[Cloud Posture] add route handler context (#134774)

x-pack/plugins/cloud_security_posture/server/lib/csp_app_services.ts

@@ -1,36 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import {
-  AgentService,
-  PackageService,
-  AgentPolicyServiceInterface,
-  PackagePolicyServiceInterface,
-} from '@kbn/fleet-plugin/server';
-
-export interface CspAppServiceDependencies {
-  packageService: PackageService;
-  agentService: AgentService;
-  packagePolicyService: PackagePolicyServiceInterface;
-  agentPolicyService: AgentPolicyServiceInterface;
-}
-
-export class CspAppService {
-  public agentService: AgentService | undefined;
-  public packageService: PackageService | undefined;
-  public packagePolicyService: PackagePolicyServiceInterface | undefined;
-  public agentPolicyService: AgentPolicyServiceInterface | undefined;
-
-  public start(dependencies: CspAppServiceDependencies) {
-    this.agentService = dependencies.agentService;
-    this.packageService = dependencies.packageService;
-    this.packagePolicyService = dependencies.packagePolicyService;
-    this.agentPolicyService = dependencies.agentPolicyService;
-  }
-
-  public stop() {}
-}

x-pack/plugins/cloud_security_posture/server/lib/is_latest_findings_index_exists.ts

@@ -5,13 +5,12 @@
  * 2.0.
  */
 
-import { ElasticsearchClient } from '@kbn/core/server';
+import { ElasticsearchClient, type Logger } from '@kbn/core/server';
-import { CspAppContext } from '../plugin';
 import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '../../common/constants';
 
 export const isLatestFindingsIndexExists = async (
   esClient: ElasticsearchClient,
-  logger: CspAppContext['logger']
+  logger: Logger
 ): Promise<boolean> => {
   try {
     const queryResult = await esClient.search({

x-pack/plugins/cloud_security_posture/server/mocks.ts

@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
+import { coreMock } from '@kbn/core/server/mocks';
+import {
+  createFleetRequestHandlerContextMock,
+  createMockAgentService,
+  createMockAgentPolicyService,
+  createPackagePolicyServiceMock,
+  createMockPackageService,
+} from '@kbn/fleet-plugin/server/mocks';
+import { mockAuthenticatedUser } from '@kbn/security-plugin/common/model/authenticated_user.mock';
+
+export const createCspRequestHandlerContextMock = () => {
+  const coreMockRequestContext = coreMock.createRequestHandlerContext();
+
+  return {
+    core: coreMockRequestContext,
+    fleet: createFleetRequestHandlerContextMock(),
+    csp: {
+      user: mockAuthenticatedUser(),
+      logger: loggingSystemMock.createLogger(),
+      esClient: coreMockRequestContext.elasticsearch.client,
+      soClient: coreMockRequestContext.savedObjects.client,
+      agentPolicyService: createMockAgentPolicyService(),
+      agentService: createMockAgentService(),
+      packagePolicyService: createPackagePolicyServiceMock(),
+      packageService: createMockPackageService(),
+    },
+  };
+};

x-pack/plugins/cloud_security_posture/server/plugin.ts

@@ -20,17 +20,14 @@ import {
   TaskManagerSetupContract,
   TaskManagerStartContract,
 } from '@kbn/task-manager-plugin/server';
-import type { SecurityPluginSetup } from '@kbn/security-plugin/server';
-import { CspAppService } from './lib/csp_app_services';
 import type {
   CspServerPluginSetup,
   CspServerPluginStart,
   CspServerPluginSetupDeps,
   CspServerPluginStartDeps,
-  CspRequestHandlerContext,
   CspServerPluginStartServices,
 } from './types';
-import { defineRoutes } from './routes';
+import { setupRoutes } from './routes/setup_routes';
 import { setupSavedObjects } from './saved_objects';
 import { initializeCspIndices } from './create_indices/create_indices';
 import { initializeCspTransforms } from './create_transforms/create_transforms';
@@ -48,12 +45,6 @@ import {
   setupFindingsStatsTask,
 } from './tasks/findings_stats_task';
 
-export interface CspAppContext {
-  logger: Logger;
-  service: CspAppService;
-  security: SecurityPluginSetup;
-}
-
 export class CspPlugin
   implements
     Plugin<
@@ -69,24 +60,16 @@ export class CspPlugin
     this.logger = initializerContext.logger.get();
   }
 
-  private readonly CspAppService = new CspAppService();
-
   public setup(
     core: CoreSetup<CspServerPluginStartDeps, CspServerPluginStart>,
     plugins: CspServerPluginSetupDeps
   ): CspServerPluginSetup {
-    const cspAppContext: CspAppContext = {
-      logger: this.logger,
-      service: this.CspAppService,
-      security: plugins.security,
-    };
-
     setupSavedObjects(core.savedObjects);
 
-    const router = core.http.createRouter<CspRequestHandlerContext>();
+    setupRoutes({
-
+      core,
-    // Register server side APIs
+      logger: this.logger,
-    defineRoutes(router, cspAppContext);
+    });
 
     const coreStartServices = core.getStartServices();
     this.setupCspTasks(plugins.taskManager, coreStartServices, this.logger);
@@ -95,10 +78,6 @@ export class CspPlugin
   }
 
   public start(core: CoreStart, plugins: CspServerPluginStartDeps): CspServerPluginStart {
-    this.CspAppService.start({
-      ...plugins.fleet,
-    });
-
     plugins.fleet.fleetSetupCompleted().then(async () => {
       const packageInfo = await plugins.fleet.packageService.asInternalUser.getInstallation(
         CLOUD_SECURITY_POSTURE_PACKAGE_NAME

x-pack/plugins/cloud_security_posture/server/routes/benchmarks/benchmarks.test.ts

@@ -4,14 +4,7 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import {
+import { httpServerMock, httpServiceMock, savedObjectsClientMock } from '@kbn/core/server/mocks';
-  httpServerMock,
-  httpServiceMock,
-  loggingSystemMock,
-  savedObjectsClientMock,
-} from '@kbn/core/server/mocks';
-import type { ElasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
-import type { KibanaRequest } from '@kbn/core/server';
 import {
   benchmarksQueryParamsSchema,
   DEFAULT_BENCHMARKS_PER_PAGE,
@@ -34,21 +27,7 @@ import {
 } from '@kbn/fleet-plugin/server/mocks';
 import { createPackagePolicyMock } from '@kbn/fleet-plugin/common/mocks';
 import { AgentPolicy } from '@kbn/fleet-plugin/common';
-
+import { createCspRequestHandlerContextMock } from '../../mocks';
-import { CspAppService } from '../../lib/csp_app_services';
-import { CspAppContext } from '../../plugin';
-import { securityMock } from '@kbn/security-plugin/server/mocks';
-
-export const getMockCspContext = (mockEsClient: ElasticsearchClientMock): KibanaRequest => {
-  return {
-    core: {
-      elasticsearch: {
-        client: { asCurrentUser: mockEsClient },
-      },
-    },
-    fleet: { authz: { fleet: { all: false } } },
-  } as unknown as KibanaRequest;
-};
 
 function createMockAgentPolicy(props: Partial<AgentPolicy> = {}): AgentPolicy {
   return {
@@ -70,23 +49,14 @@ function createMockAgentPolicy(props: Partial<AgentPolicy> = {}): AgentPolicy {
 }
 
 describe('benchmarks API', () => {
-  let logger: ReturnType<typeof loggingSystemMock.createLogger>;
-
   beforeEach(() => {
-    logger = loggingSystemMock.createLogger();
     jest.clearAllMocks();
   });
 
   it('validate the API route path', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineGetBenchmarksRoute(router);
-      logger,
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineGetBenchmarksRoute(router, cspContext);
 
     const [config] = router.get.mock.calls[0];
 
@@ -95,20 +65,12 @@ describe('benchmarks API', () => {
 
   it('should accept to a user with fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineGetBenchmarksRoute(router);
-      logger,
+
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineGetBenchmarksRoute(router, cspContext);
     const [_, handler] = router.get.mock.calls[0];
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: true } } },
-    } as unknown as KibanaRequest;
-
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();
     const [context, req, res] = [mockContext, mockRequest, mockResponse];
@@ -120,19 +82,13 @@ describe('benchmarks API', () => {
 
   it('should reject to a user without fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineGetBenchmarksRoute(router);
-      logger,
+
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineGetBenchmarksRoute(router, cspContext);
     const [_, handler] = router.get.mock.calls[0];
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: false } } },
+    mockContext.fleet.authz.fleet.all = false;
-    } as unknown as KibanaRequest;
 
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();

x-pack/plugins/cloud_security_posture/server/routes/benchmarks/benchmarks.ts

@@ -13,7 +13,6 @@ import {
   CSP_RULE_SAVED_OBJECT_TYPE,
 } from '../../../common/constants';
 import { benchmarksQueryParamsSchema } from '../../../common/schemas/benchmark';
-import { CspAppContext } from '../../plugin';
 import type { Benchmark, CspRulesStatus } from '../../../common/types';
 import type { CspRule } from '../../../common/schemas';
 import {
@@ -130,7 +129,7 @@ const createBenchmarks = (
   );
 };
 
-export const defineGetBenchmarksRoute = (router: CspRouter, cspContext: CspAppContext): void =>
+export const defineGetBenchmarksRoute = (router: CspRouter): void =>
   router.get(
     {
       path: BENCHMARKS_ROUTE_PATH,
@@ -144,34 +143,29 @@ export const defineGetBenchmarksRoute = (router: CspRouter, cspContext: CspAppCo
         return response.forbidden();
       }
 
