Merge branch 'de_8_15/esql_alert_suppression' of https://github.com/v…

…italiidm/kibana into de_8_15/esql_alert_suppression
vitaliidm · May 17, 2024 · ee1ed67 · ee1ed67
2 parents f981ec6 + 4fd1fa8
commit ee1ed67
Show file tree

Hide file tree

Showing 33 changed files with 3,045 additions and 365 deletions.
diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml
@@ -403,7 +403,9 @@ enabled:
   - x-pack/test/security_solution_endpoint/endpoint.config.ts
   - x-pack/test/security_solution_endpoint/serverless.endpoint.config.ts
   - x-pack/test/security_solution_endpoint/integrations.config.ts
+  - x-pack/test/security_solution_endpoint/integrations_feature_flag.config.ts
   - x-pack/test/security_solution_endpoint/serverless.integrations.config.ts
+  - x-pack/test/security_solution_endpoint/serverless.integrations_feature_flag.config.ts
   - x-pack/test/session_view/basic/config.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/config_basic.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/copy_to_space_config_basic.ts

diff --git a/packages/core/saved-objects/core-saved-objects-base-server-internal/src/constants.ts b/packages/core/saved-objects/core-saved-objects-base-server-internal/src/constants.ts
@@ -157,6 +157,7 @@ export const HASH_TO_VERSION_MAP = {
   'core-usage-stats|3d1b76c39bfb2cc8296b024d73854724': '7.14.1',
   'csp-rule-template|6ee70dc06c0ca3ddffc18222f202ab25': '10.0.0',
   'dashboard|b8aa800aa5e0d975c5e8dc57f03d41f8': '10.2.0',
+  'endpoint:unified-user-artifact-manifest|393c6e4f5f16288c24ef9057e4d76a4c': '10.0.0',
   'endpoint:user-artifact-manifest|7502b5c5bc923abe8aa5ccfd636e8c3d': '10.0.0',
   'enterprise_search_telemetry|3d1b76c39bfb2cc8296b024d73854724': '10.0.0',
   'epm-packages-assets|44621b2f6052ef966da47b7c3a00f33b': '10.0.0',

diff --git a/packages/kbn-check-mappings-update-cli/current_fields.json b/packages/kbn-check-mappings-update-cli/current_fields.json
@@ -280,6 +280,11 @@
     "title",
     "version"
   ],
+  "endpoint:unified-user-artifact-manifest": [
+    "artifactIds",
+    "policyId",
+    "semanticVersion"
+  ],
   "endpoint:user-artifact-manifest": [
     "artifacts",
     "schemaVersion"

diff --git a/packages/kbn-check-mappings-update-cli/current_mappings.json b/packages/kbn-check-mappings-update-cli/current_mappings.json
@@ -964,6 +964,20 @@
       }
     }
   },
+  "endpoint:unified-user-artifact-manifest": {
+    "dynamic": false,
+    "properties": {
+      "artifactIds": {
+        "type": "keyword"
+      },
+      "policyId": {
+        "type": "keyword"
+      },
+      "semanticVersion": {
+        "type": "keyword"
+      }
+    }
+  },
   "endpoint:user-artifact-manifest": {
     "dynamic": false,
     "properties": {

diff --git a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
@@ -85,6 +85,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "core-usage-stats": "b3c04da317c957741ebcdedfea4524049fdc79ff",
         "csp-rule-template": "c151324d5f85178169395eecb12bac6b96064654",
         "dashboard": "211e9ca30f5a95d5f3c27b1bf2b58e6cfa0c9ae9",
+        "endpoint:unified-user-artifact-manifest": "71c7fcb52c658b21ea2800a6b6a76972ae1c776e",
         "endpoint:user-artifact-manifest": "1c3533161811a58772e30cdc77bac4631da3ef2b",
         "enterprise_search_telemetry": "9ac912e1417fc8681e0cd383775382117c9e3d3d",
         "epm-packages": "f8ee125b57df31fd035dc04ad81aef475fd2f5bd",
@@ -111,7 +112,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "ingest-agent-policies": "803dc27e106440c41e8f3c3d8ee8bbb0821bcde2",
         "ingest-download-sources": "279a68147e62e4d8858c09ad1cf03bd5551ce58d",
         "ingest-outputs": "daafff49255ab700e07491376fe89f04fc998b91",
-        "ingest-package-policies": "d63e091b2b3cf2eecaa46ae2533bdd5214a983fc",
+        "ingest-package-policies": "e6da7d0ee2996241ade23b3a7811fe5d3e449cb2",
         "ingest_manager_settings": "91445219e7115ff0c45d1dabd5d614a80b421797",
         "inventory-view": "b8683c8e352a286b4aca1ab21003115a4800af83",
         "kql-telemetry": "93c1d16c1a0dfca9c8842062cf5ef8f62ae401ad",

diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts
@@ -49,6 +49,7 @@ const previouslyRegisteredTypes = [
   'event-annotation-group',
   'endpoint:user-artifact',
   'endpoint:user-artifact-manifest',
+  'endpoint:unified-user-artifact-manifest',
   'enterprise_search_telemetry',
   'epm-packages',
   'epm-packages-assets',

diff --git a/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts
@@ -205,6 +205,7 @@ describe('split .kibana index into multiple system indices', () => {
             "connector_token",
             "core-usage-stats",
             "csp-rule-template",
+            "endpoint:unified-user-artifact-manifest",
             "endpoint:user-artifact-manifest",
             "enterprise_search_telemetry",
             "epm-packages",

diff --git a/x-pack/plugins/fleet/server/saved_objects/index.ts b/x-pack/plugins/fleet/server/saved_objects/index.ts
@@ -85,6 +85,7 @@ import {
   migratePackagePolicyEvictionsFromV81102,
 } from './migrations/security_solution/to_v8_11_0_2';
 import { settingsV1 } from './model_versions/v1';
+import { packagePolicyV10OnWriteScanFix } from './model_versions/security_solution';
 
 /*
  * Saved object types and mappings
@@ -540,6 +541,14 @@ export const getSavedObjectTypes = (
             },
           ],
         },
+        '10': {
+          changes: [
+            {
+              type: 'data_backfill',
+              backfillFn: packagePolicyV10OnWriteScanFix,
+            },
+          ],
+        },
       },
       migrations: {
         '7.10.0': migratePackagePolicyToV7100,

