Skip to content

Commit

Permalink
[Osquery] Add default osquery_saved_query objects (#129461)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomsonpl authored May 17, 2022
1 parent 2bab78a commit 05b7308
Show file tree
Hide file tree
Showing 21 changed files with 210 additions and 70 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,7 @@ export const item: GetInfoResponse['item'] = {
csp_rule_template: [],
tag: [],
osquery_pack_asset: [],
osquery_saved_query: [],
},
elasticsearch: {
ingest_pipeline: [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ export const item: GetInfoResponse['item'] = {
lens: [],
ml_module: [],
osquery_pack_asset: [],
osquery_saved_query: [],
security_rule: [],
csp_rule_template: [],
tag: [],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ describe('Fleet - packageToPackagePolicy', () => {
security_rule: [],
tag: [],
osquery_pack_asset: [],
osquery_saved_query: [],
},
elasticsearch: {
ingest_pipeline: [],
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugins/fleet/common/types/models/epm.ts
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ export enum KibanaAssetType {
mlModule = 'ml_module',
tag = 'tag',
osqueryPackAsset = 'osquery_pack_asset',
osquerySavedQuery = 'osquery_saved_query',
}

/*
Expand All @@ -89,6 +90,7 @@ export enum KibanaSavedObjectType {
cloudSecurityPostureRuleTemplate = 'csp-rule-template',
tag = 'tag',
osqueryPackAsset = 'osquery-pack-asset',
osquerySavedQuery = 'osquery-saved-query',
}

export enum ElasticsearchAssetType {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ export const AssetsFacetGroup = ({ width }: Args) => {
ml_module: [],
tag: [],
osquery_pack_asset: [],
osquery_saved_query: [],
},
elasticsearch: {
component_template: [],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,12 @@ export const AssetTitleMap: Record<DisplayedAssetType, string> = {
security_rule: i18n.translate('xpack.fleet.epm.assetTitles.securityRules', {
defaultMessage: 'Security rules',
}),
osquery_pack_asset: i18n.translate('xpack.fleet.epm.assetTitles.osqueryPackAsset', {
osquery_pack_asset: i18n.translate('xpack.fleet.epm.assetTitles.osqueryPackAssets', {
defaultMessage: 'Osquery packs',
}),
osquery_saved_query: i18n.translate('xpack.fleet.epm.assetTitles.osquerySavedQuery', {
defaultMessage: 'Osquery saved queries',
}),
ml_module: i18n.translate('xpack.fleet.epm.assetTitles.mlModules', {
defaultMessage: 'ML modules',
}),
Expand Down Expand Up @@ -102,6 +105,7 @@ export const AssetIcons: Record<KibanaAssetType, IconType> = {
ml_module: 'mlApp',
tag: 'tagApp',
osquery_pack_asset: 'osqueryApp',
osquery_saved_query: 'osqueryApp',
};

export const ServiceIcons: Record<ServiceName, IconType> = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ const KibanaSavedObjectTypeMapping: Record<KibanaAssetType, KibanaSavedObjectTyp
KibanaSavedObjectType.cloudSecurityPostureRuleTemplate,
[KibanaAssetType.tag]: KibanaSavedObjectType.tag,
[KibanaAssetType.osqueryPackAsset]: KibanaSavedObjectType.osqueryPackAsset,
[KibanaAssetType.osquerySavedQuery]: KibanaSavedObjectType.osquerySavedQuery,
};

const AssetFilters: Record<string, (kibanaAssets: ArchiveAsset[]) => ArchiveAsset[]> = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
ml_module: [],
tag: [],
osquery_pack_asset: [],
osquery_saved_query: [],
},
elasticsearch: {
component_template: [],
Expand Down Expand Up @@ -184,6 +185,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
ml_module: [],
tag: [],
osquery_pack_asset: [],
osquery_saved_query: [],
},
elasticsearch: {
component_template: [],
Expand Down Expand Up @@ -278,6 +280,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
ml_module: [],
tag: [],
osquery_pack_asset: [],
osquery_saved_query: [],
},
elasticsearch: {
component_template: [],
Expand Down Expand Up @@ -404,6 +407,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
ml_module: [],
tag: [],
osquery_pack_asset: [],
osquery_saved_query: [],
},
elasticsearch: {
component_template: [],
Expand Down
107 changes: 56 additions & 51 deletions x-pack/plugins/osquery/cypress/integration/all/add_integration.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
* 2.0.
*/

