Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[alerting] Adds Action Type configuration support and whitelisting #44483

Merged
merged 23 commits into from
Sep 6, 2019
Merged

[alerting] Adds Action Type configuration support and whitelisting #44483

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
6c48bc1
feat(action-types-refactor): pass kibana config to builtin action typ…
gmmorris Aug 30, 2019
4113bd2
Merge branch 'master' into refactor-action-types
gmmorris Aug 30, 2019
c03104c
fix(webhook-whitelisting): whitelist support for webhook execution
gmmorris Aug 30, 2019
e46f616
fix(webhook-whitelisting): fixed missing type sig
gmmorris Aug 30, 2019
a12f7b9
Merge branch 'master' into actions/refactor-action-types
gmmorris Sep 2, 2019
ea4580f
refactor(webhook-whitelisting): removed the None option as we can use…
gmmorris Sep 2, 2019
f169c0a
refactor(webhook-whitelisting): unified whitelisting error message
gmmorris Sep 2, 2019
4855bb0
refactor(webhook-whitelisting): curry valdiaiton to make it a little …
gmmorris Sep 2, 2019
cd87387
fix(webhook-whitelisting): removed unused import
gmmorris Sep 2, 2019
057a6ec
fix(webhook-whitelisting): cleaned up messaging around webhook errors
gmmorris Sep 2, 2019
fad46ab
fix(webhook-whitelisting): fixed typing of mocks
gmmorris Sep 2, 2019
7d8ed08
readme(webhook-whitelisting): added documentation of the Built-in-Act…
gmmorris Sep 2, 2019
a93f2f0
Merge branch 'master' into actions/refactor-action-types
gmmorris Sep 2, 2019
7375745
refactor(webhook-whitelisting): extracted unsafeGet out of Result typ…
gmmorris Sep 3, 2019
d5baa69
refactor(webhook-whitelisting): removed usage of result in whitelisting
gmmorris Sep 4, 2019
ac21af9
doc(webhook-whitelisting): Updated documentation for whitelisting
gmmorris Sep 4, 2019
b277445
refactor(webhook-whitelisting): Whitelist Any url by specifying a * i…
gmmorris Sep 4, 2019
2699dd3
doc(webhook-whitelisting): Updated documentation for actions Enabled …
gmmorris Sep 4, 2019
f73fb00
Merge branch 'master' into actions/refactor-action-types
gmmorris Sep 4, 2019
481da21
Merge branch 'master' into actions/refactor-action-types
gmmorris Sep 5, 2019
9a84b8b
refactor(webhook-whitelisting): Provide two ways of checking whitelis…
gmmorris Sep 5, 2019
8a9ddc9
refactor(webhook-whitelisting): Removed whitelisting check in executo…
gmmorris Sep 5, 2019
72f70b4
Merge branch 'master' into actions/refactor-action-types
gmmorris Sep 5, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions x-pack/legacy/plugins/actions/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ export function actions(kibana: any) {
return Joi.object()
.keys({
enabled: Joi.boolean().default(false),
whitelistedHosts: Joi.alternatives()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think alternatives was here when the property was string | string[]? So, I think we can remove the alternatives() and try() wrappers, just make it a Joi.array()? Or maybe there's some joi sneakiness I don't yet understand :-)

It clearly works now, so fine with shipping this way, create an issue / project card if it should be fixed later.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that's not needed anymore, I'll fix in a small PR next

