[Security solution][Endpoint] API error when edit/create TA by policy and license under platinum #113363
Conversation
dasansol92
added
v8.0.0
release_note:skip
| @@ -408,10 +454,27 @@ describe('service', () => { | |||
| savedObjectClient, | |||
| packagePolicyClient, | |||
| trustedAppByPolicy.id, | |||
| toUpdateTrustedApp(trustedAppByPolicy as MaybeImmutable<TrustedApp>) | |||
| toUpdateTrustedApp(trustedAppByPolicy as MaybeImmutable<TrustedApp>), | |||
There was a problem hiding this comment.
I'm not sure if we do unit testing for the services and utilities, I'd say that isUserTryingToModifyEffectScopeWithoutPermissions should have a unit test as well as the current tests are only testing integration but I leave it to your discretion. The code looks good as it is 🐑🐑🐑
Yeah, I didn't add a specific unit test to that function because it's not exported. It's just a private one to keep the code organised. |
| @@ -25,6 +25,15 @@ export class TrustedAppPolicyNotExistsError extends Error { | |||
| ); | |||
| } | |||
| } | |||
| export class TrustedAppPolicyPermissionsError extends Error { | |||
There was a problem hiding this comment.
Suggestion: extend EndpointError instead as the base class. When you do that, you should not need to set the type below, as the base class already takes care of it (but instead of type it uses name)
|
|
||
| constructor() { | ||
| super( | ||
| 'Your Kibana license has been downgraded. As such, individual policy configuration is no longer supported.' |
There was a problem hiding this comment.
Suggestion: use the same text as the one that Isolation is using: 'Your license level does not allow for this action' (here: https://github.com/elastic/kibana/blob/master/x-pack/plugins/security_solution/server/endpoint/routes/actions/isolation.ts#L79)
Also,
- Maybe we should have a generic Endpoint error for license related errors - like a
EndpointLicenseErrorinserver/endpoint/errors.ts? - If you decide to stay with this one - since this seems to be very specific for only license violation, maybe rename the Error to
TrustedAppPolicyLicenseError?
Either way - this comment can be done in a subsequent PR.
| @@ -87,6 +88,11 @@ const errorHandler = <E extends Error>( | |||
| return res.badRequest({ body: { message: error.message, attributes: { type: error.type } } }); | |||
| } | |||
|
|
|||
| if (error instanceof TrustedAppPolicyPermissionsError) { | |||
| logger.error(error); | |||
| return res.badRequest({ body: { message: error.message, attributes: { type: error.type } } }); | |||
There was a problem hiding this comment.
Suggestion: just send the error:
| return res.badRequest({ body: { message: error.message, attributes: { type: error.type } } }); | |
| return res.badRequest({ body: error }); |
| ).rejects.toBeInstanceOf(TrustedAppPolicyNotExistsError); | ||
| }); | ||
|
|
||
| it('should throw wwhen license under platinum and by policy', async () => { |
| return false; | ||
| } else if ( | ||
| isEqual( | ||
| currentTrustedApp.tags.map((policy) => policy.replace('policy:', '')).sort(), |
There was a problem hiding this comment.
one way to avoid this is to use the exceptionListItemToTrustedApp mapping function in x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/mapping.ts and change this function's signature so that currentTrustedApp is of type TrustedApp
…se helper mapping function to avoid use string replace method
| @@ -40,7 +40,7 @@ export const getExceptionListItemSchemaMock = ( | |||
| name: NAME, | |||
| namespace_type: NAMESPACE_TYPE, | |||
| os_types: [], | |||
| tags: ['user added string for a tag', 'malware'], | |||
| tags: ['sdasdasd', 'malware'], | |||
There was a problem hiding this comment.
😄 was this intentional?
..._solution/public/management/pages/trusted_apps/view/components/create_trusted_app_flyout.tsx
Show resolved
Hide resolved
| @@ -22,3 +22,10 @@ export class EndpointAppContentServicesNotStartedError extends EndpointError { | |||
| super('EndpointAppContextService has not been started (EndpointAppContextService.start())'); | |||
| } | |||
| } | |||
| export class EndpointLicenseError extends EndpointError { | |||
| public readonly name = 'EndpointLicenseError'; | |||
There was a problem hiding this comment.
you don't need this. EndpointError#constructor will set it auto-magically 😄
see:
x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/handlers.ts
Show resolved
Hide resolved
| @@ -36,6 +37,32 @@ export const getTrustedAppByPolicy = function (): TrustedApp { | |||
| }; | |||
| }; | |||
|
|
|||
| export const getPutTrustedAppByPolicy = function (): ExceptionListItemSchema { | |||
There was a problem hiding this comment.
can you include the word mock in the function name?
|
@elasticmachine merge upstream |
…hanges_to_the_TA_effect_scope_is_to_set_it_to_global-1688
💚 Build SucceededMetrics [docs]Async chunks
Unknown metric groupsReferences to deprecated APIs
History
To update your PR or re-run it, just comment with: |
… and license under platinum (elastic#113363) * New function to check if the effect scope has been changed without right license * Checks if license is under platinum when creating/updating trusted apps by policy * Change error type. Use translations in frontend for api error. Also use helper mapping function to avoid use string replace method * Remove name from constructor and changed mock function name Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
… and license under platinum (#113363) (#113545) * New function to check if the effect scope has been changed without right license * Checks if license is under platinum when creating/updating trusted apps by policy * Change error type. Use translations in frontend for api error. Also use helper mapping function to avoid use string replace method * Remove name from constructor and changed mock function name Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: David Sánchez <davidsansol92@gmail.com>
Summary
For maintainers