github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 01:13:23 -04:00
Code Issues Projects Releases Packages Wiki Activity

[EDR Workflows] Auto-bundle Osquery API OpenAPI specs (#188920)

Browse source 
**Addresses**: https://github.com/elastic/kibana/issues/184428

## Summary

This PR adds scripts for automatic bundling of Osquery API OpenAPI specs as a part of PR pipeline. Corresponding result bundles are automatically committed to the Osquery plugin `x-pack/plugins/osquery` in the `docs/openapi/ess` and `docs/openapi/serverless` folders (similar to https://github.com/elastic/kibana/pull/186384).
This commit is contained in:
Maxim Palenov 2024-07-25 01:02:39 +02:00 committed by GitHub
parent 15554be700
commit cbb91f1f6b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
34 changed files with 1646 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.buildkite/scripts/steps/openapi_bundling/security_solution_openapi_bundling.sh
View file

@ -29,4 +29,9 @@ check_for_changed_files "yarn openapi:bundle" true
echo -e "\n[Security Solution OpenAPI Bundling] Elastic Assistant API\n"
(cd x-pack/packages/kbn-elastic-assistant-common && yarn openapi:bundle)
check_for_changed_files "yarn openapi:bundle" true
check_for_changed_files "yarn openapi:bundle" true
echo -e "\n[Security Solution OpenAPI Bundling] Osquery API\n"
(cd x-pack/plugins/osquery && yarn openapi:bundle)
check_for_changed_files "yarn openapi:bundle" true

13
x-pack/plugins/osquery/common/api/asset/assets.gen.ts
View file

@ -18,20 +18,19 @@ import { z } from 'zod';
import { AssetsRequestQuery } from './assets_status.gen';
export type ReadAssetsStatusRequestParams = z.infer<typeof ReadAssetsStatusRequestParams>;
export const ReadAssetsStatusRequestParams = z.object({
export type ReadAssetsStatusRequestQuery = z.infer<typeof ReadAssetsStatusRequestQuery>;
export const ReadAssetsStatusRequestQuery = z.object({
query: AssetsRequestQuery,
});
export type ReadAssetsStatusRequestParamsInput = z.input<typeof ReadAssetsStatusRequestParams>;
export type ReadAssetsStatusRequestQueryInput = z.input<typeof ReadAssetsStatusRequestQuery>;
export type ReadAssetsStatusResponse = z.infer<typeof ReadAssetsStatusResponse>;
export const ReadAssetsStatusResponse = z.object({});
export type UpdateAssetsStatusRequestParams = z.infer<typeof UpdateAssetsStatusRequestParams>;
export const UpdateAssetsStatusRequestParams = z.object({
export type UpdateAssetsStatusRequestQuery = z.infer<typeof UpdateAssetsStatusRequestQuery>;
export const UpdateAssetsStatusRequestQuery = z.object({
query: AssetsRequestQuery,
});
export type UpdateAssetsStatusRequestParamsInput = z.input<typeof UpdateAssetsStatusRequestParams>;
export type UpdateAssetsStatusRequestQueryInput = z.input<typeof UpdateAssetsStatusRequestQuery>;
export type UpdateAssetsStatusResponse = z.infer<typeof UpdateAssetsStatusResponse>;
export const UpdateAssetsStatusResponse = z.object({});

6
x-pack/plugins/osquery/common/api/asset/assets.schema.yaml
View file

@ -5,12 +5,13 @@ info:
paths:
/internal/osquery/assets:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: ReadAssetsStatus
summary: Get assets
parameters:
- name: query
in: path
in: query
required: true
schema:
$ref: './assets_status.schema.yaml#/components/schemas/AssetsRequestQuery'
@ -25,12 +26,13 @@ paths:
# Define properties for the success response if needed
/internal/osquery/assets/update:
post:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: UpdateAssetsStatus
summary: Update assets
parameters:
- name: query
in: path
in: query
required: true
schema:
$ref: './assets_status.schema.yaml#/components/schemas/AssetsRequestQuery'

5
x-pack/plugins/osquery/common/api/fleet_wrapper/fleet_wrapper.schema.yaml
View file

@ -5,6 +5,7 @@ info:
paths:
/internal/osquery/fleet_wrapper/agents:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetAgents
summary: Get agents
@ -27,6 +28,7 @@ paths:
/internal/osquery/fleet_wrapper/agents/{id}:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetAgentDetails
summary: Get Agent details
@ -48,6 +50,7 @@ paths:
/internal/osquery/fleet_wrapper/agent_policies:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetAgentPolicies
summary: Get Agent policies
@ -63,6 +66,7 @@ paths:
/internal/osquery/fleet_wrapper/agent_policies/{id}:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetAgentPolicy
summary: Get Agent policy
@ -84,6 +88,7 @@ paths:
/internal/osquery/fleet_wrapper/package_policies:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: GetAgentPackagePolicies
summary: Get Agent policy

7
x-pack/plugins/osquery/common/api/live_query/get_live_query_results.gen.ts
View file

@ -22,7 +22,6 @@ import {
PageSizeOrUndefined,
SortOrUndefined,
SortOrderOrUndefined,
Id,
} from '../model/schema/common_attributes.gen';
export type GetLiveQueryResultsRequestQuery = z.infer<typeof GetLiveQueryResultsRequestQuery>;
@ -33,9 +32,3 @@ export const GetLiveQueryResultsRequestQuery = z.object({
sort: SortOrUndefined.optional(),
sortOrder: SortOrderOrUndefined.optional(),
});
export type GetLiveQueryResultsRequestParams = z.infer<typeof GetLiveQueryResultsRequestParams>;
export const GetLiveQueryResultsRequestParams = z.object({
id: Id.optional(),
actionId: Id.optional(),
});

9
x-pack/plugins/osquery/common/api/live_query/get_live_query_results.schema.yaml
View file

@ -2,7 +2,7 @@ openapi: 3.0.0
info:
title: Get Live Query Results Schema
version: '2023-10-31'
paths: { }
paths: {}
components:
schemas:
GetLiveQueryResultsRequestQuery:
@ -18,10 +18,3 @@ components:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SortOrderOrUndefined'
GetLiveQueryResultsRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
actionId:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'

