mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 09:19:04 -04:00
[Security Solution] Add cluster and additional license info to Policy (#161131)
## Summary
Adds new meta fields for `license_uid`, `cluster_uuid`, and
`cluster_name` to Endpoint Policy for use by the Endpoint in the
upcoming Cloud Lookup feature. These values will be used by Endpoint to
call an external API for use in analyzing malware.
New policies will have the fields populated.
Existing policies will go through an SO migration to add the empty
fields. Users will turn on the Cloud Lookup feature via Policy (coming
in another PR) which will then trigger the update callback to populate
the fields for those existing policies.
Policy fields look like this (taken from my local dev instance):
```
...
policy:
meta:
license: trial
license_uid: 1a427caf-9417-442c-b674-84e4b7100c29
cluster_uuid: DttCDxWnSF6UTSWvnUTZvg
cluster_name: elasticsearch
cloud: false
...
```
Policy in the app:
<img width="1728" alt="image"
src="480458fc-6096-422e-af3a-207b1b71b069">
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Kevin Logan
GitHub
parent
5da645acee
commit
7dd5334a58
14 changed files with 167 additions and 45 deletions
|
|
@ -15,7 +15,7 @@ import { migratePackagePolicyToV8100 as migration } from './to_v8_10_0';
|
|||
import { migratePackagePolicyEvictionsFromV8100 as eviction } from './to_v8_10_0';
|
||||
|
||||
describe('8.10.0 Endpoint Package Policy migration', () => {
|
||||
const policyDoc = ({ behaviorProtection = {} }) => {
|
||||
const policyDoc = ({ behaviorProtection = {}, meta = {} }) => {
|
||||
return {
|
||||
id: 'mock-saved-object-id',
|
||||
attributes: {
|
||||
|
|
@ -42,7 +42,7 @@ describe('8.10.0 Endpoint Package Policy migration', () => {
|
|||
config: {
|
||||
policy: {
|
||||
value: {
|
||||
meta: {},
|
||||
meta: { license: '', cloud: false, ...meta },
|
||||
windows: {
|
||||
behavior_protection: {
|
||||
...behaviorProtection,
|
||||
|
|
@ -68,11 +68,12 @@ describe('8.10.0 Endpoint Package Policy migration', () => {
|
|||
};
|
||||
};
|
||||
|
||||
it('adds reputation service field to behaviour protection, set to false', () => {
|
||||
it('adds reputation service field to behaviour protection, set to false and adds license_uid and cluster info, defaulted to empty string without overwiting existing meta values', () => {
|
||||
const initialDoc = policyDoc({});
|
||||
|
||||
const migratedDoc = policyDoc({
|
||||
behaviorProtection: { reputation_service: false },
|
||||
meta: { license_uid: '', cluster_uuid: '', cluster_name: '' },
|
||||
});
|
||||
|
||||
expect(migration(initialDoc, {} as SavedObjectModelTransformationContext)).toEqual({
|
||||
|
|
@ -82,9 +83,10 @@ describe('8.10.0 Endpoint Package Policy migration', () => {
|
|||
});
|
||||
});
|
||||
|
||||
it('removes reputation service field from behaviour protection', () => {
|
||||
it('removes reputation service from behaviour protection and remove new meta values', () => {
|
||||
const initialDoc = policyDoc({
|
||||
behaviorProtection: { reputation_service: true },
|
||||
meta: { license_uid: '', cluster_uuid: '', cluster_name: '' },
|
||||
});
|
||||
|
||||
const migratedDoc = policyDoc({});
|
||||
|
|
|
|||
|
|
