Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RAC] [Alerts] Fixes rac authz class and adds some scripts for testing #6

Merged

Conversation

dhurley14
Copy link
Collaborator

@dhurley14 dhurley14 commented Apr 8, 2021

Summary

parameterizes calls into racClient.get() to match solutions, adds more log statements, added security as a required plugin to rule_registry plugin without which, the rac authorization class was receiving an undefined security client so our calls to shouldCheckAuthorization were failing silently. Added some routes and scripts to test authz functionality.

Users with roles granting them access to monitoring (observability) and siem (security solution) should only be able to access alerts with those roles

roles are located in rule_registry/scripts

# post the roles and users
myterminal~$ cd hunter && ./post_detections_role.sh && ./post_detections_user.sh
myterminal~$ cd ../observer && ./post_detections_role.sh && ./post_detections_user.sh

execute the test scripts to ensure the users with the appropriate roles are authorized / unauthorized to access alerts from different solutions.

myterminal~$ ./get_security_solution_alert.sh observer
{
  "statusCode": 404,
  "error": "Not Found",
  "message": "Unauthorized to get \"rac:8.0.0:securitySolution/get\" alert\""
}
myterminal~$ ./get_security_solution_alert.sh 
{
  "success": true
}
myterminal~$ ./get_observability_alert.sh 
{
  "success": true
}
myterminal~$ ./get_observability_alert.sh hunter
{
  "statusCode": 404,
  "error": "Not Found",
  "message": "Unauthorized to get \"rac:8.0.0:observability/get\" alert\""
}

Checklist

Delete any items that are not applicable to this PR.

For maintainers

…e log statements, added security as a required plugin to rule_registry plugin without which, the rac authorization class was receiving an undefined security client so our calls to shouldCheckAuthorization were failing silently. Added some routes and scripts to test authz functionality. To test please see the README in the rule_registry/scripts.
@dhurley14 dhurley14 requested a review from yctercero April 8, 2021 01:58
@dhurley14 dhurley14 self-assigned this Apr 8, 2021
@dhurley14 dhurley14 changed the title [RAC] [Alerts] Fixes authz class and adds some scripts for testing [RAC] [Alerts] Fixes rac authz class and adds some scripts for testing Apr 8, 2021
Copy link
Owner

@yctercero yctercero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome, thanks Devin!!

@yctercero yctercero merged commit 806ee8e into yctercero:rac_rbac_poc Apr 8, 2021
yctercero pushed a commit that referenced this pull request Jun 16, 2021
* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment
yctercero pushed a commit that referenced this pull request Jun 16, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment
yctercero added a commit that referenced this pull request Jun 21, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>
yctercero pushed a commit that referenced this pull request Jun 22, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>

update tests

WIP - updated shell scripts

fixes scripts

fix update route indexName -> index

Merge pull request #12 from yctercero/rbac_update_tests

Updates tests that were previously failing and addresses some feedback.
yctercero pushed a commit that referenced this pull request Jun 24, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>

update tests

WIP - updated shell scripts

fixes scripts

fix update route indexName -> index

Merge pull request #12 from yctercero/rbac_update_tests

Updates tests that were previously failing and addresses some feedback.
yctercero pushed a commit that referenced this pull request Jun 24, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>

update tests

WIP - updated shell scripts

fixes scripts

fix update route indexName -> index

Merge pull request #12 from yctercero/rbac_update_tests

Updates tests that were previously failing and addresses some feedback.
yctercero pushed a commit that referenced this pull request Jun 29, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>

update tests

WIP - updated shell scripts

fixes scripts

fix update route indexName -> index

Merge pull request #12 from yctercero/rbac_update_tests

Updates tests that were previously failing and addresses some feedback.
yctercero pushed a commit that referenced this pull request Jun 30, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>

update tests

WIP - updated shell scripts

fixes scripts

fix update route indexName -> index

Merge pull request #12 from yctercero/rbac_update_tests

Updates tests that were previously failing and addresses some feedback.
yctercero pushed a commit that referenced this pull request Jul 5, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>

update tests

WIP - updated shell scripts

fixes scripts

fix update route indexName -> index

Merge pull request #12 from yctercero/rbac_update_tests

Updates tests that were previously failing and addresses some feedback.
yctercero pushed a commit that referenced this pull request Jul 5, 2021
WIP - trying to fix integration tests, broken authz for observer user / role

updates authz feature builder to what ying had before we messed it up in our branch

fixes integration tests

add rac api access to apm

adds getIndex functionality which requires the asset name to be passed in, same style as in the rule registry data client, adds update integration tests

fix small merge conflict and update shell script

fix merge conflict in alerting test file

fix most type errors

fix the rest of the type failures

fix integration tests

fix integration tests

fix type error with feature registration in apm

fix integration tests in apm and security solution

fix type checker

fix jest tests for apm

remove console.error statements for eslint

fix type check

update security solution jest tests

cleaning up PR and adding basic unit tests

still need to clean up types in tests and update one test file

fixes snapshot for signals template

fix tests

fix type check failures

update cypress test

undo changes in alert authz class, updates alert privilege in apm feature to 'read', utilizes the 'rule' object available in executor params over querying for the rule SO directly

remove verbose logging from detection api integration tests

fix type

fix jest tests, adds missing mocked rule object to alert executor params

[RAC] [RBAC] adds function to get alerts-as-data index name (#6)

* WIP - test script and route in rule registry to pull index name. I need to test out adding this route within the APM and sec sol plugins specifically and see if they spit back the same .alerts index but with the appropriate asset name despite not providing one.

WIP - DO NOT DELETE THIS CODE

minor cleanup

updates client to require passing in index name, which is now available through the alerts as data client function getAlertsIndex

fix types

* remove outdated comment

update README, adds integration test (skipped) for testing authz with search strategy (#8)

* WIP

* update README, adds integration test (skipped) for testing authz with search strategy

* fix rebase issues

* adds typedoc docs

* adds SKIPPED integration test for timeline search strategy to be unskipped once authorization is added to search strategy

* removes unused references to the rule data client within the rule registry

squashed commit (#11)

* clean up commented out code, update PR per initial comments

* introduce index param to get route again, allowing user to specify index to search

* updating feature privileges UI to allow user to have all, read, none on alerts

Co-authored-by: Yara Tercero <yara.tercero@elastic.co>

update tests

WIP - updated shell scripts

fixes scripts

fix update route indexName -> index

Merge pull request #12 from yctercero/rbac_update_tests

Updates tests that were previously failing and addresses some feedback.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants