[EDR Workflows][Device Control] Trusted Devices cypress coverage

src/platform/packages/shared/kbn-es/src/serverless_resources/project_roles/security/roles.yml

@@ -125,6 +125,7 @@ editor:
         - feature_siemV3.endpoint_list_all
         - feature_siemV3.global_artifact_management_all
         - feature_siemV3.trusted_applications_all
+        - feature_siemV3.trusted_devices_all
         - feature_siemV3.event_filters_all
         - feature_siemV3.host_isolation_exceptions_all
         - feature_siemV3.blocklist_all
@@ -315,6 +316,7 @@ t3_analyst:
         - feature_siemV3.endpoint_list_all
         - feature_siemV3.global_artifact_management_all
         - feature_siemV3.trusted_applications_all
+        - feature_siemV3.trusted_devices_all
         - feature_siemV3.event_filters_all
         - feature_siemV3.host_isolation_exceptions_all
         - feature_siemV3.blocklist_all
@@ -464,6 +466,7 @@ rule_author:
         - feature_siemV3.endpoint_list_all
         - feature_siemV3.global_artifact_management_all
         - feature_siemV3.trusted_applications_all
+        - feature_siemV3.trusted_devices_all
         - feature_siemV3.event_filters_all
         - feature_siemV3.host_isolation_exceptions_read
         - feature_siemV3.blocklist_all # Elastic Defend Policy Management
@@ -540,6 +543,7 @@ soc_manager:
         - feature_siemV3.endpoint_list_all
         - feature_siemV3.global_artifact_management_all
         - feature_siemV3.trusted_applications_all
+        - feature_siemV3.trusted_devices_all
         - feature_siemV3.event_filters_all
         - feature_siemV3.host_isolation_exceptions_all
         - feature_siemV3.blocklist_all
@@ -680,6 +684,7 @@ platform_engineer:
         - feature_siemV3.endpoint_list_all
         - feature_siemV3.global_artifact_management_all
         - feature_siemV3.trusted_applications_all
+        - feature_siemV3.trusted_devices_all
         - feature_siemV3.event_filters_all
         - feature_siemV3.host_isolation_exceptions_all
         - feature_siemV3.blocklist_all # Elastic Defend Policy Management
@@ -756,6 +761,7 @@ endpoint_operations_analyst:
         - feature_siemV3.endpoint_list_all
         - feature_siemV3.global_artifact_management_all
         - feature_siemV3.trusted_applications_all
+        - feature_siemV3.trusted_devices_all
         - feature_siemV3.event_filters_all
         - feature_siemV3.host_isolation_exceptions_all
         - feature_siemV3.blocklist_all

x-pack/solutions/security/plugins/security_solution/common/constants.ts

@@ -142,6 +142,7 @@ export const APP_POLICIES_PATH = `${APP_PATH}${POLICIES_PATH}` as const;
 export const APP_ENDPOINT_EXCEPTIONS_PATH = `${APP_PATH}${ENDPOINT_EXCEPTIONS_PATH}` as const;
 export const APP_MANAGE_PATH = `${APP_PATH}${MANAGE_PATH}` as const;
 export const APP_TRUSTED_APPS_PATH = `${APP_PATH}${TRUSTED_APPS_PATH}` as const;
+export const APP_TRUSTED_DEVICES_PATH = `${APP_PATH}${TRUSTED_DEVICES_PATH}` as const;
 export const APP_EVENT_FILTERS_PATH = `${APP_PATH}${EVENT_FILTERS_PATH}` as const;
 export const APP_HOST_ISOLATION_EXCEPTIONS_PATH =
   `${APP_PATH}${HOST_ISOLATION_EXCEPTIONS_PATH}` as const;

