[Cloud Security] added missing bits for backend route check (similar to csp), also add… (#165376)

…ed d4c manage policies link to the list of excluded links when user
does not have permission to read policies in security solution

## Summary

Fixes: https://github.com/elastic/kibana/issues/163562

x-pack/packages/security-solution/features/src/constants.ts

@@ -15,6 +15,9 @@ export const ASSISTANT_FEATURE_ID = 'securitySolutionAssistant' as const;
 // Same as the plugin id defined by Cloud Security Posture
 export const CLOUD_POSTURE_APP_ID = 'csp' as const;
 
+// Same as the plugin id defined by Defend for containers (cloud_defend)
+export const CLOUD_DEFEND_APP_ID = 'cloudDefend' as const;
+
 /**
  * Id for the notifications alerting type
  * @deprecated Once we are confident all rules relying on side-car actions SO's have been migrated to SO references we should remove this function

x-pack/packages/security-solution/features/src/security/kibana_features.ts

@@ -18,7 +18,13 @@ import {
   THRESHOLD_RULE_TYPE_ID,
 } from '@kbn/securitysolution-rules';
 import type { BaseKibanaFeatureConfig } from '../types';
-import { APP_ID, SERVER_APP_ID, LEGACY_NOTIFICATIONS_ID, CLOUD_POSTURE_APP_ID } from '../constants';
+import {
+  APP_ID,
+  SERVER_APP_ID,
+  LEGACY_NOTIFICATIONS_ID,
+  CLOUD_POSTURE_APP_ID,
+  CLOUD_DEFEND_APP_ID,
+} from '../constants';
 import type { SecurityFeatureParams } from './types';
 
 const SECURITY_RULE_TYPES = [
@@ -44,7 +50,7 @@ export const getSecurityBaseKibanaFeature = ({
   ),
   order: 1100,
   category: DEFAULT_APP_CATEGORIES.security,
-  app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
+  app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
   catalogue: [APP_ID],
   management: {
     insightsAndAlerting: ['triggersActions'],
@@ -52,7 +58,7 @@ export const getSecurityBaseKibanaFeature = ({
   alerting: SECURITY_RULE_TYPES,
   privileges: {
     all: {
-      app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
+      app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
       catalogue: [APP_ID],
       api: [
         APP_ID,
@@ -62,6 +68,8 @@ export const getSecurityBaseKibanaFeature = ({
         'rac',
         'cloud-security-posture-all',
         'cloud-security-posture-read',
+        'cloud-defend-all',
+        'cloud-defend-read',
       ],
       savedObject: {
         all: ['alert', ...savedObjects],
@@ -81,9 +89,9 @@ export const getSecurityBaseKibanaFeature = ({
       ui: ['show', 'crud'],
     },
     read: {
-      app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'],
+      app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
       catalogue: [APP_ID],
-      api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read'],
+      api: [APP_ID, 'lists-read', 'rac', 'cloud-security-posture-read', 'cloud-defend-read'],
       savedObject: {
         all: [],
         read: [...savedObjects],

x-pack/plugins/security_solution/public/management/links.test.ts

@@ -93,7 +93,8 @@ describe('links', () => {
         SecurityPageName.hostIsolationExceptions,
         SecurityPageName.policies,
         SecurityPageName.responseActionsHistory,
-        SecurityPageName.trustedApps
+        SecurityPageName.trustedApps,
+        SecurityPageName.cloudDefendPolicies
       )
     );
   });
@@ -234,7 +235,9 @@ describe('links', () => {
 
       const filteredLinks = await getManagementFilteredLinks(coreMockStarted, getPlugins());
 
-      expect(filteredLinks).toEqual(getLinksWithout(SecurityPageName.policies));
+      expect(filteredLinks).toEqual(
+        getLinksWithout(SecurityPageName.policies, SecurityPageName.cloudDefendPolicies)
+      );
     });
   });
 

x-pack/plugins/security_solution/public/management/links.ts

@@ -235,6 +235,7 @@ export const getManagementFilteredLinks = async (
 
   if (!canReadPolicyManagement) {
     linksToExclude.push(SecurityPageName.policies);
+    linksToExclude.push(SecurityPageName.cloudDefendPolicies);
   }
 
   if (!canReadActionsLogManagement) {