8
x-pack/plugins/osquery/common/api/live_query/live_queries.gen.ts
View file

@ -19,10 +19,7 @@ import { z } from 'zod';
import { FindLiveQueryRequestQuery } from './find_live_query.gen';
import { DefaultSuccessResponse, Id } from '../model/schema/common_attributes.gen';
import { CreateLiveQueryRequestBody } from './create_live_query.gen';
import {
GetLiveQueryResultsRequestQuery,
GetLiveQueryResultsRequestParams,
} from './get_live_query_results.gen';
import { GetLiveQueryResultsRequestQuery } from './get_live_query_results.gen';
export type OsqueryCreateLiveQueryRequestBody = z.infer<typeof OsqueryCreateLiveQueryRequestBody>;
export const OsqueryCreateLiveQueryRequestBody = CreateLiveQueryRequestBody;
@ -78,7 +75,8 @@ export type OsqueryGetLiveQueryResultsRequestParams = z.infer<
typeof OsqueryGetLiveQueryResultsRequestParams
>;
export const OsqueryGetLiveQueryResultsRequestParams = z.object({
query: GetLiveQueryResultsRequestParams,
id: Id,
actionId: Id,
});
export type OsqueryGetLiveQueryResultsRequestParamsInput = z.input<
typeof OsqueryGetLiveQueryResultsRequestParams

32
x-pack/plugins/osquery/common/api/live_query/live_queries.schema.yaml
View file

@ -8,9 +8,7 @@ paths:
summary: Find live queries
operationId: OsqueryFindLiveQueries
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: query
in: query
@ -29,9 +27,7 @@ paths:
summary: Create a live query
operationId: OsqueryCreateLiveQuery
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
requestBody:
required: true
content:
@ -51,9 +47,7 @@ paths:
summary: Get live query details
operationId: OsqueryGetLiveQueryDetails
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: id
in: path
@ -78,20 +72,23 @@ paths:
summary: Get live query results
operationId: OsqueryGetLiveQueryResults
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: id
in: path
required: true
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
- name: actionId
in: path
required: true
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/Id'
- name: query
in: query
required: true
schema:
$ref: './get_live_query_results.schema.yaml#/components/schemas/GetLiveQueryResultsRequestQuery'
- name: query
in: path
required: true
schema:
$ref: './get_live_query_results.schema.yaml#/components/schemas/GetLiveQueryResultsRequestParams'
responses:
'200':
description: OK
@ -99,4 +96,3 @@ paths:
application/json:
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/DefaultSuccessResponse'

12
x-pack/plugins/osquery/common/api/packs/delete_packs.schema.yaml
View file

@ -1,12 +0,0 @@
openapi: 3.0.0
info:
title: Delete Saved Queries Schema
version: '2023-10-31'
paths: { }
components:
schemas:
DeletePacksRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'

12
x-pack/plugins/osquery/common/api/packs/packs.gen.ts
View file

@ -17,11 +17,9 @@
import { z } from 'zod';
import { FindPacksRequestQuery } from './find_packs.gen';
import { DefaultSuccessResponse } from '../model/schema/common_attributes.gen';
import { DefaultSuccessResponse, PackId } from '../model/schema/common_attributes.gen';
import { CreatePacksRequestBody } from './create_pack.gen';
import { ReadPacksRequestQuery } from './read_packs.gen';
import { DeletePacksRequestQuery } from './delete_packs.gen';
import { UpdatePacksRequestBody, UpdatePacksRequestParams } from './update_packs.gen';
import { UpdatePacksRequestBody } from './update_packs.gen';
export type OsqueryCreatePacksRequestBody = z.infer<typeof OsqueryCreatePacksRequestBody>;
export const OsqueryCreatePacksRequestBody = CreatePacksRequestBody;
@ -32,7 +30,7 @@ export const OsqueryCreatePacksResponse = DefaultSuccessResponse;
export type OsqueryDeletePacksRequestParams = z.infer<typeof OsqueryDeletePacksRequestParams>;
export const OsqueryDeletePacksRequestParams = z.object({
query: DeletePacksRequestQuery,
id: PackId,
});
export type OsqueryDeletePacksRequestParamsInput = z.input<typeof OsqueryDeletePacksRequestParams>;
@ -51,7 +49,7 @@ export type OsqueryGetPacksDetailsRequestParams = z.infer<
typeof OsqueryGetPacksDetailsRequestParams
>;
export const OsqueryGetPacksDetailsRequestParams = z.object({
query: ReadPacksRequestQuery,
id: PackId,
});
export type OsqueryGetPacksDetailsRequestParamsInput = z.input<
typeof OsqueryGetPacksDetailsRequestParams
@ -62,7 +60,7 @@ export const OsqueryGetPacksDetailsResponse = DefaultSuccessResponse;
export type OsqueryUpdatePacksRequestParams = z.infer<typeof OsqueryUpdatePacksRequestParams>;
export const OsqueryUpdatePacksRequestParams = z.object({
query: UpdatePacksRequestParams,
id: PackId,
});
export type OsqueryUpdatePacksRequestParamsInput = z.input<typeof OsqueryUpdatePacksRequestParams>;

40
x-pack/plugins/osquery/common/api/packs/packs.schema.yaml
View file

@ -8,9 +8,7 @@ paths:
summary: Find packs
operationId: OsqueryFindPacks
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: query
in: query
@ -28,9 +26,7 @@ paths:
summary: Create a packs
operationId: OsqueryCreatePacks
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
requestBody:
required: true
content:
@ -49,15 +45,13 @@ paths:
summary: Get packs details
operationId: OsqueryGetPacksDetails
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: query
- name: id
in: path
required: true
schema:
$ref: './read_packs.schema.yaml#/components/schemas/ReadPacksRequestQuery'
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
responses:
'200':
description: OK
@ -69,15 +63,13 @@ paths:
summary: Delete packs
operationId: OsqueryDeletePacks
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: query
- name: id
in: path
required: true
schema:
$ref: './delete_packs.schema.yaml#/components/schemas/DeletePacksRequestQuery'
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
responses:
'200':
description: OK
@ -89,21 +81,19 @@ paths:
summary: Update packs
operationId: OsqueryUpdatePacks
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: id
in: path
required: true
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
requestBody:
required: true
content:
application/json:
schema:
$ref: './update_packs.schema.yaml#/components/schemas/UpdatePacksRequestBody'
parameters:
- name: query
in: path
required: true
schema:
$ref: './update_packs.schema.yaml#/components/schemas/UpdatePacksRequestParams'
responses:
'200':
description: OK

