From 278d582b24f42ffb8a540d0fb0694afd6a5eb665 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Mon, 20 Jan 2025 19:45:36 +0100 Subject: [PATCH 1/8] migrate endpoint exceptions privilege --- .../src/product_features_privileges.ts | 30 ------------------- .../src/security/product_feature_config.ts | 4 +++ .../packages/features/src/security/types.ts | 7 ++--- .../security/v1_features/kibana_features.ts | 14 ++++++--- .../v1_features/kibana_sub_features.ts | 10 +++---- .../v2_features/kibana_sub_features.ts | 10 +++---- .../security_product_features_config.ts | 13 ++------ .../security_product_features_config.ts | 5 +--- 8 files changed, 28 insertions(+), 65 deletions(-) delete mode 100644 x-pack/solutions/security/packages/features/src/product_features_privileges.ts diff --git a/x-pack/solutions/security/packages/features/src/product_features_privileges.ts b/x-pack/solutions/security/packages/features/src/product_features_privileges.ts deleted file mode 100644 index 22b4e858e4a55..0000000000000 --- a/x-pack/solutions/security/packages/features/src/product_features_privileges.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { APP_ID } from './constants'; - -export enum ProductFeaturesPrivilegeId { - endpointExceptions = 'endpoint_exceptions', -} - -/** - * This is the mapping of the privileges that are registered - * using a different Kibana feature configuration (sub-feature, main feature privilege, etc) - * in each offering type (ess, serverless) - */ -export const ProductFeaturesPrivileges = { - [ProductFeaturesPrivilegeId.endpointExceptions]: { - all: { - ui: ['showEndpointExceptions', 'crudEndpointExceptions'], - api: [`${APP_ID}-showEndpointExceptions`, `${APP_ID}-crudEndpointExceptions`], - }, - read: { - ui: ['showEndpointExceptions'], - api: [`${APP_ID}-showEndpointExceptions`], - }, - }, -}; diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts index be72dcdbf9df8..58b966f7e9693 100644 --- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts +++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts @@ -66,6 +66,10 @@ export const securityDefaultProductFeaturesConfig: DefaultSecurityProductFeature }, }, + [ProductFeatureSecurityKey.endpointExceptions]: { + subFeatureIds: [SecuritySubFeatureId.endpointExceptions], + }, + [ProductFeatureSecurityKey.endpointHostManagement]: { subFeatureIds: [SecuritySubFeatureId.endpointList], }, diff --git a/x-pack/solutions/security/packages/features/src/security/types.ts b/x-pack/solutions/security/packages/features/src/security/types.ts index dda61b6e86b9a..363ecd91a0e4c 100644 --- a/x-pack/solutions/security/packages/features/src/security/types.ts +++ b/x-pack/solutions/security/packages/features/src/security/types.ts @@ -20,8 +20,7 @@ export interface SecurityFeatureParams { savedObjects: string[]; } -export type DefaultSecurityProductFeaturesConfig = Omit< - Record>, - ProductFeatureSecurityKey.endpointExceptions - // | add not generic security app features here +export type DefaultSecurityProductFeaturesConfig = Record< + ProductFeatureSecurityKey, + ProductFeatureKibanaConfig >; diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts index 84a2f71bb32ab..b97018f842324 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts @@ -94,12 +94,15 @@ export const getSecurityBaseKibanaFeature = ({ default: [ { feature: TIMELINE_FEATURE_ID, privileges: ['all'] }, { feature: NOTES_FEATURE_ID, privileges: ['all'] }, - { feature: SECURITY_FEATURE_ID_V2, privileges: ['all'] }, + { feature: SECURITY_FEATURE_ID_V2, privileges: ['all', 'endpoint_exceptions_all'] }, ], minimal: [ { feature: TIMELINE_FEATURE_ID, privileges: ['all'] }, { feature: NOTES_FEATURE_ID, privileges: ['all'] }, - { feature: SECURITY_FEATURE_ID_V2, privileges: ['minimal_all'] }, + { + feature: SECURITY_FEATURE_ID_V2, + privileges: ['minimal_all', 'endpoint_exceptions_all'], + }, ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], @@ -141,12 +144,15 @@ export const getSecurityBaseKibanaFeature = ({ default: [ { feature: TIMELINE_FEATURE_ID, privileges: ['read'] }, { feature: NOTES_FEATURE_ID, privileges: ['read'] }, - { feature: SECURITY_FEATURE_ID_V2, privileges: ['read'] }, + { feature: SECURITY_FEATURE_ID_V2, privileges: ['read', 'endpoint_exceptions_read'] }, ], minimal: [ { feature: TIMELINE_FEATURE_ID, privileges: ['read'] }, { feature: NOTES_FEATURE_ID, privileges: ['read'] }, - { feature: SECURITY_FEATURE_ID_V2, privileges: ['minimal_read'] }, + { + feature: SECURITY_FEATURE_ID_V2, + privileges: ['minimal_read', 'endpoint_exceptions_read'], + }, ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts index 8d3c9b4a36a2c..007da7320c519 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts @@ -8,10 +8,6 @@ import { i18n } from '@kbn/i18n'; import type { SubFeatureConfig } from '@kbn/features-plugin/common'; import { EXCEPTION_LIST_NAMESPACE_AGNOSTIC } from '@kbn/securitysolution-list-constants'; -import { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from '../../product_features_privileges'; import { SecuritySubFeatureId } from '../../product_features_keys'; import { APP_ID, SECURITY_FEATURE_ID_V2 } from '../../constants'; @@ -663,7 +659,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].all, + api: [`${APP_ID}-showEndpointExceptions`, `${APP_ID}-crudEndpointExceptions`], + ui: ['showEndpointExceptions', 'crudEndpointExceptions'], }, { replacedBy: [ @@ -676,7 +673,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].read, + api: [`${APP_ID}-showEndpointExceptions`], + ui: ['showEndpointExceptions'], }, ], }, diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts index d4a20c92bc74c..dc166bceb1336 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts @@ -8,10 +8,6 @@ import { i18n } from '@kbn/i18n'; import type { SubFeatureConfig } from '@kbn/features-plugin/common'; import { EXCEPTION_LIST_NAMESPACE_AGNOSTIC } from '@kbn/securitysolution-list-constants'; -import { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from '../../product_features_privileges'; import { SecuritySubFeatureId } from '../../product_features_keys'; import { APP_ID } from '../../constants'; @@ -680,7 +676,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].all, + api: [`${APP_ID}-showEndpointExceptions`, `${APP_ID}-crudEndpointExceptions`], + ui: ['showEndpointExceptions', 'crudEndpointExceptions'], }, { id: 'endpoint_exceptions_read', @@ -690,7 +687,8 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ all: [], read: [], }, - ...ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions].read, + api: [`${APP_ID}-showEndpointExceptions`], + ui: ['showEndpointExceptions'], }, ], }, diff --git a/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts b/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts index 0cec48bda5e44..d4a40308417c8 100644 --- a/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts +++ b/x-pack/solutions/security/plugins/security_solution_ess/server/product_features/security_product_features_config.ts @@ -9,18 +9,12 @@ import type { ProductFeatureKibanaConfig, ProductFeaturesSecurityConfig, } from '@kbn/security-solution-features'; -import { - ProductFeatureSecurityKey, - type SecuritySubFeatureId, -} from '@kbn/security-solution-features/keys'; +import type { ProductFeatureSecurityKey } from '@kbn/security-solution-features/keys'; +import { type SecuritySubFeatureId } from '@kbn/security-solution-features/keys'; import { securityDefaultProductFeaturesConfig, createEnabledProductFeaturesConfigMap, } from '@kbn/security-solution-features/config'; -import { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from '@kbn/security-solution-features/privileges'; export const getSecurityProductFeaturesConfigurator = (enabledProductFeatureKeys: ProductFeatureKeys) => (): ProductFeaturesSecurityConfig => { @@ -44,7 +38,4 @@ const securityProductFeaturesConfig: Record< ProductFeatureKibanaConfig > = { ...securityDefaultProductFeaturesConfig, - [ProductFeatureSecurityKey.endpointExceptions]: { - privileges: ProductFeaturesPrivileges[ProductFeaturesPrivilegeId.endpointExceptions], - }, }; diff --git a/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts b/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts index caec038374c23..97dc13dc4f965 100644 --- a/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts +++ b/x-pack/solutions/security/plugins/security_solution_serverless/server/product_features/security_product_features_config.ts @@ -13,7 +13,7 @@ import { securityDefaultProductFeaturesConfig, createEnabledProductFeaturesConfigMap, } from '@kbn/security-solution-features/config'; -import { +import type { ProductFeatureSecurityKey, SecuritySubFeatureId, } from '@kbn/security-solution-features/keys'; @@ -45,7 +45,4 @@ const securityProductFeaturesConfig: Record< ProductFeatureKibanaConfig > = { ...securityDefaultProductFeaturesConfig, - [ProductFeatureSecurityKey.endpointExceptions]: { - subFeatureIds: [SecuritySubFeatureId.endpointExceptions], - }, }; From b68421fe002394d5b697809f4d353432aa5c4f6d Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Mon, 20 Jan 2025 19:48:38 +0100 Subject: [PATCH 2/8] sub-feature description --- .../features/src/security/v2_features/kibana_sub_features.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts index dc166bceb1336..68f20626de451 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts @@ -661,7 +661,7 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ description: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.description', { - defaultMessage: 'Use Endpoint Exceptions (this is a test sub-feature).', + defaultMessage: 'Manage Endpoint Exceptions.', } ), privilegeGroups: [ From f13287d6159a25ce70dc726d183c0f035b0d1184 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Mon, 20 Jan 2025 20:15:15 +0100 Subject: [PATCH 3/8] change include to none --- .../features/src/security/v2_features/kibana_sub_features.