+      const cspContext = await context.csp;
+
       try {
-        const soClient = (await context.core).savedObjects.client;
-        const { query } = request;
-
-        const agentService = cspContext.service.agentService;
-        const agentPolicyService = cspContext.service.agentPolicyService;
-        const packagePolicyService = cspContext.service.packagePolicyService;
-
-        if (!agentPolicyService || !agentService || !packagePolicyService) {
-          throw new Error(`Failed to get Fleet services`);
-        }
-
         const cspPackagePolicies = await getCspPackagePolicies(
-          soClient,
+          cspContext.soClient,
-          packagePolicyService,
+          cspContext.packagePolicyService,
           CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
-          query
+          request.query
         );
 
         const agentPolicies = await getCspAgentPolicies(
-          soClient,
+          cspContext.soClient,
           cspPackagePolicies.items,
-          agentPolicyService
+          cspContext.agentPolicyService
+        );
+
+        const enrichAgentPolicies = await addRunningAgentToAgentPolicy(
+          cspContext.agentService,
+          agentPolicies
         );
 
-        const enrichAgentPolicies = await addRunningAgentToAgentPolicy(agentService, agentPolicies);
         const benchmarks = await createBenchmarks(
-          soClient,
+          cspContext.soClient,
           enrichAgentPolicies,
           cspPackagePolicies.items
         );

x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.test.ts

@@ -4,38 +4,22 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { httpServerMock, httpServiceMock, loggingSystemMock } from '@kbn/core/server/mocks';
+import { httpServerMock, httpServiceMock } from '@kbn/core/server/mocks';
-import type { KibanaRequest } from '@kbn/core/server';
 import { defineGetComplianceDashboardRoute } from './compliance_dashboard';
-
+import { createCspRequestHandlerContextMock } from '../../mocks';
-import { CspAppService } from '../../lib/csp_app_services';
-import { CspAppContext } from '../../plugin';
-import { securityMock } from '@kbn/security-plugin/server/mocks';
 
 describe('compliance dashboard permissions API', () => {
-  let logger: ReturnType<typeof loggingSystemMock.createLogger>;
-
   beforeEach(() => {
-    logger = loggingSystemMock.createLogger();
     jest.clearAllMocks();
   });
 
   it('should accept to a user with fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineGetComplianceDashboardRoute(router);
-      logger,
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineGetComplianceDashboardRoute(router, cspContext);
     const [_, handler] = router.get.mock.calls[0];
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: true } } },
-    } as unknown as KibanaRequest;
-
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();
     const [context, req, res] = [mockContext, mockRequest, mockResponse];
@@ -47,20 +31,11 @@ describe('compliance dashboard permissions API', () => {
 
   it('should reject to a user without fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineGetComplianceDashboardRoute(router);
-      logger,
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineGetComplianceDashboardRoute(router, cspContext);
     const [_, handler] = router.get.mock.calls[0];
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: true } } },
-    } as unknown as KibanaRequest;
-
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();
     const [context, req, res] = [mockContext, mockRequest, mockResponse];

x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts

@@ -9,7 +9,6 @@ import { transformError } from '@kbn/securitysolution-es-utils';
 import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
 import type { ComplianceDashboardData } from '../../../common/types';
 import { LATEST_FINDINGS_INDEX_DEFAULT_NS, STATS_ROUTE_PATH } from '../../../common/constants';
-import { CspAppContext } from '../../plugin';
 import { getGroupedFindingsEvaluation } from './get_grouped_findings_evaluation';
 import { ClusterWithoutTrend, getClusters } from './get_clusters';
 import { getStats } from './get_stats';
@@ -33,10 +32,7 @@ const getClustersTrends = (clustersWithoutTrends: ClusterWithoutTrend[], trends:
 const getSummaryTrend = (trends: Trends) =>
   trends.map(({ timestamp, summary }) => ({ timestamp, ...summary }));
 
-export const defineGetComplianceDashboardRoute = (
+export const defineGetComplianceDashboardRoute = (router: CspRouter): void =>
-  router: CspRouter,
-  cspContext: CspAppContext
-): void =>
   router.get(
     {
       path: STATS_ROUTE_PATH,
@@ -46,8 +42,10 @@ export const defineGetComplianceDashboardRoute = (
       },
     },
     async (context, _, response) => {
+      const cspContext = await context.csp;
+
       try {
-        const esClient = (await context.core).elasticsearch.client.asCurrentUser;
+        const esClient = cspContext.esClient.asCurrentUser;
 
         const { id: pitId } = await esClient.openPointInTime({
           index: LATEST_FINDINGS_INDEX_DEFAULT_NS,

x-pack/plugins/cloud_security_posture/server/routes/configuration/update_rules_configuration.test.ts

@@ -5,12 +5,7 @@
  * 2.0.
  */
 import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
-import {
+import { savedObjectsClientMock, httpServiceMock, httpServerMock } from '@kbn/core/server/mocks';
-  savedObjectsClientMock,
-  httpServiceMock,
-  loggingSystemMock,
-  httpServerMock,
-} from '@kbn/core/server/mocks';
 import {
   createRulesConfig,
   defineUpdateRulesConfigRoute,
@@ -19,8 +14,6 @@ import {
   updateAgentConfiguration,
 } from './update_rules_configuration';
 
-import { CspAppService } from '../../lib/csp_app_services';
-import { CspAppContext } from '../../plugin';
 import { createPackagePolicyMock } from '@kbn/fleet-plugin/common/mocks';
 import { createPackagePolicyServiceMock } from '@kbn/fleet-plugin/server/mocks';
 
@@ -29,37 +22,28 @@ import type { CspRule } from '../../../common/schemas';
 
 import {
   ElasticsearchClient,
-  KibanaRequest,
   SavedObjectsClientContract,
   SavedObjectsFindResponse,
 } from '@kbn/core/server';
 import { Chance } from 'chance';
 import { PackagePolicy, UpdatePackagePolicy } from '@kbn/fleet-plugin/common';
-import { securityMock } from '@kbn/security-plugin/server/mocks';
 import { mockAuthenticatedUser } from '@kbn/security-plugin/common/model/authenticated_user.mock';
 import { DeepPartial } from 'utility-types';
+import { createCspRequestHandlerContextMock } from '../../mocks';
 
 describe('Update rules configuration API', () => {
-  let logger: ReturnType<typeof loggingSystemMock.createLogger>;
   let mockEsClient: jest.Mocked<ElasticsearchClient>;
   let mockSoClient: jest.Mocked<SavedObjectsClientContract>;
   const chance = new Chance();
 
   beforeEach(() => {
-    logger = loggingSystemMock.createLogger();
     jest.clearAllMocks();
   });
 
   it('validate the API route path', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineUpdateRulesConfigRoute(router);
-      logger,
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineUpdateRulesConfigRoute(router, cspContext);
 
     const [config, _] = router.post.mock.calls[0];
 
@@ -68,20 +52,12 @@ describe('Update rules configuration API', () => {
 
   it('should accept to a user with fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineUpdateRulesConfigRoute(router);
-      logger,
+
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineUpdateRulesConfigRoute(router, cspContext);
     const [_, handler] = router.post.mock.calls[0];
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: true } } },
-    } as unknown as KibanaRequest;
-
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();
     const [context, req, res] = [mockContext, mockRequest, mockResponse];
@@ -93,20 +69,11 @@ describe('Update rules configuration API', () => {
 
   it('should reject to a user without fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspAppContextService = new CspAppService();
 
-    const cspContext: CspAppContext = {
+    defineUpdateRulesConfigRoute(router);
-      logger,
-      service: cspAppContextService,
-      security: securityMock.createSetup(),
-    };
-    defineUpdateRulesConfigRoute(router, cspContext);
     const [_, handler] = router.post.mock.calls[0];
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: true } } },
-    } as unknown as KibanaRequest;
-
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();
     const [context, req, res] = [mockContext, mockRequest, mockResponse];

x-pack/plugins/cloud_security_posture/server/routes/configuration/update_rules_configuration.ts

@@ -20,7 +20,7 @@ import { PackagePolicy, PackagePolicyConfigRecord } from '@kbn/fleet-plugin/comm
 import { PackagePolicyServiceInterface } from '@kbn/fleet-plugin/server';
 import { AuthenticatedUser } from '@kbn/security-plugin/common';
 import { createCspRuleSearchFilterByPackagePolicy } from '../../../common/utils/helpers';
-import { CspAppContext } from '../../plugin';
+
 import type { CspRule, CspRulesConfiguration } from '../../../common/schemas';
 import {
   CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
@@ -129,7 +129,7 @@ export const updateAgentConfiguration = async (
   );
 };
 
-export const defineUpdateRulesConfigRoute = (router: CspRouter, cspContext: CspAppContext): void =>
+export const defineUpdateRulesConfigRoute = (router: CspRouter): void =>
   router.post(
     {
       path: UPDATE_RULES_CONFIG_ROUTE_PATH,
@@ -139,33 +139,25 @@ export const defineUpdateRulesConfigRoute = (router: CspRouter, cspContext: CspA
       },
     },
     async (context, request, response) => {
+      const cspContext = await context.csp;
+
       if (!(await context.fleet).authz.fleet.all) {
         return response.forbidden();
       }
 
       try {
-        const coreContext = await context.core;
-        const esClient = coreContext.elasticsearch.client.asCurrentUser;
-        const soClient = coreContext.savedObjects.client;
-        const user = await cspContext.security.authc.getCurrentUser(request);
-        const packagePolicyService = cspContext.service.packagePolicyService;
-        const packagePolicyId = request.body.package_policy_id;
-
-        if (!packagePolicyService) {
-          throw new Error(`Failed to get Fleet services`);
-        }
         const packagePolicy = await getPackagePolicy(
-          soClient,
+          cspContext.soClient,
-          packagePolicyService,
+          cspContext.packagePolicyService,
-          packagePolicyId
+          request.body.package_policy_id
         );
 
