}
{entityStore.status === 'error' && !isRiskScoreAvailable && (
<>
{callouts}
<EuiFlexItem>
<EnableEntityStore
onEnable={() => setModalState({ visible: true })}
loadingRiskEngine={riskEngineInitializing}
enablements="riskScore"
/>
</EuiFlexItem>
</>
)}
{entityStore.status === 'enabled' && isRiskScoreAvailable && (
<>
<EuiFlexItem>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ interface Options {
polling?: UseQueryOptions<ListEntityEnginesResponse>['refetchInterval'];
}

interface EngineError {
message: string;
}

export const useEntityEngineStatus = (opts: Options = {}) => {
// QUESTION: Maybe we should have an `EnablementStatus` API route for this?
const { listEntityEngines } = useEntityStoreRoutes();
Expand All @@ -33,6 +37,10 @@ export const useEntityEngineStatus = (opts: Options = {}) => {
return 'not_installed';
}

if (data?.engines?.some((engine) => engine.status === 'error')) {
return 'error';
}

if (data?.engines?.every((engine) => engine.status === 'stopped')) {
return 'stopped';
}
Expand All @@ -52,7 +60,12 @@ export const useEntityEngineStatus = (opts: Options = {}) => {
return 'enabled';
})();

const errors = (data?.engines
?.filter((engine) => engine.status === 'error')
.map((engine) => engine.error) ?? []) as EngineError[];

return {
status,
errors,
};
};
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ export const useEntityStoreEnablement = () => {
});

const { initEntityStore } = useEntityStoreRoutes();
const { refetch: initialize } = useQuery({
const { refetch: initialize, ...query } = useQuery({
queryKey: [ENTITY_STORE_ENABLEMENT_INIT],
queryFn: async () =>
initEntityStore('user').then((usr) => initEntityStore('host').then((host) => [usr, host])),
Expand All @@ -52,10 +52,10 @@ export const useEntityStoreEnablement = () => {
telemetry?.reportEntityStoreInit({
timestamp: new Date().toISOString(),
});
initialize().then(() => setPolling(true));
return initialize().then(() => setPolling(true));
}, [initialize, telemetry]);

return { enable };
return { enable, query };
};

export const INIT_ENTITY_ENGINE_STATUS_KEY = ['POST', 'INIT_ENTITY_ENGINE'];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,14 @@ export class EntityStoreDataClient {
error: err.message,
});

await this.engineClient.update(entityType, ENGINE_STATUS.ERROR);
await this.engineClient.update(entityType, {
status: ENGINE_STATUS.ERROR,
error: {
message: err.message,
stack: err.stack,
action: 'init',
},
});

await this.delete(entityType, taskManager, { deleteData: true, deleteEngine: false });
}
Expand Down Expand Up @@ -319,7 +326,7 @@ export class EntityStoreDataClient {
const fullEntityDefinition = await this.getExistingEntityDefinition(entityType);
await this.entityClient.startEntityDefinition(fullEntityDefinition);

return this.engineClient.update(entityType, ENGINE_STATUS.STARTED);
return this.engineClient.updateStatus(entityType, ENGINE_STATUS.STARTED);
}

public async stop(entityType: EntityType) {
Expand All @@ -339,7 +346,7 @@ export class EntityStoreDataClient {
const fullEntityDefinition = await this.getExistingEntityDefinition(entityType);
await this.entityClient.stopEntityDefinition(fullEntityDefinition);

return this.engineClient.update(entityType, ENGINE_STATUS.STOPPED);
return this.engineClient.updateStatus(entityType, ENGINE_STATUS.STOPPED);
}

public async get(entityType: EntityType) {
Expand Down Expand Up @@ -513,7 +520,7 @@ export class EntityStoreDataClient {
}

// Update savedObject status
await this.engineClient.update(engine.type, ENGINE_STATUS.UPDATING);
await this.engineClient.updateStatus(engine.type, ENGINE_STATUS.UPDATING);

try {
// Update entity manager definition
Expand All @@ -526,12 +533,12 @@ export class EntityStoreDataClient {
});

// Restore the savedObject status and set the new index pattern
await this.engineClient.update(engine.type, originalStatus);
await this.engineClient.updateStatus(engine.type, originalStatus);

return { type: engine.type, changes: { indexPatterns } };
} catch (error) {
// Rollback the engine initial status when the update fails
await this.engineClient.update(engine.type, originalStatus);
await this.engineClient.updateStatus(engine.type, originalStatus);

throw error;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,17 +78,21 @@ export class EngineDescriptorClient {
return attributes;
}

async update(entityType: EntityType, status: EngineStatus) {
async update(entityType: EntityType, engine: Partial<EngineDescriptor>) {
const id = this.getSavedObjectId(entityType);
const { attributes } = await this.deps.soClient.update<EngineDescriptor>(
entityEngineDescriptorTypeName,
id,
{ status },
engine,
{ refresh: 'wait_for' }
);
return attributes;
}

async updateStatus(entityType: EntityType, status: EngineStatus) {
return this.update(entityType, { status });
}

async find(entityType: EntityType): Promise<SavedObjectsFindResponse<EngineDescriptor>> {
return this.deps.soClient.find<EngineDescriptor>({
type: entityEngineDescriptorTypeName,
Expand Down