From bf8ea61ea9bae0c4ecd0afb19595091bf5dd18e5 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Fri, 22 Sep 2023 15:19:09 -0400 Subject: [PATCH 01/17] add `soc_manager` to ES serverless resources --- packages/kbn-es/src/serverless_resources/operator_users.yml | 2 +- packages/kbn-es/src/serverless_resources/users | 1 + packages/kbn-es/src/serverless_resources/users_roles | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/kbn-es/src/serverless_resources/operator_users.yml b/packages/kbn-es/src/serverless_resources/operator_users.yml index 859226f258ebf..9040596005236 100644 --- a/packages/kbn-es/src/serverless_resources/operator_users.yml +++ b/packages/kbn-es/src/serverless_resources/operator_users.yml @@ -1,5 +1,5 @@ operator: - - usernames: ["elastic_serverless", "system_indices_superuser"] + - usernames: ["elastic_serverless", "system_indices_superuser", "soc_manager"] realm_type: "file" auth_type: "realm" - usernames: [ "elastic/kibana" ] diff --git a/packages/kbn-es/src/serverless_resources/users b/packages/kbn-es/src/serverless_resources/users index add4b7325c23d..01d8d2e82a372 100644 --- a/packages/kbn-es/src/serverless_resources/users +++ b/packages/kbn-es/src/serverless_resources/users @@ -1,2 +1,3 @@ elastic_serverless:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW system_indices_superuser:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +soc_manager:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW diff --git a/packages/kbn-es/src/serverless_resources/users_roles b/packages/kbn-es/src/serverless_resources/users_roles index aa42046898601..3e84bd5799228 100644 --- a/packages/kbn-es/src/serverless_resources/users_roles +++ b/packages/kbn-es/src/serverless_resources/users_roles @@ -1,2 +1,3 @@ superuser:elastic_serverless system_indices_superuser:system_indices_superuser +soc_manager:soc_manager From 246d64c2ad921fd42fd19a2998a916715a86cdc9 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Mon, 25 Sep 2023 16:23:45 -0400 Subject: [PATCH 02/17] Update serverless CLI command to support `--resources` argument --- .../kbn-es/src/cli_commands/serverless.ts | 15 ++++++-- packages/kbn-es/src/utils/docker.ts | 34 +++++++++++++++++-- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/packages/kbn-es/src/cli_commands/serverless.ts b/packages/kbn-es/src/cli_commands/serverless.ts index 7ee4f08fb94fe..c07f2c5a8582b 100644 --- a/packages/kbn-es/src/cli_commands/serverless.ts +++ b/packages/kbn-es/src/cli_commands/serverless.ts @@ -11,6 +11,8 @@ import getopts from 'getopts'; import { ToolingLog } from '@kbn/tooling-log'; import { getTimeReporter } from '@kbn/ci-stats-reporter'; +import { basename } from 'path'; +import { SERVERLESS_RESOURCES_PATHS } from '../paths'; import { Cluster } from '../cluster'; import { SERVERLESS_REPO, @@ -30,7 +32,7 @@ export const serverless: Command = { --tag Image tag of ES serverless to run from ${SERVERLESS_REPO} [default: ${SERVERLESS_TAG}] --image Full path of ES serverless image to run, has precedence over tag. [default: ${SERVERLESS_IMG}] - + --background Start ES serverless without attaching to the first node's logs --basePath Path to the directory where the ES cluster will store data --clean Remove existing file system object store before running @@ -39,7 +41,14 @@ export const serverless: Command = { --ssl Enable HTTP SSL on the ES cluster --skipTeardown If this process exits, leave the ES cluster running in the background --waitForReady Wait for the ES cluster to be ready to serve requests - + --resources Overrides resources under ES 'config/' directory, which are by default + mounted from 'packages/kbn-es/src/serverless_resources/users'. Value should + be a file path. This option can be used multiple times. + The following files can be overwritten: + ${SERVERLESS_RESOURCES_PATHS.map((filePath) => basename(filePath)).join( + ' | ' + )} + -E Additional key=value settings to pass to ES -F Absolute paths for files to mount into containers @@ -65,7 +74,7 @@ export const serverless: Command = { files: 'F', }, - string: ['tag', 'image', 'basePath'], + string: ['tag', 'image', 'basePath', 'resources'], boolean: ['clean', 'ssl', 'kill', 'background', 'skipTeardown', 'waitForReady'], default: defaults, diff --git a/packages/kbn-es/src/utils/docker.ts b/packages/kbn-es/src/utils/docker.ts index 00a1d7ce9dc54..ff7bc02e19b29 100644 --- a/packages/kbn-es/src/utils/docker.ts +++ b/packages/kbn-es/src/utils/docker.ts @@ -63,6 +63,11 @@ export interface ServerlessOptions extends EsClusterExecOptions, BaseOptions { background?: boolean; /** Wait for the ES cluster to be ready to serve requests */ waitForReady?: boolean; + /** + * Resource file(s) to overwrite + * (see list of files that can be overwritten under `packages/kbn-es/src/serverless_resources/users`) + */ + resources?: string | string[]; } interface ServerlessEsNodeArgs { @@ -461,7 +466,7 @@ export function getDockerFileMountPath(hostPath: string) { * Setup local volumes for Serverless ES */ export async function setupServerlessVolumes(log: ToolingLog, options: ServerlessOptions) { - const { basePath, clean, ssl, files } = options; + const { basePath, clean, ssl, files, resources } = options; const objectStorePath = resolve(basePath, 'stateless'); log.info(chalk.bold(`Checking for local serverless ES object store at ${objectStorePath}`)); @@ -500,12 +505,37 @@ export async function setupServerlessVolumes(log: ToolingLog, options: Serverles volumeCmds.push(...fileCmds); } + const