.try(
Joi.array()
.items(Joi.string().hostname())
.sparse(false),
Joi.string().valid('any', 'none')
)
.default('none'),
})
.default();
},
Expand Down
36 changes: 36 additions & 0 deletions x-pack/legacy/plugins/actions/server/actions_config.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { ActionsKibanaConfig, getActionsConfigurationUtilities } from './actions_config';

describe('isWhitelistedHostname', () => {
test('returns true when "any" hostnames are allowed', () => {
const config: ActionsKibanaConfig = { enabled: false, whitelistedHosts: 'any' };
expect(
getActionsConfigurationUtilities(config).isWhitelistedHostname(
'https://github.com/elastic/kibana'
)
).toEqual(true);
});

test('returns false when the hostname in the requested uri is not in the whitelist', () => {
const config: ActionsKibanaConfig = { enabled: false, whitelistedHosts: [] };
expect(
getActionsConfigurationUtilities(config).isWhitelistedHostname(
'https://github.com/elastic/kibana'
)
).toEqual(false);
});

test('returns true when the hostname in the requested uri is in the whitelist', () => {
const config: ActionsKibanaConfig = { enabled: false, whitelistedHosts: ['github.com'] };
expect(
getActionsConfigurationUtilities(config).isWhitelistedHostname(
'https://github.com/elastic/kibana'
)
).toEqual(true);
});
});
40 changes: 40 additions & 0 deletions x-pack/legacy/plugins/actions/server/actions_config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

import { fromNullable } from 'fp-ts/lib/Option';
import { URL } from 'url';

export interface ActionsKibanaConfig {
enabled: boolean;
whitelistedHosts: 'any' | 'none' | string[];
}

export interface ActionsConfigurationUtilities {
isWhitelistedHostname: (uri: string) => boolean;
}

export function getActionsConfigurationUtilities(
config: ActionsKibanaConfig
): ActionsConfigurationUtilities {
return {
isWhitelistedHostname(uri: string): boolean {
switch (config.whitelistedHosts) {
case 'none':
return false;
case 'any':
return true;
default:
if (Array.isArray(config.whitelistedHosts)) {
const urlHostname = new URL(uri).hostname;
return fromNullable(
config.whitelistedHosts.find(hostname => hostname === urlHostname)
).isSome();
}
return false;
}
},
};
}
4 changes: 3 additions & 1 deletion x-pack/legacy/plugins/actions/server/builtin_action_types/email.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jest.mock('./lib/send_email', () => ({
}));

import { ActionType, ActionTypeExecutorOptions } from '../types';
import { ActionsConfigurationUtilities } from '../actions_config';
import { ActionTypeRegistry } from '../action_type_registry';
import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
import { taskManagerMock } from '../../../task_manager/task_manager.mock';
Expand All @@ -22,6 +23,7 @@ const sendEmailMock = sendEmail as jest.Mock;

const ACTION_TYPE_ID = '.email';
const NO_OP_FN = () => {};
const MOCK_KIBANA_CONFIG = { isWhitelistedHostname: () => true } as ActionsConfigurationUtilities;

const services = {
log: NO_OP_FN,
Expand All @@ -48,7 +50,7 @@ beforeAll(() => {
getBasePath: jest.fn().mockReturnValue(undefined),
});

registerBuiltInActionTypes(actionTypeRegistry);
registerBuiltInActionTypes(actionTypeRegistry, MOCK_KIBANA_CONFIG);

actionType = actionTypeRegistry.get(ACTION_TYPE_ID);
});
Expand Down
23 changes: 12 additions & 11 deletions x-pack/legacy/plugins/actions/server/builtin_action_types/email.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,17 +97,18 @@ function validateParams(paramsObject: any): string | void {
}

// action type definition

export const actionType: ActionType = {
id: '.email',
name: 'email',
validate: {
config: ConfigSchema,
secrets: SecretsSchema,
params: ParamsSchema,
},
executor,
};
export function getActionType(): ActionType {
return {
id: '.email',
name: 'email',
validate: {
config: ConfigSchema,
secrets: SecretsSchema,
params: ParamsSchema,
},
executor,
};
}