12
x-pack/plugins/osquery/common/api/packs/read_packs.schema.yaml
View file

@ -1,12 +0,0 @@
openapi: 3.0.0
info:
title: Read Saved Queries Schema
version: '2023-10-31'
paths: { }
components:
schemas:
ReadPacksRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'

5
x-pack/plugins/osquery/common/api/packs/update_packs.gen.ts
View file

@ -25,11 +25,6 @@ import {
ObjectQueries,
} from '../model/schema/common_attributes.gen';
export type UpdatePacksRequestParams = z.infer<typeof UpdatePacksRequestParams>;
export const UpdatePacksRequestParams = z.object({
id: PackId.optional(),
});
export type UpdatePacksRequestBody = z.infer<typeof UpdatePacksRequestBody>;
export const UpdatePacksRequestBody = z.object({
id: PackId.optional(),

7
x-pack/plugins/osquery/common/api/packs/update_packs.schema.yaml
View file

@ -2,14 +2,9 @@ openapi: 3.0.0
info:
title: Update Saved Query Schema
version: '2023-10-31'
paths: { }
paths: {}
components:
schemas:
UpdatePacksRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/PackId'
UpdatePacksRequestBody:
type: object
properties:

24
x-pack/plugins/osquery/common/api/saved_query/delete_saved_query.gen.ts
View file

@ -1,24 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Delete Saved Queries Schema
* version: 2023-10-31
*/
import { z } from 'zod';
import { SavedQueryId } from '../model/schema/common_attributes.gen';
export type DeleteSavedQueryRequestQuery = z.infer<typeof DeleteSavedQueryRequestQuery>;
export const DeleteSavedQueryRequestQuery = z.object({
id: SavedQueryId.optional(),
});

12
x-pack/plugins/osquery/common/api/saved_query/delete_saved_query.schema.yaml
View file

@ -1,12 +0,0 @@
openapi: 3.0.0
info:
title: Delete Saved Queries Schema
version: '2023-10-31'
paths: { }
components:
schemas:
DeleteSavedQueryRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'

24
x-pack/plugins/osquery/common/api/saved_query/read_saved_query.gen.ts
View file

@ -1,24 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Read Saved Queries Schema
* version: 2023-10-31
*/
import { z } from 'zod';
import { SavedQueryId } from '../model/schema/common_attributes.gen';
export type ReadSavedQueryRequestQuery = z.infer<typeof ReadSavedQueryRequestQuery>;
export const ReadSavedQueryRequestQuery = z.object({
id: SavedQueryId.optional(),
});

12
x-pack/plugins/osquery/common/api/saved_query/read_saved_query.schema.yaml
View file

@ -1,12 +0,0 @@
openapi: 3.0.0
info:
title: Read Saved Queries Schema
version: '2023-10-31'
paths: { }
components:
schemas:
ReadSavedQueryRequestQuery:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'

15
x-pack/plugins/osquery/common/api/saved_query/saved_query.gen.ts
View file

@ -17,14 +17,9 @@
import { z } from 'zod';
import { FindSavedQueryRequestQuery } from './find_saved_query.gen';
import { DefaultSuccessResponse } from '../model/schema/common_attributes.gen';
import { DefaultSuccessResponse, SavedQueryId } from '../model/schema/common_attributes.gen';
import { CreateSavedQueryRequestBody } from './create_saved_query.gen';
import { ReadSavedQueryRequestQuery } from './read_saved_query.gen';
import { DeleteSavedQueryRequestQuery } from './delete_saved_query.gen';
import {
UpdateSavedQueryRequestBody,
UpdateSavedQueryRequestParams,
} from './update_saved_query.gen';
import { UpdateSavedQueryRequestBody } from './update_saved_query.gen';
export type OsqueryCreateSavedQueryRequestBody = z.infer<typeof OsqueryCreateSavedQueryRequestBody>;
export const OsqueryCreateSavedQueryRequestBody = CreateSavedQueryRequestBody;
@ -39,7 +34,7 @@ export type OsqueryDeleteSavedQueryRequestParams = z.infer<
typeof OsqueryDeleteSavedQueryRequestParams
>;
export const OsqueryDeleteSavedQueryRequestParams = z.object({
query: DeleteSavedQueryRequestQuery,
id: SavedQueryId,
});
export type OsqueryDeleteSavedQueryRequestParamsInput = z.input<
typeof OsqueryDeleteSavedQueryRequestParams
@ -64,7 +59,7 @@ export type OsqueryGetSavedQueryDetailsRequestParams = z.infer<
typeof OsqueryGetSavedQueryDetailsRequestParams
>;
export const OsqueryGetSavedQueryDetailsRequestParams = z.object({
query: ReadSavedQueryRequestQuery,
id: SavedQueryId,
});
export type OsqueryGetSavedQueryDetailsRequestParamsInput = z.input<
typeof OsqueryGetSavedQueryDetailsRequestParams
@ -79,7 +74,7 @@ export type OsqueryUpdateSavedQueryRequestParams = z.infer<
typeof OsqueryUpdateSavedQueryRequestParams
>;
export const OsqueryUpdateSavedQueryRequestParams = z.object({
query: UpdateSavedQueryRequestParams,
id: SavedQueryId,
});
export type OsqueryUpdateSavedQueryRequestParamsInput = z.input<
typeof OsqueryUpdateSavedQueryRequestParams

40
x-pack/plugins/osquery/common/api/saved_query/saved_query.schema.yaml
View file

@ -8,9 +8,7 @@ paths:
summary: Find saved queries
operationId: OsqueryFindSavedQueries
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: query
in: query
@ -28,9 +26,7 @@ paths:
summary: Create a saved query
operationId: OsqueryCreateSavedQuery
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
requestBody:
required: true
content:
@ -49,15 +45,13 @@ paths:
summary: Get saved query details
operationId: OsqueryGetSavedQueryDetails
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: query
- name: id
in: path
required: true
schema:
$ref: './read_saved_query.schema.yaml#/components/schemas/ReadSavedQueryRequestQuery'
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
responses:
'200':
description: OK
@ -69,15 +63,13 @@ paths:
summary: Delete saved query
operationId: OsqueryDeleteSavedQuery
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: query
- name: id
in: path
required: true
schema:
$ref: './delete_saved_query.schema.yaml#/components/schemas/DeleteSavedQueryRequestQuery'
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
responses:
'200':
description: OK
@ -89,21 +81,19 @@ paths:
summary: Update saved query
operationId: OsqueryUpdateSavedQuery
x-codegen-enabled: true
x-labels:
- ess
- serverless
x-labels: [serverless, ess]
parameters:
- name: id
in: path
required: true
schema:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
requestBody:
required: true
content:
application/json:
schema:
$ref: './update_saved_query.schema.yaml#/components/schemas/UpdateSavedQueryRequestBody'
parameters:
- name: query
in: path
required: true
schema:
$ref: './update_saved_query.schema.yaml#/components/schemas/UpdateSavedQueryRequestParams'
responses:
'200':
description: OK

5
x-pack/plugins/osquery/common/api/saved_query/update_saved_query.gen.ts
View file

@ -27,11 +27,6 @@ import {
RemovedOrUndefined,
} from '../model/schema/common_attributes.gen';
export type UpdateSavedQueryRequestParams = z.infer<typeof UpdateSavedQueryRequestParams>;
export const UpdateSavedQueryRequestParams = z.object({
id: SavedQueryId.optional(),
});
export type UpdateSavedQueryRequestBody = z.infer<typeof UpdateSavedQueryRequestBody>;
export const UpdateSavedQueryRequestBody = z.object({
id: SavedQueryId.optional(),

7
x-pack/plugins/osquery/common/api/saved_query/update_saved_query.schema.yaml
View file

@ -2,14 +2,9 @@ openapi: 3.0.0
info:
title: Update Saved Query Schema
version: '2023-10-31'
paths: { }
paths: {}
components:
schemas:
UpdateSavedQueryRequestParams:
type: object
properties:
id:
$ref: '../model/schema/common_attributes.schema.yaml#/components/schemas/SavedQueryId'
UpdateSavedQueryRequestBody:
type: object
properties:

12
x-pack/plugins/osquery/common/api/packs/read_packs.gen.ts → x-pack/plugins/osquery/common/api/status/privileges_check.gen.ts
View file

@ -10,15 +10,11 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Read Saved Queries Schema
* version: 2023-10-31
* title: Osquery privileges Schema
* version: 1
*/
import { z } from 'zod';
import { PackId } from '../model/schema/common_attributes.gen';
export type ReadPacksRequestQuery = z.infer<typeof ReadPacksRequestQuery>;
export const ReadPacksRequestQuery = z.object({
id: PackId.optional(),
});
export type ReadPrivilegesCheckResponse = z.infer<typeof ReadPrivilegesCheckResponse>;
export const ReadPrivilegesCheckResponse = z.object({});

2
x-pack/plugins/osquery/common/api/status/privileges_check.schema.yaml
View file

@ -5,6 +5,8 @@ info:
paths:
/internal/osquery/privileges_check:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: ReadPrivilegesCheck
summary: Get Osquery privileges check
responses:

12
x-pack/plugins/osquery/common/api/packs/delete_packs.gen.ts → x-pack/plugins/osquery/common/api/status/status.gen.ts
View file

@ -10,15 +10,11 @@
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: Delete Saved Queries Schema
* version: 2023-10-31
* title: Osquery Status Schema
* version: 1
*/
import { z } from 'zod';
import { PackId } from '../model/schema/common_attributes.gen';
export type DeletePacksRequestQuery = z.infer<typeof DeletePacksRequestQuery>;
export const DeletePacksRequestQuery = z.object({
id: PackId.optional(),
});
export type ReadInstallationStatusResponse = z.infer<typeof ReadInstallationStatusResponse>;
export const ReadInstallationStatusResponse = z.object({});

2
x-pack/plugins/osquery/common/api/status/status.schema.yaml
View file

@ -5,6 +5,8 @@ info:
paths:
/internal/osquery/status:
get:
x-labels: [serverless, ess]
x-codegen-enabled: true
operationId: ReadInstallationStatus
summary: Get Osquery installation status
responses:

591
x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml Normal file
View file

