Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EDR Workflows][API] Gate Agent Tamper Protection setting on Agent Policy Settings #174400

Merged
merged 24 commits into from
Feb 1, 2024
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
cb3c9b2
upsell on essential
szwarckonrad Jan 5, 2024
db8b0e5
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 15, 2024
dd697bd
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 16, 2024
0c4e21a
upsell on essential
szwarckonrad Jan 16, 2024
65ad15e
[CI] Auto-commit changed files from 'node scripts/lint_ts_projects --…
kibanamachine Jan 16, 2024
cb5d3c1
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 24, 2024
63ac984
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 25, 2024
77666a8
upsell on essential
szwarckonrad Jan 25, 2024
30f54d0
upsell on essential
szwarckonrad Jan 25, 2024
255b23a
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 25, 2024
03ec056
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 25, 2024
fa11c4b
upsell on essential
szwarckonrad Jan 26, 2024
d01cb0a
Merge remote-tracking branch 'origin/gated-agent-tamper-api' into gat…
szwarckonrad Jan 26, 2024
510c3e0
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 30, 2024
b18a7b4
[CI] Auto-commit changed files from 'node scripts/lint_ts_projects --…
kibanamachine Jan 30, 2024
14c1f7b
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 31, 2024
63b86df
cr changes
szwarckonrad Jan 31, 2024
b3c6937
cr changes
szwarckonrad Jan 31, 2024
557791f
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Jan 31, 2024
f7c342f
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Feb 1, 2024
06c9bc9
cr changes
szwarckonrad Feb 1, 2024
b63e686
cr changes
szwarckonrad Feb 1, 2024
34c9de8
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Feb 1, 2024
527a332
Merge branch 'main' into gated-agent-tamper-api
szwarckonrad Feb 1, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ export enum AppFeatureSecurityKey {
*/
osqueryAutomatedResponseActions = 'osquery_automated_response_actions',

/**
* Enables Agent Tamper Protection
*/
endpointAgentTamperProtection = 'endpoint_agent_tamper_protection',

/**
* Enables managing endpoint exceptions on rules and alerts
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,6 @@ export const securityDefaultAppFeaturesConfig: DefaultSecurityAppFeaturesConfig
},

[AppFeatureSecurityKey.osqueryAutomatedResponseActions]: {},

[AppFeatureSecurityKey.endpointAgentTamperProtection]: {},
[AppFeatureSecurityKey.externalRuleActions]: {},
};
9 changes: 3 additions & 6 deletions x-pack/plugins/cloud_defend/server/plugin.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,7 @@ import { CloudDefendPlugin } from './plugin';
import { CloudDefendPluginStartDeps } from './types';
import { createFleetAuthzMock } from '@kbn/fleet-plugin/common/mocks';
import { PackagePolicy, UpdatePackagePolicy } from '@kbn/fleet-plugin/common';
import {
ExternalCallback,
FleetStartContract,
PostPackagePolicyPostCreateCallback,
} from '@kbn/fleet-plugin/server';
import { FleetStartContract, PostPackagePolicyPostCreateCallback } from '@kbn/fleet-plugin/server';
import { INTEGRATION_PACKAGE_NAME } from '../common/constants';
import Chance from 'chance';
import type { AwaitedProperties } from '@kbn/utility-types';
Expand All @@ -42,6 +38,7 @@ import {
import { securityMock } from '@kbn/security-plugin/server/mocks';
import { licensingMock } from '@kbn/licensing-plugin/server/mocks';
import * as onPackagePolicyPostCreateCallback from './lib/fleet_util';
import { ExternalCallbackType } from '@kbn/fleet-plugin/server/types';

const chance = new Chance();

Expand All @@ -63,7 +60,7 @@ const createMockFleetStartContract = (): DeeplyMockedKeys<FleetStartContract> =>
// @ts-expect-error 2322
packageService: createMockPackageService(),
agentPolicyService: createMockAgentPolicyService(),
registerExternalCallback: jest.fn((..._: ExternalCallback) => {}),
registerExternalCallback: jest.fn((..._: ExternalCallbackType) => {}),
packagePolicyService: createPackagePolicyServiceMock(),
createArtifactsClient: jest.fn().mockReturnValue(createArtifactsClientMock()),
};
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/cloud_security_posture/server/plugin.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ import {
UpdatePackagePolicy,
} from '@kbn/fleet-plugin/common';
import {
ExternalCallback,
FleetStartContract,
PostPackagePolicyPostDeleteCallback,
PostPackagePolicyPostCreateCallback,
Expand All @@ -49,6 +48,7 @@ import {
import { securityMock } from '@kbn/security-plugin/server/mocks';
import { licensingMock } from '@kbn/licensing-plugin/server/mocks';
import * as onPackagePolicyPostCreateCallback from './fleet_integration/fleet_integration';
import { ExternalCallbackType } from '@kbn/fleet-plugin/server/types';

const chance = new Chance();

