[8.7] [Cloud Security] posture_type Backward compatibility changes (#…

…151647) (#153276) # Backport This will backport the following commits from `main` to `8.7`: - [[Cloud Security] `posture_type` Backward compatibility changes (#151647)](#151647)  ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport)  --------- Co-authored-by: Jordan <[email protected]>
elastic · Mar 20, 2023 · cd1a180 · cd1a180
1 parent 05a3b04
commit cd1a180
Show file tree

Hide file tree

Showing 15 changed files with 184 additions and 72 deletions.
diff --git a/.../plugins/cloud_security_posture/common/runtime_mappings/get_belongs_to_runtime_mapping.ts b/.../plugins/cloud_security_posture/common/runtime_mappings/get_belongs_to_runtime_mapping.ts
@@ -18,8 +18,8 @@ export const getBelongsToRuntimeMapping = (): MappingRuntimeFields => ({
       source: `
         if (!doc.containsKey('rule.benchmark.posture_type'))
           {
-            def identifier = doc["cluster_id"].value;
-            emit(identifier);
+            def belongs_to = doc["cluster_id"].value;
+            emit(belongs_to);
             return
           }
         else
@@ -29,21 +29,21 @@ export const getBelongsToRuntimeMapping = (): MappingRuntimeFields => ({
               def policy_template_type = doc["rule.benchmark.posture_type"].value;
               if (policy_template_type == "cspm")
               {
-                def identifier = doc["cloud.account.name"].value;
-                emit(identifier);
+                def belongs_to = doc["cloud.account.name"].value;
+                emit(belongs_to);
                 return
               }
 
               if (policy_template_type == "kspm")
               {
-                def identifier = doc["cluster_id"].value;
-                emit(identifier);
+                def belongs_to = doc["cluster_id"].value;
+                emit(belongs_to);
                 return
               }
             }
 
-            def identifier = doc["cluster_id"].value;
-            emit(identifier);
+            def belongs_to = doc["cluster_id"].value;
+            emit(belongs_to);
             return
         }
       `,

diff --git a/...s/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts b/...s/cloud_security_posture/common/runtime_mappings/get_safe_posture_type_runtime_mapping.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/types';
+
+/**
+ * Creates the `safe_posture_type` runtime field with the value of either
+ * `kspm` or `cspm` based on the value of `rule.benchmark.posture_type`
+ */
+export const getSafePostureTypeRuntimeMapping = (): MappingRuntimeFields => ({
+  safe_posture_type: {
+    type: 'keyword',
+    script: {
+      source: `
+        if (!doc.containsKey('rule.benchmark.posture_type'))
+          {
+            def safe_posture_type = 'kspm';
+            emit(safe_posture_type);
+            return
+          }
+        else
+        {
+            def safe_posture_type = doc["rule.benchmark.posture_type"].value;
+            emit(safe_posture_type);
+            return
+        }
+      `,
+    },
+  },
+});
diff --git a/x-pack/plugins/cloud_security_posture/public/common/hooks/use_navigate_findings.test.ts b/x-pack/plugins/cloud_security_posture/public/common/hooks/use_navigate_findings.test.ts
@@ -35,37 +35,52 @@ describe('useNavigateFindings', () => {
     const push = jest.fn();
     (useHistory as jest.Mock).mockReturnValueOnce({ push });
 
-    const filter = { foo: 1 };
+    const { result } = renderHook(() => useNavigateFindings());
+
+    act(() => {
+      result.current({ foo: 1 });
+    });
+
+    expect(push).toHaveBeenCalledWith({
+      pathname: '/cloud_security_posture/findings/default',
+      search:
+        "cspq=(filters:!((meta:(alias:!n,disabled:!f,key:foo,negate:!f,type:phrase),query:(match_phrase:(foo:1)))),query:(language:kuery,query:''))",
+    });
+    expect(push).toHaveBeenCalledTimes(1);
+  });
+
+  it('creates a URL to findings page with correct path and negated filter', () => {
+    const push = jest.fn();
+    (useHistory as jest.Mock).mockReturnValueOnce({ push });
 
     const { result } = renderHook(() => useNavigateFindings());
 
