Skip to content

Commit

Permalink
[Cloud Security] Misconfiguration preview & Refactor CSP Plugin to in…
Browse files Browse the repository at this point in the history
…clude new package PHASE 3 (#191317)

The previous #190105 was way too
big and made it hard to review without missing any bugs or potential
bugs, Thus we decided we are going to make series of smaller PR to make
things more manageable

We will be splitting it into 4 PR
Phase 1: Creating empty packages for csp and csp-common
Phase 2: Move Types from CSP plugin to the Package + Deleting duplicates
in the CSP plugin where possible
Phase 3: Move Functions, Utils or Helpers, Hooks to Package
Phase 4: Misconfiguration Preview feature (with Cypress test and other
required test)

This is **Phase 3** of the Process,
This also includes moving rule versions type

This PR is the continuation of this PR
#190933

NOTE:
Merge phase 2 first before this

---------

Co-authored-by: kibanamachine <[email protected]>
  • Loading branch information
animehart and kibanamachine authored Aug 28, 2024
1 parent 6bb38c8 commit a78c69b
Show file tree
Hide file tree
Showing 89 changed files with 471 additions and 270 deletions.
7 changes: 4 additions & 3 deletions x-pack/packages/kbn-cloud-security-posture-common/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ export type {
BaseCspSetupBothPolicy,
BaseCspSetupStatus,
CspSetupStatus,
CspFinding,
} from './types';
} from './types/status';
export type { CspFinding } from './types/findings';
export type { BenchmarksCisId } from './types/benchmark';
export * from './constants';
export type { CspBenchmarkRuleMetadata, CspBenchmarkRulesStates } from './schema/rules';
export { extractErrorMessage, buildMutedRulesFilter } from './utils/helpers';
12 changes: 12 additions & 0 deletions x-pack/packages/kbn-cloud-security-posture-common/jest.config.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

module.exports = {
preset: '@kbn/test',
rootDir: '../../..',
roots: ['<rootDir>/x-pack/packages/kbn-cloud-security-posture-common'],
};
48 changes: 0 additions & 48 deletions x-pack/packages/kbn-cloud-security-posture-common/schema/rules.ts

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export * as rulesV1 from './v1';
export * as rulesV2 from './v2';
export * as rulesV3 from './v3';
export * as rulesV4 from './v4';
export * as rulesV5 from './v5';
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@
* 2.0.
*/

export { ruleStateAttributes, cspBenchmarkRuleMetadataSchema, rulesStates } from './rules';
export * from './v5';
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,44 @@
*/

import { schema, TypeOf } from '@kbn/config-schema';

import { cspBenchmarkRuleMetadataSchema } from '@kbn/cloud-security-posture-common/schema';
import { CSPM_POLICY_TEMPLATE, KSPM_POLICY_TEMPLATE } from '../../constants';

export const DEFAULT_BENCHMARK_RULES_PER_PAGE = 25;

// Since version 8.7.0

export type FindCspBenchmarkRuleRequest = TypeOf<typeof findCspBenchmarkRuleRequestSchema>;

export type CspBenchmarkRuleMetadata = TypeOf<typeof cspBenchmarkRuleMetadataSchema>;

export type CspBenchmarkRule = TypeOf<typeof cspBenchmarkRuleSchema>;

export const cspBenchmarkRuleMetadataSchema = schema.object({
audit: schema.string(),
benchmark: schema.object({
name: schema.string(),
posture_type: schema.maybe(
schema.oneOf([schema.literal(CSPM_POLICY_TEMPLATE), schema.literal(KSPM_POLICY_TEMPLATE)])
),
id: schema.string(),
version: schema.string(),
rule_number: schema.maybe(schema.string()),
}),
default_value: schema.maybe(schema.string()),
description: schema.string(),
id: schema.string(),
impact: schema.maybe(schema.string()),
name: schema.string(),
profile_applicability: schema.string(),
rationale: schema.string(),
references: schema.maybe(schema.string()),
rego_rule_id: schema.string(),
remediation: schema.string(),
section: schema.string(),
tags: schema.arrayOf(schema.string()),
version: schema.string(),
});

export const cspBenchmarkRuleSchema = schema.object({
metadata: cspBenchmarkRuleMetadataSchema,
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,15 @@
*/

import { schema, TypeOf } from '@kbn/config-schema';
import type { CspBenchmarkRulesStates } from '@kbn/cloud-security-posture-common';
import { ruleStateAttributes, rulesStates } from '@kbn/cloud-security-posture-common/schema';
import { BenchmarksCisId } from '../latest';
import { BenchmarksCisId } from '../../types/benchmark';
import { DEFAULT_BENCHMARK_RULES_PER_PAGE } from './v3';
export type { cspBenchmarkRuleSchema, CspBenchmarkRule, FindCspBenchmarkRuleResponse } from './v3';
export type {
cspBenchmarkRuleMetadataSchema,
CspBenchmarkRuleMetadata,
cspBenchmarkRuleSchema,
CspBenchmarkRule,
FindCspBenchmarkRuleResponse,
} from './v3';

export type FindCspBenchmarkRuleRequest = TypeOf<typeof findCspBenchmarkRuleRequestSchema>;