Expand All @@ -70,7 +70,7 @@ const createMockFleetStartContract = (): DeeplyMockedKeys<FleetStartContract> =>
// @ts-expect-error 2322
packageService: createMockPackageService(),
agentPolicyService: createMockAgentPolicyService(),
registerExternalCallback: jest.fn((..._: ExternalCallback) => {}),
registerExternalCallback: jest.fn((..._: ExternalCallbackType) => {}),
packagePolicyService: createPackagePolicyServiceMock(),
createArtifactsClient: jest.fn().mockReturnValue(createArtifactsClientMock()),
};
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/fleet/server/mocks/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ export const createMockAgentPolicyService = (): jest.Mocked<AgentPolicyServiceIn
list: jest.fn(),
getFullAgentPolicy: jest.fn(),
getByIds: jest.fn(),
bumpRevision: jest.fn(),
};
};

Expand Down
64 changes: 35 additions & 29 deletions x-pack/plugins/fleet/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,33 +8,32 @@
import { backOff } from 'exponential-backoff';
import type { Observable } from 'rxjs';
import { BehaviorSubject } from 'rxjs';
import { take, filter } from 'rxjs/operators';
import { filter, take } from 'rxjs/operators';
import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common';
import { i18n } from '@kbn/i18n';
import type {
CoreSetup,
CoreStart,
ElasticsearchClient,
ElasticsearchServiceStart,
HttpServiceSetup,
KibanaRequest,
Logger,
Plugin,
PluginInitializerContext,
SavedObjectsClientContract,
SavedObjectsServiceStart,
HttpServiceSetup,
KibanaRequest,
ServiceStatus,
ElasticsearchClient,
SavedObjectsClientContract,
} from '@kbn/core/server';
import { DEFAULT_APP_CATEGORIES, SavedObjectsClient, ServiceStatusLevels } from '@kbn/core/server';
import type { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';

import type { TelemetryPluginSetup, TelemetryPluginStart } from '@kbn/telemetry-plugin/server';

import { DEFAULT_APP_CATEGORIES, SavedObjectsClient, ServiceStatusLevels } from '@kbn/core/server';
import type { PluginStart as DataPluginStart } from '@kbn/data-plugin/server';
import type { LicensingPluginStart } from '@kbn/licensing-plugin/server';
import type {
EncryptedSavedObjectsPluginStart,
EncryptedSavedObjectsPluginSetup,
EncryptedSavedObjectsPluginStart,
} from '@kbn/encrypted-saved-objects-plugin/server';
import type {
AuditLogger,
Expand All @@ -57,61 +56,64 @@ import { SECURITY_EXTENSION_ID } from '@kbn/core-saved-objects-server';

import type { FleetConfigType } from '../common/types';
import type { FleetAuthz } from '../common';
import type { ExperimentalFeatures } from '../common/experimental_features';

import {
MESSAGE_SIGNING_KEYS_SAVED_OBJECT_TYPE,
INTEGRATIONS_PLUGIN_ID,
MESSAGE_SIGNING_KEYS_SAVED_OBJECT_TYPE,
UNINSTALL_TOKENS_SAVED_OBJECT_TYPE,
} from '../common';
import type { ExperimentalFeatures } from '../common/experimental_features';
import { parseExperimentalConfigValue } from '../common/experimental_features';

import { getFilesClientFactory } from './services/files/get_files_client_factory';

import type { MessageSigningServiceInterface } from './services/security';
import {
getRouteRequiredAuthz,
makeRouterWithFleetAuthz,
calculateRouteAuthz,
getAuthzFromRequest,
getRouteRequiredAuthz,
makeRouterWithFleetAuthz,
MessageSigningService,
} from './services/security';

