-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security solution][Endpoint] API error when edit/create TA by policy and license under platinum #113363
[Security solution][Endpoint] API error when edit/create TA by policy and license under platinum #113363
Changes from 2 commits
3d74da9
128421d
f39e832
36f13fd
777f3fc
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,6 +25,15 @@ export class TrustedAppPolicyNotExistsError extends Error { | |
); | ||
} | ||
} | ||
export class TrustedAppPolicyPermissionsError extends Error { | ||
public readonly type = 'TrustedApps/PolicyPermissionError'; | ||
|
||
constructor() { | ||
super( | ||
'Your Kibana license has been downgraded. As such, individual policy configuration is no longer supported.' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Suggestion: use the same text as the one that Isolation is using: Also,
Either way - this comment can be done in a subsequent PR. |
||
); | ||
} | ||
} | ||
|
||
export class TrustedAppVersionConflictError extends Error { | ||
constructor(id: string, public sourceError: Error) { | ||
|
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -33,6 +33,7 @@ import { | |||||
TrustedAppNotFoundError, | ||||||
TrustedAppVersionConflictError, | ||||||
TrustedAppPolicyNotExistsError, | ||||||
TrustedAppPolicyPermissionsError, | ||||||
} from './errors'; | ||||||
import { PackagePolicyServiceInterface } from '../../../../../fleet/server'; | ||||||
|
||||||
|
@@ -87,6 +88,11 @@ const errorHandler = <E extends Error>( | |||||
return res.badRequest({ body: { message: error.message, attributes: { type: error.type } } }); | ||||||
} | ||||||
|
||||||
if (error instanceof TrustedAppPolicyPermissionsError) { | ||||||
logger.error(error); | ||||||
return res.badRequest({ body: { message: error.message, attributes: { type: error.type } } }); | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Suggestion: just send the
Suggested change
|
||||||
} | ||||||
|
||||||
if (error instanceof TrustedAppVersionConflictError) { | ||||||
logger.error(error); | ||||||
return res.conflict({ body: error }); | ||||||
|
@@ -177,7 +183,8 @@ export const getTrustedAppsCreateRouteHandler = ( | |||||
exceptionListClientFromContext(context), | ||||||
context.core.savedObjects.client, | ||||||
packagePolicyClientFromEndpointContext(endpointAppContext), | ||||||
body | ||||||
body, | ||||||
endpointAppContext.service.getLicenseService().isAtLeast('platinum') | ||||||
), | ||||||
}); | ||||||
} catch (error) { | ||||||
|
@@ -206,7 +213,8 @@ export const getTrustedAppsUpdateRouteHandler = ( | |||||
context.core.savedObjects.client, | ||||||
packagePolicyClientFromEndpointContext(endpointAppContext), | ||||||
req.params.id, | ||||||
body | ||||||
body, | ||||||
endpointAppContext.service.getLicenseService().isAtLeast('platinum') | ||||||
), | ||||||
}); | ||||||
} catch (error) { | ||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,6 +31,7 @@ import { | |
TrustedAppNotFoundError, | ||
TrustedAppVersionConflictError, | ||
TrustedAppPolicyNotExistsError, | ||
TrustedAppPolicyPermissionsError, | ||
} from './errors'; | ||
import { toUpdateTrustedApp } from '../../../../common/endpoint/service/trusted_apps/to_update_trusted_app'; | ||
import { updateExceptionListItemImplementationMock } from './test_utils'; | ||
|
@@ -135,7 +136,8 @@ describe('service', () => { | |
'1234234659af249ddf3e40864e9fb241' | ||
), | ||
], | ||
} | ||
}, | ||
true | ||
); | ||
|
||
expect(result).toEqual({ data: TRUSTED_APP }); | ||
|
@@ -163,7 +165,8 @@ describe('service', () => { | |
'1234234659af249ddf3e40864e9fb241' | ||
), | ||
], | ||
} | ||
}, | ||
true | ||
); | ||
|
||
expect(result).toEqual({ data: TRUSTED_APP }); | ||
|
@@ -175,28 +178,67 @@ describe('service', () => { | |
packagePolicyClient.getByIDs.mockReset(); | ||
packagePolicyClient.getByIDs.mockResolvedValueOnce(getPackagePoliciesResponse()); | ||
await expect( | ||
createTrustedApp(exceptionsListClient, savedObjectClient, packagePolicyClient, { | ||
name: 'linux trusted app 1', | ||
description: 'Linux trusted app 1', | ||
effectScope: { | ||
type: 'policy', | ||
policies: [ | ||
'e5cbb9cf-98aa-4303-a04b-6a1165915079', | ||
'9da95be9-9bee-4761-a8c4-28d6d9bd8c71', | ||
createTrustedApp( | ||
exceptionsListClient, | ||
savedObjectClient, | ||
packagePolicyClient, | ||
{ | ||
name: 'linux trusted app 1', | ||
description: 'Linux trusted app 1', | ||
effectScope: { | ||
type: 'policy', | ||
policies: [ | ||
'e5cbb9cf-98aa-4303-a04b-6a1165915079', | ||