Expand All @@ -22,6 +26,8 @@ export type CspBenchmarkRulesBulkActionRequestSchema = TypeOf<

export type RuleStateAttributes = TypeOf<typeof ruleStateAttributes>;

export type CspBenchmarkRulesStates = TypeOf<typeof rulesStates>;

export type CspSettings = TypeOf<typeof cspSettingsSchema>;

export const findCspBenchmarkRuleRequestSchema = schema.object({
Expand Down Expand Up @@ -137,6 +143,16 @@ export interface CspBenchmarkRulesBulkActionResponse {
message: string;
}

const ruleStateAttributes = schema.object({
muted: schema.boolean(),
benchmark_id: schema.string(),
benchmark_version: schema.string(),
rule_number: schema.string(),
rule_id: schema.string(),
});

const rulesStates = schema.recordOf(schema.string(), ruleStateAttributes);

export const cspSettingsSchema = schema.object({
rules: rulesStates,
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,20 @@
import { schema, TypeOf } from '@kbn/config-schema';
import { DEFAULT_BENCHMARK_RULES_PER_PAGE } from './v3';

export type { cspBenchmarkRuleSchema, CspBenchmarkRule, FindCspBenchmarkRuleResponse } from './v3';
export type {
cspBenchmarkRuleMetadataSchema,
CspBenchmarkRuleMetadata,
cspBenchmarkRuleSchema,
CspBenchmarkRule,
FindCspBenchmarkRuleResponse,
} from './v3';
export type {
PageUrlParams,
rulesToUpdate,
CspBenchmarkRulesBulkActionRequestSchema,
CspBenchmarkRulesBulkActionResponse,
RuleStateAttributes,
CspBenchmarkRulesStates,
cspSettingsSchema,
CspSettings,
BulkActionBenchmarkRulesResponse,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,7 @@
],
"kbn_references": [
"@kbn/config-schema",
"@kbn/data-views-plugin",
"@kbn/i18n",
]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export type BenchmarksCisId = 'cis_k8s' | 'cis_azure' | 'cis_aws' | 'cis_eks' | 'cis_gcp';
Original file line number Diff line number Diff line change
Expand Up @@ -4,46 +4,15 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { EcsDataStream, EcsEvent } from '@elastic/ecs';
import type { CspBenchmarkRuleMetadata } from './schema/rules';

export type CspStatusCode =
| 'indexed' // latest findings index exists and has results
| 'indexing' // index timeout was not surpassed since installation, assumes data is being indexed
| 'unprivileged' // user lacks privileges for the latest findings index
| 'index-timeout' // index timeout was surpassed since installation
| 'not-deployed' // no healthy agents were deployed
| 'not-installed' // number of installed csp integrations is 0;
| 'waiting_for_results'; // have healthy agents but no findings at all, assumes data is being indexed for the 1st time

export type IndexStatus =
| 'not-empty' // Index contains documents
| 'empty' // Index doesn't contain documents (or doesn't exist)
| 'unprivileged'; // User doesn't have access to query the index

export interface IndexDetails {
index: string;
status: IndexStatus;
}

export interface BaseCspSetupBothPolicy {
status: CspStatusCode;
installedPackagePolicies: number;
healthyAgents: number;
}

export interface BaseCspSetupStatus {
indicesDetails: IndexDetails[];
latestPackageVersion: string;
cspm: BaseCspSetupBothPolicy;
kspm: BaseCspSetupBothPolicy;
vuln_mgmt: BaseCspSetupBothPolicy;
isPluginInitialized: boolean;
installedPackageVersion?: string | undefined;
hasMisconfigurationsFindings?: boolean;
}

export type CspSetupStatus = BaseCspSetupStatus;
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { EcsDataStream, EcsEvent } from '@elastic/ecs';
import type { CspBenchmarkRuleMetadata } from '../schema/rules/latest';

export interface CspFinding {
'@timestamp': string;
Expand Down
51 changes: 51 additions & 0 deletions x-pack/packages/kbn-cloud-security-posture-common/types/status.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export type CspStatusCode =
| 'indexed' // latest findings index exists and has results
| 'indexing' // index timeout was not surpassed since installation, assumes data is being indexed
| 'unprivileged' // user lacks privileges for the latest findings index
| 'index-timeout' // index timeout was surpassed since installation
| 'not-deployed' // no healthy agents were deployed
| 'not-installed' // number of installed csp integrations is 0;
| 'waiting_for_results'; // have healthy agents but no findings at all, assumes data is being indexed for the 1st time

export type IndexStatus =
| 'not-empty' // Index contains documents
| 'empty' // Index doesn't contain documents (or doesn't exist)
| 'unprivileged'; // User doesn't have access to query the index

export interface IndexDetails {
index: string;
status: IndexStatus;
}

export interface BaseCspSetupBothPolicy {
status: CspStatusCode;
installedPackagePolicies: number;
healthyAgents: number;
}

export interface BaseCspSetupStatus {
indicesDetails: IndexDetails[];
latestPackageVersion: string;
cspm: BaseCspSetupBothPolicy;
kspm: BaseCspSetupBothPolicy;
vuln_mgmt: BaseCspSetupBothPolicy;
isPluginInitialized: boolean;
installedPackageVersion?: string | undefined;
hasMisconfigurationsFindings?: boolean;
}

export type CspSetupStatus = BaseCspSetupStatus;
Loading

0 comments on commit a78c69b

Please sign in to comment.