[Cloud Security] Versioning CSP rules type and api

x-pack/plugins/cloud_security_posture/common/constants.ts

@@ -10,7 +10,7 @@ import {
   VulnSeverity,
   AwsCredentialsTypeFieldMap,
   GcpCredentialsTypeFieldMap,
-} from './types';
+} from './types_old';
 
 export const STATUS_ROUTE_PATH = '/internal/cloud_security_posture/status';
 export const STATUS_API_CURRENT_VERSION = '1';
@@ -23,8 +23,8 @@ export const VULNERABILITIES_DASHBOARD_ROUTE_PATH =
 export const BENCHMARKS_ROUTE_PATH = '/internal/cloud_security_posture/benchmarks';
 export const BENCHMARKS_API_CURRENT_VERSION = '1';
 
-export const FIND_CSP_RULE_TEMPLATE_ROUTE_PATH = '/internal/cloud_security_posture/rules/_find';
-export const FIND_CSP_RULE_TEMPLATE_API_CURRENT_VERSION = '1';
+export const FIND_CSP_BENCHMARK_RULE_ROUTE_PATH = '/internal/cloud_security_posture/rules/_find';
+export const FIND_CSP_BENCHMARK_RULE_API_CURRENT_VERSION = '1';
 
 export const DETECTION_RULE_ALERTS_STATUS_API_CURRENT_VERSION = '1';
 export const DETECTION_RULE_RULES_API_CURRENT_VERSION = '2023-10-31';
@@ -85,7 +85,7 @@ export const INTERNAL_FEATURE_FLAGS = {
   showFindingFlyoutEvidence: true,
 } as const;
 
-export const CSP_RULE_TEMPLATE_SAVED_OBJECT_TYPE = 'csp-rule-template';
+export const CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE = 'csp-rule-template';
 
 export const CLOUDBEAT_VANILLA = 'cloudbeat/cis_k8s';
 export const CLOUDBEAT_EKS = 'cloudbeat/cis_eks';

x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts

@@ -7,7 +7,7 @@
 
 // TODO: this needs to be defined in a versioned schema
 import type { EcsEvent } from '@kbn/ecs';
-import type { CspRuleTemplateMetadata } from './csp_rule_template_metadata';
+import { CspBenchmarkRuleMetadata } from '../types/latest';
 
 export interface CspFinding {
   '@timestamp': string;
@@ -16,7 +16,7 @@ export interface CspFinding {
   cloud?: CspFindingCloud; // only available on CSPM findings
   result: CspFindingResult;
   resource: CspFindingResource;
-  rule: CspRuleTemplateMetadata;
+  rule: CspBenchmarkRuleMetadata;
   host: CspFindingHost;
   event: EcsEvent;
   agent: CspFindingAgent;

x-pack/plugins/cloud_security_posture/common/schemas/csp_vulnerability_finding.ts

@@ -7,7 +7,7 @@
 
 // TODO: this needs to be defined in a versioned schema
 import type { EcsEvent } from '@kbn/ecs';
-import { VulnSeverity } from '../types';
+import { VulnSeverity } from '../types_old';
 
 export interface CspVulnerabilityFinding {
   '@timestamp': string;

x-pack/plugins/cloud_security_posture/common/schemas/index.ts

@@ -4,7 +4,4 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-
-export * from './csp_rule_template_metadata';
-export * from './csp_rule_template';
 export * from './csp_vulnerability_finding';

x-pack/plugins/cloud_security_posture/common/types/index.ts

@@ -0,0 +1,19 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * as rulesV1 from './rules/v1';
+export * as rulesV2 from './rules/v2';
+export * as rulesV3 from './rules/v3';
+
+// Explicit export of everything from latest
+export type {
+  cspBenchmarkRuleMetadataSchema,
+  CspBenchmarkRuleMetadata,
+  CspBenchmarkRule,
+  FindCspBenchmarkRuleRequest,
+  FindCspBenchmarkRuleResponse,
+} from './latest';

x-pack/plugins/cloud_security_posture/common/types/latest.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './rules/v3';

x-pack/plugins/cloud_security_posture/common/types/rules/v1.ts

@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { schema, TypeOf } from '@kbn/config-schema';
+
+// Since version 8.3.0
+export const cspBenchmarkRuleSchema = schema.object({
+  audit: schema.string(),
+  benchmark: schema.object({ name: schema.string(), version: schema.string() }),
+  default_value: schema.maybe(schema.string()),
+  description: schema.string(),
+  enabled: schema.boolean(),
+  id: schema.string(),
+  impact: schema.maybe(schema.string()),
+  muted: schema.boolean(),
+  name: schema.string(),
+  profile_applicability: schema.string(),
+  rationale: schema.string(),
+  references: schema.maybe(schema.string()),
+  rego_rule_id: schema.string(),
+  remediation: schema.string(),
+  section: schema.string(),
+  tags: schema.arrayOf(schema.string()),
+  version: schema.string(),
+});
+
+export type CspBenchmarkRule = TypeOf<typeof cspBenchmarkRuleSchema>;

x-pack/plugins/cloud_security_posture/common/types/rules/v2.ts

@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { schema, TypeOf } from '@kbn/config-schema';
+
+// Since version 8.4.0
+export const cspBenchmarkRuleMetadataSchema = schema.object({
+  audit: schema.string(),
+  benchmark: schema.object({
+    name: schema.string(),
+    id: schema.string(),
+    version: schema.string(),
+  }),
+  default_value: schema.maybe(schema.string()),
+  description: schema.string(),
+  id: schema.string(),
+  impact: schema.maybe(schema.string()),
+  name: schema.string(),
+  profile_applicability: schema.string(),
+  rationale: schema.string(),
+  references: schema.maybe(schema.string()),
+  rego_rule_id: schema.string(),
+  remediation: schema.string(),
+  section: schema.string(),
+  tags: schema.arrayOf(schema.string()),
+  version: schema.string(),
+});
+
+export const cspBenchmarkRuleSchema = schema.object({
+  enabled: schema.boolean(),
+  metadata: cspBenchmarkRuleMetadataSchema,
+  muted: schema.boolean(),
+});
+
+export type CspBenchmarkRule = TypeOf<typeof cspBenchmarkRuleSchema>;

x-pack/plugins/cloud_security_posture/common/schemas/csp_rule_template_api/get_csp_rule_template.ts → x-pack/plugins/cloud_security_posture/common/types/rules/v3.ts

@@ -5,13 +5,48 @@
  * 2.0.
  */
 
-import { schema } from '@kbn/config-schema';
+import { schema, TypeOf } from '@kbn/config-schema';
 
-// this pages follows versioning interface strategy https://docs.elastic.dev/kibana-dev-docs/versioning-interfaces
+import { CSPM_POLICY_TEMPLATE, KSPM_POLICY_TEMPLATE } from '../../constants';
 
-const DEFAULT_RULES_TEMPLATE_PER_PAGE = 25;
+const DEFAULT_BENCHMARK_RULES_PER_PAGE = 25;
 
-export const findCspRuleTemplateRequest = schema.object({
+// Since version 8.7.0
+export const cspBenchmarkRuleMetadataSchema = schema.object({
+  audit: schema.string(),
+  benchmark: schema.object({
+    name: schema.string(),
+    posture_type: schema.maybe(
+      schema.oneOf([schema.literal(CSPM_POLICY_TEMPLATE), schema.literal(KSPM_POLICY_TEMPLATE)])
+    ),
+    id: schema.string(),
+    version: schema.string(),
+    rule_number: schema.maybe(schema.string()),
+  }),
+  default_value: schema.maybe(schema.string()),
+  description: schema.string(),
+  id: schema.string(),
+  impact: schema.maybe(schema.string()),
+  name: schema.string(),
+  profile_applicability: schema.string(),
+  rationale: schema.string(),
+  references: schema.maybe(schema.string()),
+  rego_rule_id: schema.string(),
+  remediation: schema.string(),
+  section: schema.string(),
+  tags: schema.arrayOf(schema.string()),
+  version: schema.string(),
+});
+
+export type CspBenchmarkRuleMetadata = TypeOf<typeof cspBenchmarkRuleMetadataSchema>;
+
+export const cspBenchmarkRuleSchema = schema.object({
+  metadata: cspBenchmarkRuleMetadataSchema,
+});
+
+export type CspBenchmarkRule = TypeOf<typeof cspBenchmarkRuleSchema>;
+
+export const findCspBenchmarkRuleRequestSchema = schema.object({
   /**
    * An Elasticsearch simple_query_string
    */
@@ -25,16 +60,16 @@ export const findCspRuleTemplateRequest = schema.object({
   /**
    * The number of objects to include in each page
    */
-  perPage: schema.number({ defaultValue: DEFAULT_RULES_TEMPLATE_PER_PAGE, min: 0 }),
+  perPage: schema.number({ defaultValue: DEFAULT_BENCHMARK_RULES_PER_PAGE, min: 0 }),
 
   /**
-   *  Fields to retrieve from CspRuleTemplate saved object
+   *  Fields to retrieve from CspBenchmarkRule saved object
    */
   fields: schema.maybe(schema.arrayOf(schema.string())),
 
   /**
    *  The fields to perform the parsed query against.
-   * Valid fields are fields which mapped to 'text' in cspRuleTemplateSavedObjectMapping
+   * Valid fields are fields which mapped to 'text' in cspBenchmarkRuleSavedObjectMapping
    */
   searchFields: schema.arrayOf(
     schema.oneOf([schema.literal('metadata.name.text'), schema.literal('metadata.section.text')]),
@@ -85,3 +120,12 @@ export const findCspRuleTemplateRequest = schema.object({
    */
   section: schema.maybe(schema.string()),
 });
+
+export type FindCspBenchmarkRuleRequest = TypeOf<typeof findCspBenchmarkRuleRequestSchema>;
+
+export interface FindCspBenchmarkRuleResponse {
+  items: CspBenchmarkRule[];
+  total: number;
+  page: number;
+  perPage: number;
+}