[EDR Workflows][Device Control] Trusted Devices CRUD #230174
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…/kibana into device-control-rbac
Contributor
gergoabraham
left a comment
gergoabraham
left a comment
There was a problem hiding this comment.
looks good! added some comments below, and here are some findings and questions:
space awareness
trusted devices doesn't seem to be space aware. if you create a per policy trusted device in one space, it is still visible in another space, while it shouldn't be.
Screen.Recording.2025-08-14.at.11.21.14.mov
more than one condition?
this is rather a product question: do we want to add multiple conditions instead of just having one? similarly to trusted apps, where (in basic mode) only a small number of fields are available, but you can still add multiple conditions
cannot focus on value field
if you open a dropdown, and then click on the value field, it won't receive focus.
this works well when coming from the OS dropdown, but does not when coming from the field or operator dropdown - probably there's a re-render behind the validation of those ones.
Screen.Recording.2025-08-14.at.11.09.30.mov
...plugins/security_solution/public/management/pages/trusted_devices/service/transforms.test.ts
Show resolved
Hide resolved
...y/plugins/security_solution/public/management/pages/trusted_devices/view/components/form.tsx
Outdated
Show resolved
Hide resolved
...y/plugins/security_solution/public/management/pages/trusted_devices/view/components/form.tsx
Outdated
Show resolved
Hide resolved
...y/plugins/security_solution/public/management/pages/trusted_devices/view/components/form.tsx
Outdated
Show resolved
Hide resolved
Contributor
Author
|
@gergoabraham Thanks for the CR, @gergoabraham.
|
gergoabraham
approved these changes
Aug 15, 2025
Contributor
gergoabraham
left a comment
gergoabraham
left a comment
There was a problem hiding this comment.
@gergoabraham
CC @paul-tavaresThanks for the CR, @gergoabraham.
Space awareness will be handled in the next PR, which will focus on the validators (extension points for the list plugin). That one will be another fairly large PR, and I’d rather not add a few hundred more lines here. ;) (https://github.com/elastic/security-team/issues/13302)
It was a product decision to stick with a single condition form for now.
As we discussed offline - I tracked the cause down to a SuperSelect issue. It aggressively sets focus on itself onBlur. We decided to leave it as is, since it’s an edge case with minimal impact on user experience. Alternative components have their own quirks as well. :/
thanks for the changes and the explanations above. let's go! 🚀
Contributor
paul-tavares
left a comment
paul-tavares
left a comment
There was a problem hiding this comment.
Did not run it locally, but code looks good. Only saw one thing that needs to be addressed
|
|
||
| <EuiHorizontalRule /> | ||
|
|
||
| <EuiFormRow fullWidth data-test-subj={getTestId('policySelection')}> |
Contributor
There was a problem hiding this comment.
This needs to be placed behind a conditional statement that checks license level. See how other artifacts implemented for reference - there is a hook you can use: useCanAssignArtifactPerPolicy()
Also make sure you add tests for it (for when license is below platinum with create and edit flows)
Contributor
Author
There was a problem hiding this comment.
You're right, I misunderstood the purpose of these checks. Thanks for pointing it out!
f226a89
NicholasPeretti
pushed a commit
to NicholasPeretti/kibana
that referenced
this pull request
Aug 18, 2025
…29921) Prerequisite elastic#228958 Followup elastic#230174 ### Device Control — Trusted Devices (UI only) This is the next PR in the Device Control series and focuses on the UI for **Trusted Devices**. **What’s included** - New **Trusted Devices** section under **Management** and a “Trusted devices” tab in policy settings. - Lists API now accepts the `trusted_device` list type (read-only for now). - Feature flag and RBAC/PLI visibility wired up. **What’s missing** - Artifact CRUD ops; the form is stubbed and will be completed in the next PR. **Heads-up** All texts and icons are placeholders while we wait for final assets. That shouldn’t block this PR - we’ll merge with the feature flag disabled. See the attached screenshots for how it behaves in various states. <img width="1405" height="967" alt="Screenshot 2025-07-29 at 13 57 46" src="https://github.com/user-attachments/assets/2c3a3951-5410-44cf-b533-2865a342eb13" /> <img width="1402" height="1124" alt="Screenshot 2025-07-29 at 13 57 59" src="https://github.com/user-attachments/assets/796bc42e-7a40-4306-a6c2-73cb850329aa" /> <img width="1419" height="1142" alt="Screenshot 2025-07-29 at 13 58 06" src="https://github.com/user-attachments/assets/8289d165-8a66-4b12-b554-8dc38b7022c8" /> <img width="1407" height="887" alt="Screenshot 2025-07-29 at 16 51 25" src="https://github.com/user-attachments/assets/39e0543f-d0bc-4698-a169-e6dc54c8c934" /> <img width="1420" height="1181" alt="Screenshot 2025-07-30 at 09 20 46" src="https://github.com/user-attachments/assets/f82b8551-6ada-4ac7-980a-f56daf4f22df" /> <img width="1396" height="1216" alt="Screenshot 2025-07-30 at 09 21 02" src="https://github.com/user-attachments/assets/fb0a1cd2-2e8b-417a-800c-b02926dfe79f" /> <details><summary>ESS Feature Flag Disabled 📸 </summary> <img width="1424" height="880" alt="Screenshot 2025-07-30 at 09 35 27" src="https://github.com/user-attachments/assets/c7b517ed-367f-4783-ad28-5089e7e59341" /> <img width="1399" height="992" alt="Screenshot 2025-07-30 at 09 35 58" src="https://github.com/user-attachments/assets/227944d1-121c-443c-bd54-6b731476cfe1" /> <img width="1412" height="853" alt="Screenshot 2025-07-30 at 09 36 14" src="https://github.com/user-attachments/assets/de37e0af-a9e2-45c7-bb8e-736ecca8c473" /> <img width="1418" height="975" alt="Screenshot 2025-07-30 at 09 36 38" src="https://github.com/user-attachments/assets/9bff9aeb-4cdf-4d33-80a7-4fb765c1e38a" /> <img width="1373" height="1069" alt="Screenshot 2025-07-30 at 09 37 01" src="https://github.com/user-attachments/assets/010a45f9-67ef-439b-a413-8d5c69aa2622" /> <img width="1407" height="826" alt="Screenshot 2025-07-30 at 09 37 16" src="https://github.com/user-attachments/assets/a889f4f9-b4cd-4803-b176-addbd081b161" /> <img width="1405" height="955" alt="Screenshot 2025-07-30 at 09 37 28" src="https://github.com/user-attachments/assets/0f5fee8a-79ee-4b74-9975-013ee13ca0f8" /> </details> <details><summary>ESS Platinum Feature Flag Enabled 📸 </summary> <img width="1427" height="968" alt="Screenshot 2025-07-30 at 09 41 05" src="https://github.com/user-attachments/assets/2bccb7a7-2931-413f-bfae-9d9e7a439236" /> <img width="1413" height="885" alt="Screenshot 2025-07-30 at 09 41 57" src="https://github.com/user-attachments/assets/dd72c88f-ddc1-4b85-9732-fde5877d976f" /> <img width="1338" height="893" alt="Screenshot 2025-07-30 at 09 42 13" src="https://github.com/user-attachments/assets/90e52017-d7b0-48e2-8e4d-1972a1addbe8" /> <img width="1402" height="1377" alt="Screenshot 2025-07-30 at 09 42 26" src="https://github.com/user-attachments/assets/4623dfdd-40e3-471c-b993-c52bcba05ca9" /> <img width="1413" height="1375" alt="Screenshot 2025-07-30 at 09 42 38" src="https://github.com/user-attachments/assets/6deba224-85d2-4356-adc7-59dc9b951d46" /> <img width="1411" height="1379" alt="Screenshot 