@ -0,0 +1,591 @@
openapi: 3.0.3
info:
description: 'Run live queries, manage packs and saved queries.'
title: Security Solution Osquery API (Elastic Cloud and self-hosted)
version: '2023-10-31'
servers:
- url: 'http://{kibana_host}:{port}'
variables:
kibana_host:
default: localhost
port:
default: '5601'
paths:
/api/osquery/live_queries:
get:
operationId: OsqueryFindLiveQueries
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/FindLiveQueryRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Find live queries
post:
operationId: OsqueryCreateLiveQuery
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateLiveQueryRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Create a live query
'/api/osquery/live_queries/{id}':
get:
operationId: OsqueryGetLiveQueryDetails
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/Id'
- in: query
name: query
schema:
additionalProperties: true
type: object
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get live query details
'/api/osquery/live_queries/{id}/results/{actionId}':
get:
operationId: OsqueryGetLiveQueryResults
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/Id'
- in: path
name: actionId
required: true
schema:
$ref: '#/components/schemas/Id'
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/GetLiveQueryResultsRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get live query results
/api/osquery/packs:
get:
operationId: OsqueryFindPacks
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/FindPacksRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Find packs
post:
operationId: OsqueryCreatePacks
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePacksRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Create a packs
'/api/osquery/packs/{id}':
delete:
operationId: OsqueryDeletePacks
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/PackId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Delete packs
get:
operationId: OsqueryGetPacksDetails
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/PackId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get packs details
put:
operationId: OsqueryUpdatePacks
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/PackId'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdatePacksRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Update packs
/api/osquery/saved_queries:
get:
operationId: OsqueryFindSavedQueries
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/FindSavedQueryRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Find saved queries
post:
operationId: OsqueryCreateSavedQuery
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateSavedQueryRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Create a saved query
'/api/osquery/saved_queries/{id}':
delete:
operationId: OsqueryDeleteSavedQuery
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/SavedQueryId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Delete saved query
get:
operationId: OsqueryGetSavedQueryDetails
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/SavedQueryId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get saved query details
put:
operationId: OsqueryUpdateSavedQuery
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/SavedQueryId'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateSavedQueryRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Update saved query
components:
schemas:
ArrayQueries:
items:
$ref: '#/components/schemas/ArrayQueriesItem'
type: array
ArrayQueriesItem:
type: object
properties:
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/Id'
platform:
$ref: '#/components/schemas/PlatformOrUndefined'
query:
$ref: '#/components/schemas/Query'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
CreateLiveQueryRequestBody:
type: object
properties:
agent_all:
type: boolean
agent_ids:
items:
type: string
type: array
agent_platforms:
items:
type: string
type: array
agent_policy_ids:
items:
type: string
type: array
alert_ids:
items:
type: string
type: array
case_ids:
items:
type: string
type: array
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
event_ids:
items:
type: string
type: array
metadata:
nullable: true
type: object
pack_id:
$ref: '#/components/schemas/PackIdOrUndefined'
queries:
$ref: '#/components/schemas/ArrayQueries'
query:
$ref: '#/components/schemas/QueryOrUndefined'
saved_query_id:
$ref: '#/components/schemas/SavedQueryIdOrUndefined'
CreatePacksRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
enabled:
$ref: '#/components/schemas/EnabledOrUndefined'
name:
$ref: '#/components/schemas/PackName'
policy_ids:
$ref: '#/components/schemas/PolicyIdsOrUndefined'
queries:
$ref: '#/components/schemas/ObjectQueries'
shards:
$ref: '#/components/schemas/Shards'
CreateSavedQueryRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/SavedQueryId'
interval:
$ref: '#/components/schemas/Interval'
platform:
$ref: '#/components/schemas/DescriptionOrUndefined'
query:
$ref: '#/components/schemas/QueryOrUndefined'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
DefaultSuccessResponse:
type: object
properties: {}
Description:
type: string
DescriptionOrUndefined:
$ref: '#/components/schemas/Description'
nullable: true
ECSMapping:
additionalProperties:
$ref: '#/components/schemas/ECSMappingItem'
type: object
ECSMappingItem:
type: object
properties:
field:
type: string
value:
oneOf:
- type: string
- items:
type: string
type: array
ECSMappingOrUndefined:
$ref: '#/components/schemas/ECSMapping'
nullable: true
Enabled:
type: boolean
EnabledOrUndefined:
$ref: '#/components/schemas/Enabled'
nullable: true
FindLiveQueryRequestQuery:
type: object
properties:
kuery:
$ref: '#/components/schemas/KueryOrUndefined'
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
FindPacksRequestQuery:
type: object
properties:
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
FindSavedQueryRequestQuery:
type: object
properties:
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
GetLiveQueryResultsRequestQuery:
type: object
properties:
kuery:
$ref: '#/components/schemas/KueryOrUndefined'
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
Id:
type: string
Interval:
type: string
IntervalOrUndefined:
$ref: '#/components/schemas/Interval'
nullable: true
KueryOrUndefined:
nullable: true
type: string
ObjectQueries:
additionalProperties:
$ref: '#/components/schemas/ObjectQueriesItem'
type: object
ObjectQueriesItem:
type: object
properties:
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/Id'
platform:
$ref: '#/components/schemas/PlatformOrUndefined'
query:
$ref: '#/components/schemas/Query'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
saved_query_id:
$ref: '#/components/schemas/SavedQueryIdOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
PackId:
type: string
PackIdOrUndefined:
$ref: '#/components/schemas/PackId'
nullable: true
PackName:
type: string
PageOrUndefined:
nullable: true
type: integer
PageSizeOrUndefined:
nullable: true
type: integer
Platform:
type: string
PlatformOrUndefined:
$ref: '#/components/schemas/Platform'
nullable: true
PolicyIds:
items:
type: string
type: array
PolicyIdsOrUndefined:
$ref: '#/components/schemas/PolicyIds'
nullable: true
Query:
type: string
QueryOrUndefined:
$ref: '#/components/schemas/Query'
nullable: true
Removed:
type: boolean
RemovedOrUndefined:
$ref: '#/components/schemas/Removed'
nullable: true
SavedQueryId:
type: string
SavedQueryIdOrUndefined:
$ref: '#/components/schemas/SavedQueryId'
nullable: true
Shards:
additionalProperties:
type: number
type: object
Snapshot:
type: boolean
SnapshotOrUndefined:
$ref: '#/components/schemas/Snapshot'
nullable: true
SortOrderOrUndefined:
oneOf:
- nullable: true
type: string
- enum:
- asc
- desc
SortOrUndefined:
nullable: true
type: string
UpdatePacksRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
enabled:
$ref: '#/components/schemas/EnabledOrUndefined'
id:
$ref: '#/components/schemas/PackId'
policy_ids:
$ref: '#/components/schemas/PolicyIdsOrUndefined'
queries:
$ref: '#/components/schemas/ObjectQueries'
shards:
$ref: '#/components/schemas/Shards'
UpdateSavedQueryRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/SavedQueryId'
interval:
$ref: '#/components/schemas/IntervalOrUndefined'
platform:
$ref: '#/components/schemas/DescriptionOrUndefined'
query:
$ref: '#/components/schemas/QueryOrUndefined'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
Version:
type: string
VersionOrUndefined:
$ref: '#/components/schemas/Version'
nullable: true
securitySchemes:
BasicAuth:
scheme: basic
type: http
security:
- BasicAuth: []
tags: !<tag:yaml.org,2002:js/undefined> ''

591
x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml Normal file
View file

