[Cloud Security]Misconfiguration preview & Refactor CSP Plugin to include new package #190105
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # @kbn/cloud-security-posture-common | ||
|
|
||
| This package provides common code consumed in both the browser, i.e. the | ||
| `packages/cloud-security-posture` package and `plugins/cloud_security_posture` plugin, and on the server, i.e. the | ||
| `plugins/cloud_security_posture` plugin. | ||
|
|
||
| ## Maintainers | ||
|
|
||
| Maintained by the Cloud Security Posture Team | ||
|
There was a problem hiding this comment. nit: Cloud Risk Management team. Though the team name might change, so maybe worth just mentioning the overarching Cloud Security Team |
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
| export const KSPM_POLICY_TEMPLATE = 'kspm'; | ||
|
There was a problem hiding this comment. I see that these are copied over from the cloud_security_posture plugin. The idea of the common package is that we would use the code from this package everywhere. Ideally we shouldn't have any duplicated code after we are done with the creation of shared packages. If you are concerned with the PR size, we can do it in the follow up PR, but right away, without creating tech debt tickets |
||
| export const CSPM_POLICY_TEMPLATE = 'cspm'; | ||
| export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN = | ||
| 'logs-cloud_security_posture.findings_latest-default'; | ||
| export const CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN = | ||
| 'logs-*_latest_misconfigurations_cdr'; | ||
| export const CDR_MISCONFIGURATIONS_INDEX_PATTERN = `${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN},${CDR_LATEST_THIRD_PARTY_MISCONFIGURATIONS_INDEX_PATTERN}`; | ||
| export const LATEST_FINDINGS_RETENTION_POLICY = '26h'; | ||
| export const MAX_FINDINGS_TO_LOAD = 500; | ||
| export const CSP_GET_BENCHMARK_RULES_STATE_ROUTE_PATH = | ||
| '/internal/cloud_security_posture/rules/_get_states'; | ||
| export const CSP_GET_BENCHMARK_RULES_STATE_API_CURRENT_VERSION = '1'; | ||
| export const STATUS_ROUTE_PATH = '/internal/cloud_security_posture/status'; | ||
| export const STATUS_API_CURRENT_VERSION = '1'; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export * from './types'; | ||
| export * from './constants'; | ||
| export * from './schema/csp_finding'; | ||
| export type { CspBenchmarkRulesStates } from './types/latest'; | ||
| export { showErrorToast } from './utils/show_error_toast'; | ||
| export { buildMutedRulesFilter } from './utils/helpers'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
|
|
||
| { | ||
| "id": "@kbn/cloud-security-posture-common", | ||
| "owner": "@elastic/kibana-cloud-security-posture", | ||
| "type": "shared-common" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| { | ||
| "name": "@kbn/cloud-security-posture-common", | ||
| "private": true, | ||
| "version": "1.0.0", | ||
| "license": "Elastic License 2.0", | ||
| "description": "Shared components for cloud security posture, both client and server side" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| { | ||
| "extends": "../../../tsconfig.base.json", | ||
| "compilerOptions": { | ||
| "outDir": "target/types", | ||
| "types": [ | ||
| "jest", | ||
| "node", | ||
| ] | ||
| }, | ||
| "include": [ | ||
| "**/*.ts", | ||
| "**/*.tsx", | ||
| ], | ||
| "exclude": [ | ||
| "target/**/*" | ||
| ], | ||
| "kbn_references": [ | ||
| "@kbn/config-schema", | ||
| "@kbn/data-views-plugin", | ||
| "@kbn/core", | ||
| "@kbn/i18n", | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export type CspStatusCode = | ||
|
There was a problem hiding this comment. let's make sure there are no duplications left in our plugin, we should be using types from the common package There was a problem hiding this comment. so for this one specifically, there seems to be an issue with Telemetry where it doesn't seem to like it when I'm using this type from the package |