@ -30,6 +30,9 @@ export const migratePackagePolicyToV8100: SavedObjectModelDataBackfillFn<
|
|||
if (input && input.config) {
|
||||
const policy = input.config.policy.value;
|
||||
|
||||
const newMetaValues = { license_uid: '', cluster_uuid: '', cluster_name: '' };
|
||||
policy.meta = policy?.meta ? { ...policy.meta, ...newMetaValues } : newMetaValues;
|
||||
|
||||
policy.windows.behavior_protection.reputation_service = false;
|
||||
policy.mac.behavior_protection.reputation_service = false;
|
||||
policy.linux.behavior_protection.reputation_service = false;
|
||||
|
|
@ -63,6 +66,7 @@ export const migratePackagePolicyEvictionsFromV8100: SavedObjectModelVersionForw
|
|||
'reputation_service',
|
||||
]);
|
||||
policy.mac.behavior_protection = omit(policy.mac.behavior_protection, ['reputation_service']);
|
||||
policy.meta = omit(policy.meta, ['license_uid', 'cluster_uuid', 'cluster_name']);
|
||||
}
|
||||
|
||||
return updatedAttributes;
|
||||
|
|
|
|||
|
|
@ -11,10 +11,19 @@ import { ProtectionModes } from '../types';
|
|||
/**
|
||||
* Return a new default `PolicyConfig` for platinum and above licenses
|
||||
*/
|
||||
export const policyFactory = (license = '', cloud = false): PolicyConfig => {
|
||||
export const policyFactory = (
|
||||
license = '',
|
||||
cloud = false,
|
||||
licenseUid = '',
|
||||
clusterUuid = '',
|
||||
clusterName = ''
|
||||
): PolicyConfig => {
|
||||
return {
|
||||
meta: {
|
||||
license,
|
||||
license_uid: licenseUid,
|
||||
cluster_uuid: clusterUuid,
|
||||
cluster_name: clusterName,
|
||||
cloud,
|
||||
},
|
||||
windows: {
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@ describe('Policy Config helpers', () => {
|
|||
// This constant makes sure that if the type `PolicyConfig` is ever modified,
|
||||
// the logic for disabling protections is also modified due to type check.
|
||||
export const eventsOnlyPolicy: PolicyConfig = {
|
||||
meta: { license: '', cloud: false },
|
||||
meta: { license: '', cloud: false, license_uid: '', cluster_name: '', cluster_uuid: '' },
|
||||
windows: {
|
||||
events: {
|
||||
credential_access: true,
|
||||
|
|
|
|||
|
|
@ -942,6 +942,9 @@ export interface PolicyConfig {
|
|||
meta: {
|
||||
license: string;
|
||||
cloud: boolean;
|
||||
license_uid: string;
|
||||
cluster_uuid: string;
|
||||
cluster_name: string;
|
||||
};
|
||||
windows: {
|
||||
advanced?: {
|
||||
|
|
|
|||
|
|
@ -44,6 +44,12 @@ export class LicenseService {
|
|||
: '';
|
||||
}
|
||||
|
||||
public getLicenseUID() {
|
||||
return this.licenseInformation && this.licenseInformation.uid
|
||||
? this.licenseInformation.uid
|
||||
: '';
|
||||
}
|
||||
|
||||
public isAtLeast(level: LicenseType): boolean {
|
||||
return isAtLeast(this.licenseInformation, level);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -269,7 +269,13 @@ describe('policy details: ', () => {
|
|||
},
|
||||
policy: {
|
||||
value: {
|
||||
meta: { license: '', cloud: false },
|
||||
meta: {
|
||||
license: '',
|
||||
cloud: false,
|
||||
license_uid: '',
|
||||
cluster_name: '',
|
||||
cluster_uuid: '',
|
||||
},
|
||||
windows: {
|
||||
events: {
|
||||
credential_access: true,
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
* 2.0.