     act(() => {
-      result.current({ filter });
+      result.current({ foo: { value: 1, negate: true } });
     });
 
     expect(push).toHaveBeenCalledWith({
       pathname: '/cloud_security_posture/findings/default',
       search:
-        "cspq=(filters:!((meta:(alias:!n,disabled:!f,key:filter,negate:!f,params:(query:(foo:1)),type:phrase),query:(match_phrase:(filter:(foo:1))))),query:(language:kuery,query:''))",
+        "cspq=(filters:!((meta:(alias:!n,disabled:!f,key:foo,negate:!t,type:phrase),query:(match_phrase:(foo:1)))),query:(language:kuery,query:''))",
     });
     expect(push).toHaveBeenCalledTimes(1);
   });
+
   it('creates a URL to findings resource page with correct path and filter', () => {
     const push = jest.fn();
     (useHistory as jest.Mock).mockReturnValueOnce({ push });
 
-    const filter = { foo: 1 };
-
     const { result } = renderHook(() => useNavigateFindingsByResource());
 
     act(() => {
-      result.current({ filter });
+      result.current({ foo: 1 });
     });
 
     expect(push).toHaveBeenCalledWith({
       pathname: '/cloud_security_posture/findings/resource',
       search:
-        "cspq=(filters:!((meta:(alias:!n,disabled:!f,key:filter,negate:!f,params:(query:(foo:1)),type:phrase),query:(match_phrase:(filter:(foo:1))))),query:(language:kuery,query:''))",
+        "cspq=(filters:!((meta:(alias:!n,disabled:!f,key:foo,negate:!f,type:phrase),query:(match_phrase:(foo:1)))),query:(language:kuery,query:''))",
     });
     expect(push).toHaveBeenCalledTimes(1);
   });

diff --git a/x-pack/plugins/cloud_security_posture/public/common/hooks/use_navigate_findings.ts b/x-pack/plugins/cloud_security_posture/public/common/hooks/use_navigate_findings.ts
@@ -12,25 +12,45 @@ import { findingsNavigation } from '../navigation/constants';
 import { encodeQuery } from '../navigation/query_utils';
 import { useKibana } from './use_kibana';
 
-const createFilter = (key: string, value: string, negate = false): Filter => ({
-  meta: {
-    alias: null,
-    negate,
-    disabled: false,
-    type: 'phrase',
-    key,
-    params: { query: value },
-  },
-  query: { match_phrase: { [key]: value } },
-});
+interface NegatedValue {
+  value: string | number;
+  negate: boolean;
+}
+
+type FilterValue = string | number | NegatedValue;
+
+export type NavFilter = Record<string, FilterValue>;
+
+const createFilter = (key: string, filterValue: FilterValue): Filter => {
+  let negate = false;
+  let value = filterValue;
+  if (typeof filterValue === 'object') {
+    negate = filterValue.negate;
+    value = filterValue.value;
+  }
+
+  return {
+    meta: {
+      alias: null,
+      negate,
+      disabled: false,
+      type: 'phrase',
+      key,
+    },
+    query: { match_phrase: { [key]: value } },
+  };
+};
 
 const useNavigate = (pathname: string) => {
   const history = useHistory();
   const { services } = useKibana();
 
   return useCallback(
-    (filterParams: Record<string, any> = {}) => {
-      const filters = Object.entries(filterParams).map(([key, value]) => createFilter(key, value));
+    (filterParams: NavFilter = {}) => {
+      const filters = Object.entries(filterParams).map(([key, filterValue]) =>
+        createFilter(key, filterValue)
+      );
+
       history.push({
         pathname,
         search: encodeQuery({

diff --git a/...urity_posture/public/pages/compliance_dashboard/dashboard_sections/benchmarks_section.tsx b/...urity_posture/public/pages/compliance_dashboard/dashboard_sections/benchmarks_section.tsx
@@ -26,7 +26,7 @@ import {
   KSPM_POLICY_TEMPLATE,
   RULE_FAILED,
 } from '../../../../common/constants';
-import { useNavigateFindings } from '../../../common/hooks/use_navigate_findings';
+import { NavFilter, useNavigateFindings } from '../../../common/hooks/use_navigate_findings';
 import { ClusterDetailsBox } from './cluster_details_box';
 import { dashboardColumnsGrow, getPolicyTemplateQuery } from './summary_section';
 import {
@@ -36,16 +36,12 @@ import {
 
 const CLUSTER_DEFAULT_SORT_ORDER = 'asc';
 