@ -0,0 +1,591 @@
openapi: 3.0.3
info:
description: 'Run live queries, manage packs and saved queries.'
title: Security Solution Osquery API (Elastic Cloud Serverless)
version: '2023-10-31'
servers:
- url: 'http://{kibana_host}:{port}'
variables:
kibana_host:
default: localhost
port:
default: '5601'
paths:
/api/osquery/live_queries:
get:
operationId: OsqueryFindLiveQueries
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/FindLiveQueryRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Find live queries
post:
operationId: OsqueryCreateLiveQuery
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateLiveQueryRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Create a live query
'/api/osquery/live_queries/{id}':
get:
operationId: OsqueryGetLiveQueryDetails
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/Id'
- in: query
name: query
schema:
additionalProperties: true
type: object
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get live query details
'/api/osquery/live_queries/{id}/results/{actionId}':
get:
operationId: OsqueryGetLiveQueryResults
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/Id'
- in: path
name: actionId
required: true
schema:
$ref: '#/components/schemas/Id'
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/GetLiveQueryResultsRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get live query results
/api/osquery/packs:
get:
operationId: OsqueryFindPacks
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/FindPacksRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Find packs
post:
operationId: OsqueryCreatePacks
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePacksRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Create a packs
'/api/osquery/packs/{id}':
delete:
operationId: OsqueryDeletePacks
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/PackId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Delete packs
get:
operationId: OsqueryGetPacksDetails
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/PackId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get packs details
put:
operationId: OsqueryUpdatePacks
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/PackId'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdatePacksRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Update packs
/api/osquery/saved_queries:
get:
operationId: OsqueryFindSavedQueries
parameters:
- in: query
name: query
required: true
schema:
$ref: '#/components/schemas/FindSavedQueryRequestQuery'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Find saved queries
post:
operationId: OsqueryCreateSavedQuery
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateSavedQueryRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Create a saved query
'/api/osquery/saved_queries/{id}':
delete:
operationId: OsqueryDeleteSavedQuery
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/SavedQueryId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Delete saved query
get:
operationId: OsqueryGetSavedQueryDetails
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/SavedQueryId'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Get saved query details
put:
operationId: OsqueryUpdateSavedQuery
parameters:
- in: path
name: id
required: true
schema:
$ref: '#/components/schemas/SavedQueryId'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateSavedQueryRequestBody'
required: true
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DefaultSuccessResponse'
description: OK
summary: Update saved query
components:
schemas:
ArrayQueries:
items:
$ref: '#/components/schemas/ArrayQueriesItem'
type: array
ArrayQueriesItem:
type: object
properties:
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/Id'
platform:
$ref: '#/components/schemas/PlatformOrUndefined'
query:
$ref: '#/components/schemas/Query'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
CreateLiveQueryRequestBody:
type: object
properties:
agent_all:
type: boolean
agent_ids:
items:
type: string
type: array
agent_platforms:
items:
type: string
type: array
agent_policy_ids:
items:
type: string
type: array
alert_ids:
items:
type: string
type: array
case_ids:
items:
type: string
type: array
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
event_ids:
items:
type: string
type: array
metadata:
nullable: true
type: object
pack_id:
$ref: '#/components/schemas/PackIdOrUndefined'
queries:
$ref: '#/components/schemas/ArrayQueries'
query:
$ref: '#/components/schemas/QueryOrUndefined'
saved_query_id:
$ref: '#/components/schemas/SavedQueryIdOrUndefined'
CreatePacksRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
enabled:
$ref: '#/components/schemas/EnabledOrUndefined'
name:
$ref: '#/components/schemas/PackName'
policy_ids:
$ref: '#/components/schemas/PolicyIdsOrUndefined'
queries:
$ref: '#/components/schemas/ObjectQueries'
shards:
$ref: '#/components/schemas/Shards'
CreateSavedQueryRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/SavedQueryId'
interval:
$ref: '#/components/schemas/Interval'
platform:
$ref: '#/components/schemas/DescriptionOrUndefined'
query:
$ref: '#/components/schemas/QueryOrUndefined'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
DefaultSuccessResponse:
type: object
properties: {}
Description:
type: string
DescriptionOrUndefined:
$ref: '#/components/schemas/Description'
nullable: true
ECSMapping:
additionalProperties:
$ref: '#/components/schemas/ECSMappingItem'
type: object
ECSMappingItem:
type: object
properties:
field:
type: string
value:
oneOf:
- type: string
- items:
type: string
type: array
ECSMappingOrUndefined:
$ref: '#/components/schemas/ECSMapping'
nullable: true
Enabled:
type: boolean
EnabledOrUndefined:
$ref: '#/components/schemas/Enabled'
nullable: true
FindLiveQueryRequestQuery:
type: object
properties:
kuery:
$ref: '#/components/schemas/KueryOrUndefined'
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
FindPacksRequestQuery:
type: object
properties:
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
FindSavedQueryRequestQuery:
type: object
properties:
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
GetLiveQueryResultsRequestQuery:
type: object
properties:
kuery:
$ref: '#/components/schemas/KueryOrUndefined'
page:
$ref: '#/components/schemas/PageOrUndefined'
pageSize:
$ref: '#/components/schemas/PageSizeOrUndefined'
sort:
$ref: '#/components/schemas/SortOrUndefined'
sortOrder:
$ref: '#/components/schemas/SortOrderOrUndefined'
Id:
type: string
Interval:
type: string
IntervalOrUndefined:
$ref: '#/components/schemas/Interval'
nullable: true
KueryOrUndefined:
nullable: true
type: string
ObjectQueries:
additionalProperties:
$ref: '#/components/schemas/ObjectQueriesItem'
type: object
ObjectQueriesItem:
type: object
properties:
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/Id'
platform:
$ref: '#/components/schemas/PlatformOrUndefined'
query:
$ref: '#/components/schemas/Query'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
saved_query_id:
$ref: '#/components/schemas/SavedQueryIdOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
PackId:
type: string
PackIdOrUndefined:
$ref: '#/components/schemas/PackId'
nullable: true
PackName:
type: string
PageOrUndefined:
nullable: true
type: integer
PageSizeOrUndefined:
nullable: true
type: integer
Platform:
type: string
PlatformOrUndefined:
$ref: '#/components/schemas/Platform'
nullable: true
PolicyIds:
items:
type: string
type: array
PolicyIdsOrUndefined:
$ref: '#/components/schemas/PolicyIds'
nullable: true
Query:
type: string
QueryOrUndefined:
$ref: '#/components/schemas/Query'
nullable: true
Removed:
type: boolean
RemovedOrUndefined:
$ref: '#/components/schemas/Removed'
nullable: true
SavedQueryId:
type: string
SavedQueryIdOrUndefined:
$ref: '#/components/schemas/SavedQueryId'
nullable: true
Shards:
additionalProperties:
type: number
type: object
Snapshot:
type: boolean
SnapshotOrUndefined:
$ref: '#/components/schemas/Snapshot'
nullable: true
SortOrderOrUndefined:
oneOf:
- nullable: true
type: string
- enum:
- asc
- desc
SortOrUndefined:
nullable: true
type: string
UpdatePacksRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
enabled:
$ref: '#/components/schemas/EnabledOrUndefined'
id:
$ref: '#/components/schemas/PackId'
policy_ids:
$ref: '#/components/schemas/PolicyIdsOrUndefined'
queries:
$ref: '#/components/schemas/ObjectQueries'
shards:
$ref: '#/components/schemas/Shards'
UpdateSavedQueryRequestBody:
type: object
properties:
description:
$ref: '#/components/schemas/DescriptionOrUndefined'
ecs_mapping:
$ref: '#/components/schemas/ECSMappingOrUndefined'
id:
$ref: '#/components/schemas/SavedQueryId'
interval:
$ref: '#/components/schemas/IntervalOrUndefined'
platform:
$ref: '#/components/schemas/DescriptionOrUndefined'
query:
$ref: '#/components/schemas/QueryOrUndefined'
removed:
$ref: '#/components/schemas/RemovedOrUndefined'
snapshot:
$ref: '#/components/schemas/SnapshotOrUndefined'
version:
$ref: '#/components/schemas/VersionOrUndefined'
Version:
type: string
VersionOrUndefined:
$ref: '#/components/schemas/Version'
nullable: true
securitySchemes:
BasicAuth:
scheme: basic
type: http
security:
- BasicAuth: []
tags: !<tag:yaml.org,2002:js/undefined> ''

