Skip to content

Commit

Permalink
Adding telemetry for the fips config (elastic#201282)
Browse files Browse the repository at this point in the history
## Summary

Adding telemetry for the `fipsMode.enabled` config

(cherry picked from commit 8f12d52)
  • Loading branch information
kc13greiner committed Dec 2, 2024
1 parent 8b44bc2 commit 01f9256
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ describe('Security UsageCollector', () => {
allowAccessAgreement = true,
allowAuditLogging = true,
allowRbac = true,
allowFips = true,
isLicenseAvailable,
}: Partial<SecurityLicenseFeatures> & { isLicenseAvailable: boolean }) => {
const license = licenseMock.create();
Expand All @@ -34,6 +35,7 @@ describe('Security UsageCollector', () => {
allowAccessAgreement,
allowAuditLogging,
allowRbac,
allowFips,
} as SecurityLicenseFeatures);
return license;
};
Expand All @@ -44,6 +46,7 @@ describe('Security UsageCollector', () => {
accessAgreementEnabled: false,
authProviderCount: 1,
enabledAuthProviders: ['basic'],
fipsModeEnabled: false,
loginSelectorEnabled: false,
httpAuthSchemes: ['apikey', 'bearer'],
sessionIdleTimeoutInMinutes: 4320,
Expand Down Expand Up @@ -106,6 +109,7 @@ describe('Security UsageCollector', () => {
accessAgreementEnabled: false,
authProviderCount: 0,
enabledAuthProviders: [],
fipsModeEnabled: false,
loginSelectorEnabled: false,
httpAuthSchemes: [],
sessionIdleTimeoutInMinutes: 0,
Expand Down Expand Up @@ -426,6 +430,55 @@ describe('Security UsageCollector', () => {
});
});

describe('fipsMode enabled', () => {
it('reports when fipsMode is enabled', async () => {
const config = createSecurityConfig(
ConfigSchema.validate({
fipsMode: {
enabled: true,
},
})
);
const usageCollection = usageCollectionPluginMock.createSetupContract();
const license = createSecurityLicense({
isLicenseAvailable: true,
allowFips: true,
});
registerSecurityUsageCollector({ usageCollection, config, license });

const usage = await usageCollection
.getCollectorByType('security')
?.fetch(collectorFetchContext);

expect(usage).toEqual({
...DEFAULT_USAGE,
fipsModeEnabled: true,
});
});

it('does not report fipsMode when the license does not permit it', async () => {
const config = createSecurityConfig(
ConfigSchema.validate({
fipsMode: {
enabled: true,
},
})
);
const usageCollection = usageCollectionPluginMock.createSetupContract();
const license = createSecurityLicense({ isLicenseAvailable: true, allowFips: false });
registerSecurityUsageCollector({ usageCollection, config, license });

const usage = await usageCollection
.getCollectorByType('security')
?.fetch(collectorFetchContext);

expect(usage).toEqual({
...DEFAULT_USAGE,
fipsModeEnabled: false,
});
});
});

describe('http auth schemes', () => {
it('reports customized http auth schemes', async () => {
const config = createSecurityConfig(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ interface Usage {
accessAgreementEnabled: boolean;
authProviderCount: number;
enabledAuthProviders: string[];
fipsModeEnabled: boolean;
httpAuthSchemes: string[];
sessionIdleTimeoutInMinutes: number;
sessionLifespanInMinutes: number;
Expand Down Expand Up @@ -93,6 +94,12 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
},
},
},
fipsModeEnabled: {
type: 'boolean',
_meta: {
description: 'Indicates if Kibana is being run in FIPS mode.',
},
},
httpAuthSchemes: {
type: 'array',
items: {
Expand Down Expand Up @@ -139,14 +146,16 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
},
},
fetch: () => {
const { allowRbac, allowAccessAgreement, allowAuditLogging } = license.getFeatures();
const { allowRbac, allowAccessAgreement, allowAuditLogging, allowFips } =
license.getFeatures();
if (!allowRbac) {
return {
auditLoggingEnabled: false,
loginSelectorEnabled: false,
accessAgreementEnabled: false,
authProviderCount: 0,
enabledAuthProviders: [],
fipsModeEnabled: false,
httpAuthSchemes: [],
sessionIdleTimeoutInMinutes: 0,
sessionLifespanInMinutes: 0,
Expand All @@ -171,6 +180,8 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
WELL_KNOWN_AUTH_SCHEMES.includes(scheme.toLowerCase())
);

const fipsModeEnabled = allowFips && config.fipsMode.enabled;

const sessionExpirations = config.session.getExpirationTimeouts(undefined); // use `undefined` to get global expiration values
const sessionIdleTimeoutInMinutes = sessionExpirations.idleTimeout?.asMinutes() ?? 0;
const sessionLifespanInMinutes = sessionExpirations.lifespan?.asMinutes() ?? 0;
Expand Down Expand Up @@ -202,6 +213,7 @@ export function registerSecurityUsageCollector({ usageCollection, config, licens
accessAgreementEnabled,
authProviderCount,
enabledAuthProviders,
fipsModeEnabled,
httpAuthSchemes,
sessionIdleTimeoutInMinutes,
sessionLifespanInMinutes,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15224,6 +15224,12 @@
}
}
},
"fipsModeEnabled": {
"type": "boolean",
"_meta": {
"description": "Indicates if Kibana is being run in FIPS mode."
}
},
"httpAuthSchemes": {
"type": "array",
"items": {
Expand Down

0 comments on commit 01f9256

Please sign in to comment.