         const updatedPackagePolicy = await updateAgentConfiguration(
-          packagePolicyService,
+          cspContext.packagePolicyService,
           packagePolicy,
-          esClient,
+          cspContext.esClient.asCurrentUser,
-          soClient,
+          cspContext.soClient,
-          user
+          cspContext.user
         );
 
         return response.ok({ body: updatedPackagePolicy });

x-pack/plugins/cloud_security_posture/server/routes/es_pit/es_pit.test.ts

@@ -5,13 +5,14 @@
  * 2.0.
  */
 import { Chance } from 'chance';
-import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks';
+import {
+  elasticsearchClientMock,
+  ElasticsearchClientMock,
+} from '@kbn/core-elasticsearch-client-server-mocks';
 import type { ElasticsearchClient } from '@kbn/core/server';
-import { httpServerMock, httpServiceMock, loggingSystemMock } from '@kbn/core/server/mocks';
+import { httpServerMock, httpServiceMock } from '@kbn/core/server/mocks';
 import { DEFAULT_PIT_KEEP_ALIVE, defineEsPitRoute, esPitInputSchema } from './es_pit';
-import { CspAppService } from '../../lib/csp_app_services';
+import { createCspRequestHandlerContextMock } from '../../mocks';
-import { CspAppContext } from '../../plugin';
-import { securityMock } from '@kbn/security-plugin/server/mocks';
 
 describe('ES Point in time API endpoint', () => {
   const chance = new Chance();
@@ -23,13 +24,8 @@ describe('ES Point in time API endpoint', () => {
 
   it('validate the API route path', () => {
     const router = httpServiceMock.createRouter();
-    const cspContext: CspAppContext = {
-      logger: loggingSystemMock.createLogger(),
-      service: new CspAppService(),
-      security: securityMock.createSetup(),
-    };
 
-    defineEsPitRoute(router, cspContext);
+    defineEsPitRoute(router);
 
     const [config] = router.post.mock.calls[0];
     expect(config.path).toEqual('/internal/cloud_security_posture/es_pit');
@@ -37,18 +33,10 @@ describe('ES Point in time API endpoint', () => {
 
   it('should accept to a user with fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspContext: CspAppContext = {
-      logger: loggingSystemMock.createLogger(),
-      service: new CspAppService(),
-      security: securityMock.createSetup(),
-    };
 
-    defineEsPitRoute(router, cspContext);
+    defineEsPitRoute(router);
-
-    const mockContext = {
-      fleet: { authz: { fleet: { all: true } } },
-    };
 
+    const mockContext = createCspRequestHandlerContextMock();
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();
     const [context, req, res] = [mockContext, mockRequest, mockResponse];
@@ -61,17 +49,11 @@ describe('ES Point in time API endpoint', () => {
 
   it('should reject to a user without fleet.all privilege', async () => {
     const router = httpServiceMock.createRouter();
-    const cspContext: CspAppContext = {
-      logger: loggingSystemMock.createLogger(),
-      service: new CspAppService(),
-      security: securityMock.createSetup(),
-    };
 
-    defineEsPitRoute(router, cspContext);
+    defineEsPitRoute(router);
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: false } } },
+    mockContext.fleet.authz.fleet.all = false;
-    };
 
     const mockResponse = httpServerMock.createResponseFactory();
     const mockRequest = httpServerMock.createKibanaRequest();
@@ -85,22 +67,15 @@ describe('ES Point in time API endpoint', () => {
 
   it('should return the newly created PIT ID from ES', async () => {
     const router = httpServiceMock.createRouter();
-    const cspContext: CspAppContext = {
-      logger: loggingSystemMock.createLogger(),
-      service: new CspAppService(),
-      security: securityMock.createSetup(),
-    };
 
-    defineEsPitRoute(router, cspContext);
+    defineEsPitRoute(router);
 
     const pitId = chance.string();
     mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser;
     mockEsClient.openPointInTime.mockImplementation(() => Promise.resolve({ id: pitId }));
 
-    const mockContext = {
+    const mockContext = createCspRequestHandlerContextMock();
-      fleet: { authz: { fleet: { all: true } } },
+    mockContext.core.elasticsearch.client.asCurrentUser = mockEsClient as ElasticsearchClientMock;
-      core: { elasticsearch: { client: { asCurrentUser: mockEsClient } } },
-    };
 
     const indexName = chance.string();
     const keepAlive = chance.string();

x-pack/plugins/cloud_security_posture/server/routes/es_pit/es_pit.ts

@@ -8,7 +8,6 @@
 import { schema } from '@kbn/config-schema';
 import { transformError } from '@kbn/securitysolution-es-utils';
 import { ES_PIT_ROUTE_PATH } from '../../../common/constants';
-import type { CspAppContext } from '../../plugin';
 import type { CspRouter } from '../../types';
 
 export const DEFAULT_PIT_KEEP_ALIVE = '1m';
@@ -18,7 +17,7 @@ export const esPitInputSchema = schema.object({
   keep_alive: schema.string({ defaultValue: DEFAULT_PIT_KEEP_ALIVE }),
 });
 
