[8.6] [Security Solution] Fix advanced policy migration where bad advanced policy key event_filters was added (#146050) (#146079)

# Backport

This will backport the following commits from `main` to `8.6`:
- [[Security Solution] Fix advanced policy migration where bad advanced
policy key `event_filters` was added
(#146050)](https://github.com/elastic/kibana/pull/146050)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Logan","email":"56395104+kevinlog@users.noreply.github.com"},"sourceCommit":{"committedDate":"2022-11-22T21:55:26Z","message":"[Security
Solution] Fix advanced policy migration where bad advanced policy key
`event_filters` was added
(#146050)","sha":"05703509016fa7b44c461e6490768c696c30d2c2","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Fleet","Team:Onboarding
and Lifecycle
Mgt","auto-backport","v8.6.0","v8.7.0"],"number":146050,"url":"https://github.com/elastic/kibana/pull/146050","mergeCommit":{"message":"[Security
Solution] Fix advanced policy migration where bad advanced policy key
`event_filters` was added
(#146050)","sha":"05703509016fa7b44c461e6490768c696c30d2c2"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/146050","number":146050,"mergeCommit":{"message":"[Security
Solution] Fix advanced policy migration where bad advanced policy key
`event_filters` was added
(#146050)","sha":"05703509016fa7b44c461e6490768c696c30d2c2"}}]}]
BACKPORT-->

Co-authored-by: Kevin Logan <56395104+kevinlog@users.noreply.github.com>

x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/index.ts

@@ -15,3 +15,4 @@ export { migratePackagePolicyToV820 } from './to_v8_2_0';
 export { migratePackagePolicyToV830 } from './to_v8_3_0';
 export { migratePackagePolicyToV840 } from './to_v8_4_0';
 export { migratePackagePolicyToV850 } from './to_v8_5_0';
+export { migratePackagePolicyToV860 } from './to_v8_6_0';

x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v8_6_0.test.ts

@@ -0,0 +1,168 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObjectMigrationContext, SavedObjectUnsanitizedDoc } from '@kbn/core/server';
+
+import type { PackagePolicy } from '../../../../common';
+
+import { migratePackagePolicyToV860 as migration } from './to_v8_6_0';
+
+describe('8.6.0 Endpoint Package Policy migration', () => {
+  const policyDoc = ({ windowsAdvanced = {}, macAdvanced = {}, linuxAdvanced = {} }) => {
+    return {
+      id: 'mock-saved-object-id',
+      attributes: {
+        name: 'Some Policy Name',
+        package: {
+          name: 'endpoint',
+          title: '',
+          version: '',
+        },
+        id: 'endpoint',
+        policy_id: '',
+        enabled: true,
+        namespace: '',
+        revision: 0,
+        updated_at: '',
+        updated_by: '',
+        created_at: '',
+        created_by: '',
+        inputs: [
+          {
+            type: 'endpoint',
+            enabled: true,
+            streams: [],
+            config: {
+              policy: {
+                value: {
+                  windows: {
+                    ...windowsAdvanced,
+                  },
+                  mac: {
+                    ...macAdvanced,
+                  },
+                  linux: {
+                    ...linuxAdvanced,
+                  },
+                },
+              },
+            },
+          },
+        ],
+      },
+      type: ' nested',
+    };
+  };
+
+  it('adds nothing to Policy, if advanced section is empty', () => {
+    const initialDoc = policyDoc({});
+
+    const migratedDoc = policyDoc({
+      windowsAdvanced: undefined,
+      macAdvanced: undefined,
+      linuxAdvanced: undefined,
+    });
+
+    expect(migration(initialDoc, {} as SavedObjectMigrationContext)).toEqual(migratedDoc);
+  });
+
+  it('preserves advanced settings and adds nothing else if the bad key `event_filters` is not present', () => {
+    const initialDoc = policyDoc({
+      windowsAdvanced: { advanced: { existingAdvanced: true } },
+      macAdvanced: { advanced: { existingAdvanced: true } },
+      linuxAdvanced: { advanced: { existingAdvanced: true } },
+    });
+
+    const migratedDoc = policyDoc({
+      windowsAdvanced: { advanced: { existingAdvanced: true } },
+      macAdvanced: { advanced: { existingAdvanced: true } },
+      linuxAdvanced: { advanced: { existingAdvanced: true } },
+    });
+
+    expect(migration(initialDoc, {} as SavedObjectMigrationContext)).toEqual(migratedDoc);
+  });
+
+  it('preserves advanced settings and removes bad key `event_filters` if present', () => {
+    const initialDoc = policyDoc({
+      windowsAdvanced: { advanced: { existingAdvanced: true, event_filters: { default: false } } },
+      macAdvanced: { advanced: { existingAdvanced: true, event_filters: { default: false } } },
+      linuxAdvanced: { advanced: { existingAdvanced: true, event_filters: { default: false } } },
+    });
+
+    const migratedDoc = policyDoc({
+      windowsAdvanced: { advanced: { existingAdvanced: true } },
+      macAdvanced: { advanced: { existingAdvanced: true } },
+      linuxAdvanced: { advanced: { existingAdvanced: true } },
+    });
+
+    expect(migration(initialDoc, {} as SavedObjectMigrationContext)).toEqual(migratedDoc);
+  });
+
+  it('does not modify non-endpoint package policies', () => {
+    const doc: SavedObjectUnsanitizedDoc<PackagePolicy> = {
+      id: 'mock-saved-object-id',
+      attributes: {
+        name: 'Some Policy Name',
+        package: {
+          name: 'notEndpoint',
+          title: '',
+          version: '',
+        },
+        id: 'notEndpoint',
+        policy_id: '',
+        enabled: true,
+        namespace: '',
+        revision: 0,
+        updated_at: '',
+        updated_by: '',
+        created_at: '',
+        created_by: '',
+        inputs: [
+          {
+            type: 'notEndpoint',
+            enabled: true,
+            streams: [],
+            config: {},
+          },
+        ],
+      },
+      type: ' nested',
+    };
+
+    expect(
+      migration(doc, {} as SavedObjectMigrationContext) as SavedObjectUnsanitizedDoc<PackagePolicy>
+    ).toEqual({
+      attributes: {
+        name: 'Some Policy Name',
+        package: {
+          name: 'notEndpoint',
+          title: '',
+          version: '',
+        },
+        id: 'notEndpoint',
+        policy_id: '',
+        enabled: true,
+        namespace: '',
+        revision: 0,
+        updated_at: '',
+        updated_by: '',
+        created_at: '',
+        created_by: '',
+        inputs: [
+          {
+            type: 'notEndpoint',
+            enabled: true,
+            streams: [],
+            config: {},
+          },
+        ],
+      },
+      type: ' nested',
+      id: 'mock-saved-object-id',
+    });
+  });
+});

