From 4405f94cad29adf5adf2424e69cbc030e11883f7 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Mon, 16 Sep 2024 18:47:45 -0400 Subject: [PATCH] [Fleet] Add new space aware saved object type to Fleet saved object permissions (#193025) --- x-pack/plugins/fleet/server/plugin.ts | 11 ++- .../apis/space_awareness/agent_policies.ts | 9 ++- .../apis/space_awareness/api_helper.ts | 4 ++ .../platform_security/authorization.ts | 68 +++++++++++++++++++ 4 files changed, 87 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts index 3967c3b6abc7c..21c3f1bf97f12 100644 --- a/x-pack/plugins/fleet/server/plugin.ts +++ b/x-pack/plugins/fleet/server/plugin.ts @@ -66,7 +66,12 @@ import { } from '../common'; import type { ExperimentalFeatures } from '../common/experimental_features'; import { parseExperimentalConfigValue } from '../common/experimental_features'; - +import { + LEGACY_PACKAGE_POLICY_SAVED_OBJECT_TYPE, + PACKAGE_POLICY_SAVED_OBJECT_TYPE, + AGENT_POLICY_SAVED_OBJECT_TYPE, + LEGACY_AGENT_POLICY_SAVED_OBJECT_TYPE, +} from '../common/constants'; import { getFilesClientFactory } from './services/files/get_files_client_factory'; import type { MessageSigningServiceInterface } from './services/security'; @@ -79,12 +84,10 @@ import { } from './services/security'; import { - LEGACY_AGENT_POLICY_SAVED_OBJECT_TYPE, ASSETS_SAVED_OBJECT_TYPE, DOWNLOAD_SOURCE_SAVED_OBJECT_TYPE, FLEET_SERVER_HOST_SAVED_OBJECT_TYPE, OUTPUT_SAVED_OBJECT_TYPE, - PACKAGE_POLICY_SAVED_OBJECT_TYPE, PACKAGES_SAVED_OBJECT_TYPE, PLUGIN_ID, PRECONFIGURATION_DELETION_RECORD_SAVED_OBJECT_TYPE, @@ -191,6 +194,8 @@ export type FleetSetupContract = void; const allSavedObjectTypes = [ OUTPUT_SAVED_OBJECT_TYPE, LEGACY_AGENT_POLICY_SAVED_OBJECT_TYPE, + AGENT_POLICY_SAVED_OBJECT_TYPE, + LEGACY_PACKAGE_POLICY_SAVED_OBJECT_TYPE, PACKAGE_POLICY_SAVED_OBJECT_TYPE, PACKAGES_SAVED_OBJECT_TYPE, ASSETS_SAVED_OBJECT_TYPE, diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/agent_policies.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/agent_policies.ts index 40e163dfabf47..037ba332cfefb 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/agent_policies.ts +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/agent_policies.ts @@ -11,10 +11,11 @@ import { FtrProviderContext } from '../../../api_integration/ftr_provider_contex import { skipIfNoDockerRegistry } from '../../helpers'; import { SpaceTestApiClient } from './api_helper'; import { cleanFleetIndices, expectToRejectWithNotFound } from './helpers'; +import { setupTestUsers, testUsers } from '../test_users'; export default function (providerContext: FtrProviderContext) { const { getService } = providerContext; - const supertest = getService('supertest'); + const supertestWithoutAuth = getService('supertestWithoutAuth'); const esClient = getService('es'); const kibanaServer = getService('kibanaServer'); const spaces = getService('spaces'); @@ -22,13 +23,17 @@ export default function (providerContext: FtrProviderContext) { describe('agent policies', function () { skipIfNoDockerRegistry(providerContext); - const apiClient = new SpaceTestApiClient(supertest); + const apiClient = new SpaceTestApiClient(supertestWithoutAuth, { + username: testUsers.fleet_all_int_all.username, + password: testUsers.fleet_all_int_all.password, + }); let defaultSpacePolicy1: CreateAgentPolicyResponse; let spaceTest1Policy1: CreateAgentPolicyResponse; let spaceTest1Policy2: CreateAgentPolicyResponse; before(async () => { + await setupTestUsers(getService('security')); TEST_SPACE_1 = spaces.getDefaultTestSpace(); await kibanaServer.savedObjects.cleanStandardList(); await kibanaServer.savedObjects.cleanStandardList({ diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts index 9009e2b81a73b..1de90ae3dcfaa 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts @@ -133,6 +133,7 @@ export class SpaceTestApiClient { async deleteAgentPolicy(agentPolicyId: string, spaceId?: string) { await this.supertest .post(`${this.getBaseUrl(spaceId)}/api/fleet/agent_policies/delete`) + .auth(this.auth.username, this.auth.password) .send({ agentPolicyId, }) @@ -142,6 +143,7 @@ export class SpaceTestApiClient { async getAgentPolicy(policyId: string, spaceId?: string): Promise { const { body: res } = await this.supertest .get(`${this.getBaseUrl(spaceId)}/api/fleet/agent_policies/${policyId}`) + .auth(this.auth.username, this.auth.password) .expect(200); return res; @@ -172,6 +174,7 @@ export class SpaceTestApiClient { async getAgentPolicies(spaceId?: string): Promise { const { body: res } = await this.supertest .get(`${this.getBaseUrl(spaceId)}/api/fleet/agent_policies`) + .auth(this.auth.username, this.auth.password) .expect(200); return res; @@ -482,6 +485,7 @@ export class SpaceTestApiClient { async postEnableSpaceAwareness(spaceId?: string): Promise { const { body: res } = await this.supertest .post(`${this.getBaseUrl(spaceId)}/internal/fleet/enable_space_awareness`) + .auth(this.auth.username, this.auth.password) .set('kbn-xsrf', 'xxxx') .set('elastic-api-version', '1'); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts index 329b9be0de561..2e41125e8265b 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts @@ -3666,6 +3666,18 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:ingest-agent-policies/delete", "saved_object:ingest-agent-policies/bulk_delete", "saved_object:ingest-agent-policies/share_to_space", + "saved_object:fleet-agent-policies/bulk_get", + "saved_object:fleet-agent-policies/get", + "saved_object:fleet-agent-policies/find", + "saved_object:fleet-agent-policies/open_point_in_time", + "saved_object:fleet-agent-policies/close_point_in_time", + "saved_object:fleet-agent-policies/create", + "saved_object:fleet-agent-policies/bulk_create", + "saved_object:fleet-agent-policies/update", + "saved_object:fleet-agent-policies/bulk_update", + "saved_object:fleet-agent-policies/delete", + "saved_object:fleet-agent-policies/bulk_delete", + "saved_object:fleet-agent-policies/share_to_space", "saved_object:ingest-package-policies/bulk_get", "saved_object:ingest-package-policies/get", "saved_object:ingest-package-policies/find", @@ -3678,6 +3690,18 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:ingest-package-policies/delete", "saved_object:ingest-package-policies/bulk_delete", "saved_object:ingest-package-policies/share_to_space", + "saved_object:fleet-package-policies/bulk_get", + "saved_object:fleet-package-policies/get", + "saved_object:fleet-package-policies/find", + "saved_object:fleet-package-policies/open_point_in_time", + "saved_object:fleet-package-policies/close_point_in_time", + "saved_object:fleet-package-policies/create", + "saved_object:fleet-package-policies/bulk_create", + "saved_object:fleet-package-policies/update", + "saved_object:fleet-package-policies/bulk_update", + "saved_object:fleet-package-policies/delete", + "saved_object:fleet-package-policies/bulk_delete", + "saved_object:fleet-package-policies/share_to_space", "saved_object:epm-packages/bulk_get", "saved_object:epm-packages/get", "saved_object:epm-packages/find", @@ -3993,6 +4017,18 