-export const defineEsPitRoute = (router: CspRouter, cspContext: CspAppContext): void =>
+export const defineEsPitRoute = (router: CspRouter): void =>
   router.post(
     {
       path: ES_PIT_ROUTE_PATH,
@@ -28,13 +27,14 @@ export const defineEsPitRoute = (router: CspRouter, cspContext: CspAppContext):
       },
     },
     async (context, request, response) => {
+      const cspContext = await context.csp;
+
       if (!(await context.fleet).authz.fleet.all) {
         return response.forbidden();
       }
 
       try {
-        const coreContext = await context.core;
+        const esClient = cspContext.esClient.asCurrentUser;
-        const esClient = coreContext.elasticsearch.client.asCurrentUser;
         const { id } = await esClient.openPointInTime({
           index: request.query.index_name,
           keep_alive: request.query.keep_alive,

x-pack/plugins/cloud_security_posture/server/routes/index.ts

@@ -1,22 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { defineGetComplianceDashboardRoute } from './compliance_dashboard/compliance_dashboard';
-import { defineGetBenchmarksRoute } from './benchmarks/benchmarks';
-import { defineUpdateRulesConfigRoute } from './configuration/update_rules_configuration';
-import { defineGetCspSetupStatusRoute } from './status/status';
-import { defineEsPitRoute } from './es_pit/es_pit';
-import { CspAppContext } from '../plugin';
-import { CspRouter } from '../types';
-
-export function defineRoutes(router: CspRouter, cspContext: CspAppContext) {
-  defineGetComplianceDashboardRoute(router, cspContext);
-  defineGetBenchmarksRoute(router, cspContext);
-  defineUpdateRulesConfigRoute(router, cspContext);
-  defineGetCspSetupStatusRoute(router, cspContext);
-  defineEsPitRoute(router, cspContext);
-}

x-pack/plugins/cloud_security_posture/server/routes/setup_routes.ts

@@ -0,0 +1,67 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { CoreSetup, Logger } from '@kbn/core/server';
+import type { AuthenticatedUser } from '@kbn/security-plugin/common';
+import type {
+  CspRequestHandlerContext,
+  CspServerPluginStart,
+  CspServerPluginStartDeps,
+} from '../types';
+import { PLUGIN_ID } from '../../common';
+import { defineGetComplianceDashboardRoute } from './compliance_dashboard/compliance_dashboard';
+import { defineGetBenchmarksRoute } from './benchmarks/benchmarks';
+import { defineUpdateRulesConfigRoute } from './configuration/update_rules_configuration';
+import { defineGetCspSetupStatusRoute } from './status/status';
+import { defineEsPitRoute } from './es_pit/es_pit';
+
+/**
+ * 1. Registers routes
+ * 2. Registers routes handler context
+ */
+export function setupRoutes({
+  core,
+  logger,
+}: {
+  core: CoreSetup<CspServerPluginStartDeps, CspServerPluginStart>;
+  logger: Logger;
+}) {
+  const router = core.http.createRouter<CspRequestHandlerContext>();
+  defineGetComplianceDashboardRoute(router);
+  defineGetBenchmarksRoute(router);
+  defineUpdateRulesConfigRoute(router);
+  defineGetCspSetupStatusRoute(router);
+  defineEsPitRoute(router);
+
+  core.http.registerRouteHandlerContext<CspRequestHandlerContext, typeof PLUGIN_ID>(
+    PLUGIN_ID,
+    async (context, request) => {
+      const [, { security, fleet }] = await core.getStartServices();
+      const coreContext = await context.core;
+      await fleet.fleetSetupCompleted();
+
+      let user: AuthenticatedUser | null = null;
+
+      return {
+        get user() {
+          // We want to call getCurrentUser only when needed and only once
+          if (!user) {
+            user = security.authc.getCurrentUser(request);
+          }
+          return user;
+        },
+        logger,
+        esClient: coreContext.elasticsearch.client,
+        soClient: coreContext.savedObjects.client,
+        agentPolicyService: fleet.agentPolicyService,
+        agentService: fleet.agentService,
+        packagePolicyService: fleet.packagePolicyService,
+        packageService: fleet.packageService,
+      };
+    }
+  );
+}

x-pack/plugins/cloud_security_posture/server/routes/status/status.test.ts

@@ -5,18 +5,9 @@
  * 2.0.
  */
 
-import { CspAppContext } from '../../plugin';
 import { defineGetCspSetupStatusRoute, INDEX_TIMEOUT_IN_MINUTES } from './status';
-import { httpServerMock, httpServiceMock, loggingSystemMock } from '@kbn/core/server/mocks';
+import { httpServerMock, httpServiceMock } from '@kbn/core/server/mocks';
 import type { ESSearchResponse } from '@kbn/core/types/elasticsearch';
-import { securityMock } from '@kbn/security-plugin/server/mocks';
-import {
-  createMockAgentPolicyService,
-  createMockAgentService,
-  createMockPackageService,
-  createPackagePolicyServiceMock,
-  xpackMocks,
-} from '@kbn/fleet-plugin/server/mocks';
 import {
   AgentClient,
   AgentPolicyServiceInterface,
@@ -32,6 +23,7 @@ import {
   RegistryPackage,
 } from '@kbn/fleet-plugin/common';
 import { createPackagePolicyMock } from '@kbn/fleet-plugin/common/mocks';
+import { createCspRequestHandlerContextMock } from '../../mocks';
 