|
||||
*/
|
||||
|
||||
import type { KibanaRequest, Logger } from '@kbn/core/server';
|
||||
import type { KibanaRequest, Logger, ElasticsearchClient } from '@kbn/core/server';
|
||||
import type { ExceptionListClient, ListsServerExtensionRegistrar } from '@kbn/lists-plugin/server';
|
||||
import type { CasesClient, CasesStart } from '@kbn/cases-plugin/server';
|
||||
import type { SecurityPluginStart } from '@kbn/security-plugin/server';
|
||||
|
|
@ -68,6 +68,7 @@ export interface EndpointAppContextServiceStartContract {
|
|||
messageSigningService: MessageSigningServiceInterface | undefined;
|
||||
actionCreateService: ActionCreateService | undefined;
|
||||
cloud: CloudSetup;
|
||||
esClient: ElasticsearchClient;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -104,6 +105,7 @@ export class EndpointAppContextService {
|
|||
exceptionListsClient,
|
||||
featureUsageService,
|
||||
endpointMetadataService,
|
||||
esClient,
|
||||
} = dependencies;
|
||||
|
||||
registerIngestCallback(
|
||||
|
|
@ -131,7 +133,8 @@ export class EndpointAppContextService {
|
|||
licenseService,
|
||||
featureUsageService,
|
||||
endpointMetadataService,
|
||||
cloud
|
||||
cloud,
|
||||
esClient
|
||||
)
|
||||
);
|
||||
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ import {
|
|||
import { createFleetAuthzMock } from '@kbn/fleet-plugin/common/mocks';
|
||||
import type { RequestFixtureOptions, RouterMock } from '@kbn/core-http-router-server-mocks';
|
||||
import type { ElasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
|
||||
import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
|
||||
import { casesPluginMock } from '@kbn/cases-plugin/server/mocks';
|
||||
import { createCasesClientMock } from '@kbn/cases-plugin/server/client/mocks';
|
||||
import type { VersionedRouteConfig, AddVersionOpts } from '@kbn/core-http-server';
|
||||
|
|
@ -210,6 +211,7 @@ export const createMockEndpointAppContextServiceStartContract =
|
|||
messageSigningService: createMessageSigningServiceMock(),
|
||||
actionCreateService: undefined,
|
||||
createFleetActionsClient: jest.fn((_) => fleetActionsClientMock),
|
||||
esClient: elasticsearchClientMock.createElasticsearchClient(),
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -66,8 +66,12 @@ describe('ingest_integration tests ', () => {
|
|||
const exceptionListClient: ExceptionListClient = getExceptionListClientMock();
|
||||
let licenseEmitter: Subject<ILicense>;
|
||||
let licenseService: LicenseService;
|
||||
const Platinum = licenseMock.createLicense({ license: { type: 'platinum', mode: 'platinum' } });
|
||||
const Gold = licenseMock.createLicense({ license: { type: 'gold', mode: 'gold' } });
|
||||
const Platinum = licenseMock.createLicense({
|
||||
license: { type: 'platinum', mode: 'platinum', uid: 'updated-uid' },
|
||||
});
|
||||
const Gold = licenseMock.createLicense({
|
||||
license: { type: 'gold', mode: 'gold', uid: 'updated-uid' },
|
||||
});
|
||||
const generator = new EndpointDocGenerator();
|
||||
const cloudService = cloudMock.createSetup();
|
||||
|
||||
|
|
@ -97,14 +101,21 @@ describe('ingest_integration tests ', () => {
|
|||
const createNewEndpointPolicyInput = (
|
||||
manifest: ManifestSchema,
|
||||
license = 'platinum',
|
||||
cloud = cloudService.isCloudEnabled
|
||||
cloud = cloudService.isCloudEnabled,
|
||||
licenseUuid = 'updated-uid',
|
||||
clusterUuid = '',
|
||||
clusterName = ''
|
||||
) => ({
|
||||
type: 'endpoint',
|
||||
enabled: true,
|
||||
streams: [],
|
||||