||
| | 'indexed' // latest findings index exists and has results | ||
| | 'indexing' // index timeout was not surpassed since installation, assumes data is being indexed | ||
| | 'unprivileged' // user lacks privileges for the latest findings index | ||
| | 'index-timeout' // index timeout was surpassed since installation | ||
| | 'not-deployed' // no healthy agents were deployed | ||
| | 'not-installed' // number of installed csp integrations is 0; | ||
| | 'waiting_for_results'; // have healthy agents but no findings at all, assumes data is being indexed for the 1st time | ||
|
|
||
| export type IndexStatus = | ||
| | 'not-empty' // Index contains documents | ||
| | 'empty' // Index doesn't contain documents (or doesn't exist) | ||
| | 'unprivileged'; // User doesn't have access to query the index | ||
|
|
||
| export interface IndexDetails { | ||
| index: string; | ||
| status: IndexStatus; | ||
| } | ||
|
|
||
| export interface BaseCspSetupBothPolicy { | ||
| status: CspStatusCode; | ||
| installedPackagePolicies: number; | ||
| healthyAgents: number; | ||
| } | ||
|
|
||
| export interface BaseCspSetupStatus { | ||
| indicesDetails: IndexDetails[]; | ||
| latestPackageVersion: string; | ||
| cspm: BaseCspSetupBothPolicy; | ||
| kspm: BaseCspSetupBothPolicy; | ||
| vuln_mgmt: BaseCspSetupBothPolicy; | ||
| isPluginInitialized: boolean; | ||
| installedPackageVersion?: string | undefined; | ||
| } | ||
|
|
||
| export type CspSetupStatus = BaseCspSetupStatus; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
| import { schema, TypeOf } from '@kbn/config-schema'; | ||
|
There was a problem hiding this comment. having the latest without the versioned types doesn't seem like the right approach. It shows I guess that we need to move the whole types with all the versions to the common package There was a problem hiding this comment. i mean in this case, I think we can just import + re-export the versioned types in the latest file in csp plugin There was a problem hiding this comment. For the first iteration it might work, but eventually I think the source of truth for the versioned schema should be the common package, as we are using types and schemas in both the plugin and in the package |
||
|
|
||
| export type CspBenchmarkRulesStates = TypeOf<typeof rulesStates>; | ||
| const ruleStateAttributes = schema.object({ | ||
| muted: schema.boolean(), | ||
| benchmark_id: schema.string(), | ||
| benchmark_version: schema.string(), | ||
| rule_number: schema.string(), | ||
| rule_id: schema.string(), | ||
| }); | ||
|
|
||
| const rulesStates = schema.recordOf(schema.string(), ruleStateAttributes); | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
| import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types'; | ||
| import { i18n } from '@kbn/i18n'; | ||
| import { CspBenchmarkRulesStates } from '../types/latest'; | ||
|
|
||
| export const extractErrorMessage = (e: unknown, defaultMessage = 'Unknown Error'): string => { | ||
| if (e instanceof Error) return e.message; | ||
| if (typeof e === 'string') return e; | ||
|
|
||
| return i18n.translate('xpack.csp.findings.errorMessage.default', { | ||
| defaultMessage, | ||
|
There was a problem hiding this comment. I'm not sure the dynamic default message will work. I don't know the i18n tooling in depth, but I guess it creates the translation files out of the default message and it can't be fully dynamic. I think it should be a constant string. As I can see it was copied from |
||
| }); | ||
| }; | ||
|
|
||
| export const buildMutedRulesFilter = ( | ||
| rulesStates: CspBenchmarkRulesStates | ||
| ): QueryDslQueryContainer[] => { | ||
| const mutedRules = Object.fromEntries( | ||
| Object.entries(rulesStates).filter(([key, value]) => value.muted === true) | ||
| ); | ||
|
|
||
| const mutedRulesFilterQuery = Object.keys(mutedRules).map((key) => { | ||