import { FLEET_AGENT_POLICIES, OLD_OSQUERY_MANAGER } from '../../tasks/navigation';
import { FLEET_AGENT_POLICIES, navigateTo, OLD_OSQUERY_MANAGER } from '../../tasks/navigation';
import { addIntegration, closeModalIfVisible } from '../../tasks/integrations';

import { login } from '../../tasks/login';
// import { findAndClickButton, findFormFieldByRowsLabelAndType } from '../../tasks/live_query';
import { findAndClickButton, findFormFieldByRowsLabelAndType } from '../../tasks/live_query';
import { ArchiverMethod, runKbnArchiverScript } from '../../tasks/archiver';
import { DEFAULT_POLICY } from '../../screens/fleet';

Expand Down Expand Up @@ -76,53 +76,58 @@ describe('ALL - Add Integration', () => {
addIntegration();
cy.contains('osquery_manager-');
});
// it('should have integration and packs copied when upgrading integration', () => {
// const packageName = 'osquery_manager';
// const oldVersion = '0.7.4';
// const newVersion = '0.8.1';
//
// cy.visit(`app/integrations/detail/${packageName}-${oldVersion}/overview`);
// cy.contains('Add Osquery Manager').click();
// cy.contains('Save and continue').click();
// cy.contains('Add Elastic Agent later').click();
// cy.contains('Upgrade');
// cy.contains('Default policy').click();
// cy.get('tr')
// .should('contain', 'osquery_manager-2')
// .and('contain', 'Osquery Manager')
// .and('contain', `v${oldVersion}`);
// cy.contains('Actions').click();
// cy.contains('View policy').click();
// cy.contains('name: osquery_manager-2');
// cy.contains(`version: ${oldVersion}`);
// cy.contains('Close').click();
// navigateTo('app/osquery/packs');
// findAndClickButton('Add pack');
// findFormFieldByRowsLabelAndType('Name', 'Integration');
// findFormFieldByRowsLabelAndType('Scheduled agent policies (optional)', '{downArrow} {enter}');
// findAndClickButton('Add query');
// cy.react('EuiComboBox', { props: { placeholder: 'Search for saved queries' } })
// .click()
// .type('{downArrow} {enter}');
// cy.contains(/^Save$/).click();
// cy.contains(/^Save pack$/).click();
// cy.visit('app/fleet/policies');
// cy.contains('Default policy').click();
// cy.contains('Upgrade').click();
// cy.contains(/^Advanced$/).click();
// cy.contains('"Integration":');
// cy.contains(/^Upgrade integration$/).click();
// cy.contains(/^osquery_manager-2$/).click();
// cy.contains(/^Advanced$/).click();
// cy.contains('"Integration":');
// cy.contains('Cancel').click();
// cy.get('tr')
// .should('contain', 'osquery_manager-2')
// .and('contain', 'Osquery Manager')
// .and('contain', `v${newVersion}`);
// cy.contains('Actions').click();
// cy.contains('View policy').click();
// cy.contains('name: osquery_manager-2');
// cy.contains(`version: ${newVersion}`);
// });
it('should have integration and packs copied when upgrading integration', () => {
const packageName = 'osquery_manager';
const oldVersion = '1.2.0';
const newVersion = '1.3.0';