// action executor

Expand Down
4 changes: 3 additions & 1 deletion x-pack/legacy/plugins/actions/server/builtin_action_types/es_index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jest.mock('./lib/send_email', () => ({
}));

import { ActionType, ActionTypeExecutorOptions } from '../types';
import { ActionsConfigurationUtilities } from '../actions_config';
import { ActionTypeRegistry } from '../action_type_registry';
import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
import { taskManagerMock } from '../../../task_manager/task_manager.mock';
Expand All @@ -19,6 +20,7 @@ import { ActionParamsType, ActionTypeConfigType } from './es_index';

const ACTION_TYPE_ID = '.index';
const NO_OP_FN = () => {};
const MOCK_KIBANA_CONFIG = { isWhitelistedHostname: () => true } as ActionsConfigurationUtilities;

const services = {
log: NO_OP_FN,
Expand All @@ -45,7 +47,7 @@ beforeAll(() => {
getBasePath: jest.fn().mockReturnValue(undefined),
});

registerBuiltInActionTypes(actionTypeRegistry);
registerBuiltInActionTypes(actionTypeRegistry, MOCK_KIBANA_CONFIG);

actionType = actionTypeRegistry.get(ACTION_TYPE_ID);
});
Expand Down
21 changes: 11 additions & 10 deletions x-pack/legacy/plugins/actions/server/builtin_action_types/es_index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,17 @@ const ParamsSchema = schema.object({
});

// action type definition

export const actionType: ActionType = {
id: '.index',
name: 'index',
validate: {
config: ConfigSchema,
params: ParamsSchema,
},
executor,
};
export function getActionType(): ActionType {
return {
id: '.index',
name: 'index',
validate: {
config: ConfigSchema,
params: ParamsSchema,
},
executor,
};
}

// action executor

Expand Down
28 changes: 17 additions & 11 deletions x-pack/legacy/plugins/actions/server/builtin_action_types/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,23 @@
*/

import { ActionTypeRegistry } from '../action_type_registry';
import { ActionsConfigurationUtilities } from '../actions_config';

import { actionType as serverLogActionType } from './server_log';
import { actionType as slackActionType } from './slack';
import { actionType as emailActionType } from './email';
import { actionType as indexActionType } from './es_index';
import { actionType as pagerDutyActionType } from './pagerduty';
import { getActionType as getServerLogActionType } from './server_log';
import { getActionType as getSlackActionType } from './slack';
import { getActionType as getEmailActionType } from './email';
import { getActionType as getIndexActionType } from './es_index';
import { getActionType as getPagerDutyActionType } from './pagerduty';
import { getActionType as getWebhookActionType } from './webhook';

export function registerBuiltInActionTypes(actionTypeRegistry: ActionTypeRegistry) {
actionTypeRegistry.register(serverLogActionType);
actionTypeRegistry.register(slackActionType);
actionTypeRegistry.register(emailActionType);
actionTypeRegistry.register(indexActionType);
actionTypeRegistry.register(pagerDutyActionType);
export function registerBuiltInActionTypes(
actionTypeRegistry: ActionTypeRegistry,
actionsConfigUtils: ActionsConfigurationUtilities
) {
actionTypeRegistry.register(getServerLogActionType());
actionTypeRegistry.register(getSlackActionType());
actionTypeRegistry.register(getEmailActionType());
actionTypeRegistry.register(getIndexActionType());
actionTypeRegistry.register(getPagerDutyActionType());
actionTypeRegistry.register(getWebhookActionType(actionsConfigUtils));
}
4 changes: 3 additions & 1 deletion x-pack/legacy/plugins/actions/server/builtin_action_types/pagerduty.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ jest.mock('./lib/post_pagerduty', () => ({
}));

import { ActionType, Services, ActionTypeExecutorOptions } from '../types';
import { ActionsConfigurationUtilities } from '../actions_config';
import { ActionTypeRegistry } from '../action_type_registry';
import { taskManagerMock } from '../../../task_manager/task_manager.mock';
import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
Expand All @@ -21,6 +22,7 @@ const postPagerdutyMock = postPagerduty as jest.Mock;

