Add transforms creation to the CSP plugin initialization #129905
Conversation
eyalkraft
added
release_note:skip
x-pack/plugins/cloud_security_posture/server/create_transforms/benchmark_score_transform.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/create_transforms/benchmark_score_transform.ts
Show resolved
Hide resolved
|
I was forced to add and not use the existing (no hyphen) since this is the index pattern the kibana user has the proper privileges for as a result of this PR to Elasticsearch. Otherwise the following error occurs: wdyt @kfirpeled? We can also change the original Edit: On second thought just adding the |
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security Posture) |
…bana into create-transforms-in-plugin
| @@ -17,7 +17,7 @@ export const LATEST_FINDINGS_INDEX_NAME = 'cloud_security_posture.findings_lates | |||
| export const BENCHMARK_SCORE_INDEX_NAME = 'cloud_security_posture.scores'; | |||
|
|
|||
| export const AGENT_LOGS_INDEX_PATTERN = '.logs-cis_kubernetes_benchmark.metadata*'; | |||
| export const CSP_KUBEBEAT_INDEX_PATTERN = 'logs-cis_kubernetes_benchmark.findings*'; | |||
| export const CSP_KUBEBEAT_INDEX_PATTERN = 'logs-cis_kubernetes_benchmark.findings-*'; | |||
| benchmarkScoreMapping, | ||
| logger | ||
| ); | ||
| return Promise.all([ |
x-pack/plugins/cloud_security_posture/server/create_transforms/latest_findings_transform.ts
Outdated
Show resolved
Hide resolved
| transform_id: 'cloud_security_posture.latest-default-0.0.1', | ||
| description: 'Defines findings transformation to view only the latest finding per resource', | ||
| source: { | ||
| index: CSP_KUBEBEAT_INDEX_PATTERN, |
There was a problem hiding this comment.
fyi, when cloudbeat would support namespaces, this transform would take results from other spaces into the default's latest index.
what if the index pattern of this transform would be logs-cis_kubernetes_benchmark.findings-default-*. looking ahead, it might prevent a state that would be harder to fix if leaving it as it is now.
There was a problem hiding this comment.
I'm pretty sure the pattern you suggested won't work as the datastream name is logs-cis_kubernetes_benchmark.findings-default and the underlying index name is .ds-logs-cis_kubernetes_benchmark.findings-default-2022.04.18-000001
There was a problem hiding this comment.
correct, it looks like the datastream name would achieve the same result though.
anyway, we can fix that later
x-pack/plugins/cloud_security_posture/server/create_transforms/create_transforms.ts
Show resolved
Hide resolved
x-pack/plugins/cloud_security_posture/server/create_transforms/create_transforms.ts
Outdated
Show resolved
Hide resolved
|
tested locally |
| }); | ||
| return true; |
There was a problem hiding this comment.
nit: it returns true although it was not created. consider documentation/ better naming for the function
|
🚢 it |
💚 Build SucceededMetrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @eyalkraft |
) * add transforms * [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' * catch 404 * add hyphen * start transforms, promise.all * return is clearer * add tests * transform rename * add test * use exact pattern * only start if created Co-authored-by: kibanamachine <[email protected]>
Summary
Following the decision to hold back the integration package-spec change to support transform assets,
We will temporarily create the required transforms required for the CSP plugin as part of the plugin initialization itself.
These transforms will be moved to be part of our integration package as soon as the package-spec will allow it.
Checklist