diff --git a/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/index.ts b/x-pack/plugins/fleet/server/saved_objects/model_versions/security_solution/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { packagePolicyV10OnWriteScanFix } from './v10_on_write_scan_fix';
diff --git a/...fleet/server/saved_objects/model_versions/security_solution/v10_on_write_scan_fix.test.ts b/...fleet/server/saved_objects/model_versions/security_solution/v10_on_write_scan_fix.test.ts
@@ -0,0 +1,183 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObject } from '@kbn/core-saved-objects-api-server';
+import type { ModelVersionTestMigrator } from '@kbn/core-test-helpers-model-versions';
+import { createModelVersionTestMigrator } from '@kbn/core-test-helpers-model-versions';
+
+import { getSavedObjectTypes } from '../..';
+
+import type { PackagePolicy } from '../../../../common';
+import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../../common';
+
+describe('backfill for modelVersion 10 - fix on_write_scan field', () => {
+  let migrator: ModelVersionTestMigrator;
+  let policyConfigSO: SavedObject<PackagePolicy>;
+
+  beforeEach(() => {
+    migrator = createModelVersionTestMigrator({
+      type: getSavedObjectTypes()[PACKAGE_POLICY_SAVED_OBJECT_TYPE],
+    });
+
+    policyConfigSO = {
+      id: 'mock-saved-object-id',
+      attributes: {
+        name: 'Some Policy Name',
+        package: {
+          name: 'endpoint',
+          title: '',
+          version: '',
+        },
+        id: 'endpoint',
+        policy_id: '',
+        enabled: true,
+        namespace: '',
+        revision: 0,
+        updated_at: '',
+        updated_by: '',
+        created_at: '',
+        created_by: '',
+        inputs: [
+          {
+            type: 'endpoint',
+            enabled: true,
+            streams: [],
+            config: {
+              policy: {
+                value: {
+                  windows: {
+                    malware: {
+                      mode: 'detect',
+                    },
+                    antivirus_registration: {
+                      enabled: true,
+                    },
+                  },
+                  mac: {
+                    malware: {
+                      mode: 'detect',
+                    },
+                  },
+                  linux: {
+                    malware: {
+                      mode: 'detect',
+                    },
+                  },
+                },
+              },
+            },
+          },
+        ],
+      },
+      type: PACKAGE_POLICY_SAVED_OBJECT_TYPE,
+      references: [],
+    };
+  });
+
+  describe('when updating to model version 10', () => {
+    it('should change `on_write_scan` from `true` to `false` if Malware is off', () => {
+      setMalwareMode(policyConfigSO, 'off');
+      setOnWriteScan(policyConfigSO, true);
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: policyConfigSO,
+        fromVersion: 9,
+        toVersion: 10,
+      });
+
+      expectOnWriteScanToBe(false, migratedPolicyConfigSO);
+    });
+
+    it('should not change `on_write_scan` if Malware is detect', () => {
+      setMalwareMode(policyConfigSO, 'detect');
+      setOnWriteScan(policyConfigSO, true);
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: policyConfigSO,
+        fromVersion: 9,
+        toVersion: 10,
+      });
+
+      expectOnWriteScanToBe(true, migratedPolicyConfigSO);
+    });
+
+    it('should not change `on_write_scan` if Malware is prevent', () => {
+      setMalwareMode(policyConfigSO, 'prevent');
+      setOnWriteScan(policyConfigSO, true);
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: policyConfigSO,
+        fromVersion: 9,
+        toVersion: 10,
+      });
+
+      expectOnWriteScanToBe(true, migratedPolicyConfigSO);
+    });
+  });
+
+  describe('additional test: when updating from model version 5 to model version 10', () => {
+    it('should add `on_write_scan=false` if Malware is off', () => {
+      setMalwareMode(policyConfigSO, 'off');
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: policyConfigSO,
+        fromVersion: 5,
+        toVersion: 10,
+      });
+
+      expectOnWriteScanToBe(false, migratedPolicyConfigSO);
+    });
+
+    it('should add `on_write_scan=true` if Malware is detect', () => {
+      setMalwareMode(policyConfigSO, 'detect');
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: policyConfigSO,
+        fromVersion: 5,
+        toVersion: 10,
+      });
+
+      expectOnWriteScanToBe(true, migratedPolicyConfigSO);
+    });
+
+    it('should add `on_write_scan=true` if Malware is prevent', () => {
+      setMalwareMode(policyConfigSO, 'prevent');
+
+      const migratedPolicyConfigSO = migrator.migrate<PackagePolicy, PackagePolicy>({
+        document: policyConfigSO,
+        fromVersion: 5,
+        toVersion: 10,
+      });
+
+      expectOnWriteScanToBe(true, migratedPolicyConfigSO);
+    });
+  });
+
+  const setMalwareMode = (so: SavedObject<PackagePolicy>, level: 'off' | 'detect' | 'prevent') => {
+    const config = so.attributes.inputs[0].config?.policy.value;
+
+    config.windows.malware.mode = level;
+    config.mac.malware.mode = level;
+    config.linux.malware.mode = level;
+  };
+
+  const setOnWriteScan = (so: SavedObject<PackagePolicy>, value: boolean) => {
+    const config = so.attributes.inputs[0].config?.policy.value;
+
+    config.windows.malware.on_write_scan = value;
+    config.mac.malware.on_write_scan = value;
+    config.linux.malware.on_write_scan = value;
+  };
+
+  const expectOnWriteScanToBe = (expectedValue: boolean, so: SavedObject<PackagePolicy>) => {
+    const config = so.attributes.inputs[0].config?.policy.value;
+
+    expect(config.windows.malware.on_write_scan).toBe(expectedValue);
+    expect(config.mac.malware.on_write_scan).toBe(expectedValue);
+    expect(config.linux.malware.on_write_scan).toBe(expectedValue);
+  };
+});
diff --git a/...gins/fleet/server/saved_objects/model_versions/security_solution/v10_on_write_scan_fix.ts b/...gins/fleet/server/saved_objects/model_versions/security_solution/v10_on_write_scan_fix.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  SavedObjectModelDataBackfillFn,
+  SavedObjectUnsanitizedDoc,
+} from '@kbn/core-saved-objects-server';
+
+import type { PackagePolicy } from '../../../../common';
+
+export const packagePolicyV10OnWriteScanFix: SavedObjectModelDataBackfillFn<
+  PackagePolicy,
+  PackagePolicy
+> = (packagePolicyDoc) => {
+  if (packagePolicyDoc.attributes.package?.name !== 'endpoint') {
+    return { attributes: packagePolicyDoc.attributes };
+  }
+
+  const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> = packagePolicyDoc;
+
+  const input = updatedPackagePolicyDoc.attributes.inputs[0];
+
+  if (input && input.config) {
+    const policy = input.config.policy.value;
+
+    if (policy.windows.malware.mode === 'off') {
+      policy.windows.malware.on_write_scan = false;
+    }
+    if (policy.mac.malware.mode === 'off') {
+      policy.mac.malware.on_write_scan = false;
+    }
+    if (policy.linux.malware.mode === 'off') {
+      policy.linux.malware.on_write_scan = false;
+    }
+  }
+
+  return { attributes: updatedPackagePolicyDoc.attributes };
+};
diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts
@@ -257,6 +257,11 @@ export const allowedExperimentalValues = Object.freeze({
    */
   malwareOnWriteScanOptionAvailable: true,
 