config: {
|
||||
integration_config: {},
|
||||
policy: { value: disableProtections(policyFactory(license, cloud)) },
|
||||
policy: {
|
||||
value: disableProtections(
|
||||
policyFactory(license, cloud, licenseUuid, clusterUuid, clusterName)
|
||||
),
|
||||
},
|
||||
artifact_manifest: { value: manifest },
|
||||
},
|
||||
});
|
||||
|
|
@ -367,7 +378,8 @@ describe('ingest_integration tests ', () => {
|
|||
licenseService,
|
||||
endpointAppContextMock.featureUsageService,
|
||||
endpointAppContextMock.endpointMetadataService,
|
||||
cloudService
|
||||
cloudService,
|
||||
esClient
|
||||
);
|
||||
const policyConfig = generator.generatePolicyPackagePolicy();
|
||||
policyConfig.inputs[0]!.config!.policy.value = mockPolicy;
|
||||
|
|
@ -384,7 +396,8 @@ describe('ingest_integration tests ', () => {
|
|||
licenseService,
|
||||
endpointAppContextMock.featureUsageService,
|
||||
endpointAppContextMock.endpointMetadataService,
|
||||
cloudService
|
||||
cloudService,
|
||||
esClient
|
||||
);
|
||||
const policyConfig = generator.generatePolicyPackagePolicy();
|
||||
policyConfig.inputs[0]!.config!.policy.value = mockPolicy;
|
||||
|
|
@ -415,7 +428,8 @@ describe('ingest_integration tests ', () => {
|
|||
licenseService,
|
||||
endpointAppContextMock.featureUsageService,
|
||||
endpointAppContextMock.endpointMetadataService,
|
||||
cloudService
|
||||
cloudService,
|
||||
esClient
|
||||
);
|
||||
const policyConfig = generator.generatePolicyPackagePolicy();
|
||||
policyConfig.inputs[0]!.config!.policy.value = mockPolicy;
|
||||
|
|
@ -434,6 +448,27 @@ describe('ingest_integration tests ', () => {
|
|||
const soClient = savedObjectsClientMock.create();
|
||||
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
|
||||
|
||||
const infoResponse = {
|
||||
cluster_name: 'updated-name',
|
||||
cluster_uuid: 'updated-uuid',
|
||||
license_uid: 'updated-uid',
|
||||
name: 'name',
|
||||
tagline: 'tagline',
|
||||
version: {
|
||||
number: '1.2.3',
|
||||
lucene_version: '1.2.3',
|
||||
build_date: 'DateString',
|
||||
build_flavor: 'string',
|
||||
build_hash: 'string',
|
||||
build_snapshot: true,
|
||||
build_type: 'string',
|
||||
minimum_index_compatibility_version: '1.2.3',
|
||||
minimum_wire_compatibility_version: '1.2.3',
|
||||
},
|
||||
};
|
||||
|
||||
esClient.info.mockResolvedValue(infoResponse);
|
||||
|
||||
beforeEach(() => {
|
||||
licenseEmitter.next(Platinum); // set license level to platinum
|
||||
});
|
||||
|
|
@ -441,18 +476,26 @@ describe('ingest_integration tests ', () => {
|
|||
const mockPolicy = policyFactory();
|
||||
mockPolicy.meta.cloud = true; // cloud mock will return true
|
||||
mockPolicy.meta.license = 'platinum'; // license is set to emit platinum
|
||||
mockPolicy.meta.cluster_name = 'updated-name';
|
||||
mockPolicy.meta.cluster_uuid = 'updated-uuid';
|
||||
mockPolicy.meta.license_uid = 'updated-uid';
|
||||
const logger = loggingSystemMock.create().get('ingest_integration.test');
|
||||
const callback = getPackagePolicyUpdateCallback(
|
||||
logger,
|
||||
licenseService,
|
||||
endpointAppContextMock.featureUsageService,
|
||||
endpointAppContextMock.endpointMetadataService,
|
||||
cloudService
|
||||
cloudService,
|
||||
esClient
|
||||
);
|
||||
const policyConfig = generator.generatePolicyPackagePolicy();
|
||||
|
||||
// values should be updated
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.cloud = false;
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.license = 'gold';