cy.visit(`app/integrations/detail/${packageName}-${oldVersion}/overview`);
cy.contains('Add Osquery Manager').click();
cy.contains('Save and continue').click();
cy.contains('Add Elastic Agent later').click();
cy.contains('Upgrade');
cy.contains('Agent policy 1').click();
cy.get('tr')
.should('contain', 'osquery_manager-2')
.and('contain', 'Osquery Manager')
.and('contain', `v${oldVersion}`);
cy.contains('Actions').click();
cy.contains('View policy').click();
cy.contains('name: osquery_manager-2');
cy.contains(`version: ${oldVersion}`);
cy.contains('Close').click();
navigateTo('app/osquery/packs');
findAndClickButton('Add pack');
findFormFieldByRowsLabelAndType('Name', 'Integration');
findFormFieldByRowsLabelAndType('Scheduled agent policies (optional)', '{downArrow} {enter}');
findAndClickButton('Add query');
cy.react('EuiComboBox', { props: { placeholder: 'Search for saved queries' } })
.click()
.type('{downArrow} {enter}');
cy.contains(/^Save$/).click();
cy.contains(/^Save pack$/).click();
cy.visit('app/fleet/policies');
cy.contains('Agent policy 1').click();
cy.contains('Upgrade').click();
cy.contains(/^Advanced$/).click();
cy.contains('"Integration":');
cy.contains(/^Upgrade integration$/).click();
cy.contains(/^osquery_manager-2$/).click();
cy.contains(/^Advanced$/).click();
cy.contains('"Integration":');
cy.contains('Cancel').click();
cy.get('tr')
.should('contain', 'osquery_manager-2')
.and('contain', 'Osquery Manager')
.and('contain', `v${newVersion}`);
cy.contains('Actions').click();
cy.contains('View policy').click();
cy.contains('name: osquery_manager-2');
cy.contains(`version: ${newVersion}`);

// test list of prebuilt queries
navigateTo('/app/osquery/saved_queries');
cy.waitForReact();
cy.react('EuiTableRow').should('have.length.above', 5);
});
});
43 changes: 33 additions & 10 deletions x-pack/plugins/osquery/public/routes/saved_queries/edit/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,24 @@ import {
EuiFlexItem,
EuiConfirmModal,
EuiText,
EuiCallOut,
} from '@elastic/eui';
import { isEmpty } from 'lodash/fp';
import React, { useCallback, useMemo, useState } from 'react';
import { FormattedMessage } from '@kbn/i18n-react';
import { useParams } from 'react-router-dom';

import styled from 'styled-components';
import { useKibana, useRouterNavigate } from '../../../common/lib/kibana';
import { WithHeaderLayout } from '../../../components/layouts';
import { useBreadcrumbs } from '../../../common/hooks/use_breadcrumbs';
import { EditSavedQueryForm } from './form';
import { useDeleteSavedQuery, useUpdateSavedQuery, useSavedQuery } from '../../../saved_queries';

const StyledEuiCallOut = styled(EuiCallOut)`
margin: 10px;
`;

const EditSavedQueryPageComponent = () => {
const permissions = useKibana().services.application.capabilities.osquery;

Expand All @@ -37,7 +43,14 @@ const EditSavedQueryPageComponent = () => {

useBreadcrumbs('saved_query_edit', { savedQueryName: savedQueryDetails?.attributes?.id ?? '' });

const viewMode = useMemo(() => !permissions.writeSavedQueries, [permissions.writeSavedQueries]);
const elasticPrebuiltQuery = useMemo(
() => savedQueryDetails?.attributes?.version,
[savedQueryDetails]
);
const viewMode = useMemo(
() => !permissions.writeSavedQueries || elasticPrebuiltQuery,
[permissions.writeSavedQueries, elasticPrebuiltQuery]
);