import {
PLUGIN_ID,
OUTPUT_SAVED_OBJECT_TYPE,
AGENT_POLICY_SAVED_OBJECT_TYPE,
PACKAGE_POLICY_SAVED_OBJECT_TYPE,
PACKAGES_SAVED_OBJECT_TYPE,
ASSETS_SAVED_OBJECT_TYPE,
PRECONFIGURATION_DELETION_RECORD_SAVED_OBJECT_TYPE,
DOWNLOAD_SOURCE_SAVED_OBJECT_TYPE,
FLEET_SERVER_HOST_SAVED_OBJECT_TYPE,
OUTPUT_SAVED_OBJECT_TYPE,
PACKAGE_POLICY_SAVED_OBJECT_TYPE,
PACKAGES_SAVED_OBJECT_TYPE,
PLUGIN_ID,
PRECONFIGURATION_DELETION_RECORD_SAVED_OBJECT_TYPE,
} from './constants';
import { registerSavedObjects, registerEncryptedSavedObjects } from './saved_objects';
import { registerEncryptedSavedObjects, registerSavedObjects } from './saved_objects';
import { registerRoutes } from './routes';

import type { ExternalCallback, FleetRequestHandlerContext } from './types';
import type {
ESIndexPatternService,
AgentService,
ExternalCallback,
ExternalCallbackAgentPolicy,
FleetRequestHandlerContext,
} from './types';
import type {
AgentPolicyServiceInterface,
AgentService,
ESIndexPatternService,
PackageService,
} from './services';
import { FleetUsageSender } from './services';
import {
agentPolicyService,
AgentServiceImpl,
appContextService,
licenseService,
ESIndexPatternSavedObjectService,
agentPolicyService,
FleetUsageSender,
licenseService,
packagePolicyService,
AgentServiceImpl,
PackageServiceImpl,
} from './services';
import {
registerFleetUsageCollector,
fetchAgentsUsage,
fetchFleetUsage,
registerFleetUsageCollector,
} from './collectors/register';
import { FleetArtifactsClient } from './services/artifacts';
import type { FleetRouter } from './types/request_context';
Expand Down Expand Up @@ -218,7 +220,7 @@ export interface FleetStartContract {
* Register callbacks for inclusion in fleet API processing
* @param args
*/
registerExternalCallback: (...args: ExternalCallback) => void;
registerExternalCallback: (...args: ExternalCallback | ExternalCallbackAgentPolicy) => void;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comment further below. This union can be avoided by just adding the new types to the existing ExternalCallback type.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed


/**
* Create a Fleet Artifact Client instance
Expand Down Expand Up @@ -624,9 +626,13 @@ export class FleetPlugin
list: agentPolicyService.list,
getFullAgentPolicy: agentPolicyService.getFullAgentPolicy,
getByIds: agentPolicyService.getByIDs,
bumpRevision: agentPolicyService.bumpRevision.bind(agentPolicyService),
},
packagePolicyService,
registerExternalCallback: (type: ExternalCallback[0], callback: ExternalCallback[1]) => {
registerExternalCallback: (
type: ExternalCallback[0] | ExternalCallbackAgentPolicy[0],
callback: ExternalCallback[1] | ExternalCallbackAgentPolicy[1]
) => {
return appContextService.addExternalCallback(type, callback);
},
createArtifactsClient(packageName: string) {
Expand Down
43 changes: 42 additions & 1 deletion x-pack/plugins/fleet/server/services/agent_policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ import type {
FullAgentPolicy,
ListWithKuery,
NewPackagePolicy,
ExternalCallbackAgentPolicy,
PostAgentPolicyCreateCallback,
PostAgentPolicyUpdateCallback,
} from '../types';
import {
getAllowedOutputTypeForPolicy,
Expand Down Expand Up @@ -234,6 +237,43 @@ class AgentPolicyService {
return policyHasSyntheticsIntegration(agentPolicy);
}

public async runExternalCallbacks(
externalCallbackType: ExternalCallbackAgentPolicy[0],
agentPolicy: NewAgentPolicy | Partial<AgentPolicy>
): Promise<NewAgentPolicy | Partial<AgentPolicy>> {
const logger = appContextService.getLogger();
logger.debug(`Running external callbacks for ${externalCallbackType}`);
try {
const externalCallbacks = appContextService.getExternalCallbacks(externalCallbackType);
let newAgentPolicy = agentPolicy;