2025-07-30 at 09 42 49" src="https://github.com/user-attachments/assets/dabb63b4-840d-47f2-82bb-509656723ba4" /> <img width="1415" height="934" alt="Screenshot 2025-07-30 at 09 44 25" src="https://github.com/user-attachments/assets/bc8d59bb-698a-463d-b5e9-d803ddf7310a" /> </details> <details><summary>Serverless Complete Feature Flag Enabled 📸 </summary> <img width="1408" height="940" alt="Screenshot 2025-07-30 at 09 48 37" src="https://github.com/user-attachments/assets/df052087-16cd-4514-bad0-6d426d2d40fe" /> </details> <details><summary>Serverless Complete Feature Flag Disabled 📸 </summary> <img width="1419" height="1175" alt="Screenshot 2025-07-30 at 09 57 31" src="https://github.com/user-attachments/assets/7da1e6f9-c34d-4785-b474-978a1b8054c6" /> </details> <details><summary>Serverless Essentials Feature Flag Enabled 📸 </summary> <img width="1423" height="1090" alt="Screenshot 2025-07-30 at 10 03 09" src="https://github.com/user-attachments/assets/7ec19cee-5665-48b8-b17e-517f19b319fe" /> <img width="1418" height="1092" alt="Screenshot 2025-07-30 at 10 03 45" src="https://github.com/user-attachments/assets/05a021fb-c258-48dc-84bb-d02b3a435911" /> <img width="1418" height="883" alt="Screenshot 2025-07-30 at 10 04 15" src="https://github.com/user-attachments/assets/732ef702-7407-47d0-b8fa-4937b4c6c1cb" /> <img width="1412" height="1026" alt="Screenshot 2025-07-30 at 10 04 51" src="https://github.com/user-attachments/assets/f263892d-4d0b-4993-a65f-730400b57c0a" /> <img width="1418" height="811" alt="Screenshot 2025-07-30 at 10 04 58" src="https://github.com/user-attachments/assets/53336a3d-1b04-41a6-b94e-4ac5e9d6810c" /> <img width="1406" height="1378" alt="Screenshot 2025-07-30 at 10 05 19" src="https://github.com/user-attachments/assets/52e822e6-4c74-46ee-9b45-1552659c2671" /> <img width="1425" height="1007" alt="Screenshot 2025-07-30 at 10 05 36" src="https://github.com/user-attachments/assets/56a0db6f-f295-457f-82bf-1637f4ea85cb" /> </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
paul-tavares
approved these changes
Aug 19, 2025
| > | ||
| <EuiComboBox | ||
| isInvalid={visitedFields.os && !!validationResult.errors.os} | ||
| placeholder="Select an operating system" |
Contributor
There was a problem hiding this comment.
This needs to be i18n
Comment on lines
+212
to
+214
| selectedOptions={OS_OPTIONS.filter( | ||
| (option) => JSON.stringify(option.value) === JSON.stringify(selectedOs) | ||
| )} |
Contributor
There was a problem hiding this comment.
Is this expensive? should it be momoized via memo()?
Contributor
Author
There was a problem hiding this comment.
It's only 3 options, I believe we are good :)
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
History
|
szwarckonrad
added a commit
that referenced
this pull request
Aug 21, 2025
Prerequisite #230174 Followup #231888 This PR introduces trusted devices as a new artifact type in the Security Solution, enabling device-based allow-listing for endpoint security policies. ### Flow: <details><summary>User enables Device Control in policy settings 🖼️ </summary> <img width="985" height="356" alt="Screenshot 2025-08-11 at 12 53 59" src="https://github.com/user-attachments/assets/6da861ca-4b78-4704-ab12-9bd7cc602d05" /> </details> <details><summary>User adds Trusted Device that will add a whitelist condition to otherwise block policy 🖼️ </summary> <img width="1028" height="530" alt="Screenshot 2025-08-11 at 12 54 10" src="https://github.com/user-attachments/assets/bb801d77-398f-43ff-963a-d91e1c2372f9" /> </details> <details><summary>Artifact is being generated and can be viewed in Agent policy 🖼️ </summary> <img width="620" height="724" alt="Screenshot 2025-08-11 at 12 59 40" src="https://github.com/user-attachments/assets/ac36b3ed-ac1e-4931-8441-d85945629417" /> </details> <details><summary>Artifact can be decoded from index storage 🖼️ </summary> <img width="658" height="684" alt="Screenshot 2025-08-11 at 12 57 