 const mockCspPackageInfo: Installation = {
   verification_status: 'verified',
@@ -65,43 +57,29 @@ const mockLatestCspPackageInfo: RegistryPackage = {
 
 describe('CspSetupStatus route', () => {
   const router = httpServiceMock.createRouter();
-  const logger: ReturnType<typeof loggingSystemMock.createLogger> =
+  let mockContext: ReturnType<typeof createCspRequestHandlerContextMock>;
-    loggingSystemMock.createLogger();
-  let mockContext: ReturnType<typeof xpackMocks.createRequestHandlerContext>;
   let mockPackagePolicyService: jest.Mocked<PackagePolicyServiceInterface>;
   let mockAgentPolicyService: jest.Mocked<AgentPolicyServiceInterface>;
   let mockAgentService: jest.Mocked<AgentService>;
   let mockAgentClient: jest.Mocked<AgentClient>;
   let mockPackageService: PackageService;
   let mockPackageClient: jest.Mocked<PackageClient>;
-  let cspContext: CspAppContext;
 
   beforeEach(() => {
     jest.clearAllMocks();
 
-    mockContext = xpackMocks.createRequestHandlerContext();
+    mockContext = createCspRequestHandlerContextMock();
-    mockPackagePolicyService = createPackagePolicyServiceMock();
+    mockPackagePolicyService = mockContext.csp.packagePolicyService;
-    mockAgentPolicyService = createMockAgentPolicyService();
+    mockAgentPolicyService = mockContext.csp.agentPolicyService;
-    mockAgentService = createMockAgentService();
+    mockAgentService = mockContext.csp.agentService;
-    mockPackageService = createMockPackageService();
+    mockPackageService = mockContext.csp.packageService;
 
     mockAgentClient = mockAgentService.asInternalUser as jest.Mocked<AgentClient>;
     mockPackageClient = mockPackageService.asInternalUser as jest.Mocked<PackageClient>;
-
-    cspContext = {
-      logger,
-      service: {
-        agentService: mockAgentService,
-        agentPolicyService: mockAgentPolicyService,
-        packagePolicyService: mockPackagePolicyService,
-        packageService: mockPackageService,
-      },
-      security: securityMock.createSetup(),
-    } as unknown as CspAppContext;
   });
 
   it('validate the API route path', async () => {
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
     const [config, _] = router.get.mock.calls[0];
 
     expect(config.path).toEqual('/internal/cloud_security_posture/status');
@@ -123,7 +101,7 @@ describe('CspSetupStatus route', () => {
     });
 
     // Act
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
     const [_, handler] = router.get.mock.calls[0];
 
     const mockResponse = httpServerMock.createResponseFactory();
@@ -162,7 +140,7 @@ describe('CspSetupStatus route', () => {
     });
 
     // Act
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
     const [_, handler] = router.get.mock.calls[0];
 
     const mockResponse = httpServerMock.createResponseFactory();
@@ -210,7 +188,7 @@ describe('CspSetupStatus route', () => {
     } as unknown as GetAgentStatusResponse['results']);
 
     // Act
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
     const [_, handler] = router.get.mock.calls[0];
 
     const mockResponse = httpServerMock.createResponseFactory();
@@ -248,7 +226,7 @@ describe('CspSetupStatus route', () => {
     });
 
     // Act
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
     const [_, handler] = router.get.mock.calls[0];
 
     const mockResponse = httpServerMock.createResponseFactory();
@@ -295,7 +273,7 @@ describe('CspSetupStatus route', () => {
     } as unknown as GetAgentStatusResponse['results']);
 
     // Act
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
 
     const [_, handler] = router.get.mock.calls[0];
 
@@ -349,7 +327,7 @@ describe('CspSetupStatus route', () => {
     } as unknown as GetAgentStatusResponse['results']);
 
     // Act
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
 
     const [_, handler] = router.get.mock.calls[0];
 
@@ -405,7 +383,7 @@ describe('CspSetupStatus route', () => {
     } as unknown as GetAgentStatusResponse['results']);
 