if (externalCallbacks && externalCallbacks.size > 0) {
let updatedNewAgentPolicy = newAgentPolicy;
for (const callback of externalCallbacks) {
let result;
if (externalCallbackType === 'agentPolicyCreate') {
result = await (callback as PostAgentPolicyCreateCallback)(
newAgentPolicy as NewAgentPolicy
);
updatedNewAgentPolicy = result;
}
if (externalCallbackType === 'agentPolicyUpdate') {
result = await (callback as PostAgentPolicyUpdateCallback)(
newAgentPolicy as Partial<AgentPolicy>
);
updatedNewAgentPolicy = result;
}
}
newAgentPolicy = updatedNewAgentPolicy;
}
return newAgentPolicy;
} catch (error) {
logger.error(`Error running external callbacks for ${externalCallbackType}`);
logger.error(error);
throw error;
}
}

public async create(
soClient: SavedObjectsClientContract,
esClient: ElasticsearchClient,
Expand All @@ -254,7 +294,7 @@ class AgentPolicyService {
id: options.id,
savedObjectType: AGENT_POLICY_SAVED_OBJECT_TYPE,
});

await this.runExternalCallbacks('agentPolicyCreate', agentPolicy);
this.checkTamperProtectionLicense(agentPolicy);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be moved to sec sol side to an external callback


const logger = appContextService.getLogger();
Expand Down Expand Up @@ -520,6 +560,7 @@ class AgentPolicyService {
throw new AgentPolicyNotFoundError('Agent policy not found');
}

await this.runExternalCallbacks('agentPolicyUpdate', agentPolicy);
this.checkTamperProtectionLicense(agentPolicy);
await this.checkForValidUninstallToken(agentPolicy, id);
Comment on lines 570 to 571
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be moved to sec sol side to an external callback


Expand Down
22 changes: 18 additions & 4 deletions x-pack/plugins/fleet/server/services/app_context.ts
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ import type {
PostPackagePolicyPostDeleteCallback,
PostPackagePolicyPostCreateCallback,
PutPackagePolicyUpdateCallback,
ExternalCallbackAgentPolicy,
PostAgentPolicyCreateCallback,
PostAgentPolicyUpdateCallback,
} from '../types';
import type { FleetAppContext } from '../plugin';
import type { TelemetryEventsSender } from '../telemetry/sender';
Expand Down Expand Up @@ -234,18 +237,25 @@ class AppContextService {
return this.kibanaInstanceId;
}

public addExternalCallback(type: ExternalCallback[0], callback: ExternalCallback[1]) {
public addExternalCallback(
type: ExternalCallback[0] | ExternalCallbackAgentPolicy[0],
callback: ExternalCallback[1] | ExternalCallbackAgentPolicy[1]
) {
if (!this.externalCallbacks.has(type)) {
this.externalCallbacks.set(type, new Set());
}
this.externalCallbacks.get(type)!.add(callback);
}

public getExternalCallbacks<T extends ExternalCallback[0]>(
public getExternalCallbacks<T extends ExternalCallback[0] | ExternalCallbackAgentPolicy[0]>(
type: T
):
| Set<
T extends 'packagePolicyCreate'
T extends 'agentPolicyCreate'
? PostAgentPolicyCreateCallback
: T extends 'agentPolicyUpdate'
? PostAgentPolicyUpdateCallback
: T extends 'packagePolicyCreate'
? PostPackagePolicyCreateCallback
: T extends 'packagePolicyDelete'
? PostPackagePolicyDeleteCallback
Expand All @@ -258,7 +268,11 @@ class AppContextService {
| undefined {
if (this.externalCallbacks) {
return this.externalCallbacks.get(type) as Set<
T extends 'packagePolicyCreate'
T extends 'agentPolicyCreate'
? PostAgentPolicyCreateCallback
: T extends 'agentPolicyUpdate'
? PostAgentPolicyUpdateCallback
: T extends 'packagePolicyCreate'
? PostPackagePolicyCreateCallback
: T extends 'packagePolicyDelete'
? PostPackagePolicyDeleteCallback
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/fleet/server/services/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ export interface AgentPolicyServiceInterface {
list: typeof agentPolicyService['list'];
getFullAgentPolicy: typeof agentPolicyService['getFullAgentPolicy'];
getByIds: typeof agentPolicyService['getByIDs'];
bumpRevision: typeof agentPolicyService['bumpRevision'];
}

// Agent services
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,7 @@ jest.mock('./app_context', () => ({
getUninstallTokenService: () => ({
generateTokenForPolicyId: jest.fn(),
}),
getExternalCallbacks: jest.fn(),
},
}));

Expand Down
Loading