const ACTION_TYPE_ID = '.pagerduty';
const NO_OP_FN = () => {};
const MOCK_KIBANA_CONFIG = { isWhitelistedHostname: () => true } as ActionsConfigurationUtilities;

const services: Services = {
log: NO_OP_FN,
Expand All @@ -46,7 +48,7 @@ beforeAll(() => {
spaceIdToNamespace: jest.fn().mockReturnValue(undefined),
getBasePath: jest.fn().mockReturnValue(undefined),
});
registerBuiltInActionTypes(actionTypeRegistry);
registerBuiltInActionTypes(actionTypeRegistry, MOCK_KIBANA_CONFIG);
actionType = actionTypeRegistry.get(ACTION_TYPE_ID);
});

Expand Down
23 changes: 12 additions & 11 deletions x-pack/legacy/plugins/actions/server/builtin_action_types/pagerduty.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,17 +84,18 @@ function validateParams(paramsObject: any): string | void {
}

// action type definition

export const actionType: ActionType = {
id: '.pagerduty',
name: 'pagerduty',
validate: {
config: ConfigSchema,
secrets: SecretsSchema,
params: ParamsSchema,
},
executor,
};
export function getActionType(): ActionType {
return {
id: '.pagerduty',
name: 'pagerduty',
validate: {
config: ConfigSchema,
secrets: SecretsSchema,
params: ParamsSchema,
},
executor,
};
}

// action executor

Expand Down
4 changes: 3 additions & 1 deletion x-pack/legacy/plugins/actions/server/builtin_action_types/server_log.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
*/

import { ActionType, Services } from '../types';
import { ActionsConfigurationUtilities } from '../actions_config';
import { ActionTypeRegistry } from '../action_type_registry';
import { taskManagerMock } from '../../../task_manager/task_manager.mock';
import { encryptedSavedObjectsMock } from '../../../encrypted_saved_objects/server/plugin.mock';
Expand All @@ -15,6 +16,7 @@ import { registerBuiltInActionTypes } from './index';

const ACTION_TYPE_ID = '.server-log';
const NO_OP_FN = () => {};
const MOCK_KIBANA_CONFIG = { isWhitelistedHostname: () => true } as ActionsConfigurationUtilities;

const services: Services = {
log: NO_OP_FN,
Expand All @@ -39,7 +41,7 @@ beforeAll(() => {
spaceIdToNamespace: jest.fn().mockReturnValue(undefined),
getBasePath: jest.fn().mockReturnValue(undefined),
});
registerBuiltInActionTypes(actionTypeRegistry);
registerBuiltInActionTypes(actionTypeRegistry, MOCK_KIBANA_CONFIG);
});

beforeEach(() => {
Expand Down
19 changes: 10 additions & 9 deletions x-pack/legacy/plugins/actions/server/builtin_action_types/server_log.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,16 @@ const ParamsSchema = schema.object({
});

// action type definition

export const actionType: ActionType = {
id: '.server-log',
name: 'server-log',
validate: {
params: ParamsSchema,
},
executor,
};
export function getActionType(): ActionType {
return {
id: '.server-log',
name: 'server-log',
validate: {
params: ParamsSchema,
},
executor,
};
}

// action executor

Expand Down
9 changes: 3 additions & 6 deletions x-pack/legacy/plugins/actions/server/builtin_action_types/slack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@ const ParamsSchema = schema.object({
// action type definition

// customizing executor is only used for tests
export function getActionType({ executor }: { executor?: ExecutorType } = {}): ActionType {
if (executor == null) executor = slackExecutor;

export function getActionType(
{ executor }: { executor: ExecutorType } = { executor: slackExecutor }
): ActionType {
return {
id: '.slack',
name: 'slack',
Expand All @@ -49,9 +49,6 @@ export function getActionType({ executor }: { executor?: ExecutorType } = {}): A
};
}

// the production executor for this action
export const actionType = getActionType();

// action executor

async function slackExecutor(
Expand Down
Loading