Skip to content

Commit

Permalink
[SIEM][Detection Engine][Lists] Adds list permissions (elastic#72335)
Browse files Browse the repository at this point in the history
## Summary

* Adds list permissions as a feature control to SIEM.
* Separates the controls between two, one of which is `access:lists-all` and the other is `access:lists-read`
* Grants SIEM the ability to utilize both depending on which feature mode the space is in.
  • Loading branch information
FrankHassanabad committed Jul 20, 2020
1 parent 0f7aa41 commit eea2850
Show file tree
Hide file tree
Showing 35 changed files with 50 additions and 36 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const createEndpointListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ export const createEndpointListRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_URL,
validate: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ export const createExceptionListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const createExceptionListRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const createListIndexRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_INDEX,
validate: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const createListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/create_list_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const createListRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const deleteEndpointListItemRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const deleteExceptionListItemRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const deleteExceptionListRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ export const deleteListIndexRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_INDEX,
validate: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const deleteListItemRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/delete_list_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const deleteListRoute = (router: IRouter): void => {
router.delete(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ export const exportListItemRoute = (router: IRouter): void => {
router.post(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${LIST_ITEM_URL}/_export`,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const findEndpointListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${ENDPOINT_LIST_ITEM_URL}/_find`,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const findExceptionListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${EXCEPTION_LIST_ITEM_URL}/_find`,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const findExceptionListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${EXCEPTION_LIST_URL}/_find`,
validate: {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/find_list_item_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ export const findListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${LIST_ITEM_URL}/_find`,
validate: {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/find_list_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ export const findListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: `${LIST_URL}/_find`,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ export const importListItemRoute = (router: IRouter, config: ConfigType): void =
maxBytes: config.maxImportPayloadBytes,
parse: false,
},
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: `${LIST_ITEM_URL}/_import`,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const patchListItemRoute = (router: IRouter): void => {
router.patch(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/patch_list_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const patchListRoute = (router: IRouter): void => {
router.patch(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const readEndpointListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const readExceptionListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const readExceptionListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: EXCEPTION_LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const readListIndexRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_INDEX,
validate: false,
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/read_list_item_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const readListItemRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_ITEM_URL,
validate: {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/read_list_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const readListRoute = (router: IRouter): void => {
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ export const readPrivilegesRoute = (
router.get(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-read'],
},
path: LIST_PRIVILEGES_URL,
validate: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const updateEndpointListItemRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const updateExceptionListItemRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ export const updateExceptionListRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
validate: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const updateListItemRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
validate: {
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/routes/update_list_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ export const updateListRoute = (router: IRouter): void => {
router.put(
{
options: {
tags: ['access:lists'],
tags: ['access:lists-all'],
},
path: LIST_URL,
validate: {
Expand Down
18 changes: 16 additions & 2 deletions x-pack/plugins/security_solution/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,14 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
all: {
app: [...securitySubPlugins, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'],
api: [
'securitySolution',
'actions-read',
'actions-all',
'alerting-read',
'alerting-all',
'lists-all',
],
savedObject: {
all: [
'alert',
Expand Down Expand Up @@ -195,7 +202,14 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
read: {
app: [...securitySubPlugins, 'kibana'],
catalogue: ['securitySolution'],
api: ['securitySolution', 'actions-read', 'actions-all', 'alerting-read', 'alerting-all'],
api: [
'securitySolution',
'actions-read',
'actions-all',
'alerting-read',
'alerting-all',
'lists-read',
],
savedObject: {
all: ['alert', 'action', 'action_task_params'],
read: [
Expand Down

0 comments on commit eea2850

Please sign in to comment.