38" src="https://github.com/user-attachments/assets/5b6337dc-59e1-4598-8b37-196ece4af5c3" /> </details> <details><summary>Artifact can be decoded from fleet server API 🖼️ </summary> <img width="1253" height="368" alt="Screenshot 2025-08-12 at 12 02 21" src="https://github.com/user-attachments/assets/80229167-25f3-4413-be4e-a127d99faa99" /> </details> ### New Functionality: - **Trusted devices schema and types** - Complete validation schemas for device identification fields (USERNAME, HOST, DEVICE_ID, MANUFACTURER, PRODUCT_ID) - **Artifact integration** - Trusted devices now build and distribute alongside other artifact types (trusted apps, blocklists, etc.) - **Feature flag gating** - Controlled rollout via `trustedDevices` experimental feature - **OS support** - Windows and macOS (Linux support planned for future) ### Key Components: - **API schemas** - GET, POST, PUT request validation with proper field restrictions - **Manifest manager integration** - `buildTrustedDevicesArtifacts()` method following established patterns - **Artifact constants** - Support for `endpoint-trusteddevicelist-{os}-v1` naming convention - **Effect scopes** - Global and policy-specific device trust configurations - **Unit test coverage** - extended existing test coverage as well as introduced new test files where needed --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Aug 26, 2025
…29921) Prerequisite elastic#228958 Followup elastic#230174 ### Device Control — Trusted Devices (UI only) This is the next PR in the Device Control series and focuses on the UI for **Trusted Devices**. **What’s included** - New **Trusted Devices** section under **Management** and a “Trusted devices” tab in policy settings. - Lists API now accepts the `trusted_device` list type (read-only for now). - Feature flag and RBAC/PLI visibility wired up. **What’s missing** - Artifact CRUD ops; the form is stubbed and will be completed in the next PR. **Heads-up** All texts and icons are placeholders while we wait for final assets. That shouldn’t block this PR - we’ll merge with the feature flag disabled. See the attached screenshots for how it behaves in various states. <img width="1405" height="967" alt="Screenshot 2025-07-29 at 13 57 46" src="https://github.com/user-attachments/assets/2c3a3951-5410-44cf-b533-2865a342eb13" /> <img width="1402" height="1124" alt="Screenshot 2025-07-29 at 13 57 59" src="https://github.com/user-attachments/assets/796bc42e-7a40-4306-a6c2-73cb850329aa" /> <img width="1419" height="1142" alt="Screenshot 2025-07-29 at 13 58 06" src="https://github.com/user-attachments/assets/8289d165-8a66-4b12-b554-8dc38b7022c8" /> <img width="1407" height="887" alt="Screenshot 2025-07-29 at 16 51 25" src="https://github.com/user-attachments/assets/39e0543f-d0bc-4698-a169-e6dc54c8c934" /> <img width="1420" height="1181" alt="Screenshot 2025-07-30 at 09 20 46" src="https://github.com/user-attachments/assets/f82b8551-6ada-4ac7-980a-f56daf4f22df" /> <img width="1396" height="1216" alt="Screenshot 2025-07-30 at 09 21 02" src="https://github.com/user-attachments/assets/fb0a1cd2-2e8b-417a-800c-b02926dfe79f" /> <details><summary>ESS Feature Flag Disabled 📸 </summary> <img width="1424" height="880" alt="Screenshot 2025-07-30 at 09 35 27" src="https://github.com/user-attachments/assets/c7b517ed-367f-4783-ad28-5089e7e59341" /> <img width="1399" height="992" alt="Screenshot 2025-07-30 at 09 35 58" src="https://github.com/user-attachments/assets/227944d1-121c-443c-bd54-6b731476cfe1" /> <img width="1412" height="853" alt="Screenshot 2025-07-30 at 09 36 14" src="https://github.com/user-attachments/assets/de37e0af-a9e2-45c7-bb8e-736ecca8c473" /> <img width="1418" height="975" alt="Screenshot 2025-07-30 at 09 36 38" src="https://github.com/user-attachments/assets/9bff9aeb-4cdf-4d33-80a7-4fb765c1e38a" /> <img width="1373" height="1069" alt="Screenshot 2025-07-30 at 09 37 01" src="https://github.com/user-attachments/assets/010a45f9-67ef-439b-a413-8d5c69aa2622" /> <img