elastic · paul-tavares · Aug 19, 2020 · Aug 12, 2020 · Aug 12, 2020 · Aug 12, 2020
diff --git a/x-pack/plugins/lists/common/constants.ts b/x-pack/plugins/lists/common/constants.ts
@@ -50,3 +50,12 @@ export const ENDPOINT_LIST_NAME = 'Elastic Endpoint Security Exception List';
 export const ENDPOINT_LIST_DESCRIPTION = 'Elastic Endpoint Security Exception List';
 
 export const MAX_EXCEPTION_LIST_SIZE = 10000;
+
+/** ID of trusted apps agnostic list */
+export const ENDPOINT_TRUSTED_APPS_LIST_ID = 'endpoint_trusted_apps';
+
+/** Name of trusted apps agnostic list */
+export const ENDPOINT_TRUSTED_APPS_LIST_NAME = 'Elastic Endpoint Security Trusted Apps List';
+
+/** Description of trusted apps agnostic list */
+export const ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION = 'Elastic Endpoint Security Trusted Apps List';
diff --git a/x-pack/plugins/lists/server/services/exception_lists/create_endpoint_trusted_apps_list.ts b/x-pack/plugins/lists/server/services/exception_lists/create_endpoint_trusted_apps_list.ts
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { SavedObjectsClientContract } from 'kibana/server';
+import uuid from 'uuid';
+
+import {
+  ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION,
+  ENDPOINT_TRUSTED_APPS_LIST_ID,
+  ENDPOINT_TRUSTED_APPS_LIST_NAME,
+} from '../../../common/constants';
+import { ExceptionListSchema, ExceptionListSoSchema, Version } from '../../../common/schemas';
+
+import { getSavedObjectType, transformSavedObjectToExceptionList } from './utils';
+
+interface CreateEndpointListOptions {
+  savedObjectsClient: SavedObjectsClientContract;
+  user: string;
+  tieBreaker?: string;
+  version: Version;
+}
+
+/**
+ * Creates the Endpoint Trusted Apps agnostic list if it does not yet exist
+ *
+ * @param savedObjectsClient
+ * @param user
+ * @param tieBreaker
+ * @param version
+ */
+export const createEndpointTrustedAppsList = async ({
+  savedObjectsClient,
+  user,
+  tieBreaker,
+  version,
+}: CreateEndpointListOptions): Promise<ExceptionListSchema | null> => {
+  const savedObjectType = getSavedObjectType({ namespaceType: 'agnostic' });
+  const dateNow = new Date().toISOString();
+  try {
+    const savedObject = await savedObjectsClient.create<ExceptionListSoSchema>(
+      savedObjectType,
+      {
+        _tags: [],
+        comments: undefined,
+        created_at: dateNow,
+        created_by: user,
+        description: ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION,
+        entries: undefined,
+        immutable: false,
+        item_id: undefined,
+        list_id: ENDPOINT_TRUSTED_APPS_LIST_ID,
+        list_type: 'list',
+        meta: undefined,
+        name: ENDPOINT_TRUSTED_APPS_LIST_NAME,
+        tags: [],
+        tie_breaker_id: tieBreaker ?? uuid.v4(),
+        type: 'endpoint',
+        updated_by: user,
+        version,
+      },
+      {
+        // We intentionally hard coding the id so that there can only be one Trusted apps list within the space
+        id: ENDPOINT_TRUSTED_APPS_LIST_ID,
+      }
+    );
+    return transformSavedObjectToExceptionList({ savedObject });
+  } catch (err) {
+    if (savedObjectsClient.errors.isConflictError(err)) {
+      return null;
+    } else {
+      throw err;
+    }
+  }
+};
diff --git a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.ts b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.ts
@@ -46,10 +46,13 @@ import { findExceptionListItem } from './find_exception_list_item';
 import { findExceptionList } from './find_exception_list';
 import { findExceptionListsItem } from './find_exception_list_items';
 import { createEndpointList } from './create_endpoint_list';
+import { createEndpointTrustedAppsList } from './create_endpoint_trusted_apps_list';
 
 export class ExceptionListClient {
   private readonly user: string;
 
+  private trustedAppsListCreated: boolean = false;
+
   private readonly savedObjectsClient: SavedObjectsClientContract;
 
   constructor({ user, savedObjectsClient }: ConstructorOptions) {
@@ -90,6 +93,24 @@ export class ExceptionListClient {
     });
   };
 
+  /**
+   * Create the Trusted Apps Agnostic list if it does not yet exist (`null` is returned if it does exist)
+   */
+  public createTrustedAppsList = async (): Promise<ExceptionListSchema | null> => {
+    if (this.trustedAppsListCreated) {
+      return null;
+    }
+    const { savedObjectsClient, user } = this;
+    return createEndpointTrustedAppsList({
+      savedObjectsClient,
+      user,
+      version: 1,
+    }).then((response) => {
+      this.trustedAppsListCreated = true;
+      return response;
+    });
+  };
+
   /**
    * This is the same as "createListItem" except it applies specifically to the agnostic endpoint list and will
    * auto-call the "createEndpointList" for you so that you have the best chance of the agnostic endpoint

diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
@@ -289,6 +289,12 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
         logger: this.logger,
         cache: this.exceptionsCache,
       });
+
+      // initialize the global agnostic Trusted Apps list
+      exceptionListClient.createTrustedAppsList().catch((error) => {
+        this.logger.error('Failed to create Trusted Apps list via list plugin');
+        this.logger.error(error);
+      });
     }
 
     this.endpointAppContextService.start({