-export const getClusterIdQuery = (cluster: Cluster) => {
+export const getClusterIdQuery = (cluster: Cluster): NavFilter => {
   if (cluster.meta.benchmark.posture_type === CSPM_POLICY_TEMPLATE) {
     // TODO: remove assertion after typing CspFinding as discriminating union
     return { 'cloud.account.id': cluster.meta.cloud!.account.id };
   }
-  if (cluster.meta.benchmark.posture_type === 'kspm') {
-    return { cluster_id: cluster.meta.assetIdentifierId };
-  }
-
-  return {};
+  return { cluster_id: cluster.meta.assetIdentifierId };
 };
 
 export const BenchmarksSection = ({

diff --git a/...rity_posture/public/pages/compliance_dashboard/dashboard_sections/cluster_details_box.tsx b/...rity_posture/public/pages/compliance_dashboard/dashboard_sections/cluster_details_box.tsx
@@ -20,7 +20,7 @@ import moment from 'moment';
 import React from 'react';
 import { i18n } from '@kbn/i18n';
 import { getClusterIdQuery } from './benchmarks_section';
-import { INTERNAL_FEATURE_FLAGS } from '../../../../common/constants';
+import { CSPM_POLICY_TEMPLATE, INTERNAL_FEATURE_FLAGS } from '../../../../common/constants';
 import { Cluster } from '../../../../common/types';
 import { useNavigateFindings } from '../../../common/hooks/use_navigate_findings';
 import { CISBenchmarkIcon } from '../../../components/cis_benchmark_icon';
@@ -31,15 +31,24 @@ const defaultClusterTitle = i18n.translate(
 );
 
 const getClusterTitle = (cluster: Cluster) => {
-  if (cluster.meta.benchmark.posture_type === 'cspm') return cluster.meta.cloud?.account.name;
-  if (cluster.meta.benchmark.posture_type === 'kspm') return cluster.meta.cluster?.name;
+  if (cluster.meta.benchmark.posture_type === CSPM_POLICY_TEMPLATE) {
+    return cluster.meta.cloud?.account.name;
+  }
+
+  return cluster.meta.cluster?.name;
+};
+
+const getClusterId = (cluster: Cluster) => {
+  const assetIdentifierId = cluster.meta.assetIdentifierId;
+  if (cluster.meta.benchmark.posture_type === CSPM_POLICY_TEMPLATE) return assetIdentifierId;
+  return assetIdentifierId.slice(0, 6);
 };
 
 export const ClusterDetailsBox = ({ cluster }: { cluster: Cluster }) => {
   const { euiTheme } = useEuiTheme();
   const navToFindings = useNavigateFindings();
 
-  const shortId = cluster.meta.assetIdentifierId.slice(0, 6);
+  const assetId = getClusterId(cluster);
   const title = getClusterTitle(cluster) || defaultClusterTitle;
 
   const handleClusterTitleClick = () => {
@@ -60,10 +69,10 @@ export const ClusterDetailsBox = ({ cluster }: { cluster: Cluster }) => {
               <strong>
                 <FormattedMessage
                   id="xpack.csp.dashboard.benchmarkSection.clusterTitleTooltip.clusterTitle"
-                  defaultMessage="{title} - {shortId}"
+                  defaultMessage="{title} - {assetId}"
                   values={{
                     title,
-                    shortId,
+                    assetId,
                   }}
                 />
               </strong>
@@ -75,10 +84,10 @@ export const ClusterDetailsBox = ({ cluster }: { cluster: Cluster }) => {
               <h5>
                 <FormattedMessage
                   id="xpack.csp.dashboard.benchmarkSection.clusterTitle"
-                  defaultMessage="{title} - {shortId}"
+                  defaultMessage="{title} - {assetId}"
                   values={{
                     title,
-                    shortId,
+                    assetId,
                   }}
                 />
               </h5>