width="1407" height="826" alt="Screenshot 2025-07-30 at 09 37 16" src="https://github.com/user-attachments/assets/a889f4f9-b4cd-4803-b176-addbd081b161" /> <img width="1405" height="955" alt="Screenshot 2025-07-30 at 09 37 28" src="https://github.com/user-attachments/assets/0f5fee8a-79ee-4b74-9975-013ee13ca0f8" /> </details> <details><summary>ESS Platinum Feature Flag Enabled 📸 </summary> <img width="1427" height="968" alt="Screenshot 2025-07-30 at 09 41 05" src="https://github.com/user-attachments/assets/2bccb7a7-2931-413f-bfae-9d9e7a439236" /> <img width="1413" height="885" alt="Screenshot 2025-07-30 at 09 41 57" src="https://github.com/user-attachments/assets/dd72c88f-ddc1-4b85-9732-fde5877d976f" /> <img width="1338" height="893" alt="Screenshot 2025-07-30 at 09 42 13" src="https://github.com/user-attachments/assets/90e52017-d7b0-48e2-8e4d-1972a1addbe8" /> <img width="1402" height="1377" alt="Screenshot 2025-07-30 at 09 42 26" src="https://github.com/user-attachments/assets/4623dfdd-40e3-471c-b993-c52bcba05ca9" /> <img width="1413" height="1375" alt="Screenshot 2025-07-30 at 09 42 38" src="https://github.com/user-attachments/assets/6deba224-85d2-4356-adc7-59dc9b951d46" /> <img width="1411" height="1379" alt="Screenshot 2025-07-30 at 09 42 49" src="https://github.com/user-attachments/assets/dabb63b4-840d-47f2-82bb-509656723ba4" /> <img width="1415" height="934" alt="Screenshot 2025-07-30 at 09 44 25" src="https://github.com/user-attachments/assets/bc8d59bb-698a-463d-b5e9-d803ddf7310a" /> </details> <details><summary>Serverless Complete Feature Flag Enabled 📸 </summary> <img width="1408" height="940" alt="Screenshot 2025-07-30 at 09 48 37" src="https://github.com/user-attachments/assets/df052087-16cd-4514-bad0-6d426d2d40fe" /> </details> <details><summary>Serverless Complete Feature Flag Disabled 📸 </summary> <img width="1419" height="1175" alt="Screenshot 2025-07-30 at 09 57 31" src="https://github.com/user-attachments/assets/7da1e6f9-c34d-4785-b474-978a1b8054c6" /> </details> <details><summary>Serverless Essentials Feature Flag Enabled 📸 </summary> <img width="1423" height="1090" alt="Screenshot 2025-07-30 at 10 03 09" src="https://github.com/user-attachments/assets/7ec19cee-5665-48b8-b17e-517f19b319fe" /> <img width="1418" height="1092" alt="Screenshot 2025-07-30 at 10 03 45" src="https://github.com/user-attachments/assets/05a021fb-c258-48dc-84bb-d02b3a435911" /> <img width="1418" height="883" alt="Screenshot 2025-07-30 at 10 04 15" src="https://github.com/user-attachments/assets/732ef702-7407-47d0-b8fa-4937b4c6c1cb" /> <img width="1412" height="1026" alt="Screenshot 2025-07-30 at 10 04 51" src="https://github.com/user-attachments/assets/f263892d-4d0b-4993-a65f-730400b57c0a" /> <img width="1418" height="811" alt="Screenshot 2025-07-30 at 10 04 58" src="https://github.com/user-attachments/assets/53336a3d-1b04-41a6-b94e-4ac5e9d6810c" /> <img width="1406" height="1378" alt="Screenshot 2025-07-30 at 10 05 19" src="https://github.com/user-attachments/assets/52e822e6-4c74-46ee-9b45-1552659c2671" /> <img width="1425" height="1007" alt="Screenshot 2025-07-30 at 10 05 36" src="https://github.com/user-attachments/assets/56a0db6f-f295-457f-82bf-1637f4ea85cb" /> </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Aug 26, 2025
Prerequisite elastic#229921 Followup elastic#231167 This PR introduces the Trusted Devices functionality. With these changes, users can: 1. Create Trusted Devices using filters and matching patterns 2. Update existing Trusted Devices 3. Delete Trusted Devices 4. Assign a Trusted Device either globally or to specific policies All functionality is gated behind a feature flag. **Note:** The next PR will introduce artifact creation for Trusted Devices. These artifacts will be consumed by the Endpoint. <img width="1590" height="902" alt="Screenshot 2025-08-08 at 16 19 25" src="https://github.com/user-attachments/assets/e2c0c3e7-e324-49b3-a79a-0e89c232727a" /> <img