const handleCloseDeleteConfirmationModal = useCallback(() => {
setIsDeleteModalVisible(false);
Expand Down Expand Up @@ -68,14 +81,24 @@ const EditSavedQueryPageComponent = () => {
<EuiText>
<h1>
{viewMode ? (
<FormattedMessage
id="xpack.osquery.viewSavedQuery.pageTitle"
defaultMessage='"{savedQueryId}" details'
// eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
values={{
savedQueryId: savedQueryDetails?.attributes?.id ?? '',
}}
/>
<>
<FormattedMessage
id="xpack.osquery.viewSavedQuery.pageTitle"
defaultMessage='"{savedQueryId}" details'
// eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
values={{
savedQueryId: savedQueryDetails?.attributes?.id ?? '',
}}
/>
{elasticPrebuiltQuery && (
<StyledEuiCallOut size="s">
<FormattedMessage
id="xpack.osquery.viewSavedQuery.prebuiltInfo"
defaultMessage="This is a prebuilt Elastic query, and it cannot be edited."
/>
</StyledEuiCallOut>
)}
</>
) : (
<FormattedMessage
id="xpack.osquery.editSavedQuery.pageTitle"
Expand All @@ -91,7 +114,7 @@ const EditSavedQueryPageComponent = () => {
</EuiFlexItem>
</EuiFlexGroup>
),
[savedQueryDetails?.attributes?.id, savedQueryListProps, viewMode]
[elasticPrebuiltQuery, savedQueryDetails?.attributes?.id, savedQueryListProps, viewMode]
);

const RightColumn = useMemo(
Expand Down
19 changes: 17 additions & 2 deletions x-pack/plugins/osquery/public/routes/saved_queries/list/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
EuiFlexItem,
EuiText,
EuiBasicTableColumn,
EuiToolTip,
} from '@elastic/eui';
import React, { useCallback, useMemo, useState } from 'react';
import { i18n } from '@kbn/i18n';
Expand Down Expand Up @@ -145,6 +146,16 @@ const SavedQueriesPageComponent = () => {
return updatedAt ? `${moment(updatedAt).fromNow()}${updatedBy}` : '-';
}, []);

const renderDescriptionColumn = useCallback((description?: string) => {
const content =
description && description.length > 80 ? `${description?.substring(0, 80)}...` : description;

return (
<EuiToolTip content={<EuiFlexItem>{description}</EuiFlexItem>}>
<EuiFlexItem grow={false}>{content}</EuiFlexItem>
</EuiToolTip>
);
}, []);
const columns: Array<EuiBasicTableColumn<SavedQuerySO>> = useMemo(
() => [
{
Expand All @@ -154,19 +165,22 @@ const SavedQueriesPageComponent = () => {
}),
sortable: (item) => item.attributes.id.toLowerCase(),
truncateText: true,
width: '15%',
},
{
field: 'attributes.description',
name: i18n.translate('xpack.osquery.savedQueries.table.descriptionColumnTitle', {
defaultMessage: 'Description',
}),
truncateText: true,
render: renderDescriptionColumn,
width: '50%',
},
{
field: 'attributes.created_by',
name: i18n.translate('xpack.osquery.savedQueries.table.createdByColumnTitle', {
defaultMessage: 'Created by',
}),
width: '15%',
sortable: true,
truncateText: true,
},
Expand All @@ -175,6 +189,7 @@ const SavedQueriesPageComponent = () => {
name: i18n.translate('xpack.osquery.savedQueries.table.updatedAtColumnTitle', {
defaultMessage: 'Last updated at',
}),
width: '10%',
sortable: (item) =>
item.attributes.updated_at ? Date.parse(item.attributes.updated_at) : 0,
truncateText: true,
Expand All @@ -187,7 +202,7 @@ const SavedQueriesPageComponent = () => {
actions: [{ render: renderPlayAction }, { render: renderEditAction }],
},
],
[renderEditAction, renderPlayAction, renderUpdatedAt]
[renderDescriptionColumn, renderEditAction, renderPlayAction, renderUpdatedAt]
);

const onTableChange = useCallback(({ page = {}, sort = {} }) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ const CodeEditorFieldComponent: React.FC<CodeEditorFieldProps> = ({ euiFieldProp
error={error}
fullWidth
>
{euiFieldProps?.disabled ? (
{euiFieldProps?.isDisabled ? (
<StyledEuiCodeBlock
language="sql"
fontSize="m"
Expand Down
Loading

0 comments on commit 05b7308

Please sign in to comment.