     // Act
-    defineGetCspSetupStatusRoute(router, cspContext);
+    defineGetCspSetupStatusRoute(router);
 
     const [_, handler] = router.get.mock.calls[0];
 

x-pack/plugins/cloud_security_posture/server/routes/status/status.ts

@@ -6,7 +6,7 @@
  */
 
 import { transformError } from '@kbn/securitysolution-es-utils';
-import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
+import type { Logger, ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server';
 import type {
   AgentPolicyServiceInterface,
   AgentService,
@@ -16,7 +16,6 @@ import type {
 import moment, { MomentInput } from 'moment';
 import { PackagePolicy } from '@kbn/fleet-plugin/common';
 import { CLOUD_SECURITY_POSTURE_PACKAGE_NAME, STATUS_ROUTE_PATH } from '../../../common/constants';
-import type { CspAppContext } from '../../plugin';
 import type { CspRouter } from '../../types';
 import type { CspSetupStatus, Status } from '../../../common/types';
 import {
@@ -71,7 +70,7 @@ const getStatus = (
 };
 
 const getCspSetupStatus = async (
-  logger: CspAppContext['logger'],
+  logger: Logger,
   esClient: ElasticsearchClient,
   soClient: SavedObjectsClientContract,
   packageService: PackageService,
@@ -123,7 +122,7 @@ const getCspSetupStatus = async (
   };
 };
 
-export const defineGetCspSetupStatusRoute = (router: CspRouter, cspContext: CspAppContext): void =>
+export const defineGetCspSetupStatusRoute = (router: CspRouter): void =>
   router.get(
     {
       path: STATUS_ROUTE_PATH,
@@ -133,27 +132,16 @@ export const defineGetCspSetupStatusRoute = (router: CspRouter, cspContext: CspA
       },
     },
     async (context, _, response) => {
+      const cspContext = await context.csp;
       try {
-        const esClient = (await context.core).elasticsearch.client.asCurrentUser;
-        const soClient = (await context.core).savedObjects.client;
-
-        const packageService = cspContext.service.packageService;
-        const agentService = cspContext.service.agentService;
-        const agentPolicyService = cspContext.service.agentPolicyService;
-        const packagePolicyService = cspContext.service.packagePolicyService;
-
-        if (!agentPolicyService || !agentService || !packagePolicyService || !packageService) {
-          throw new Error(`Failed to get Fleet services`);
-        }
-
         const cspSetupStatus = await getCspSetupStatus(
           cspContext.logger,
-          esClient,
+          cspContext.esClient.asCurrentUser,
-          soClient,
+          cspContext.soClient,
-          packageService,
+          cspContext.packageService,
-          packagePolicyService,
+          cspContext.packagePolicyService,
-          agentPolicyService,
+          cspContext.agentPolicyService,
-          agentService
+          cspContext.agentService
         );
 
         const body: CspSetupStatus = cspSetupStatus;

x-pack/plugins/cloud_security_posture/server/types.ts

@@ -4,7 +4,6 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
 import type {
   PluginSetup as DataPluginSetup,
   PluginStart as DataPluginStart,
@@ -13,15 +12,20 @@ import {
   TaskManagerSetupContract,
   TaskManagerStartContract,
 } from '@kbn/task-manager-plugin/server';
-
 import type {
-  RouteMethod,
-  KibanaResponseFactory,
-  RequestHandler,
   IRouter,
   CoreStart,
+  CustomRequestHandlerContext,
+  Logger,
+  SavedObjectsClientContract,
+  IScopedClusterClient,
 } from '@kbn/core/server';
-
+import type {
+  AgentService,
+  PackageService,
+  AgentPolicyServiceInterface,
+  PackagePolicyServiceInterface,
+} from '@kbn/fleet-plugin/server';
 import type { FleetStartContract, FleetRequestHandlerContext } from '@kbn/fleet-plugin/server';
 import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/server';
 
@@ -49,19 +53,22 @@ export interface CspServerPluginStartDeps {
 export type CspServerPluginStartServices = Promise<
   [CoreStart, CspServerPluginStartDeps, CspServerPluginStart]
 >;
-export type CspRequestHandlerContext = FleetRequestHandlerContext;
 
-/**
+interface CspApiRequestHandlerContext {
- * Convenience type for request handlers in CSP that includes the CspRequestHandlerContext type
+  user: ReturnType<SecurityPluginStart['authc']['getCurrentUser']>;
- * @internal
+  logger: Logger;
- */
+  esClient: IScopedClusterClient;
-export type CspRequestHandler<
+  soClient: SavedObjectsClientContract;
-  P = unknown,
+  agentPolicyService: AgentPolicyServiceInterface;
-  Q = unknown,
+  agentService: AgentService;
-  B = unknown,
+  packagePolicyService: PackagePolicyServiceInterface;
-  Method extends RouteMethod = any,
+  packageService: PackageService;
-  ResponseFactory extends KibanaResponseFactory = KibanaResponseFactory
+}
-> = RequestHandler<P, Q, B, CspRequestHandlerContext, Method, ResponseFactory>;
+
+export type CspRequestHandlerContext = CustomRequestHandlerContext<{
+  csp: CspApiRequestHandlerContext;
+  fleet: FleetRequestHandlerContext['fleet'];
+}>;
 
 /**
  * Convenience type for routers in Csp that includes the CspRequestHandlerContext type