diff --git a/...security_posture/public/pages/compliance_dashboard/dashboard_sections/summary_section.tsx b/...security_posture/public/pages/compliance_dashboard/dashboard_sections/summary_section.tsx
@@ -8,6 +8,7 @@
 import React, { useMemo } from 'react';
 import { EuiFlexGroup, EuiFlexItem, EuiFlexItemProps } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
+import { css } from '@emotion/react';
 import { statusColors } from '../../../common/constants';
 import { DASHBOARD_COUNTER_CARDS } from '../test_subjects';
 import { CspCounterCard, CspCounterCardProps } from '../../../components/csp_counter_card';
@@ -21,6 +22,7 @@ import type {
 } from '../../../../common/types';
 import { RisksTable } from '../compliance_charts/risks_table';
 import {
+  NavFilter,
   useNavigateFindings,
   useNavigateFindingsByResource,
 } from '../../../common/hooks/use_navigate_findings';
@@ -36,12 +38,12 @@ export const dashboardColumnsGrow: Record<string, EuiFlexItemProps['grow']> = {
   third: 8,
 };
 
-export const getPolicyTemplateQuery = (policyTemplate: PosturePolicyTemplate) => {
-  if (policyTemplate === CSPM_POLICY_TEMPLATE)
+export const getPolicyTemplateQuery = (policyTemplate: PosturePolicyTemplate): NavFilter => {
+  if (policyTemplate === CSPM_POLICY_TEMPLATE) {
     return { 'rule.benchmark.posture_type': CSPM_POLICY_TEMPLATE };
-  if (policyTemplate === KSPM_POLICY_TEMPLATE)
-    return { 'rule.benchmark.posture_type': KSPM_POLICY_TEMPLATE };
-  return {};
+  }
+
+  return { 'rule.benchmark.posture_type': { value: CSPM_POLICY_TEMPLATE, negate: true } };
 };
 
 export const SummarySection = ({
@@ -131,7 +133,13 @@ export const SummarySection = ({
   });
 
   return (
-    <EuiFlexGroup gutterSize="l">
+    <EuiFlexGroup
+      gutterSize="l"
+      css={css`
+        // height for compliance by cis section with max rows
+        height: 310px;
+      `}
+    >
       <EuiFlexItem grow={dashboardColumnsGrow.first}>
         <EuiFlexGroup direction="column">
           {counters.map((counter) => (

diff --git a/...plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts b/...plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts
@@ -8,6 +8,8 @@
 import { transformError } from '@kbn/securitysolution-es-utils';
 import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
 import { schema } from '@kbn/config-schema';
+import { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/types';
+import { getSafePostureTypeRuntimeMapping } from '../../../common/runtime_mappings/get_safe_posture_type_runtime_mapping';
 import type { PosturePolicyTemplate, ComplianceDashboardData } from '../../../common/types';
 import {
   CSPM_POLICY_TEMPLATE,
@@ -69,17 +71,20 @@ export const defineGetComplianceDashboardRoute = (router: CspRouter): void =>
 
         const policyTemplate = request.params.policy_template as PosturePolicyTemplate;
 
+        // runtime mappings create the `safe_posture_type` field, which equals to `kspm` or `cspm` based on the value and existence of the `posture_type` field which was introduced at 8.7
+        // the `query` is then being passed to our getter functions to filter per posture type even for older findings before 8.7
+        const runtimeMappings: MappingRuntimeFields = getSafePostureTypeRuntimeMapping();
         const query: QueryDslQueryContainer = {
           bool: {
-            filter: [{ term: { 'rule.benchmark.posture_type': policyTemplate } }],
+            filter: [{ term: { safe_posture_type: policyTemplate } }],
           },
         };
 
         const [stats, groupedFindingsEvaluation, clustersWithoutTrends, trends] = await Promise.all(
           [
-            getStats(esClient, query, pitId),
-            getGroupedFindingsEvaluation(esClient, query, pitId),
-            getClusters(esClient, query, pitId),
+            getStats(esClient, query, pitId, runtimeMappings),
+            getGroupedFindingsEvaluation(esClient, query, pitId, runtimeMappings),
+            getClusters(esClient, query, pitId, runtimeMappings),
             getTrends(esClient, policyTemplate),
           ]
         );