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.cluster_name = 'original-name';
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.cluster_uuid = 'original-uuid';
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.license_uid = 'original-uid';
|
||||
const updatedPolicyConfig = await callback(
|
||||
policyConfig,
|
||||
soClient,
|
||||
|
|
@ -467,18 +510,25 @@ describe('ingest_integration tests ', () => {
|
|||
const mockPolicy = policyFactory();
|
||||
mockPolicy.meta.cloud = true; // cloud mock will return true
|
||||
mockPolicy.meta.license = 'platinum'; // license is set to emit platinum
|
||||
mockPolicy.meta.cluster_name = 'updated-name';
|
||||
mockPolicy.meta.cluster_uuid = 'updated-uuid';
|
||||
mockPolicy.meta.license_uid = 'updated-uid';
|
||||
const logger = loggingSystemMock.create().get('ingest_integration.test');
|
||||
const callback = getPackagePolicyUpdateCallback(
|
||||
logger,
|
||||
licenseService,
|
||||
endpointAppContextMock.featureUsageService,
|
||||
endpointAppContextMock.endpointMetadataService,
|
||||
cloudService
|
||||
cloudService,
|
||||
esClient
|
||||
);
|
||||
const policyConfig = generator.generatePolicyPackagePolicy();
|
||||
// values should be updated
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.cloud = true;
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.license = 'platinum';
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.cluster_name = 'updated-name';
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.cluster_uuid = 'updated-uuid';
|
||||
policyConfig.inputs[0]!.config!.policy.value.meta.license_uid = 'updated-uid';
|
||||
const updatedPolicyConfig = await callback(
|
||||
policyConfig,
|
||||
soClient,
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
* 2.0.
|
||||
*/
|
||||
|
||||
import type { Logger } from '@kbn/core/server';
|
||||
import type { Logger, ElasticsearchClient } from '@kbn/core/server';
|
||||
import type { ExceptionListClient } from '@kbn/lists-plugin/server';
|
||||
import type { PluginStartContract as AlertsStartContract } from '@kbn/alerting-plugin/server';
|
||||
import type {
|
||||
|
|
@ -21,6 +21,7 @@ import type {
|
|||
UpdatePackagePolicy,
|
||||
} from '@kbn/fleet-plugin/common';
|
||||
import type { CloudSetup } from '@kbn/cloud-plugin/server';
|
||||
import type { InfoResponse } from '@elastic/elasticsearch/lib/api/types';
|
||||
import type { NewPolicyData, PolicyConfig } from '../../common/endpoint/types';
|
||||
import type { LicenseService } from '../../common/license';
|
||||
import type { ManifestManager } from '../endpoint/services';
|
||||
|
|
@ -47,11 +48,17 @@ const isEndpointPackagePolicy = <T extends { package?: { name: string } }>(
|
|||
const shouldUpdateMetaValues = (
|
||||
endpointPackagePolicy: PolicyConfig,
|
||||
currentLicenseType: string,
|
||||
currentCloudInfo: boolean
|
||||
currentCloudInfo: boolean,
|
||||
currentClusterName: string,
|
||||
currentClusterUUID: string,
|
||||
currentLicenseUID: string
|
||||
) => {
|
||||
return (
|
||||
endpointPackagePolicy.meta.license !== currentLicenseType ||
|
||||
endpointPackagePolicy.meta.cloud !== currentCloudInfo
|
||||
endpointPackagePolicy.meta.cloud !== currentCloudInfo ||
|
||||
endpointPackagePolicy.meta.cluster_name !== currentClusterName ||
|
||||
endpointPackagePolicy.meta.cluster_uuid !== currentClusterUUID ||
|
||||
endpointPackagePolicy.meta.license_uid !== currentLicenseUID
|
||||
);
|
||||
};
|
||||
|
||||
|
|
@ -126,11 +133,14 @@ export const getPackagePolicyCreateCallback = (