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts index 68f20626de451..e199f5e0b3cdc 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts @@ -670,7 +670,7 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ privileges: [ { id: 'endpoint_exceptions_all', - includeIn: 'all', + includeIn: 'none', name: 'All', savedObject: { all: [], @@ -681,7 +681,7 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ }, { id: 'endpoint_exceptions_read', - includeIn: 'read', + includeIn: 'none', name: 'Read', savedObject: { all: [], From 4159c0bbd42068708354472b7e0f59e1163b36f7 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Tue, 21 Jan 2025 16:00:08 +0100 Subject: [PATCH 4/8] remove unnecessary file --- .../solutions/security/packages/features/privileges.ts | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 x-pack/solutions/security/packages/features/privileges.ts diff --git a/x-pack/solutions/security/packages/features/privileges.ts b/x-pack/solutions/security/packages/features/privileges.ts deleted file mode 100644 index 5cfe7b2d58d3b..0000000000000 --- a/x-pack/solutions/security/packages/features/privileges.ts +++ /dev/null @@ -1,10 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -export { - ProductFeaturesPrivilegeId, - ProductFeaturesPrivileges, -} from './src/product_features_privileges'; From 8e2d89dc031996c5c7768df2ed40536c3d59f7b7 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Tue, 21 Jan 2025 16:15:13 +0100 Subject: [PATCH 5/8] fix wrong descriptions --- .../features/src/security/v1_features/kibana_sub_features.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts index 007da7320c519..b0d39efe7da6c 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts @@ -641,7 +641,7 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ description: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.description', { - defaultMessage: 'Use Endpoint Exceptions (this is a test sub-feature).', + defaultMessage: 'Use Endpoint Exceptions.', } ), privilegeGroups: [ From 356b14aa0babe9b77a96665b175cc15bdd6157a2 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Tue, 21 Jan 2025 16:16:24 +0100 Subject: [PATCH 6/8] use same description key and translation --- .../features/src/security/v2_features/kibana_sub_features.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts index e199f5e0b3cdc..a6adee7bc540a 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts @@ -661,7 +661,7 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ description: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.description', { - defaultMessage: 'Manage Endpoint Exceptions.', + defaultMessage: 'Use Endpoint Exceptions.', } ), privilegeGroups: [ From 1d4df1d710e9dbae413819ea8fd6dc9f0816dfa3 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Wed, 22 Jan 2025 10:41:35 +0100 Subject: [PATCH 7/8] keep sub-feature aligned with main feature --- .../src/security/v2_features/kibana_sub_features.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts index a6adee7bc540a..324af3b5ba140 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts @@ -670,7 +670,7 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ privileges: [ { id: 'endpoint_exceptions_all', - includeIn: 'none', + includeIn: 'all', name: 'All', savedObject: { all: [], @@ -681,7 +681,7 @@ const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ }, { id: 'endpoint_exceptions_read', - includeIn: 'none', + includeIn: 'read', name: 'Read', savedObject: { all: [], @@ -721,11 +721,11 @@ export const getSecurityV2SubFeaturesMap = ({ }; const securitySubFeaturesList: Array<[SecuritySubFeatureId, SubFeatureConfig]> = [ - [SecuritySubFeatureId.endpointList, enableSpaceAwarenessIfNeeded(endpointListSubFeature())], [ SecuritySubFeatureId.endpointExceptions, enableSpaceAwarenessIfNeeded(endpointExceptionsSubFeature()), ], + [SecuritySubFeatureId.endpointList, enableSpaceAwarenessIfNeeded(endpointListSubFeature())], [ SecuritySubFeatureId.trustedApplications, enableSpaceAwarenessIfNeeded(trustedApplicationsSubFeature()), From bd620a1da5f3f9f7fb4ab10643d7e6462f6ec8e0 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Wed, 22 Jan 2025 16:32:05 +0100 Subject: [PATCH 8/8] keep default unchanged --- .../features/src/security/v1_features/kibana_features.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts index b97018f842324..b5c5920db0c33 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts @@ -94,7 +94,7 @@ export const getSecurityBaseKibanaFeature = ({ default: [ { feature: TIMELINE_FEATURE_ID, privileges: ['all'] }, { feature: NOTES_FEATURE_ID, privileges: ['all'] }, - { feature: SECURITY_FEATURE_ID_V2, privileges: ['all', 'endpoint_exceptions_all'] }, + { feature: SECURITY_FEATURE_ID_V2, privileges: ['all'] }, ], minimal: [ { feature: TIMELINE_FEATURE_ID, privileges: ['all'] }, @@ -144,7 +144,7 @@ export const getSecurityBaseKibanaFeature = ({ default: [ { feature: TIMELINE_FEATURE_ID, privileges: ['read'] }, { feature: NOTES_FEATURE_ID, privileges: ['read'] }, - { feature: SECURITY_FEATURE_ID_V2, privileges: ['read', 'endpoint_exceptions_read'] }, + { feature: SECURITY_FEATURE_ID_V2, privileges: ['read'] }, ], minimal: [ { feature: TIMELINE_FEATURE_ID, privileges: ['read'] },