| const rule = mutedRules[key]; | ||
| return { | ||
| bool: { | ||
| must: [ | ||
| { term: { 'rule.benchmark.id': rule.benchmark_id } }, | ||
| { term: { 'rule.benchmark.version': rule.benchmark_version } }, | ||
| { term: { 'rule.benchmark.rule_number': rule.rule_number } }, | ||
| ], | ||
| }, | ||
| }; | ||
| }); | ||
|
|
||
| return mutedRulesFilterQuery; | ||
| }; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| # @kbn/cloud-security-posture | ||
|
|
||
| This package includes | ||
| - Hooks that's used on Flyout component that's used in Alerts page on Security Solution Plugins as well as components on CSP plugin | ||
| - Utilities and types thats used for the Hooks above as well as in CSP plugins | ||
|
|
||
| ## Maintainers | ||
|
|
||
| Maintained by the Cloud Security Posture Team | ||
|
There was a problem hiding this comment. same as for the common package let's update the team name |
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| /* | ||
| * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| * or more contributor license agreements. Licensed under the Elastic License | ||
| * 2.0; you may not use this file except in compliance with the Elastic License | ||
| * 2.0. | ||
| */ | ||
|
|
||
| export * from './type'; | ||
| export { useMisconfigurationPreview } from './src/hooks/use_misconfiguration_preview'; | ||
| export { useGetCspBenchmarkRulesStatesApi } from './src/hooks/use_get_benchmark_rules_state_api'; | ||
| export { useCspSetupStatusApi } from './src/hooks/use_csp_setup_status_api'; | ||
| export { | ||
| getAggregationCount, | ||
| getFindingsCountAggQuery, | ||
| isIndexWithDocsAvailable, | ||
| } from './src/utils/utils'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| { | ||
| "id": "@kbn/cloud-security-posture", | ||
| "owner": "@elastic/kibana-cloud-security-posture", | ||
| "type": "shared-browser" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| { | ||
| "name": "@kbn/cloud-security-posture", | ||
| "private": true, | ||
| "version": "1.0.0", | ||
| "license": "Elastic License 2.0", | ||
| "description": "Shared components for cloud security posture, client side" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,16 +6,18 @@ | |
| */ | ||
|
|
||
| import { useQuery, type UseQueryOptions } from '@tanstack/react-query'; | ||
| import { useKibana } from '@kbn/kibana-react-plugin/public'; | ||
|
There was a problem hiding this comment. does it make sense to move our typed There was a problem hiding this comment. Originally I did that but there seems to be an issue when I moved our useKibana to the package (things starts to fail) and separate from that issue I also had a discussion with @opauloh where we think that it might be better to have 2 different useKibana due to plugin dependencies There was a problem hiding this comment. let's see if we can bring it back as a part of a smaller PR separately so it's easier to reason about. If not, using the hook directly from |
||
| import type { CoreStart } from '@kbn/core/public'; | ||
| import { STATUS_API_CURRENT_VERSION, STATUS_ROUTE_PATH } from '@kbn/cloud-security-posture-common'; | ||
| import type { CspSetupStatus } from '@kbn/cloud-security-posture-common'; | ||
| import type { CspClientPluginStartDeps } from '../../type'; | ||
|
|
||
| const getCspSetupStatusQueryKey = 'csp_status_key'; | ||
|
|
||
| export const useCspSetupStatusApi = ( | ||
| options?: UseQueryOptions<CspSetupStatus, unknown, CspSetupStatus> | ||
| ) => { | ||
| const { http } = useKibana<CoreStart & CspClientPluginStartDeps>().services; | ||
| return useQuery<CspSetupStatus, unknown, CspSetupStatus>( | ||
| [getCspSetupStatusQueryKey], | ||
| () => http.get<CspSetupStatus>(STATUS_ROUTE_PATH, { version: STATUS_API_CURRENT_VERSION }), | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
packages/kbn-cloud-security-posture