resourceFileOverrides: Record = resources + ? (Array.isArray(resources) ? resources : [resources]).reduce((acc, filePath) => { + acc[basename(filePath)] = resolve(process.cwd(), filePath); + return acc; + }, {} as Record) + : {}; + const serverlessResources = SERVERLESS_RESOURCES_PATHS.reduce((acc, path) => { - acc.push('--volume', `${path}:${SERVERLESS_CONFIG_PATH}${basename(path)}`); + const fileName = basename(path); + let localFilePath = path; + + if (resourceFileOverrides[fileName]) { + localFilePath = resourceFileOverrides[fileName]; + delete resourceFileOverrides[fileName]; + } + + acc.push('--volume', `${localFilePath}:${SERVERLESS_CONFIG_PATH}${fileName}`); return acc; }, []); + if (Object.keys(resourceFileOverrides).length > 0) { + throw new Error( + `Unsupported ES serverless --resources values:\n ${Object.values(resourceFileOverrides).join( + ' \n' + )}\n\nValid resources: ${SERVERLESS_RESOURCES_PATHS.map((filePath) => + basename(filePath) + ).join(' | ')}` + ); + } + volumeCmds.push( ...getESp12Volume(), ...serverlessResources, From bbe498a05575261d5551b8923eac26811b384d62 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Mon, 25 Sep 2023 16:45:02 -0400 Subject: [PATCH 03/17] add list of security solution ES serverless resources --- .../es_serverless_resources/README.md | 28 + .../es_serverless_resources/roles.yml | 571 ++++++++++++++++++ .../serverless/es_serverless_resources/users | 13 + .../es_serverless_resources/users_roles | 13 + .../common/roles_users/serverless/index.ts | 14 + 5 files changed, 639 insertions(+) create mode 100644 x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md create mode 100644 x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml create mode 100644 x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users create mode 100644 x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users_roles create mode 100644 x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md new file mode 100644 index 0000000000000..1e48cc38ed0ee --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md @@ -0,0 +1,28 @@ +# Security Solution Serverless Resources + +Directory contains ES serverless resources that can be used to override the defaults that are loaded when ES is started in serverless mode. For more information on how these are used [packages/kbn-es/src/serverless_resources/README.md](https://github.com/elastic/kibana/blob/main/packages/kbn-es/src/serverless_resources/README.md) + +## Usage + +```shell +yarn es serverless --resources=./roles.yml --resources=./users --resources=./users_roles +``` + +## Files + +### `roles.yml` + +The list of Roles that are loaded into security serverless projects. The values in this file should match those in the [project controller](https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml) and should remain in sync. + +### `users` + +List of users that are loaded into ES for serverless. This file currently includes a user for each of the Security Project roles (same name as the role). All users in this file have their password set to `changeme` + +Format: `user:encrypted_password` + +### `users_roles` + +A map of role names (should match those define in the `roles.yml`) to list of users (values found in the `users` file). All Security serverless roles are listed in this file along with one user by the same name. + +Format: `role_name:username,username,username` + diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml new file mode 100644 index 0000000000000..005f6e968ffc4 --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml @@ -0,0 +1,571 @@ +--- +#-------------------------------------------------------------------------------------------------- +# +# FILE SOURCE AT: +# https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml +# +# !!!! IMPORTANT !!!! DO NOT MAKE CHANGES TO THIS FILE, UNLESS THOSE CHANGES +# HAVE ALSO BEEN MADE TO PROJECT CONTROLLER (path above) +# +#-------------------------------------------------------------------------------------------------- + +viewer: + cluster: [] + indices: + - names: + - "/~(([.]|ilm-history-).*)/" + privileges: + - "read" + - "view_index_metadata" + allow_restricted_indices: false + - names: + - ".siem-signals*" + - ".lists-*" + - ".items-*" + privileges: + - "read" + - "view_index_metadata" + allow_restricted_indices: false + - names: + - ".alerts*" + - ".preview.alerts*" + privileges: + - "read" + - "view_index_metadata" + allow_restricted_indices: false + applications: + - application: "kibana-.kibana" + privileges: + - "read" + resources: + - "*" + run_as: [] +editor: + cluster: [] + indices: + - names: + - "/~(([.]|ilm-history-).*)/" + privileges: + - "read" + - "view_index_metadata" + allow_restricted_indices: false + - names: + - "observability-annotations" + privileges: + - "read" + - "view_index_metadata" + - "write" + allow_restricted_indices: false + - names: + - ".siem-signals*" + - ".lists-*" + - ".items-*" + privileges: + - "read" + - "view_index_metadata" + - "write" + - "maintenance" + allow_restricted_indices: false + - names: + - ".internal.alerts*" + - ".alerts*" + - ".internal.preview.alerts*" + - ".preview.alerts*" + privileges: + - "read" + - "view_index_metadata" + - "write" + - "maintenance" + allow_restricted_indices: false + applications: + - application: "kibana-.kibana" + privileges: + - "all" + resources: + - "*" + run_as: [] + +t1_analyst: + cluster: + indices: + - names: + - ".alerts-security*" + - ".siem-signals-*" + privileges: + - read + - write + - maintenance + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + - metrics-endpoint.metadata_current_* + - ".fleet-agents*" + - ".fleet-actions*" + privileges: + - read + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.read + - feature_siem.read + - feature_siem.read_alerts + - feature_siem.endpoint_list_read + - feature_securitySolutionCases.read + - feature_actions.read + - feature_builtInAlerts.read + - feature_osquery.read + - feature_osquery.run_saved_queries + resources: "*" + +t2_analyst: + cluster: + indices: + - names: + - .alerts-security* + - .siem-signals-* + privileges: + - read + - write + - maintenance + - names: + - .lists* + - .items* + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.read + - feature_siem.read + - feature_siem.read_alerts + - feature_siem.endpoint_list_read + - feature_securitySolutionCases.all + - feature_actions.read + - feature_builtInAlerts.read + - feature_osquery.read + - feature_osquery.run_saved_queries + resources: "*" + +t3_analyst: + cluster: + indices: + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + privileges: + - read + - write + - names: + - .alerts-security* + - .siem-signals-* + privileges: + - read + - write + - names: + - .lists* + - .items* + privileges: + - read + - write + - names: + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.read + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.crud_alerts + - feature_siem.endpoint_list_all + - feature_siem.trusted_applications_all + - feature_siem.event_filters_all + - feature_siem.host_isolation_exceptions_all + - feature_siem.blocklist_all + - feature_siem.policy_management_read # Elastic Defend Policy Management + - feature_siem.host_isolation_all + - feature_siem.process_operations_all + - feature_siem.actions_log_management_all # Response actions history + - feature_siem.file_operations_all + - feature_securitySolutionCases.all + - feature_actions.read + - feature_builtInAlerts.all + - feature_osquery.all + resources: "*" + +threat_intelligence_analyst: + cluster: + indices: + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - .lists* + - .items* + - packetbeat-* + - winlogbeat-* + privileges: + - read + - names: + - .alerts-security* + - .siem-signals-* + privileges: + - read + - write + - maintenance + - names: + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.read + - feature_siem.read + - feature_siem.read_alerts + - feature_siem.endpoint_list_read + - feature_siem.blocklist_all + - feature_securitySolutionCases.all + - feature_actions.read + - feature_builtInAlerts.read + - feature_osquery.all + resources: "*" + +rule_author: + cluster: + indices: + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + privileges: + - read + - write + - names: + - .alerts-security* + - .siem-signals-* + - .internal.preview.alerts-security* + - .preview.alerts-security* + privileges: + - read + - write + - maintenance + - view_index_metadata + - names: + - .lists* + - .items* + privileges: + - read + - write + - names: + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.read + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.crud_alerts + - feature_siem.policy_management_all + - feature_siem.endpoint_list_all + - feature_siem.trusted_applications_all + - feature_siem.event_filters_all + - feature_siem.host_isolation_exceptions_read + - feature_siem.blocklist_all # Elastic Defend Policy Management + - feature_siem.actions_log_management_read + - feature_securitySolutionCases.all + - feature_actions.read + - feature_builtInAlerts.all + - feature_osquery.all + resources: "*" + +soc_manager: + cluster: + indices: + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + privileges: + - read + - write + - names: + - .alerts-security* + - .siem-signals-* + - .preview.alerts-security* + - .internal.preview.alerts-security* + privileges: + - read + - write + - manage + - names: + - .lists* + - .items* + privileges: + - read + - write + - names: + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.read + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.crud_alerts + - feature_siem.policy_management_all + - feature_siem.endpoint_list_all + - feature_siem.trusted_applications_all + - feature_siem.event_filters_all + - feature_siem.host_isolation_exceptions_all + - feature_siem.blocklist_all + - feature_siem.host_isolation_all + - feature_siem.process_operations_all + - feature_siem.actions_log_management_all + - feature_siem.file_operations_all + - feature_siem.execute_operations_all + - feature_securitySolutionCases.all + - feature_actions.all + - feature_builtInAlerts.all + - feature_osquery.all + resources: "*" + +detections_admin: + cluster: + indices: + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + - .lists* + - .items* + - .alerts-security* + - .siem-signals-* + - .preview.alerts-security* + - .internal.preview.alerts-security* + privileges: + - read + - write + - manage + - names: + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.all + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.crud_alerts + - feature_securitySolutionCases.all + - feature_actions.all + - feature_builtInAlerts.all + - feature_dev_tools.all + resources: "*" + +platform_engineer: + cluster: + - manage + indices: + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + - .lists* + - .items* + - .alerts-security* + - .siem-signals-* + - .preview.alerts-security* + - .internal.preview.alerts-security* + privileges: + - all + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.all + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.crud_alerts + - feature_siem.policy_management_all + - feature_siem.endpoint_list_all + - feature_siem.trusted_applications_all + - feature_siem.event_filters_all + - feature_siem.host_isolation_exceptions_all + - feature_siem.blocklist_all # Elastic Defend Policy Management + - feature_siem.actions_log_management_read + - feature_securitySolutionCases.all + - feature_actions.all + - feature_builtInAlerts.all + - feature_fleet.all + - feature_fleetv2.all + - feature_osquery.all + resources: "*" + +endpoint_operations_analyst: + cluster: + indices: + - names: + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + - .lists* + - .items* + privileges: + - read + - names: + - .alerts-security* + - .siem-signals-* + - .preview.alerts-security* + - .internal.preview.alerts-security* + privileges: + - read + - write + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.read + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.policy_management_all + - feature_siem.endpoint_list_all + - feature_siem.trusted_applications_all + - feature_siem.event_filters_all + - feature_siem.host_isolation_exceptions_all + - feature_siem.blocklist_all + - feature_siem.host_isolation_all + - feature_siem.process_operations_all + - feature_siem.actions_log_management_all # Response History + - feature_siem.file_operations_all + - feature_siem.execute_operations_all # Execute + - feature_securitySolutionCases.all + - feature_actions.all + - feature_builtInAlerts.all + - feature_osquery.all + - feature_fleet.all + - feature_fleetv2.all + resources: "*" + +endpoint_policy_manager: + cluster: + indices: + - names: + - metrics-endpoint.metadata_current_* + - .fleet-agents* + - .fleet-actions* + privileges: + - read + - names: + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + - .lists* + - .items* + privileges: + - read + - names: + - .alerts-security* + - .siem-signals-* + - .preview.alerts-security* + - .internal.preview.alerts-security* + privileges: + - read + - write + - manage + applications: + - application: "kibana-.kibana" + privileges: + - feature_ml.all + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.crud_alerts + - feature_siem.policy_management_all + - feature_siem.endpoint_list_all + - feature_siem.trusted_applications_all + - feature_siem.event_filters_all + - feature_siem.host_isolation_exceptions_all + - feature_siem.blocklist_all # Elastic Defend Policy Management + - feature_securitySolutionCases.all + - feature_actions.all + - feature_builtInAlerts.all + - feature_osquery.all + - feature_fleet.all + - feature_fleetv2.all + resources: "*" diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users new file mode 100644 index 0000000000000..f15735954f759 --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users @@ -0,0 +1,13 @@ +elastic_serverless:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +system_indices_superuser:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +t1_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +t2_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +t3_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +threat_intelligence_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +rule_author:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +soc_manager:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +detections_admin:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +platform_engineer:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +endpoint_operations_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +endpoint_policy_manager:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW +reader:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users_roles b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users_roles new file mode 100644 index 0000000000000..d1bbf7bb660a8 --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users_roles @@ -0,0 +1,13 @@ +superuser:elastic_serverless +system_indices_superuser:system_indices_superuser +t1_analyst:t1_analyst +t2_analyst:t2_analyst +t3_analyst:t3_analyst +threat_intelligence_analyst:threat_intelligence_analyst +rule_author:rule_author +soc_manager:soc_manager +detections_admin:detections_admin +platform_engineer:platform_engineer +endpoint_operations_analyst:endpoint_operations_analyst +endpoint_policy_manager:endpoint_policy_manager +reader:reader diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts new file mode 100644 index 0000000000000..9167005b4a357 --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { resolve } from 'path'; + +export const ES_RESOURCES = Object.freeze({ + roles: resolve('./roles.yml'), + users: resolve('./users'), + users_roles: resolve('./users_roles'), +}); From 2e49a090acb240d676ea2bccb35f6fd7794faf68 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Mon, 25 Sep 2023 18:00:24 -0400 Subject: [PATCH 04/17] add security solution script to start ES in serverless with users/roles --- .../scripts/endpoint/es_serverless/index.ts | 39 +++++++++++++++++++ ...start_es_serverless_with_security_users.js | 9 +++++ 2 files changed, 48 insertions(+) create mode 100644 x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts create mode 100644 x-pack/plugins/security_solution/scripts/endpoint/start_es_serverless_with_security_users.js diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts new file mode 100644 index 0000000000000..1716d6c85bcb4 --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { run, type RunContext } from '@kbn/dev-cli-runner'; +import { run as runEs } from '@kbn/es'; +import { cyan } from 'chalk'; +import { ES_RESOURCES } from '../common/roles_users/serverless'; + +export const cli = async () => { + return run( + async (cliContext: RunContext) => { + if (!process.argv.includes('serverless')) { + process.argv.splice(2, 1, 'serverless', process.argv[2]); + } + + return runEs({ + resources: Object.values(ES_RESOURCES), + }); + }, + { + description: `ES serverless start script for Security project. +This is a bypass utility that calls ${cyan('yarn es serverless')} along with some default options +that will enable users and roles to be loaded into ES. +`, + flags: { + allowUnexpected: true, + help: ` +Any option supported by ${cyan('yarn es')} can also be used with this utility. + +For more on ${cyan('yarn es')} usage, enter: ${cyan('yarn es --help')} +`, + }, + } + ); +}; diff --git a/x-pack/plugins/security_solution/scripts/endpoint/start_es_serverless_with_security_users.js b/x-pack/plugins/security_solution/scripts/endpoint/start_es_serverless_with_security_users.js new file mode 100644 index 0000000000000..14169bc43ed08 --- /dev/null +++ b/x-pack/plugins/security_solution/scripts/endpoint/start_es_serverless_with_security_users.js @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +require('../../../../../src/setup_node_env'); +require('./es_serverless').cli(); From b816b1cc1540a4275b9b423d83d887c14d529763 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 09:39:52 -0400 Subject: [PATCH 05/17] Fix resources file paths --- packages/kbn-es/src/utils/docker.ts | 6 +++--- .../endpoint/common/roles_users/serverless/index.ts | 10 ++++++---- .../scripts/endpoint/es_serverless/index.ts | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/packages/kbn-es/src/utils/docker.ts b/packages/kbn-es/src/utils/docker.ts index ff7bc02e19b29..12726e888b3b5 100644 --- a/packages/kbn-es/src/utils/docker.ts +++ b/packages/kbn-es/src/utils/docker.ts @@ -528,9 +528,9 @@ export async function setupServerlessVolumes(log: ToolingLog, options: Serverles if (Object.keys(resourceFileOverrides).length > 0) { throw new Error( - `Unsupported ES serverless --resources values:\n ${Object.values(resourceFileOverrides).join( - ' \n' - )}\n\nValid resources: ${SERVERLESS_RESOURCES_PATHS.map((filePath) => + `Unsupported ES serverless --resources value(s):\n ${Object.values( + resourceFileOverrides + ).join(' \n')}\n\nValid resources: ${SERVERLESS_RESOURCES_PATHS.map((filePath) => basename(filePath) ).join(' | ')}` ); diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts index 9167005b4a357..627c863374655 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts @@ -5,10 +5,12 @@ * 2.0. */ -import { resolve } from 'path'; +import { resolve, join } from 'path'; + +const ES_RESOURCES_DIR = resolve(__dirname, 'es_serverless_resources'); export const ES_RESOURCES = Object.freeze({ - roles: resolve('./roles.yml'), - users: resolve('./users'), - users_roles: resolve('./users_roles'), + roles: join(ES_RESOURCES_DIR, 'roles.yml'), + users: join(ES_RESOURCES_DIR, 'users'), + users_roles: join(ES_RESOURCES_DIR, 'users_roles'), }); diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index 1716d6c85bcb4..09b812985ab51 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -14,7 +14,7 @@ export const cli = async () => { return run( async (cliContext: RunContext) => { if (!process.argv.includes('serverless')) { - process.argv.splice(2, 1, 'serverless', process.argv[2]); + process.argv.splice(2, 1, 'serverless', process.argv[2] ?? ''); } return runEs({ From 1d971cd8c9be4cb80bb76e3032300f8cd57dab61 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 10:14:28 -0400 Subject: [PATCH 06/17] fix es serverless script --- .../scripts/endpoint/es_serverless/index.ts | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index 09b812985ab51..ff5a0a37ccbfb 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -6,19 +6,29 @@ */ import { run, type RunContext } from '@kbn/dev-cli-runner'; -import { run as runEs } from '@kbn/es'; import { cyan } from 'chalk'; +import execa from 'execa'; +import { REPO_ROOT } from '@kbn/repo-info'; +import { join } from 'path'; import { ES_RESOURCES } from '../common/roles_users/serverless'; export const cli = async () => { return run( async (cliContext: RunContext) => { - if (!process.argv.includes('serverless')) { - process.argv.splice(2, 1, 'serverless', process.argv[2] ?? ''); + const callingArgs = process.argv.slice(2); + + if (!callingArgs.includes('serverless')) { + callingArgs.unshift('serverless'); } - return runEs({ - resources: Object.values(ES_RESOURCES), + const additionalArgs: string[] = Object.values(ES_RESOURCES).reduce((acc, resourcePath) => { + acc.push('--resources', resourcePath); + return acc; + }, [] as string[]); + + await execa.node(join(REPO_ROOT, 'scripts', 'es'), [...callingArgs, ...additionalArgs], { + stderr: 'inherit', + stdout: 'inherit', }); }, { From c27b914d6afe5e64793ef423ca02d1239aca70b1 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 11:09:40 -0400 Subject: [PATCH 07/17] additional improvements to the es start script --- .../scripts/endpoint/es_serverless/index.ts | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index ff5a0a37ccbfb..2faf1b2694795 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -6,7 +6,7 @@ */ import { run, type RunContext } from '@kbn/dev-cli-runner'; -import { cyan } from 'chalk'; +import { cyan, gray } from 'chalk'; import execa from 'execa'; import { REPO_ROOT } from '@kbn/repo-info'; import { join } from 'path'; @@ -15,18 +15,23 @@ import { ES_RESOURCES } from '../common/roles_users/serverless'; export const cli = async () => { return run( async (cliContext: RunContext) => { + const exeScript = join(REPO_ROOT, 'scripts', 'es'); const callingArgs = process.argv.slice(2); if (!callingArgs.includes('serverless')) { callingArgs.unshift('serverless'); } - const additionalArgs: string[] = Object.values(ES_RESOURCES).reduce((acc, resourcePath) => { - acc.push('--resources', resourcePath); - return acc; - }, [] as string[]); + callingArgs.push( + ...Object.values(ES_RESOURCES).reduce((acc, resourcePath) => { + acc.push('--resources', resourcePath); + return acc; + }, [] as string[]) + ); - await execa.node(join(REPO_ROOT, 'scripts', 'es'), [...callingArgs, ...additionalArgs], { + cliContext.log.info(gray(`node ${exeScript} ${callingArgs.join(' ')}`)); + + await execa.node(exeScript, callingArgs, { stderr: 'inherit', stdout: 'inherit', }); From 31d00c557f4b950bcffcbc7c360ca8e66bfed79b Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 11:23:14 -0400 Subject: [PATCH 08/17] Updates to the README file for security solution es serverless resources --- .../es_serverless_resources/README.md | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md index 1e48cc38ed0ee..28d4410f2341d 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md @@ -2,12 +2,32 @@ Directory contains ES serverless resources that can be used to override the defaults that are loaded when ES is started in serverless mode. For more information on how these are used [packages/kbn-es/src/serverless_resources/README.md](https://github.com/elastic/kibana/blob/main/packages/kbn-es/src/serverless_resources/README.md) +> **ℹ️ NOTE** +> +> The files referenced via `--resources` argument will be bound and mounted to the ES docker containers that are running ES. This means that any changes to the files done on the host machine will be automatically (after a delay - 5s by default) picked up by Elasticsearch and applied to the ES docker nodes. + ## Usage +Example executed from the root directory of Kibana: + ```shell -yarn es serverless --resources=./roles.yml --resources=./users --resources=./users_roles +yarn es serverless \ +--clean \ +--teardown \ +--kill \ +-E xpack.security.authc.api_key.enabled=true \ +-E http.host=0.0.0.0 \ +--resources=./x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml \ +--resources=./x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users \ +--resources=./x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users_roles ``` +> **💡️TIP** +> +> If needing to make custom changes to any of the ES resources for personal dev. purposes, copy the files located in this folder to your own local directly, make changes there and then use those file paths when starting ES + + + ## Files ### `roles.yml` From 0ccbb7be3efed719c6f01a132d86202a44b03a9a Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 11:34:08 -0400 Subject: [PATCH 09/17] updated README file --- packages/kbn-es/src/cli_commands/serverless.ts | 6 +++--- .../kbn-es/src/serverless_resources/README.md | 15 +++++++++++++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/packages/kbn-es/src/cli_commands/serverless.ts b/packages/kbn-es/src/cli_commands/serverless.ts index 93b346f32888d..03cda2646224a 100644 --- a/packages/kbn-es/src/cli_commands/serverless.ts +++ b/packages/kbn-es/src/cli_commands/serverless.ts @@ -39,10 +39,10 @@ export const serverless: Command = { --ssl Enable HTTP SSL on the ES cluster --skipTeardown If this process exits, leave the ES cluster running in the background --waitForReady Wait for the ES cluster to be ready to serve requests ---resources Overrides resources under ES 'config/' directory, which are by default + --resources Overrides resources under ES 'config/' directory, which are by default mounted from 'packages/kbn-es/src/serverless_resources/users'. Value should - be a file path. This option can be used multiple times. - The following files can be overwritten: + be a valid file path (relative or absolute). This option can be used multiple + times if needing to override multiple files. The following files can be overwritten: ${SERVERLESS_RESOURCES_PATHS.map((filePath) => basename(filePath)).join( ' | ' )} diff --git a/packages/kbn-es/src/serverless_resources/README.md b/packages/kbn-es/src/serverless_resources/README.md index d1ae204117075..82577579503dc 100644 --- a/packages/kbn-es/src/serverless_resources/README.md +++ b/packages/kbn-es/src/serverless_resources/README.md @@ -14,7 +14,7 @@ password: changeme ### Adding users -1. Add the user:encrypted_password to `users` file. The encrypted password for `elastic_serverless` is `changeme` if you want to reuse the value. +1. Add the `user:encrypted_password` to `users` file. The encrypted password for `elastic_serverless` is `changeme` if you want to reuse the value. 