|
|||
createPolicyArtifactManifest(logger, manifestManager),
|
||||
]);
|
||||
|
||||
const esClientInfo: InfoResponse = await esClient.info();
|
||||
|
||||
// Add the default endpoint security policy
|
||||
const defaultPolicyValue = createDefaultPolicy(
|
||||
licenseService,
|
||||
endpointIntegrationConfig,
|
||||
cloud
|
||||
cloud,
|
||||
esClientInfo
|
||||
);
|
||||
|
||||
return {
|
||||
|
|
@ -164,7 +174,8 @@ export const getPackagePolicyUpdateCallback = (
|
|||
licenseService: LicenseService,
|
||||
featureUsageService: FeatureUsageService,
|
||||
endpointMetadataService: EndpointMetadataService,
|
||||
cloud: CloudSetup
|
||||
cloud: CloudSetup,
|
||||
esClient: ElasticsearchClient
|
||||
): PutPackagePolicyUpdateCallback => {
|
||||
return async (newPackagePolicy: NewPackagePolicy): Promise<UpdatePackagePolicy> => {
|
||||
if (!isEndpointPackagePolicy(newPackagePolicy)) {
|
||||
|
|
@ -185,16 +196,24 @@ export const getPackagePolicyUpdateCallback = (
|
|||
const newEndpointPackagePolicy = newPackagePolicy.inputs[0].config?.policy
|
||||
?.value as PolicyConfig;
|
||||
|
||||
const esClientInfo: InfoResponse = await esClient.info();
|
||||
|
||||
if (
|
||||
newPackagePolicy.inputs[0].config?.policy?.value &&
|
||||
shouldUpdateMetaValues(
|
||||
newEndpointPackagePolicy,
|
||||
licenseService.getLicenseType(),
|
||||
cloud?.isCloudEnabled
|
||||
cloud?.isCloudEnabled,
|
||||
esClientInfo.cluster_name,
|
||||
esClientInfo.cluster_uuid,
|
||||
licenseService.getLicenseUID()
|
||||
)
|
||||
) {
|
||||
newEndpointPackagePolicy.meta.license = licenseService.getLicenseType();
|
||||
newEndpointPackagePolicy.meta.cloud = cloud?.isCloudEnabled;
|
||||
newEndpointPackagePolicy.meta.cluster_name = esClientInfo.cluster_name;
|
||||
newEndpointPackagePolicy.meta.cluster_uuid = esClientInfo.cluster_uuid;
|
||||
newEndpointPackagePolicy.meta.license_uid = licenseService.getLicenseUID();
|
||||
newPackagePolicy.inputs[0].config.policy.value = newEndpointPackagePolicy;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import { createDefaultPolicy } from './create_default_policy';
|
|||
import { ProtectionModes } from '../../../common/endpoint/types';
|
||||
import type { PolicyConfig } from '../../../common/endpoint/types';
|
||||
import { policyFactory } from '../../../common/endpoint/models/policy_config';
|
||||
import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
|
||||
import type {
|
||||
AnyPolicyCreateConfig,
|
||||
PolicyCreateCloudConfig,
|
||||
|
|
@ -21,13 +22,20 @@ import type {
|
|||
|
||||
describe('Create Default Policy tests ', () => {
|
||||
const cloud = cloudMock.createSetup();
|
||||
const Platinum = licenseMock.createLicense({ license: { type: 'platinum', mode: 'platinum' } });
|
||||
const Gold = licenseMock.createLicense({ license: { type: 'gold', mode: 'gold' } });
|
||||
const Platinum = licenseMock.createLicense({
|
||||
license: { type: 'platinum', mode: 'platinum', uid: '' },
|
||||
});
|
||||
const Gold = licenseMock.createLicense({ license: { type: 'gold', mode: 'gold', uid: '' } });
|
||||
let licenseEmitter: Subject<ILicense>;
|
||||
let licenseService: LicenseService;
|
||||
|
||||
const createDefaultPolicyCallback = (config: AnyPolicyCreateConfig | undefined): PolicyConfig => {
|
||||
return createDefaultPolicy(licenseService, config, cloud);
|
||||
const createDefaultPolicyCallback = async (
|
||||
config: AnyPolicyCreateConfig | undefined
|
||||
): Promise<PolicyConfig> => {
|
||||
