Merge commit 'refs/pull/116202/merge' of https://github.com/elastic/k…

…ibana into sourcerer_kip_as
elastic · Oct 27, 2021 · be170e1 · be170e1
2 parents cdcf869 + 7e8cadb
commit be170e1
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 48 deletions.
diff --git a/docs/api/dashboard-api.asciidoc b/docs/api/dashboard-api.asciidoc
@@ -1,7 +1,7 @@
 [[dashboard-api]]
 == Import and export dashboard APIs
 
-deprecated::[7.15.0,Both of these APIs have been deprecated in favor of <<saved-objects-api-import>> and <<saved-objects-api-export>>.]
+deprecated::[7.15.0,These experimental APIs have been deprecated in favor of <<saved-objects-api-import>> and <<saved-objects-api-export>>.]
 
 Import and export dashboards with the corresponding saved objects, such as visualizations, saved
 searches, and index patterns.

diff --git a/docs/api/dashboard/export-dashboard.asciidoc b/docs/api/dashboard/export-dashboard.asciidoc
@@ -6,7 +6,7 @@
 
 deprecated::[7.15.0,Use <<saved-objects-api-export>> instead.]
 
-Export dashboards and corresponding saved objects.
+experimental[] Export dashboards and corresponding saved objects.
 
 [[dashboard-api-export-request]]
 ==== Request

diff --git a/docs/api/dashboard/import-dashboard.asciidoc b/docs/api/dashboard/import-dashboard.asciidoc
@@ -6,7 +6,7 @@
 
 deprecated::[7.15.0,Use <<saved-objects-api-import>> instead.]
 
-Import dashboards and corresponding saved objects.
+experimental[] Import dashboards and corresponding saved objects.
 
 [[dashboard-api-import-request]]
 ==== Request

diff --git a/...gins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts b/...gins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts
@@ -70,7 +70,7 @@ import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
 
 import { ALERTS_URL } from '../../urls/navigation';
 
-describe('Detection rules, EQL', () => {
+describe.skip('Detection rules, EQL', () => {
   const expectedUrls = getEqlRule().referenceUrls.join('');
   const expectedFalsePositives = getEqlRule().falsePositivesExamples.join('');
   const expectedTags = getEqlRule().tags.join('');
@@ -169,7 +169,7 @@ describe('Detection rules, EQL', () => {
   });
 });
 
-describe('Detection rules, sequence EQL', () => {
+describe.skip('Detection rules, sequence EQL', () => {
   const expectedNumberOfRules = 1;
   const expectedNumberOfSequenceAlerts = '1 alert';
 

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts
@@ -41,7 +41,7 @@ import { findAllUnenrolledAgentIds } from './support/unenroll';
 import { getAllEndpointPackagePolicies } from './support/endpoint_package_policies';
 import { findAgentIdsByStatus } from './support/agent_status';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
-import { fleetAgentStatusToEndpointHostStatus } from '../../utils';
+import { catchAndWrapError, fleetAgentStatusToEndpointHostStatus } from '../../utils';
 import {
   queryResponseToHostListResult,
   queryResponseToHostResult,
@@ -194,7 +194,9 @@ export async function getHostMetaData(
 
   const query = getESQueryHostMetadataByID(id);
 
-  const response = await esClient.asCurrentUser.search<HostMetadata>(query);
+  const response = await esClient.asCurrentUser
+    .search<HostMetadata>(query)
+    .catch(catchAndWrapError);
 
   const hostResult = queryResponseToHostResult(response.body);
 

diff --git a/...curity_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts b/...curity_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts
@@ -22,9 +22,7 @@ import {
   HostValue,
 } from '../../../../../../common/search_strategy/security_solution/hosts';
 import { toObjectArrayOfStrings } from '../../../../../../common/utils/to_array';
-import { getHostMetaData } from '../../../../../endpoint/routes/metadata/handlers';
 import { EndpointAppContext } from '../../../../../endpoint/types';
-import { fleetAgentStatusToEndpointHostStatus } from '../../../../../endpoint/utils';
 import { getPendingActionCounts } from '../../../../../endpoint/services';
 
 export const HOST_FIELDS = [
@@ -184,51 +182,54 @@ export const getHostEndpoint = async (
     endpointContext: EndpointAppContext;
   }
 ): Promise<EndpointFields | null> => {
-  const { esClient, endpointContext, savedObjectsClient } = deps;
+  if (!id) {
+    return null;
+  }
+
+  const { esClient, endpointContext } = deps;
   const logger = endpointContext.logFactory.get('metadata');
+
   try {
     const agentService = endpointContext.service.getAgentService();
-    if (agentService === undefined) {
+
+    if (!agentService) {
       throw new Error('agentService not available');
     }
-    const metadataRequestContext = {
-      esClient,
-      endpointAppContextService: endpointContext.service,
-      logger,
-      savedObjectsClient,
-    };
-    const endpointData =
-      id != null && metadataRequestContext.endpointAppContextService.getAgentService() != null
-        ? await getHostMetaData(metadataRequestContext, id)
-        : null;
-
-    const fleetAgentId = endpointData?.elastic.agent.id;
-    const [fleetAgentStatus, pendingActions] = !fleetAgentId
-      ? [undefined, {}]
-      : await Promise.all([
-          // Get Agent Status
-          agentService.getAgentStatusById(esClient.asCurrentUser, fleetAgentId),
-          // Get a list of pending actions (if any)
-          getPendingActionCounts(
-            esClient.asCurrentUser,
-            endpointContext.service.getEndpointMetadataService(),
-            [fleetAgentId]
-          ).then((results) => {
+
+    const endpointData = await endpointContext.service
+      .getEndpointMetadataService()
+      // Using `internalUser` ES client below due to the fact that Fleet data has been moved to
+      // system indices (`.fleet*`). Because this is a readonly action, this should be ok to do
+      // here until proper RBOC controls are implemented
+      .getEnrichedHostMetadata(esClient.asInternalUser, id);
+
+    const fleetAgentId = endpointData.metadata.elastic.agent.id;
+
+    const pendingActions = fleetAgentId
+      ? getPendingActionCounts(
+          esClient.asInternalUser,
+          endpointContext.service.getEndpointMetadataService(),
+          [fleetAgentId]
+        )
+          .then((results) => {
             return results[0].pending_actions;
-          }),
-        ]);
-
-    return endpointData != null && endpointData
-      ? {
-          endpointPolicy: endpointData.Endpoint.policy.applied.name,
-          policyStatus: endpointData.Endpoint.policy.applied.status,
-          sensorVersion: endpointData.agent.version,
-          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-          elasticAgentStatus: fleetAgentStatusToEndpointHostStatus(fleetAgentStatus!),
-          isolation: endpointData.Endpoint.state?.isolation ?? false,
-          pendingActions,
-        }
-      : null;
+          })
+          .catch((error) => {
+            // Failure in retrieving the number of pending actions should not fail the entire
+            // call to get endpoint details. Log the error and return an empty object
+            logger.warn(error);
+            return {};
+          })
+      : {};
+
+    return {
+      endpointPolicy: endpointData.metadata.Endpoint.policy.applied.name,
+      policyStatus: endpointData.metadata.Endpoint.policy.applied.status,
+      sensorVersion: endpointData.metadata.agent.version,
+      elasticAgentStatus: endpointData.host_status,
+      isolation: endpointData.metadata.Endpoint.state?.isolation ?? false,
+      pendingActions,
+    };
   } catch (err) {
     logger.warn(err);
     return null;