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:ingest-agent-policies/delete", "saved_object:ingest-agent-policies/bulk_delete", "saved_object:ingest-agent-policies/share_to_space", + "saved_object:fleet-agent-policies/bulk_get", + "saved_object:fleet-agent-policies/get", + "saved_object:fleet-agent-policies/find", + "saved_object:fleet-agent-policies/open_point_in_time", + "saved_object:fleet-agent-policies/close_point_in_time", + "saved_object:fleet-agent-policies/create", + "saved_object:fleet-agent-policies/bulk_create", + "saved_object:fleet-agent-policies/update", + "saved_object:fleet-agent-policies/bulk_update", + "saved_object:fleet-agent-policies/delete", + "saved_object:fleet-agent-policies/bulk_delete", + "saved_object:fleet-agent-policies/share_to_space", "saved_object:ingest-package-policies/bulk_get", "saved_object:ingest-package-policies/get", "saved_object:ingest-package-policies/find", @@ -4005,6 +4041,18 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:ingest-package-policies/delete", "saved_object:ingest-package-policies/bulk_delete", "saved_object:ingest-package-policies/share_to_space", + "saved_object:fleet-package-policies/bulk_get", + "saved_object:fleet-package-policies/get", + "saved_object:fleet-package-policies/find", + "saved_object:fleet-package-policies/open_point_in_time", + "saved_object:fleet-package-policies/close_point_in_time", + "saved_object:fleet-package-policies/create", + "saved_object:fleet-package-policies/bulk_create", + "saved_object:fleet-package-policies/update", + "saved_object:fleet-package-policies/bulk_update", + "saved_object:fleet-package-policies/delete", + "saved_object:fleet-package-policies/bulk_delete", + "saved_object:fleet-package-policies/share_to_space", "saved_object:epm-packages/bulk_get", "saved_object:epm-packages/get", "saved_object:epm-packages/find", @@ -4305,11 +4353,21 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:ingest-agent-policies/find", "saved_object:ingest-agent-policies/open_point_in_time", "saved_object:ingest-agent-policies/close_point_in_time", + "saved_object:fleet-agent-policies/bulk_get", + "saved_object:fleet-agent-policies/get", + "saved_object:fleet-agent-policies/find", + "saved_object:fleet-agent-policies/open_point_in_time", + "saved_object:fleet-agent-policies/close_point_in_time", "saved_object:ingest-package-policies/bulk_get", "saved_object:ingest-package-policies/get", "saved_object:ingest-package-policies/find", "saved_object:ingest-package-policies/open_point_in_time", "saved_object:ingest-package-policies/close_point_in_time", + "saved_object:fleet-package-policies/bulk_get", + "saved_object:fleet-package-policies/get", + "saved_object:fleet-package-policies/find", + "saved_object:fleet-package-policies/open_point_in_time", + "saved_object:fleet-package-policies/close_point_in_time", "saved_object:epm-packages/bulk_get", "saved_object:epm-packages/get", "saved_object:epm-packages/find", @@ -4457,11 +4515,21 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:ingest-agent-policies/find", "saved_object:ingest-agent-policies/open_point_in_time", "saved_object:ingest-agent-policies/close_point_in_time", + "saved_object:fleet-agent-policies/bulk_get", + "saved_object:fleet-agent-policies/get", + "saved_object:fleet-agent-policies/find", + "saved_object:fleet-agent-policies/open_point_in_time", + "saved_object:fleet-agent-policies/close_point_in_time", "saved_object:ingest-package-policies/bulk_get", "saved_object:ingest-package-policies/get", "saved_object:ingest-package-policies/find", "saved_object:ingest-package-policies/open_point_in_time", "saved_object:ingest-package-policies/close_point_in_time", + "saved_object:fleet-package-policies/bulk_get", + "saved_object:fleet-package-policies/get", + "saved_object:fleet-package-policies/find", + "saved_object:fleet-package-policies/open_point_in_time", + "saved_object:fleet-package-policies/close_point_in_time", "saved_object:epm-packages/bulk_get", "saved_object:epm-packages/get", "saved_object:epm-packages/find",