const esClientInfo = await elasticsearchServiceMock.createClusterClient().asInternalUser.info();
|
||||
esClientInfo.cluster_name = '';
|
||||
esClientInfo.cluster_uuid = '';
|
||||
return createDefaultPolicy(licenseService, config, cloud, esClientInfo);
|
||||
};
|
||||
|
||||
beforeEach(() => {
|
||||
|
|
@ -37,10 +45,10 @@ describe('Create Default Policy tests ', () => {
|
|||
licenseEmitter.next(Platinum); // set license level to platinum
|
||||
});
|
||||
describe('When no config is set', () => {
|
||||
it('Should return PolicyConfig for events only when license is at least platinum', () => {
|
||||
it('Should return PolicyConfig for events only when license is at least platinum', async () => {
|
||||
const defaultPolicy = policyFactory();
|
||||
|
||||
const policy = createDefaultPolicyCallback(undefined);
|
||||
const policy = await createDefaultPolicyCallback(undefined);
|
||||
|
||||
// events are the same
|
||||
expect(policy.windows.events).toEqual(defaultPolicy.windows.events);
|
||||
|
|
@ -64,11 +72,11 @@ describe('Create Default Policy tests ', () => {
|
|||
expect(policy.linux.popup.malware.enabled).toBeFalsy();
|
||||
});
|
||||
|
||||
it('Should return PolicyConfig for events only without paid features when license is below platinum', () => {
|
||||
it('Should return PolicyConfig for events only without paid features when license is below platinum', async () => {
|
||||
const defaultPolicy = policyFactory();
|
||||
licenseEmitter.next(Gold);
|
||||
|
||||
const policy = createDefaultPolicyCallback(undefined);
|
||||
const policy = await createDefaultPolicyCallback(undefined);
|
||||
|
||||
// events are the same
|
||||
expect(policy.windows.events).toEqual(defaultPolicy.windows.events);
|
||||
|
|
@ -128,10 +136,10 @@ describe('Create Default Policy tests ', () => {
|
|||
});
|
||||
const OSTypes = ['linux', 'mac', 'windows'] as const;
|
||||
|
||||
it('Should return PolicyConfig for events only when preset is DataCollection', () => {
|
||||
it('Should return PolicyConfig for events only when preset is DataCollection', async () => {
|
||||
const defaultPolicy = policyFactory();
|
||||
const config = createEndpointConfig({ preset: 'DataCollection' });
|
||||
const policy = createDefaultPolicyCallback(config);
|
||||
const policy = await createDefaultPolicyCallback(config);
|
||||
|
||||
// events are the same
|
||||
expect(policy.windows.events).toEqual(defaultPolicy.windows.events);
|
||||
|
|
@ -155,9 +163,9 @@ describe('Create Default Policy tests ', () => {
|
|||
expect(policy.linux.popup.malware.enabled).toBeFalsy();
|
||||
});
|
||||
|
||||
it('Should return only process event enabled on policy when preset is NGAV', () => {
|
||||
it('Should return only process event enabled on policy when preset is NGAV', async () => {
|
||||
const config = createEndpointConfig({ preset: 'NGAV' });
|
||||
const policy = createDefaultPolicyCallback(config);
|
||||
const policy = await createDefaultPolicyCallback(config);
|
||||
const events = defaultEventsDisabled();
|
||||
OSTypes.forEach((os) => {
|
||||
expect(policy[os].events).toMatchObject({
|
||||
|
|
@ -166,9 +174,9 @@ describe('Create Default Policy tests ', () => {
|
|||
});
|
||||
});
|
||||
});
|
||||
it('Should return process, file and network events enabled when preset is EDR Essential', () => {
|
||||
it('Should return process, file and network events enabled when preset is EDR Essential', async () => {
|
||||
const config = createEndpointConfig({ preset: 'EDREssential' });
|
||||
