From 33a6307b116280647b84f338734f8839410ec2bc Mon Sep 17 00:00:00 2001
From: Tiago Vila Verde <tiago.vilaverde@elastic.co>
Date: Fri, 20 Jun 2025 19:23:06 +0200
Subject: [PATCH] [Entity Analytics][Privmon] Remove the GET user route
 (#223618)

This PR removes the current GET user route as it works with IDs and we
do not use IDs in privmon.
We'd rather remove this before it gets documented and pushed out. We can
revert this PR later if needed

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Mark Hopkin <mark.hopkin@elastic.co>
---
 oas_docs/output/kibana.serverless.yaml        | 18 -------
 oas_docs/output/kibana.yaml                   | 18 -------
 .../privilege_monitoring/users/get.gen.ts     | 28 ----------
 .../users/get.schema.yaml                     | 25 ---------
 .../common/api/quickstart_client.gen.ts       | 19 -------
 ...alytics_api_2023_10_31.bundled.schema.yaml | 18 -------
 ...alytics_api_2023_10_31.bundled.schema.yaml | 18 -------
 .../register_privilege_monitoring_routes.ts   |  2 -
 .../privilege_monitoring/routes/users/get.ts  | 54 -------------------
 .../routes/users/index.ts                     |  1 -
 .../services/security_solution_api.gen.ts     | 16 ------
 .../privileged_users/api.ts                   | 16 ------
 12 files changed, 233 deletions(-)
 delete mode 100644 x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.gen.ts
 delete mode 100644 x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.schema.yaml
 delete mode 100644 x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/get.ts

diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml
index a16ee35a2c5d..4a827f8a8fe5 100644
--- a/oas_docs/output/kibana.serverless.yaml
+++ b/oas_docs/output/kibana.serverless.yaml
@@ -11271,24 +11271,6 @@ paths:
       summary: Delete a monitored user
       tags:
         - Security Entity Analytics API
-    get:
-      operationId: GetPrivMonUser
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc'
-          description: User details retrieved
-      summary: Retrieve a monitored user by ID
-      tags:
-        - Security Entity Analytics API
     put:
       operationId: UpdatePrivMonUser
       parameters:
diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml
index e41ca2f68acc..7ae00a6738fd 100644
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@@ -13430,24 +13430,6 @@ paths:
       summary: Delete a monitored user
       tags:
         - Security Entity Analytics API
-    get:
-      operationId: GetPrivMonUser
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/Security_Entity_Analytics_API_MonitoredUserDoc'
-          description: User details retrieved
-      summary: Retrieve a monitored user by ID
-      tags:
-        - Security Entity Analytics API
     put:
       operationId: UpdatePrivMonUser
       parameters:
diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.gen.ts
deleted file mode 100644
index 5666af7ea848..000000000000
--- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.gen.ts
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-/*
- * NOTICE: Do not edit this file manually.
- * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
- *
- * info:
- *   title: Privileged User Monitoring API
- *   version: 2023-10-31
- */
-
-import { z } from '@kbn/zod';
-
-import { MonitoredUserDoc } from './common.gen';
-
-export type GetPrivMonUserRequestParams = z.infer<typeof GetPrivMonUserRequestParams>;
-export const GetPrivMonUserRequestParams = z.object({
-  id: z.string(),
-});
-export type GetPrivMonUserRequestParamsInput = z.input<typeof GetPrivMonUserRequestParams>;
-
-export type GetPrivMonUserResponse = z.infer<typeof GetPrivMonUserResponse>;
-export const GetPrivMonUserResponse = MonitoredUserDoc;
diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.schema.yaml
deleted file mode 100644
index 5cd61dda9d06..000000000000
--- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/privilege_monitoring/users/get.schema.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-openapi: 3.0.0
-info:
-  title: Privileged User Monitoring API
-  version: "2023-10-31"
-
-paths:
-  /api/entity_analytics/monitoring/users/{id}:
-    get:
-      x-labels: [ess, serverless]
-      x-codegen-enabled: true
-      operationId: GetPrivMonUser
-      summary: Retrieve a monitored user by ID
-      parameters:
-        - name: id
-          in: path
-          required: true
-          schema:
-            type: string
-      responses:
-        "200":
-          description: User details retrieved
-          content:
-            application/json:
-              schema:
-                $ref: "./common.schema.yaml#/components/schemas/MonitoredUserDoc"
diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
index c2e3dfdf97a1..e198bf0c7708 100644
--- a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
+++ b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
@@ -273,10 +273,6 @@ import type {
   DeletePrivMonUserRequestParamsInput,
   DeletePrivMonUserResponse,
 } from './entity_analytics/privilege_monitoring/users/delete.gen';
-import type {
-  GetPrivMonUserRequestParamsInput,
-  GetPrivMonUserResponse,
-} from './entity_analytics/privilege_monitoring/users/get.gen';
 import type {
   ListPrivMonUsersRequestQueryInput,
   ListPrivMonUsersResponse,
@@ -1431,18 +1427,6 @@ finalize it.
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
-  async getPrivMonUser(props: GetPrivMonUserProps) {
-    this.log.info(`${new Date().toISOString()} Calling API GetPrivMonUser`);
-    return this.kbnClient
-      .request<GetPrivMonUserResponse>({
-        path: replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params),
-        headers: {
-          [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
-        },
-        method: 'GET',
-      })
-      .catch(catchAxiosErrorFormatAndThrow);
-  }
   async getProtectionUpdatesNote(props: GetProtectionUpdatesNoteProps) {
     this.log.info(`${new Date().toISOString()} Calling API GetProtectionUpdatesNote`);
     return this.kbnClient
@@ -2724,9 +2708,6 @@ export interface GetNotesProps {
 export interface GetPolicyResponseProps {
   query: GetPolicyResponseRequestQueryInput;
 }
-export interface GetPrivMonUserProps {
-  params: GetPrivMonUserRequestParamsInput;
-}
 export interface GetProtectionUpdatesNoteProps {
   params: GetProtectionUpdatesNoteRequestParamsInput;
 }
diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
index f96f611eb0a5..0e8b289e845f 100644
--- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
@@ -430,24 +430,6 @@ paths:
       summary: Delete a monitored user
       tags:
         - Security Entity Analytics API
-    get:
-      operationId: GetPrivMonUser
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/MonitoredUserDoc'
-          description: User details retrieved
-      summary: Retrieve a monitored user by ID
-      tags:
-        - Security Entity Analytics API
     put:
       operationId: UpdatePrivMonUser
       parameters:
diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
index 6f44c9100e12..d6aa9e9e7941 100644
--- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
@@ -430,24 +430,6 @@ paths:
       summary: Delete a monitored user
       tags:
         - Security Entity Analytics API
-    get:
-      operationId: GetPrivMonUser
-      parameters:
-        - in: path
-          name: id
-          required: true
-          schema:
-            type: string
-      responses:
-        '200':
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/MonitoredUserDoc'
-          description: User details retrieved
-      summary: Retrieve a monitored user by ID
-      tags:
-        - Security Entity Analytics API
     put:
       operationId: UpdatePrivMonUser
       parameters:
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts
index b875d3985943..eabd184d8a4a 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/register_privilege_monitoring_routes.ts
@@ -12,7 +12,6 @@ import { monitoringEntitySourceRoute } from './monitoring_entity_source';
 import { searchPrivilegeMonitoringIndicesRoute } from './search_indices';
 