width="1589" height="932" alt="Screenshot 2025-08-08 at 16 21 28" src="https://github.com/user-attachments/assets/7d508aca-f8dc-40fb-8f45-cac548869960" /> <details><summary>More screenshots</summary> <img width="1591" height="930" alt="Screenshot 2025-08-08 at 16 24 48" src="https://github.com/user-attachments/assets/07bfab25-68ed-4de3-8b8e-7d657d4b5fe3" /> <img width="1563" height="862" alt="Screenshot 2025-08-08 at 16 25 08" src="https://github.com/user-attachments/assets/a4170927-dcb4-4d9a-9327-e26098851532" /> <img width="1589" height="933" alt="Screenshot 2025-08-08 at 16 25 27" src="https://github.com/user-attachments/assets/b43862f3-23f2-48cc-80e8-a8a6f219cf48" /> <img width="731" height="813" alt="Screenshot 2025-08-08 at 16 26 12" src="https://github.com/user-attachments/assets/65334d91-c4e2-4868-924d-e202793dd38d" /> <img width="1309" height="750" alt="Screenshot 2025-08-08 at 16 26 44" src="https://github.com/user-attachments/assets/43e7ae73-f3cb-49ce-a499-7a7587c249c2" /> </details> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Aug 26, 2025
…1167) Prerequisite elastic#230174 Followup elastic#231888 This PR introduces trusted devices as a new artifact type in the Security Solution, enabling device-based allow-listing for endpoint security policies. ### Flow: <details><summary>User enables Device Control in policy settings 🖼️ </summary> <img width="985" height="356" alt="Screenshot 2025-08-11 at 12 53 59" src="https://github.com/user-attachments/assets/6da861ca-4b78-4704-ab12-9bd7cc602d05" /> </details> <details><summary>User adds Trusted Device that will add a whitelist condition to otherwise block policy 🖼️ </summary> <img width="1028" height="530" alt="Screenshot 2025-08-11 at 12 54 10" src="https://github.com/user-attachments/assets/bb801d77-398f-43ff-963a-d91e1c2372f9" /> </details> <details><summary>Artifact is being generated and can be viewed in Agent policy 🖼️ </summary> <img width="620" height="724" alt="Screenshot 2025-08-11 at 12 59 40" src="https://github.com/user-attachments/assets/ac36b3ed-ac1e-4931-8441-d85945629417" /> </details> <details><summary>Artifact can be decoded from index storage 🖼️ </summary> <img width="658" height="684" alt="Screenshot 2025-08-11 at 12 57 38" src="https://github.com/user-attachments/assets/5b6337dc-59e1-4598-8b37-196ece4af5c3" /> </details> <details><summary>Artifact can be decoded from fleet server API 🖼️ </summary> <img width="1253" height="368" alt="Screenshot 2025-08-12 at 12 02 21" src="https://github.com/user-attachments/assets/80229167-25f3-4413-be4e-a127d99faa99" /> </details> ### New Functionality: - **Trusted devices schema and types** - Complete validation schemas for device identification fields (USERNAME, HOST, DEVICE_ID, MANUFACTURER, PRODUCT_ID) - **Artifact integration** - Trusted devices now build and distribute alongside other artifact types (trusted apps, blocklists, etc.) - **Feature flag gating** - Controlled rollout via `trustedDevices` experimental feature - **OS support** - Windows and macOS (Linux support planned for future) ### Key Components: - **API schemas** - GET, POST, PUT request validation with proper field restrictions - **Manifest manager integration** - `buildTrustedDevicesArtifacts()` method following established patterns - **Artifact constants** - Support for `endpoint-trusteddevicelist-{os}-v1` naming convention - **Effect scopes** - Global and policy-specific device trust configurations - **Unit test coverage** - extended existing test coverage as well as introduced new test files where needed --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prerequisite #229921
Followup #231167
This PR introduces the Trusted Devices functionality. With these changes, users can:
All functionality is gated behind a feature flag.
Note: The next PR will introduce artifact creation for Trusted Devices. These artifacts will be consumed by the Endpoint.
More screenshots