x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v8_6_0.ts

@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObjectMigrationFn, SavedObjectUnsanitizedDoc } from '@kbn/core/server';
+import { cloneDeep } from 'lodash';
+
+import type { PackagePolicy } from '../../../../common';
+
+export const migratePackagePolicyToV860: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = (
+  packagePolicyDoc
+) => {
+  if (packagePolicyDoc.attributes.package?.name !== 'endpoint') {
+    return packagePolicyDoc;
+  }
+
+  const updatedPackagePolicyDoc: SavedObjectUnsanitizedDoc<PackagePolicy> =
+    cloneDeep(packagePolicyDoc);
+
+  const input = updatedPackagePolicyDoc.attributes.inputs[0];
+
+  if (input && input.config) {
+    const policy = input.config.policy.value;
+
+    const migratedPolicy = { event_filters: undefined };
+
+    policy.windows.advanced = policy.windows.advanced
+      ? { ...policy.windows.advanced, ...migratedPolicy }
+      : undefined;
+    policy.mac.advanced = policy.mac.advanced
+      ? { ...policy.mac.advanced, ...migratedPolicy }
+      : undefined;
+    policy.linux.advanced = policy.linux.advanced
+      ? { ...policy.linux.advanced, ...migratedPolicy }
+      : undefined;
+  }
+
+  return updatedPackagePolicyDoc;
+};

x-pack/plugins/fleet/server/saved_objects/migrations/to_v8_6_0.ts

@@ -11,6 +11,9 @@ import type { Settings } from '../../../common/types';
 
 import type { Installation } from '../../../common';
 import { FLEET_CLOUD_SECURITY_POSTURE_PACKAGE } from '../../../common/constants';
+import type { PackagePolicy } from '../../../common';
+
+import { migratePackagePolicyToV860 as SecSolMigratePackagePolicyToV860 } from './security_solution';
 
 export const migrateSettingsToV860: SavedObjectMigrationFn<Settings, Settings> = (
   settingsDoc,
@@ -32,3 +35,17 @@ export const migrateInstallationToV860: SavedObjectMigrationFn<Installation, Ins
   }
   return installationDoc;
 };
+
+export const migratePackagePolicyToV840: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = (
+  packagePolicyDoc,
+  migrationContext
+) => {
+  let updatedPackagePolicyDoc = packagePolicyDoc;
+
+  // Endpoint specific migrations
+  if (packagePolicyDoc.attributes.package?.name === 'endpoint') {
+    updatedPackagePolicyDoc = SecSolMigratePackagePolicyToV860(packagePolicyDoc, migrationContext);
+  }
+
+  return updatedPackagePolicyDoc;
+};