'9da95be9-9bee-4761-a8c4-28d6d9bd8c71', | ||
], | ||
}, | ||
os: OperatingSystem.LINUX, | ||
entries: [ | ||
createConditionEntry(ConditionEntryField.PATH, 'wildcard', '/bin/malware'), | ||
createConditionEntry( | ||
ConditionEntryField.HASH, | ||
'wildcard', | ||
'1234234659af249ddf3e40864e9fb241' | ||
), | ||
], | ||
}, | ||
os: OperatingSystem.LINUX, | ||
entries: [ | ||
createConditionEntry(ConditionEntryField.PATH, 'wildcard', '/bin/malware'), | ||
createConditionEntry( | ||
ConditionEntryField.HASH, | ||
'wildcard', | ||
'1234234659af249ddf3e40864e9fb241' | ||
), | ||
], | ||
}) | ||
true | ||
) | ||
).rejects.toBeInstanceOf(TrustedAppPolicyNotExistsError); | ||
}); | ||
|
||
it('should throw wwhen license under platinum and by policy', async () => { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. extra |
||
packagePolicyClient.getByIDs.mockReset(); | ||
packagePolicyClient.getByIDs.mockResolvedValueOnce(getPackagePoliciesResponse()); | ||
await expect( | ||
createTrustedApp( | ||
exceptionsListClient, | ||
savedObjectClient, | ||
packagePolicyClient, | ||
{ | ||
name: 'linux trusted app 1', | ||
description: 'Linux trusted app 1', | ||
effectScope: { | ||
type: 'policy', | ||
policies: [ | ||
'e5cbb9cf-98aa-4303-a04b-6a1165915079', | ||
'9da95be9-9bee-4761-a8c4-28d6d9bd8c71', | ||
], | ||
}, | ||
os: OperatingSystem.LINUX, | ||
entries: [ | ||
createConditionEntry(ConditionEntryField.PATH, 'wildcard', '/bin/malware'), | ||
createConditionEntry( | ||
ConditionEntryField.HASH, | ||
'wildcard', | ||
'1234234659af249ddf3e40864e9fb241' | ||
), | ||
], | ||
}, | ||
false | ||
) | ||
).rejects.toBeInstanceOf(TrustedAppPolicyPermissionsError); | ||
}); | ||
}); | ||
|
||
describe('getTrustedAppsList', () => { | ||
|
@@ -321,7 +363,8 @@ describe('service', () => { | |
savedObjectClient, | ||
packagePolicyClient, | ||
TRUSTED_APP.id, | ||
trustedAppForUpdate | ||
trustedAppForUpdate, | ||
true | ||
) | ||
).resolves.toEqual({ | ||
data: { | ||
|
@@ -357,7 +400,8 @@ describe('service', () => { | |
savedObjectClient, | ||
packagePolicyClient, | ||
TRUSTED_APP.id, | ||
toUpdateTrustedApp(TRUSTED_APP) | ||
toUpdateTrustedApp(TRUSTED_APP), | ||
true | ||
) | ||
).rejects.toBeInstanceOf(TrustedAppNotFoundError); | ||
}); | ||
|
@@ -374,7 +418,8 @@ describe('service', () => { | |
savedObjectClient, | ||
packagePolicyClient, | ||
TRUSTED_APP.id, | ||
toUpdateTrustedApp(TRUSTED_APP) | ||
toUpdateTrustedApp(TRUSTED_APP), | ||
true | ||
) | ||
).rejects.toBeInstanceOf(TrustedAppVersionConflictError); | ||
}); | ||
|
@@ -393,12 +438,13 @@ describe('service', () => { | |
savedObjectClient, | ||
packagePolicyClient, | ||
TRUSTED_APP.id, | ||
toUpdateTrustedApp(TRUSTED_APP) | ||
toUpdateTrustedApp(TRUSTED_APP), | ||
true | ||
) | ||
).rejects.toBeInstanceOf(TrustedAppNotFoundError); | ||
}); | ||
|
||
it("should throw wrong policy error if some policy doesn't exists", async () => { | ||
it("should throw wrong policy error if some policy doesn't exists during update", async () => { | ||
packagePolicyClient.getByIDs.mockReset(); | ||
packagePolicyClient.getByIDs.mockResolvedValueOnce(getPackagePoliciesResponse()); | ||
const trustedAppByPolicy = getTrustedAppByPolicy(); | ||
|
@@ -408,10 +454,27 @@ describe('service', () => { | |
savedObjectClient, | ||
packagePolicyClient, | ||
trustedAppByPolicy.id, | ||
toUpdateTrustedApp(trustedAppByPolicy as MaybeImmutable<TrustedApp>) | ||
toUpdateTrustedApp(trustedAppByPolicy as MaybeImmutable<TrustedApp>), | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. unrelated code? |
||
true | ||
) | ||
).rejects.toBeInstanceOf(TrustedAppPolicyNotExistsError); | ||
}); | ||
|
||
it('should throw when license under platinum and by policy', async () => { | ||
packagePolicyClient.getByIDs.mockReset(); | ||
packagePolicyClient.getByIDs.mockResolvedValueOnce(getPackagePoliciesResponse()); | ||
const trustedAppByPolicy = getTrustedAppByPolicy(); | ||
await expect( | ||
updateTrustedApp( | ||
exceptionsListClient, | ||
savedObjectClient, | ||
packagePolicyClient, | ||
trustedAppByPolicy.id, | ||
toUpdateTrustedApp(trustedAppByPolicy as MaybeImmutable<TrustedApp>), | ||
false | ||
) | ||
).rejects.toBeInstanceOf(TrustedAppPolicyPermissionsError); | ||
}); | ||
}); | ||
|
||
describe('getTrustedApp', () => { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion: extend
EndpointError
instead as the base class. When you do that, you should not need to set thetype
below, as the base class already takes care of it (but instead oftype
it usesname
)