[FR] [DAC] Add support for Kibana spaces with names that do not match identifiers #4207
Description
Repository Feature
Detections-as-Code (DaC) - (primarily custom rule management)
Problem Description
When using the Kibana bulk actions API for DaC features with non-default spaces, the API call needs to use the identifier to correctly specify the correct space to push/pull rules from. However, the check to determine whether or not a space exists is done with the name rather than the identifier. Thanks @approksiu for finding this!
def verify_space(self, space):
"""Verify a space is valid."""
spaces = self.get('/api/spaces/space')
space_names = [s['name'] for s in spaces]
if space not in space_names:
raise ValueError(f'Unknown Kibana space: {space}')In this way, if the name of a space gets modified in such a way that does not match the original identifier an authentication error will ensue when trying to push/pull rules from it.
e.g.
Desired Solution
I think we should update the verify_space to verify off of id instead of name. This functions correctly and eliminates the error but may be more confusing as it would change customer workflows to use the identifier instead of name. However, if they are not running into this mismatch error, they would not need to change their workflows as the id and name would be in sync.
Details
def verify_space(self, space):
"""Verify a space is valid."""
spaces = self.get('/api/spaces/space')
space_names = [s['id'] for s in spaces]
if space not in space_names:
raise ValueError(f'Unknown Kibana space: {space}')Considered Alternatives
We may be able to update the API call to use the space name instead of ID as an alternative. However, this is a less than ideal solution given that Kibana supports spaces with duplicate names.
Additional Context
No response