+  /**
+   * Enables unified manifest that replaces existing user artifacts manifest SO with a new approach of creating a SO per package policy.
+   */
+  unifiedManifestEnabled: false,
+
   /**
    *  Enables Security AI Assistant's Flyout mode
    */

diff --git a/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/task.ts b/x-pack/plugins/security_solution/server/endpoint/lib/artifacts/task.ts
@@ -170,7 +170,6 @@ export class ManifestTask {
           this.logger.error(
             `unable to recover from error while attempting to retrieve last computed manifest`
           );
-
           return;
         }
       }

diff --git a/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts b/x-pack/plugins/security_solution/server/endpoint/schemas/artifacts/saved_objects.ts
@@ -109,6 +109,7 @@ export const internalUnifiedManifestSchema = t.intersection([
     t.type({
       id: identifier,
       created: t.union([t.string, t.undefined]),
+      version: t.union([t.string, t.undefined]),
     })
   ),
 ]);

diff --git a/...ity_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.mock.ts b/...ity_solution/server/endpoint/services/artifacts/manifest_manager/manifest_manager.mock.ts
@@ -72,6 +72,7 @@ export interface ManifestManagerMockOptions {
   packagePolicyService: jest.Mocked<PackagePolicyClient>;
   savedObjectsClient: ReturnType<typeof savedObjectsClientMock.create>;
   productFeaturesService: ProductFeaturesService;
+  experimentalFeatures?: string[];
 }
 
 export const buildManifestManagerMockOptions = (
@@ -98,7 +99,8 @@ export const buildManifestManagerContextMock = (
     ...fullOpts,
     artifactClient: createEndpointArtifactClientMock(),
     logger: loggingSystemMock.create().get() as jest.Mocked<Logger>,
-    experimentalFeatures: parseExperimentalConfigValue([]).features,
+    experimentalFeatures: parseExperimentalConfigValue([...(opts.experimentalFeatures ?? [])])
+      .features,
     packagerTaskPackagePolicyUpdateBatchSize: 10,
     esClient: elasticsearchServiceMock.createElasticsearchClient(),
   };
-Original file line number
+Diff line change
@@ Expand Up / @@ -170,7 +170,6 @@ export class ManifestTask { @@
               this.logger.error(
                 `unable to recover from error while attempting to retrieve last computed manifest`
               );
               return;
             }
           }
@@ Expand Down @@