const policy = createDefaultPolicyCallback(config);
|
||||
const policy = await createDefaultPolicyCallback(config);
|
||||
const events = defaultEventsDisabled();
|
||||
const enabledEvents = {
|
||||
process: true,
|
||||
|
|
@ -182,9 +190,9 @@ describe('Create Default Policy tests ', () => {
|
|||
});
|
||||
});
|
||||
});
|
||||
it('Should return the default config when preset is EDR Complete', () => {
|
||||
it('Should return the default config when preset is EDR Complete', async () => {
|
||||
const config = createEndpointConfig({ preset: 'EDRComplete' });
|
||||
const policy = createDefaultPolicyCallback(config);
|
||||
const policy = await createDefaultPolicyCallback(config);
|
||||
const defaultPolicy = policyFactory();
|
||||
// update defaultPolicy w/ platinum license & cloud info
|
||||
defaultPolicy.meta.license = 'platinum';
|
||||
|
|
@ -197,14 +205,14 @@ describe('Create Default Policy tests ', () => {
|
|||
type: 'cloud',
|
||||
});
|
||||
|
||||
it('Session data should be enabled for Linux', () => {
|
||||
it('Session data should be enabled for Linux', async () => {
|
||||
const config = createCloudConfig();
|
||||
const policy = createDefaultPolicyCallback(config);
|
||||
const policy = await createDefaultPolicyCallback(config);
|
||||
expect(policy.linux.events.session_data).toBe(true);
|
||||
});
|
||||
it('Protections should be disabled for all OSs', () => {
|
||||
it('Protections should be disabled for all OSs', async () => {
|
||||
const config = createCloudConfig();
|
||||
const policy = createDefaultPolicyCallback(config);
|
||||
const policy = await createDefaultPolicyCallback(config);
|
||||
const OSTypes = ['linux', 'mac', 'windows'] as const;
|
||||
OSTypes.forEach((os) => {
|
||||
expect(policy[os].malware.mode).toBe('off');
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
*/
|
||||
|
||||
import type { CloudSetup } from '@kbn/cloud-plugin/server';
|
||||
import type { InfoResponse } from '@elastic/elasticsearch/lib/api/types';
|
||||
import {
|
||||
policyFactory as policyConfigFactory,
|
||||
policyFactoryWithoutPaidFeatures as policyConfigFactoryWithoutPaidFeatures,
|
||||
|
|
@ -27,13 +28,21 @@ import { disableProtections } from '../../../common/endpoint/models/policy_confi
|
|||
export const createDefaultPolicy = (
|
||||
licenseService: LicenseService,
|
||||
config: AnyPolicyCreateConfig | undefined,
|
||||
cloud: CloudSetup
|
||||
cloud: CloudSetup,
|
||||
esClientInfo: InfoResponse
|
||||
): PolicyConfig => {
|
||||
const factoryPolicy = policyConfigFactory();
|
||||
|
||||
// Add license and cloud information after policy creation
|
||||
factoryPolicy.meta.license = licenseService.getLicenseType();
|
||||
factoryPolicy.meta.cloud = cloud?.isCloudEnabled;
|
||||
factoryPolicy.meta.cluster_name = esClientInfo?.cluster_name
|
||||
? esClientInfo.cluster_name
|
||||
: factoryPolicy.meta.cluster_name;
|
||||
factoryPolicy.meta.cluster_uuid = esClientInfo?.cluster_uuid
|
||||
? esClientInfo.cluster_uuid
|
||||
: factoryPolicy.meta.cluster_uuid;
|
||||
factoryPolicy.meta.license_uid = licenseService.getLicenseUID();
|
||||
|
||||
const defaultPolicyPerType =
|
||||
config?.type === 'cloud'
|
||||
|
|
|
|||
|
|
@ -525,6 +525,7 @@ export class Plugin implements ISecuritySolutionPlugin {
|
|||
this.endpointContext
|
||||
),
|
||||
createFleetActionsClient,
|
||||
esClient: core.elasticsearch.client.asInternalUser,
|
||||
});
|
||||
|
||||
this.telemetryReceiver.start(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue