[Security Solution][Endpoint] Delete obsolete action create service (#…

…177621)

## Summary

- Deletes the obsolete Action Create service now that all response
actions usage has been moved to use the new `ResponseActionsClient`'s.

x-pack/plugins/security_solution/common/endpoint/types/agents.ts

@@ -10,7 +10,6 @@ import type {
   ResponseActionsApiCommandNames,
   ResponseActionAgentType,
 } from '../service/response_actions/constants';
-import {} from '../service/response_actions/constants';
 
 export interface AgentStatusInfo {
   id: string;

x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts

@@ -52,7 +52,6 @@ import type { EndpointAuthz } from '../../common/endpoint/types/authz';
 import { calculateEndpointAuthz } from '../../common/endpoint/service/authz';
 import type { FeatureUsageService } from './services/feature_usage/service';
 import type { ExperimentalFeatures } from '../../common/experimental_features';
-import type { ActionCreateService } from './services/actions/create/types';
 import type { ProductFeaturesService } from '../lib/product_features_service/product_features_service';
 import type { ResponseActionAgentType } from '../../common/endpoint/service/response_actions/constants';
 
@@ -81,7 +80,6 @@ export interface EndpointAppContextServiceStartContract {
   featureUsageService: FeatureUsageService;
   experimentalFeatures: ExperimentalFeatures;
   messageSigningService: MessageSigningServiceInterface | undefined;
-  actionCreateService: ActionCreateService | undefined;
   esClient: ElasticsearchClient;
   productFeaturesService: ProductFeaturesService;
   savedObjectsClient: SavedObjectsClientContract;
@@ -309,15 +307,6 @@ export class EndpointAppContextService {
     });
   }
 
-  /** @deprecated use `getInternalResponseActionsClient()` */
-  public getActionCreateService(): ActionCreateService {
-    if (!this.startDependencies?.actionCreateService) {
-      throw new EndpointAppContentServicesNotStartedError();
-    }
-
-    return this.startDependencies.actionCreateService;
-  }
-
   public async getFleetToHostFilesClient() {
     if (!this.startDependencies?.createFleetFilesClient) {
       throw new EndpointAppContentServicesNotStartedError();

x-pack/plugins/security_solution/server/endpoint/mocks.ts

@@ -46,7 +46,6 @@ import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-m
 import { casesPluginMock } from '@kbn/cases-plugin/server/mocks';
 import { createCasesClientMock } from '@kbn/cases-plugin/server/client/mocks';
 import type { AddVersionOpts, VersionedRouteConfig } from '@kbn/core-http-server';
-import { createActionCreateServiceMock } from './services/actions/mocks';
 import { getEndpointAuthzInitialStateMock } from '../../common/endpoint/service/authz/mocks';
 import { createMockConfig, requestContextMock } from '../lib/detection_engine/routes/__mocks__';
 import type {
@@ -117,7 +116,6 @@ export const createMockEndpointAppContextService = (
     getInternalFleetServices: jest.fn(() => mockEndpointMetadataContext.fleetServices),
     getEndpointAuthz: jest.fn(async (_) => getEndpointAuthzInitialStateMock()),
     getCasesClient: jest.fn().mockReturnValue(casesClientMock),
-    getActionCreateService: jest.fn().mockReturnValue(createActionCreateServiceMock()),
     getFleetFromHostFilesClient: jest.fn(async () => fleetFromHostFilesClientMock),
     getFleetToHostFilesClient: jest.fn(async () => fleetToHostFilesClientMock),
     setup: jest.fn(),
@@ -223,7 +221,6 @@ export const createMockEndpointAppContextServiceStartContract =
       featureUsageService: createFeatureUsageServiceMock(),
       experimentalFeatures,
       messageSigningService: createMessageSigningServiceMock(),
-      actionCreateService: undefined,
       createFleetActionsClient: jest.fn((_) => fleetActionsClientMock),
       esClient: elasticsearchClientMock.createElasticsearchClient(),
       productFeaturesService,

x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.test.ts

@@ -61,7 +61,6 @@ import { registerResponseActionRoutes } from './response_actions';
 import * as ActionDetailsService from '../../services/actions/action_details_by_id';
 import { CaseStatuses } from '@kbn/cases-components';
 import { getEndpointAuthzInitialStateMock } from '../../../../common/endpoint/service/authz/mocks';
-import { actionCreateService } from '../../services/actions';
 import { getResponseActionsClient as _getResponseActionsClient } from '../../services';
 import type { UploadActionApiRequestBody } from '../../../../common/api/endpoint';
 import type { FleetToHostFileClientInterface } from '@kbn/fleet-plugin/server';
@@ -159,7 +158,6 @@ describe('Response actions', () => {
       endpointAppContextService.setup(createMockEndpointAppContextServiceSetupContract());
       endpointAppContextService.start({
         ...startContract,
-        actionCreateService: actionCreateService(mockScopedClient.asInternalUser, endpointContext),
         licenseService,
       });
 

x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts

@@ -7,8 +7,8 @@
 
 import type { FleetActionRequest } from '@kbn/fleet-plugin/server/services/actions';
 import { v4 as uuidv4 } from 'uuid';
+import { getActionRequestExpiration } from '../../utils';
 import { ResponseActionsClientError } from '../errors';
-import { getActionRequestExpiration } from '../../create/write_action_to_indices';
 import { stringify } from '../../../../utils/stringify';
 import type { HapiReadableStream } from '../../../../../types';
 import type {
@@ -112,8 +112,8 @@ export class EndpointActionsClient extends ResponseActionsClientImpl {
     await this.writeActionRequestToEndpointIndex({
       ...actionReq,
       error: actionError,
-      rule_id: ruleId,
-      rule_name: ruleName,
+      ruleId,
+      ruleName,
       hosts,
       actionId,
       command,

x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.test.ts

@@ -12,7 +12,7 @@ import type {
   ResponseActionsClientWriteActionRequestToEndpointIndexOptions,
   ResponseActionsClientWriteActionResponseToEndpointIndexOptions,
 } from './base_response_actions_client';
-import { ResponseActionsClientImpl } from './base_response_actions_client';
+import { HOST_NOT_ENROLLED, ResponseActionsClientImpl } from './base_response_actions_client';
 import type {
   ActionDetails,
   LogsEndpointAction,
@@ -34,7 +34,6 @@ import { set } from 'lodash';
 import { responseActionsClientMock } from '../mocks';
 import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants';
 import { getResponseActionFeatureKey } from '../../../feature_usage/feature_keys';
-import { HOST_NOT_ENROLLED } from '../../create/validate';
 import { isActionSupportedByAgentType as _isActionSupportedByAgentType } from '../../../../../../common/endpoint/service/response_actions/is_response_action_supported';
 
 jest.mock('../../action_details_by_id', () => {
@@ -308,8 +307,8 @@ describe('ResponseActionsClientImpl base class', () => {
         agent_type: 'endpoint',
         endpoint_ids: ['one'],
         comment: 'test comment',
-        rule_name: undefined,
-        rule_id: undefined,
+        ruleName: undefined,
+        ruleId: undefined,
         alert_ids: undefined,
         case_ids: undefined,
         hosts: undefined,
@@ -390,11 +389,11 @@ describe('ResponseActionsClientImpl base class', () => {
     });
 
     it('should include Rule information if rule_id and rule_name were provided', async () => {
-      indexDocOptions.rule_id = '1-2-3';
-      indexDocOptions.rule_name = 'rule 123';
+      indexDocOptions.ruleId = '1-2-3';
+      indexDocOptions.ruleName = 'rule 123';
       expectedIndexDoc.rule = {
-        name: indexDocOptions.rule_name,
-        id: indexDocOptions.rule_id,
+        name: indexDocOptions.ruleName,
+        id: indexDocOptions.ruleId,
       };
 
       await expect(
@@ -403,7 +402,7 @@ describe('ResponseActionsClientImpl base class', () => {
     });
 
     it('should NOT include Rule information if rule_id or rule_name are missing', async () => {
-      indexDocOptions.rule_id = '1-2-3';
+      indexDocOptions.ruleId = '1-2-3';
 
       await expect(
         baseClassMock.writeActionRequestToEndpointIndex(indexDocOptions)

x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts

@@ -11,8 +11,9 @@ import type { Logger } from '@kbn/logging';
 import { v4 as uuidv4 } from 'uuid';
 import { AttachmentType, ExternalReferenceStorageType } from '@kbn/cases-plugin/common';
 import type { CaseAttachments } from '@kbn/cases-plugin/public/types';
+import { i18n } from '@kbn/i18n';
+import { getActionRequestExpiration } from '../../utils';
 import { isActionSupportedByAgentType } from '../../../../../../common/endpoint/service/response_actions/is_response_action_supported';
-import { HOST_NOT_ENROLLED, LICENSE_TOO_LOW } from '../../create/validate';
 import type { EndpointAppContextService } from '../../../../endpoint_app_context_services';
 import { APP_ID } from '../../../../../../common';
 import type {
@@ -21,11 +22,6 @@ import type {
 } from '../../../../../../common/endpoint/service/response_actions/constants';
 import { getActionDetailsById } from '../../action_details_by_id';
 import { ResponseActionsClientError, ResponseActionsNotSupportedError } from '../errors';
-import {
-  addRuleInfoToAction,
-  getActionParameters,
-  getActionRequestExpiration,
-} from '../../create/write_action_to_indices';
 import {
   ENDPOINT_ACTION_RESPONSES_INDEX,
   ENDPOINT_ACTIONS_INDEX,
@@ -58,11 +54,24 @@ import type {
   ResponseActionsRequestBody,
   UploadActionApiRequestBody,
 } from '../../../../../../common/api/endpoint';
-import type { CreateActionPayload } from '../../create/types';
 import { stringify } from '../../../../utils/stringify';
 import { CASE_ATTACHMENT_ENDPOINT_TYPE_ID } from '../../../../../../common/constants';
 import { EMPTY_COMMENT } from '../../../../utils/translations';
 
+const ENTERPRISE_LICENSE_REQUIRED_MSG = i18n.translate(
+  'xpack.securitySolution.responseActionsList.error.licenseTooLow',
+  {
+    defaultMessage: 'At least Enterprise license is required to use Response Actions.',
+  }
+);
+
+export const HOST_NOT_ENROLLED = i18n.translate(
+  'xpack.securitySolution.responseActionsList.error.hostNotEnrolled',
+  {
+    defaultMessage: 'The host does not have Elastic Defend integration installed',
+  }
+);
+
 export interface ResponseActionsClientOptions {
   endpointService: EndpointAppContextService;
   esClient: ElasticsearchClient;
@@ -96,7 +105,8 @@ export interface ResponseActionsClientUpdateCasesOptions {
 
 export type ResponseActionsClientWriteActionRequestToEndpointIndexOptions =
   ResponseActionsRequestBody &
-    Pick<CreateActionPayload, 'command' | 'hosts' | 'rule_id' | 'rule_name' | 'error'> & {
+    Pick<CommonResponseActionMethodOptions, 'ruleName' | 'ruleId' | 'hosts' | 'error'> & {
+      command: ResponseActionsApiCommandNames;
       actionId?: string;
     };
 
@@ -277,7 +287,7 @@ export abstract class ResponseActionsClientImpl implements ResponseActionsClient
       if (!this.options.endpointService.getLicenseService().isEnterprise()) {
         return {
           isValid: false,
-          error: new ResponseActionsClientError(LICENSE_TOO_LOW, 403),
+          error: new ResponseActionsClientError(ENTERPRISE_LICENSE_REQUIRED_MSG, 403),
         };
       }
     }
@@ -343,14 +353,16 @@ export abstract class ResponseActionsClientImpl implements ResponseActionsClient
           comment: actionRequest.comment ?? undefined,
           ...(actionRequest.alert_ids ? { alert_id: actionRequest.alert_ids } : {}),
           ...(actionRequest.hosts ? { hosts: actionRequest.hosts } : {}),
-          parameters: getActionParameters(actionRequest) as EndpointActionDataParameterTypes,
+          parameters: actionRequest.parameters as EndpointActionDataParameterTypes,
         },
       },
       user: {
         id: this.options.username,
       },
       ...(errorMsg ? { error: { message: errorMsg } } : {}),
-      ...addRuleInfoToAction(actionRequest),
+      ...(actionRequest.ruleId && actionRequest.ruleName
+        ? { rule: { id: actionRequest.ruleId, name: actionRequest.ruleName } }
+        : {}),
     };
 
     try {