1. Set the new user's roles in `users_roles` file. 1. Add the username to `operator_users.yml` in the array for file realm users. @@ -46,4 +46,15 @@ If a node is configured to use this `service_tokens` file, then you can authenti curl -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1kZXY6VVVVVVVVTEstKiBaNA" http://localhost:9200/_security/_authenticate ``` -The name of the token (`kibana-dev`) is important because the `operator_users.yml` file designates that token as an operator and allows us to seed a serverless cluster with this token. \ No newline at end of file +The name of the token (`kibana-dev`) is important because the `operator_users.yml` file designates that token as an operator and allows us to seed a serverless cluster with this token. + + +## Overriding resources + +The files found in this directory can be overwritten with customized versions by using the `--resources` option of the `yarn es serverless` command. +Assuming a customized `users` and `users_roles` are located in `/tmp/my_es/` directory and executing the below command from the root of Kibana, here is an example: + +```shell +yarn es serverless --resources=/tmp/my_es/users --resources=/tmp/my_es/users_roles +``` + From 3822817decee27e36c98377e08679ca4533cb67d Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 12:04:14 -0400 Subject: [PATCH 10/17] add tests for to validate use of `--resources` in `setupServerlessVolumes()` --- packages/kbn-es/src/utils/docker.test.ts | 29 ++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/packages/kbn-es/src/utils/docker.test.ts b/packages/kbn-es/src/utils/docker.test.ts index 08edc2a17521d..a45d57c7fe90a 100644 --- a/packages/kbn-es/src/utils/docker.test.ts +++ b/packages/kbn-es/src/utils/docker.test.ts @@ -445,6 +445,35 @@ describe('setupServerlessVolumes()', () => { expect(volumeCmd).toHaveLength(20); expect(pathsNotIncludedInCmd).toEqual([]); }); + + test('should use resource overrides', async () => { + mockFs(existingObjectStore); + const volumeCmd = await setupServerlessVolumes(log, { + basePath: baseEsPath, + resources: ['./relative/path/users', '/absolute/path/users_roles'], + }); + + expect(volumeCmd).toContain( + '/absolute/path/users_roles:/usr/share/elasticsearch/config/users_roles' + ); + expect(volumeCmd).toContain( + `${process.cwd()}/relative/path/users:/usr/share/elasticsearch/config/users` + ); + }); + + test('should throw if an unknown resource override is used', async () => { + mockFs(existingObjectStore); + + await expect(async () => { + await setupServerlessVolumes(log, { + basePath: baseEsPath, + resources: ['/absolute/path/invalid'], + }); + }).rejects.toThrow( + 'Unsupported ES serverless --resources value(s):\n /absolute/path/invalid\n\n' + + 'Valid resources: operator_users.yml | role_mapping.yml | roles.yml | service_tokens | users | users_roles' + ); + }); }); describe('runServerlessEsNode()', () => { From 64be34cee1730e219258333db67745ae6f38b47d Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 12:50:01 -0400 Subject: [PATCH 11/17] add available users for login to script output --- packages/kbn-es/src/cli_commands/serverless.ts | 1 + .../common/roles_users/serverless/index.ts | 9 +++++++++ .../scripts/endpoint/es_serverless/index.ts | 18 +++++++++++++++++- 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/packages/kbn-es/src/cli_commands/serverless.ts b/packages/kbn-es/src/cli_commands/serverless.ts index 03cda2646224a..dcf8f1607f188 100644 --- a/packages/kbn-es/src/cli_commands/serverless.ts +++ b/packages/kbn-es/src/cli_commands/serverless.ts @@ -46,6 +46,7 @@ export const serverless: Command = { ${SERVERLESS_RESOURCES_PATHS.map((filePath) => basename(filePath)).join( ' | ' )} + -E Additional key=value settings to pass to ES -F Absolute paths for files to mount into containers diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts index 627c863374655..23a44df2d0808 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts @@ -6,6 +6,7 @@ */ import { resolve, join } from 'path'; +import { readFileSync } from 'fs'; const ES_RESOURCES_DIR = resolve(__dirname, 'es_serverless_resources'); @@ -14,3 +15,11 @@ export const ES_RESOURCES = Object.freeze({ users: join(ES_RESOURCES_DIR, 'users'), users_roles: join(ES_RESOURCES_DIR, 'users_roles'), }); + +export const ES_LOADED_USERS = readFileSync(ES_RESOURCES.users) + .toString() + .split(/\n/) + .filter((v) => !!v) // Ensure no empty strings + .map((userAndPasswordString) => { + return userAndPasswordString.split(':').at(0); + }); diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index 2faf1b2694795..f746dac03bafd 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -10,7 +10,8 @@ import { cyan, gray } from 'chalk'; import execa from 'execa'; import { REPO_ROOT } from '@kbn/repo-info'; import { join } from 'path'; -import { ES_RESOURCES } from '../common/roles_users/serverless'; +import { ColumnLayoutFormatter } from '../common/screen/column_layout_formatter'; +import { ES_LOADED_USERS, ES_RESOURCES } from '../common/roles_users/serverless'; export const cli = async () => { return run( @@ -29,6 +30,21 @@ export const cli = async () => { }, [] as string[]) ); + cliContext.log.info(` +Starting ES with supported Security project roles and users. +User accounts available for login ${gray('(username: password)')}: + +${ + new ColumnLayoutFormatter( + [ + `USERNAME\n------------------\n${ES_LOADED_USERS.join('\n')}`, + `PASSWORD\n------------------\n${ES_LOADED_USERS.map(() => 'changeme').join('\n')}`, + ], + { separator: ' ' } + ).output +} +`); + cliContext.log.info(gray(`node ${exeScript} ${callingArgs.join(' ')}`)); await execa.node(exeScript, callingArgs, { From 8feff006daa76a08ebbe3675e729a6fed9c51266 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 13:13:58 -0400 Subject: [PATCH 12/17] better format of users available on kbn serverless --- .../scripts/endpoint/es_serverless/index.ts | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index f746dac03bafd..e83059e4bd5c4 