x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/trusted_devices.cy.ts

@@ -0,0 +1,159 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants';
+import {
+  createArtifactList,
+  createPerPolicyArtifact,
+  removeExceptionsList,
+  trustedDevicesFormSelectors,
+} from '../../tasks/artifacts';
+import type { IndexedFleetEndpointPolicyResponse } from '../../../../../common/endpoint/data_loaders/index_fleet_endpoint_policy';
+import { createAgentPolicyTask, getEndpointIntegrationVersion } from '../../tasks/fleet';
+import { login } from '../../tasks/login';
+
+const {
+  openTrustedDevices,
+  selectOs,
+  selectField,
+  selectOperator,
+  fillValue,
+  fillOutTrustedDevicesFlyout,
+  submitForm,
+  validateSuccessPopup,
+  validateRenderedCondition,
+  deleteTrustedDeviceItem,
+} = trustedDevicesFormSelectors;
+
+describe(
+  'Trusted Devices',
+  {
+    tags: ['@ess', '@serverless', '@skipInServerlessMKI'],
+    env: {
+      ftrConfig: {
+        kbnServerArgs: [
+          `--xpack.securitySolution.enableExperimental=${JSON.stringify(['trustedDevices'])}`,
+        ],
+      },
+    },
+  },
+  () => {
+    let indexedPolicy: IndexedFleetEndpointPolicyResponse;
+
+    before(() => {
+      getEndpointIntegrationVersion().then((version) => {
+        createAgentPolicyTask(version).then((data) => {
+          indexedPolicy = data;
+        });
+      });
+    });
+
+    beforeEach(() => {
+      login();
+    });
+
+    after(() => {
+      if (indexedPolicy) {
+        cy.task('deleteIndexedFleetEndpointPolicies', indexedPolicy);
+      }
+    });
+
+    const createArtifactBodyRequest = () => ({
+      list_id: ENDPOINT_ARTIFACT_LISTS.trustedDevices.id,
+      entries: [
+        {
+          field: 'user.name',
+          operator: 'included',
+          type: 'match',
+          value: 'test-user',
+        },
+      ],
+      os_types: ['windows', 'macos'],
+    });
+
+    describe('Renders Trusted Devices form fields', () => {
+      it('Correctly renders trusted devices form for Windows and Mac', () => {
+        openTrustedDevices({ create: true });
+
+        selectOs('Windows and Mac');
+
+        selectField('Username');
+        selectOperator('is');
+        fillValue('test-user');
+      });
+
+      it('Renders all field options correctly', () => {
+        openTrustedDevices({ create: true });
+        selectOs('Windows and Mac');
+
+        const fields: Array<'Username' | 'Host' | 'Device ID' | 'Manufacturer' | 'Product ID'> = [
+          'Username',
+          'Host',
+          'Device ID',
+          'Manufacturer',
+          'Product ID',
+        ];
+
+        fields.forEach((field) => {
+          selectField(field);
+          cy.getByTestSubj('trustedDevices-form-fieldSelect').should('contain', field);
+        });
+      });
+    });
+
+    describe('Handles CRUD with device fields', () => {
+      afterEach(() => {
+        removeExceptionsList(ENDPOINT_ARTIFACT_LISTS.trustedDevices.id);
+      });
+
+      it('Correctly creates a trusted device with a single username field on Windows and Mac', () => {
+        const expectedCondition = /user\.name\s*IS\s*test-user/i;
+
+        openTrustedDevices({ create: true });
+        fillOutTrustedDevicesFlyout();
+        selectOs('Windows and Mac');
+        selectField('Username');
+        selectOperator('is');
+        fillValue('test-user');
+        submitForm();
+
+        validateSuccessPopup('create');
+        validateRenderedCondition(expectedCondition);
+      });
+
+      describe('Correctly updates and deletes trusted device with single username field', () => {
+        let itemId: string;
+
+        beforeEach(() => {
+          createArtifactList(ENDPOINT_ARTIFACT_LISTS.trustedDevices.id);
+          createPerPolicyArtifact('Test Trusted Device', createArtifactBodyRequest()).then(
+            (response) => {
+              itemId = response.body.item_id;
+            }
+          );
+        });
+
+        it('Updates trusted device username field item', () => {
+          const expectedCondition = /user\.name\s*IS\s*updated-user/i;
+
+          openTrustedDevices({ itemId });
+          fillValue('updated-user');
+          submitForm();
+
+          validateSuccessPopup('update');
+          validateRenderedCondition(expectedCondition);
+        });
+
+        it('Deletes a trusted device item', () => {
+          openTrustedDevices();
+          deleteTrustedDeviceItem();
+          validateSuccessPopup('delete');
+        });
+      });
+    });
+  }
+);

x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/trusted_devices_rbac.cy.ts

@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getArtifactsListTestDataForArtifact } from '../../fixtures/artifacts_page';
+import { getArtifactMockedDataTests } from '../../support/artifacts_rbac_runner';
+
+describe(
+  'Trusted devices RBAC',
+  {
+    tags: ['@ess', '@serverless', '@skipInServerlessMKI'],
+    env: {
+      ftrConfig: {
+        kbnServerArgs: [
+          `--xpack.securitySolution.enableExperimental=${JSON.stringify(['trustedDevices'])}`,
+        ],
+      },
+    },
+  },
+
+  getArtifactMockedDataTests(getArtifactsListTestDataForArtifact('trustedDevices'), ['siemV3'])
+);

x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac.cy.ts

@@ -20,6 +20,13 @@ describe(
   'When defining a kibana role for Endpoint security access',
   {
     tags: '@ess',
+    env: {
+      ftrConfig: {
+        kbnServerArgs: [
+          `--xpack.securitySolution.enableExperimental=${JSON.stringify(['trustedDevices'])}`,
+        ],
+      },
+    },
   },
   () => {
     const getAllSubFeatureRows = (): Cypress.Chainable<JQuery<HTMLElement>> => {
@@ -55,6 +62,7 @@ describe(
           'Automatic Troubleshooting Access to the automatic troubleshooting.Automatic Troubleshooting sub-feature privilegeAllReadNone',
           'Global Artifact Management Manage global assignment of endpoint artifacts (e.g., Trusted Applications, Event Filters) across all policies. This privilege controls global assignment rights only; privileges for each artifact type are required for full artifact management.Global Artifact Management sub-feature privilegeAllNone',
           'Trusted Applications Helps mitigate conflicts with other software, usually other antivirus or endpoint security applications.Trusted Applications sub-feature privilegeAllReadNone',
+          'Trusted Devices Allows management of trusted USB and external devices that bypass device control protections.Trusted Devices sub-feature privilegeAllReadNone',
           'Host Isolation Exceptions Add specific IP addresses that isolated hosts are still allowed to communicate with, even when isolated from the rest of the network.Host Isolation Exceptions sub-feature privilegeAllReadNone',
           'Blocklist Extend Elastic Defend’s protection against malicious processes and protect against potentially harmful applications.Blocklist sub-feature privilegeAllReadNone',
           'Event Filters Filter out endpoint events that you do not need or want stored in Elasticsearch.Event Filters sub-feature privilegeAllReadNone',

x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/endpoint_role_rbac_with_space_awareness.cy.ts

@@ -38,6 +38,7 @@ describe(
         kbnServerArgs: [
           `--xpack.securitySolution.enableExperimental=${JSON.stringify([
             'endpointManagementSpaceAwarenessEnabled',
+            'trustedDevices',
           ])}`,
         ],
       },
@@ -107,6 +108,7 @@ describe(
           'Automatic TroubleshootingNone',
           'Global Artifact ManagementNone',
           'Trusted ApplicationsNone',
+          'Trusted DevicesNone',
           'Host Isolation ExceptionsNone',
           'BlocklistNone',
           'Event FiltersNone',