3
x-pack/plugins/osquery/package.json
View file

@ -16,6 +16,7 @@
"nyc": "../../../node_modules/.bin/nyc report --reporter=text-summary",
"junit:merge": "../../../node_modules/.bin/mochawesome-merge ../../../target/kibana-osquery/cypress/results/mochawesome*.json > ../../../target/kibana-osquery/cypress/results/output.json && ../../../node_modules/.bin/marge ../../../target/kibana-osquery/cypress/results/output.json --reportDir ../../../target/kibana-osquery/cypress/results && yarn junit:transform && mkdir -p ../../../target/junit && cp ../../../target/kibana-osquery/cypress/results/*.xml ../../../target/junit/",
"junit:transform": "node ../security_solution/scripts/junit_transformer --pathPattern '../../../target/kibana-osquery/cypress/results/*.xml' --rootDirectory ../../../ --reportName 'Osquery Cypress' --writeInPlace",
"openapi:generate": "node scripts/openapi/generate"
"openapi:generate": "node scripts/openapi/generate",
"openapi:bundle": "node scripts/openapi/bundle"
}
}

42
x-pack/plugins/osquery/scripts/openapi/bundle.js Normal file
View file

@ -0,0 +1,42 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
require('../../../../../src/setup_node_env');
// eslint-disable-next-line @typescript-eslint/no-var-requires
const { bundle } = require('@kbn/openapi-bundler');
// eslint-disable-next-line @typescript-eslint/no-var-requires
const { resolve } = require('path');
const ELASTIC_ASSISTANT_ROOT = resolve(__dirname, '../..');
(async () => {
await bundle({
rootDir: ELASTIC_ASSISTANT_ROOT,
sourceGlob: 'common/api/**/*.schema.yaml',
outputFilePath: 'docs/openapi/serverless/osquery_api_{version}.bundled.schema.yaml',
options: {
includeLabels: ['serverless'],
specInfo: {
title: 'Security Solution Osquery API (Elastic Cloud Serverless)',
description: 'Run live queries, manage packs and saved queries.',
},
},
});
await bundle({
rootDir: ELASTIC_ASSISTANT_ROOT,
sourceGlob: 'common/api/**/*.schema.yaml',
outputFilePath: 'docs/openapi/ess/osquery_api_{version}.bundled.schema.yaml',
options: {
includeLabels: ['ess'],
specInfo: {
title: 'Security Solution Osquery API (Elastic Cloud and self-hosted)',
description: 'Run live queries, manage packs and saved queries.',
},
},
});
})();

31
x-pack/plugins/osquery/scripts/openapi/generate.js
View file

@ -9,12 +9,31 @@ require('../../../../../src/setup_node_env');
// eslint-disable-next-line @typescript-eslint/no-var-requires
const { generate } = require('@kbn/openapi-generator');
// eslint-disable-next-line @typescript-eslint/no-var-requires
const { resolve } = require('path');
const { REPO_ROOT } = require('@kbn/repo-info');
// eslint-disable-next-line @typescript-eslint/no-var-requires
const { join, resolve } = require('path');
const OSQUERY_ROOT = resolve(__dirname, '../..');
generate({
rootDir: OSQUERY_ROOT,
sourceGlob: './**/*.schema.yaml',
templateName: 'zod_operation_schema',
});
(async () => {
await generate({
title: 'API route schemas',
rootDir: OSQUERY_ROOT,
sourceGlob: 'common/api/**/*.schema.yaml',
templateName: 'zod_operation_schema',
});
await generate({
title: 'API client for tests',
rootDir: OSQUERY_ROOT,
sourceGlob: 'common/api/**/*.schema.yaml',
templateName: 'api_client_supertest',
skipLinting: true,
bundle: {
outFile: join(
REPO_ROOT,
'x-pack/test/api_integration/services/security_solution_osquery_api.gen.ts'
),
},
});
})();

4
x-pack/plugins/osquery/tsconfig.json
View file

@ -76,6 +76,8 @@
"@kbn/code-editor",
"@kbn/search-types",
"@kbn/react-kibana-context-render",
"@kbn/zod-helpers"
"@kbn/zod-helpers",
"@kbn/openapi-bundler",
"@kbn/repo-info"
]
}

297
x-pack/test/api_integration/services/security_solution_osquery_api.gen.ts Normal file
View file