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -32,19 +32,35 @@ export const cli = async () => { cliContext.log.info(` Starting ES with supported Security project roles and users. -User accounts available for login ${gray('(username: password)')}: +User accounts available for login: +${gray(`(passwords have been set to ${cyan('changeme')})`)} ${ new ColumnLayoutFormatter( [ - `USERNAME\n------------------\n${ES_LOADED_USERS.join('\n')}`, - `PASSWORD\n------------------\n${ES_LOADED_USERS.map(() => 'changeme').join('\n')}`, + ['USERNAME', '-'.repeat(20), ...ES_LOADED_USERS.map((u) => cyan(u))].join('\n'), + + [ + 'USERNAME', + '-'.repeat(20), + ' ', + ' ', + 'Password for all', + 'accounts set', + `to: ${cyan('changeme')}`, + ].join('\n'), ], - { separator: ' ' } + { separator: ' ', widths: [50, 40] } ).output } `); + /* + + USERNAME PASSWORD + ------------------ ------------------ + */ + cliContext.log.info(gray(`node ${exeScript} ${callingArgs.join(' ')}`)); await execa.node(exeScript, callingArgs, { From fb040414356f6856113d399ea697849dfe675e4c Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 13:15:57 -0400 Subject: [PATCH 13/17] remove `--teardown` from example --- .../roles_users/serverless/es_serverless_resources/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md index 28d4410f2341d..d2e519a0aab68 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md @@ -13,7 +13,6 @@ Example executed from the root directory of Kibana: ```shell yarn es serverless \ --clean \ ---teardown \ --kill \ -E xpack.security.authc.api_key.enabled=true \ -E http.host=0.0.0.0 \ From b5d71090251df62faf98f416c49f80741a1faa51 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 13:23:58 -0400 Subject: [PATCH 14/17] remove commented out code --- .../scripts/endpoint/es_serverless/index.ts | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index e83059e4bd5c4..58b08bd220844 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -45,9 +45,9 @@ ${ '-'.repeat(20), ' ', ' ', - 'Password for all', - 'accounts set', - `to: ${cyan('changeme')}`, + gray('Password for all'), + gray('accounts set'), + `${gray('to:')} ${cyan('changeme')}`, ].join('\n'), ], { separator: ' ', widths: [50, 40] } @@ -55,12 +55,6 @@ ${ } `); - /* - - USERNAME PASSWORD - ------------------ ------------------ - */ - cliContext.log.info(gray(`node ${exeScript} ${callingArgs.join(' ')}`)); await execa.node(exeScript, callingArgs, { From 5d50a938ba5963a9e1da6160f2fc191a45d764ca Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 15:35:49 -0400 Subject: [PATCH 15/17] add log when resource is overridden --- packages/kbn-es/src/utils/docker.ts | 1 + .../security_solution/scripts/endpoint/es_serverless/index.ts | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kbn-es/src/utils/docker.ts b/packages/kbn-es/src/utils/docker.ts index 29084aabef8db..f9ce1e2f391ef 100644 --- a/packages/kbn-es/src/utils/docker.ts +++ b/packages/kbn-es/src/utils/docker.ts @@ -527,6 +527,7 @@ export async function setupServerlessVolumes(log: ToolingLog, options: Serverles if (resourceFileOverrides[fileName]) { localFilePath = resourceFileOverrides[fileName]; + log.info(`'${fileName}' resource overridden with: ${localFilePath}`); delete resourceFileOverrides[fileName]; } diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index 58b08bd220844..9713d34dd9650 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -33,7 +33,6 @@ export const cli = async () => { cliContext.log.info(` Starting ES with supported Security project roles and users. User accounts available for login: -${gray(`(passwords have been set to ${cyan('changeme')})`)} ${ new ColumnLayoutFormatter( From 37cfd8fdf69674fbb9fc0b435331655ae4af6ded Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 16:34:20 -0400 Subject: [PATCH 16/17] Correct duplicate word --- .../security_solution/scripts/endpoint/es_serverless/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts index 9713d34dd9650..ddfb128e3e4cb 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts +++ b/x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts @@ -40,7 +40,7 @@ ${ ['USERNAME', '-'.repeat(20), ...ES_LOADED_USERS.map((u) => cyan(u))].join('\n'), [ - 'USERNAME', + 'PASSWORD', '-'.repeat(20), ' ', ' ', From 3fa92824ed3d50bf8e27b953dac91d39593dca61 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Tue, 26 Sep 2023 16:45:17 -0400 Subject: [PATCH 17/17] Fix type issue in markdown editor --- .../components/markdown_editor/plugins/index.ts | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts index ed2c60ea2e961..057703dcee1ac 100644 --- a/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts +++ b/x-pack/plugins/security_solution/public/common/components/markdown_editor/plugins/index.ts @@ -14,16 +14,9 @@ import * as timelineMarkdownPlugin from './timeline'; import * as osqueryMarkdownPlugin from './osquery'; import * as insightMarkdownPlugin from './insight'; -export const { - uiPlugins: nonStatefulUiPlugins, - parsingPlugins, - processingPlugins, -} = { - uiPlugins: getDefaultEuiMarkdownUiPlugins(), - parsingPlugins: getDefaultEuiMarkdownParsingPlugins(), - processingPlugins: getDefaultEuiMarkdownProcessingPlugins(), -}; - +export const nonStatefulUiPlugins = getDefaultEuiMarkdownUiPlugins(); +export const parsingPlugins = getDefaultEuiMarkdownParsingPlugins(); +export const processingPlugins = getDefaultEuiMarkdownProcessingPlugins(); export const platinumOnlyPluginTokens = [insightMarkdownPlugin.insightPrefix]; export const uiPlugins = ({