From 5982f1223829f88cba250097bbd08f066ec5f81d Mon Sep 17 00:00:00 2001 From: Alexi Doak <109488926+doakalexi@users.noreply.github.com> Date: Fri, 12 Apr 2024 08:36:27 -0700 Subject: [PATCH] [ResponseOps] Run soon API improvements (#180533) ## Summary This PR moves some code around to make the API reflect how the UI works. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --- .../server/authorization/alerting_authorization.ts | 2 +- .../alerting/server/rules_client/methods/run_soon.ts | 4 ++-- .../feature_privilege_builder/alerting.test.ts | 12 ++++-------- .../privileges/feature_privilege_builder/alerting.ts | 2 +- .../group3/tests/alerting/run_soon.ts | 2 +- 5 files changed, 9 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts index f5bf6ee049fbf..aefbdb85f7e06 100644 --- a/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts +++ b/x-pack/plugins/alerting/server/authorization/alerting_authorization.ts @@ -34,7 +34,6 @@ export enum ReadOperations { GetActionErrorLog = 'getActionErrorLog', Find = 'find', GetAuthorizedAlertsIndices = 'getAuthorizedAlertsIndices', - RunSoon = 'runSoon', GetRuleExecutionKPI = 'getRuleExecutionKPI', } @@ -55,6 +54,7 @@ export enum WriteOperations { BulkEnable = 'bulkEnable', BulkDisable = 'bulkDisable', Unsnooze = 'unsnooze', + RunSoon = 'runSoon', } export interface EnsureAuthorizedOpts { diff --git a/x-pack/plugins/alerting/server/rules_client/methods/run_soon.ts b/x-pack/plugins/alerting/server/rules_client/methods/run_soon.ts index 8f2d605f500dc..9fbfd94c8deaa 100644 --- a/x-pack/plugins/alerting/server/rules_client/methods/run_soon.ts +++ b/x-pack/plugins/alerting/server/rules_client/methods/run_soon.ts @@ -8,7 +8,7 @@ import { i18n } from '@kbn/i18n'; import { ConcreteTaskInstance, TaskStatus } from '@kbn/task-manager-plugin/server'; import { Rule } from '../../types'; -import { ReadOperations, AlertingAuthorizationEntity } from '../../authorization'; +import { WriteOperations, AlertingAuthorizationEntity } from '../../authorization'; import { ruleAuditEvent, RuleAuditAction } from '../common/audit_events'; import { RulesClientContext } from '../types'; import { RULE_SAVED_OBJECT_TYPE } from '../../saved_objects'; @@ -22,7 +22,7 @@ export async function runSoon(context: RulesClientContext, { id }: { id: string await context.authorization.ensureAuthorized({ ruleTypeId: attributes.alertTypeId, consumer: attributes.consumer, - operation: ReadOperations.RunSoon, + operation: WriteOperations.RunSoon, entity: AlertingAuthorizationEntity.Rule, }); diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts index cd919f0725a23..3025f4ce60003 100644 --- a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts +++ b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.test.ts @@ -90,7 +90,6 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/getActionErrorLog", "alerting:alert-type/my-feature/rule/find", "alerting:alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:alert-type/my-feature/rule/runSoon", ] `); }); @@ -178,7 +177,6 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/getActionErrorLog", "alerting:alert-type/my-feature/rule/find", "alerting:alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:alert-type/my-feature/rule/runSoon", "alerting:alert-type/my-feature/alert/get", "alerting:alert-type/my-feature/alert/find", "alerting:alert-type/my-feature/alert/getAuthorizedAlertsIndices", @@ -226,7 +224,6 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/getActionErrorLog", "alerting:alert-type/my-feature/rule/find", "alerting:alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:alert-type/my-feature/rule/runSoon", "alerting:alert-type/my-feature/rule/create", "alerting:alert-type/my-feature/rule/delete", "alerting:alert-type/my-feature/rule/update", @@ -243,6 +240,7 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/bulkEnable", "alerting:alert-type/my-feature/rule/bulkDisable", "alerting:alert-type/my-feature/rule/unsnooze", + "alerting:alert-type/my-feature/rule/runSoon", ] `); }); @@ -331,7 +329,6 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/getActionErrorLog", "alerting:alert-type/my-feature/rule/find", "alerting:alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:alert-type/my-feature/rule/runSoon", "alerting:alert-type/my-feature/rule/create", "alerting:alert-type/my-feature/rule/delete", "alerting:alert-type/my-feature/rule/update", @@ -348,6 +345,7 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/bulkEnable", "alerting:alert-type/my-feature/rule/bulkDisable", "alerting:alert-type/my-feature/rule/unsnooze", + "alerting:alert-type/my-feature/rule/runSoon", "alerting:alert-type/my-feature/alert/get", "alerting:alert-type/my-feature/alert/find", "alerting:alert-type/my-feature/alert/getAuthorizedAlertsIndices", @@ -396,7 +394,6 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/getActionErrorLog", "alerting:alert-type/my-feature/rule/find", "alerting:alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:alert-type/my-feature/rule/runSoon", "alerting:alert-type/my-feature/rule/create", "alerting:alert-type/my-feature/rule/delete", "alerting:alert-type/my-feature/rule/update", @@ -413,6 +410,7 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/bulkEnable", "alerting:alert-type/my-feature/rule/bulkDisable", "alerting:alert-type/my-feature/rule/unsnooze", + "alerting:alert-type/my-feature/rule/runSoon", "alerting:readonly-alert-type/my-feature/rule/get", "alerting:readonly-alert-type/my-feature/rule/getRuleState", "alerting:readonly-alert-type/my-feature/rule/getAlertSummary", @@ -420,7 +418,6 @@ describe(`feature_privilege_builder`, () => { "alerting:readonly-alert-type/my-feature/rule/getActionErrorLog", "alerting:readonly-alert-type/my-feature/rule/find", "alerting:readonly-alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:readonly-alert-type/my-feature/rule/runSoon", ] `); }); @@ -513,7 +510,6 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/getActionErrorLog", "alerting:alert-type/my-feature/rule/find", "alerting:alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:alert-type/my-feature/rule/runSoon", "alerting:alert-type/my-feature/rule/create", "alerting:alert-type/my-feature/rule/delete", "alerting:alert-type/my-feature/rule/update", @@ -530,6 +526,7 @@ describe(`feature_privilege_builder`, () => { "alerting:alert-type/my-feature/rule/bulkEnable", "alerting:alert-type/my-feature/rule/bulkDisable", "alerting:alert-type/my-feature/rule/unsnooze", + "alerting:alert-type/my-feature/rule/runSoon", "alerting:readonly-alert-type/my-feature/rule/get", "alerting:readonly-alert-type/my-feature/rule/getRuleState", "alerting:readonly-alert-type/my-feature/rule/getAlertSummary", @@ -537,7 +534,6 @@ describe(`feature_privilege_builder`, () => { "alerting:readonly-alert-type/my-feature/rule/getActionErrorLog", "alerting:readonly-alert-type/my-feature/rule/find", "alerting:readonly-alert-type/my-feature/rule/getRuleExecutionKPI", - "alerting:readonly-alert-type/my-feature/rule/runSoon", "alerting:another-alert-type/my-feature/alert/get", "alerting:another-alert-type/my-feature/alert/find", "alerting:another-alert-type/my-feature/alert/getAuthorizedAlertsIndices", diff --git a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts index 871b1cfee169e..4c1df64e18df2 100644 --- a/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts +++ b/x-pack/plugins/security/server/authorization/privileges/feature_privilege_builder/alerting.ts @@ -25,7 +25,6 @@ const readOperations: Record = { 'getActionErrorLog', 'find', 'getRuleExecutionKPI', - 'runSoon', ], alert: ['get', 'find', 'getAuthorizedAlertsIndices', 'getAlertSummary'], }; @@ -48,6 +47,7 @@ const writeOperations: Record = { 'bulkEnable', 'bulkDisable', 'unsnooze', + 'runSoon', ], alert: ['update'], }; diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/run_soon.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/run_soon.ts index 461d603734d10..8bd2ce09cbbd5 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/run_soon.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/group3/tests/alerting/run_soon.ts @@ -47,6 +47,7 @@ export default function createAlertTests({ getService }: FtrProviderContext) { switch (scenario.id) { case 'no_kibana_privileges at space1': case 'space_1_all at space2': + case 'global_read at space1': expect(response.statusCode).to.eql(403); expect(response.body).to.eql({ error: 'Forbidden', @@ -54,7 +55,6 @@ export default function createAlertTests({ getService }: FtrProviderContext) { statusCode: 403, }); break; - case 'global_read at space1': case 'space_1_all_alerts_none_actions at space1': case 'superuser at space1': case 'space_1_all at space1':