 import {
-  getUserRoute,
   createUserRoute,
   deleteUserRoute,
   listUsersRoute,
@@ -29,7 +28,6 @@ export const registerPrivilegeMonitoringRoutes = ({
   healthCheckPrivilegeMonitoringRoute(router, logger, config);
   searchPrivilegeMonitoringIndicesRoute(router, logger, config);
   monitoringEntitySourceRoute(router, logger, config);
-  getUserRoute(router, logger);
   createUserRoute(router, logger);
   deleteUserRoute(router, logger);
   listUsersRoute(router, logger);
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/get.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/get.ts
deleted file mode 100644
index 58cd33382fb1..000000000000
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/get.ts
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import type { IKibanaResponse, Logger } from '@kbn/core/server';
-import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils';
-import { transformError } from '@kbn/securitysolution-es-utils';
-
-import { GetPrivMonUserRequestParams } from '../../../../../../common/api/entity_analytics/privilege_monitoring/users/get.gen';
-import type { GetPrivMonUserResponse } from '../../../../../../common/api/entity_analytics/privilege_monitoring/users/get.gen';
-import { API_VERSIONS, APP_ID } from '../../../../../../common/constants';
-import type { EntityAnalyticsRoutesDeps } from '../../../types';
-
-export const getUserRoute = (router: EntityAnalyticsRoutesDeps['router'], logger: Logger) => {
-  router.versioned
-    .get({
-      access: 'public',
-      path: '/api/entity_analytics/monitoring/users/{id}',
-      security: {
-        authz: {
-          requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`],
-        },
-      },
-    })
-    .addVersion(
-      {
-        version: API_VERSIONS.public.v1,
-        validate: {
-          request: {
-            params: GetPrivMonUserRequestParams,
-          },
-        },
-      },
-      async (context, request, response): Promise<IKibanaResponse<GetPrivMonUserResponse>> => {
-        const siemResponse = buildSiemResponse(response);
-
-        try {
-          const secSol = await context.securitySolution;
-          const body = await secSol.getPrivilegeMonitoringDataClient().getUser(request.params.id);
-          return response.ok({ body });
-        } catch (e) {
-          const error = transformError(e);
-          logger.error(`Error retrieving user: ${error.message}`);
-          return siemResponse.error({
-            statusCode: error.statusCode,
-            body: error.message,
-          });
-        }
-      }
-    );
-};
diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/index.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/index.ts
index 8f3f2919d176..e23002b2c6dd 100644
--- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/index.ts
+++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/privilege_monitoring/routes/users/index.ts
@@ -6,7 +6,6 @@
  */
 
 export * from './create';
-export * from './get';
 export * from './list';
 export * from './update';
 export * from './delete';
diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts
index 3a1449392949..55cf20012d5b 100644
--- a/x-pack/test/api_integration/services/security_solution_api.gen.ts
+++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts
@@ -84,7 +84,6 @@ import { GetEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin
 import { GetEntityStoreStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/status.gen';
 import { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen';
 import { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen';
-import { GetPrivMonUserRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/privilege_monitoring/users/get.gen';
 import { GetProtectionUpdatesNoteRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen';
 import {
   GetRuleExecutionEventsRequestQueryInput,
@@ -962,18 +961,6 @@ finalize it.
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
         .query(props.query);
     },
-    getPrivMonUser(props: GetPrivMonUserProps, kibanaSpace: string = 'default') {
-      return supertest
-        .get(
-          routeWithNamespace(
-            replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params),
-            kibanaSpace
-          )
-        )
-        .set('kbn-xsrf', 'true')
-        .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
-        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
-    },
     getProtectionUpdatesNote(
       props: GetProtectionUpdatesNoteProps,
       kibanaSpace: string = 'default'
@@ -2014,9 +2001,6 @@ export interface GetNotesProps {
 export interface GetPolicyResponseProps {
   query: GetPolicyResponseRequestQueryInput;
 }
-export interface GetPrivMonUserProps {
-  params: GetPrivMonUserRequestParamsInput;
-}
 export interface GetProtectionUpdatesNoteProps {
   params: GetProtectionUpdatesNoteRequestParamsInput;
 }
diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts
index e6bcbeccca9c..c58aa2d5b8c7 100644
--- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts
+++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/monitoring/trial_license_complete_tier/privileged_users/api.ts
@@ -44,22 +44,6 @@ export default ({ getService }: FtrProviderContext) => {
         expect(res.body);
       });
 
-      it('should retrieve a user', async () => {
-        log.info(`retrieving a user`);
-        const { body } = await api.createPrivMonUser({
-          body: { user: { name: 'test_user2' } },
-        });
-
-        const res = await api.getPrivMonUser({ params: { id: body.id } });
-
-        if (res.status !== 200) {
-          log.error(`Retrieving privmon user failed`);
-          log.error(JSON.stringify(res.body));
-        }
-
-        expect(res.status).eql(200);
-      });
-
       it('should update a user', async () => {
         log.info(`updating a user`);
         const { body } = await api.createPrivMonUser({