@ -0,0 +1,297 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
*
* info:
* title: API client for tests
* version: Bundle (no version)
*/
import {
ELASTIC_HTTP_VERSION_HEADER,
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import { replaceParams } from '@kbn/openapi-common/shared';
import { GetAgentDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen';
import { GetAgentPolicyRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen';
import { GetAgentsRequestQueryInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen';
import { OsqueryCreateLiveQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen';
import { OsqueryCreatePacksRequestBodyInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen';
import { OsqueryCreateSavedQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen';
import { OsqueryDeletePacksRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen';
import { OsqueryDeleteSavedQueryRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen';
import { OsqueryFindLiveQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen';
import { OsqueryFindPacksRequestQueryInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen';
import { OsqueryFindSavedQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen';
import {
OsqueryGetLiveQueryDetailsRequestQueryInput,
OsqueryGetLiveQueryDetailsRequestParamsInput,
} from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen';
import {
OsqueryGetLiveQueryResultsRequestQueryInput,
OsqueryGetLiveQueryResultsRequestParamsInput,
} from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen';
import { OsqueryGetPacksDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen';
import { OsqueryGetSavedQueryDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen';
import {
OsqueryUpdatePacksRequestParamsInput,
OsqueryUpdatePacksRequestBodyInput,
} from '@kbn/osquery-plugin/common/api/packs/packs.gen';
import {
OsqueryUpdateSavedQueryRequestParamsInput,
OsqueryUpdateSavedQueryRequestBodyInput,
} from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen';
import { ReadAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen';
import { UpdateAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen';
import { FtrProviderContext } from '../ftr_provider_context';
export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) {
const supertest = getService('supertest');
return {
getAgentDetails(props: GetAgentDetailsProps) {
return supertest
.get(replaceParams('/internal/osquery/fleet_wrapper/agents/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
getAgentPackagePolicies() {
return supertest
.get('/internal/osquery/fleet_wrapper/package_policies')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
getAgentPolicies() {
return supertest
.get('/internal/osquery/fleet_wrapper/agent_policies')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
getAgentPolicy(props: GetAgentPolicyProps) {
return supertest
.get(replaceParams('/internal/osquery/fleet_wrapper/agent_policies/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
getAgents(props: GetAgentsProps) {
return supertest
.get('/internal/osquery/fleet_wrapper/agents')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
osqueryCreateLiveQuery(props: OsqueryCreateLiveQueryProps) {
return supertest
.post('/api/osquery/live_queries')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
osqueryCreatePacks(props: OsqueryCreatePacksProps) {
return supertest
.post('/api/osquery/packs')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
osqueryCreateSavedQuery(props: OsqueryCreateSavedQueryProps) {
return supertest
.post('/api/osquery/saved_queries')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
osqueryDeletePacks(props: OsqueryDeletePacksProps) {
return supertest
.delete(replaceParams('/api/osquery/packs/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
osqueryDeleteSavedQuery(props: OsqueryDeleteSavedQueryProps) {
return supertest
.delete(replaceParams('/api/osquery/saved_queries/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
osqueryFindLiveQueries(props: OsqueryFindLiveQueriesProps) {
return supertest
.get('/api/osquery/live_queries')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
osqueryFindPacks(props: OsqueryFindPacksProps) {
return supertest
.get('/api/osquery/packs')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
osqueryFindSavedQueries(props: OsqueryFindSavedQueriesProps) {
return supertest
.get('/api/osquery/saved_queries')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
osqueryGetLiveQueryDetails(props: OsqueryGetLiveQueryDetailsProps) {
return supertest
.get(replaceParams('/api/osquery/live_queries/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
osqueryGetLiveQueryResults(props: OsqueryGetLiveQueryResultsProps) {
return supertest
.get(replaceParams('/api/osquery/live_queries/{id}/results/{actionId}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
osqueryGetPacksDetails(props: OsqueryGetPacksDetailsProps) {
return supertest
.get(replaceParams('/api/osquery/packs/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
osqueryGetSavedQueryDetails(props: OsqueryGetSavedQueryDetailsProps) {
return supertest
.get(replaceParams('/api/osquery/saved_queries/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
osqueryUpdatePacks(props: OsqueryUpdatePacksProps) {
return supertest
.put(replaceParams('/api/osquery/packs/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
osqueryUpdateSavedQuery(props: OsqueryUpdateSavedQueryProps) {
return supertest
.put(replaceParams('/api/osquery/saved_queries/{id}', props.params))
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.send(props.body as object);
},
readAssetsStatus(props: ReadAssetsStatusProps) {
return supertest
.get('/internal/osquery/assets')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
readInstallationStatus() {
return supertest
.get('/internal/osquery/status')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
readPrivilegesCheck() {
return supertest
.get('/internal/osquery/privileges_check')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
},
updateAssetsStatus(props: UpdateAssetsStatusProps) {
return supertest
.post('/internal/osquery/assets/update')
.set('kbn-xsrf', 'true')
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
.set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
.query(props.query);
},
};
}
export interface GetAgentDetailsProps {
params: GetAgentDetailsRequestParamsInput;
}
export interface GetAgentPolicyProps {
params: GetAgentPolicyRequestParamsInput;
}
export interface GetAgentsProps {
query: GetAgentsRequestQueryInput;
}
export interface OsqueryCreateLiveQueryProps {
body: OsqueryCreateLiveQueryRequestBodyInput;
}
export interface OsqueryCreatePacksProps {
body: OsqueryCreatePacksRequestBodyInput;
}
export interface OsqueryCreateSavedQueryProps {
body: OsqueryCreateSavedQueryRequestBodyInput;
}
export interface OsqueryDeletePacksProps {
params: OsqueryDeletePacksRequestParamsInput;
}
export interface OsqueryDeleteSavedQueryProps {
params: OsqueryDeleteSavedQueryRequestParamsInput;
}
export interface OsqueryFindLiveQueriesProps {
query: OsqueryFindLiveQueriesRequestQueryInput;
}
export interface OsqueryFindPacksProps {
query: OsqueryFindPacksRequestQueryInput;
}
export interface OsqueryFindSavedQueriesProps {
query: OsqueryFindSavedQueriesRequestQueryInput;
}
export interface OsqueryGetLiveQueryDetailsProps {
query: OsqueryGetLiveQueryDetailsRequestQueryInput;
params: OsqueryGetLiveQueryDetailsRequestParamsInput;
}
export interface OsqueryGetLiveQueryResultsProps {
query: OsqueryGetLiveQueryResultsRequestQueryInput;
params: OsqueryGetLiveQueryResultsRequestParamsInput;
}
export interface OsqueryGetPacksDetailsProps {
params: OsqueryGetPacksDetailsRequestParamsInput;
}
export interface OsqueryGetSavedQueryDetailsProps {
params: OsqueryGetSavedQueryDetailsRequestParamsInput;
}
export interface OsqueryUpdatePacksProps {
params: OsqueryUpdatePacksRequestParamsInput;
body: OsqueryUpdatePacksRequestBodyInput;
}
export interface OsqueryUpdateSavedQueryProps {
params: OsqueryUpdateSavedQueryRequestParamsInput;
body: OsqueryUpdateSavedQueryRequestBodyInput;
}
export interface ReadAssetsStatusProps {
query: ReadAssetsStatusRequestQueryInput;
}
export interface UpdateAssetsStatusProps {
query: UpdateAssetsStatusRequestQueryInput;
}

3
x-pack/test/tsconfig.json
View file

@ -174,6 +174,7 @@
"@kbn/openapi-common",
"@kbn/securitysolution-lists-common",
"@kbn/securitysolution-exceptions-common",
"@kbn/entityManager-plugin"
"@kbn/entityManager-plugin",
"@kbn/osquery-plugin"
]
}