From 1f9528e89168831117f40e87b260d4744d25a070 Mon Sep 17 00:00:00 2001 From: Candace Park <56409205+parkiino@users.noreply.github.com> Date: Thu, 27 Jan 2022 16:24:33 -0500 Subject: [PATCH] [Security Solution][Endpoint][Policy] Remove GET policy list api route (#123873) --- .../common/endpoint/schema/policy.ts | 18 ---- .../endpoint/routes/policy/handlers.test.ts | 90 +------------------ .../server/endpoint/routes/policy/handlers.ts | 33 ------- .../server/endpoint/routes/policy/index.ts | 21 +---- .../apis/endpoint_authz.ts | 5 -- 5 files changed, 2 insertions(+), 165 deletions(-) diff --git a/x-pack/plugins/security_solution/common/endpoint/schema/policy.ts b/x-pack/plugins/security_solution/common/endpoint/schema/policy.ts index dab0845dd252d..9b02ab073c9ce 100644 --- a/x-pack/plugins/security_solution/common/endpoint/schema/policy.ts +++ b/x-pack/plugins/security_solution/common/endpoint/schema/policy.ts @@ -19,21 +19,3 @@ export const GetAgentPolicySummaryRequestSchema = { policy_id: schema.nullable(schema.string()), }), }; - -const ListWithKuerySchema = schema.object({ - page: schema.maybe(schema.number({ defaultValue: 1 })), - pageSize: schema.maybe(schema.number({ defaultValue: 20 })), - sort: schema.maybe(schema.string()), - sortOrder: schema.maybe(schema.oneOf([schema.literal('desc'), schema.literal('asc')])), - showUpgradeable: schema.maybe(schema.boolean()), - kuery: schema.maybe( - schema.oneOf([ - schema.string(), - schema.any(), // KueryNode - ]) - ), -}); - -export const GetEndpointPackagePolicyRequestSchema = { - query: ListWithKuerySchema, -}; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts index 9ad26443cf0d5..b8efa2636d8c7 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts @@ -12,12 +12,7 @@ import { createRouteHandlerContext, } from '../../mocks'; import { createMockAgentClient, createMockAgentService } from '../../../../../fleet/server/mocks'; -import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../../../fleet/common'; -import { - getHostPolicyResponseHandler, - getAgentPolicySummaryHandler, - getPolicyListHandler, -} from './handlers'; +import { getHostPolicyResponseHandler, getAgentPolicySummaryHandler } from './handlers'; import { KibanaResponseFactory, SavedObjectsClientContract, @@ -38,7 +33,6 @@ import { AgentClient, AgentService } from '../../../../../fleet/server/services' import { get } from 'lodash'; // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { ScopedClusterClientMock } from '../../../../../../../src/core/server/elasticsearch/client/mocks'; -import { PackagePolicyServiceInterface } from '../../../../../fleet/server'; describe('test policy response handler', () => { let endpointAppContextService: EndpointAppContextService; @@ -242,88 +236,6 @@ describe('test policy response handler', () => { }); }); }); - describe('test GET policy list handler', () => { - let mockPackagePolicyService: jest.Mocked; - let policyHandler: ReturnType; - - beforeEach(() => { - const endpointAppContextServiceStartContract = - createMockEndpointAppContextServiceStartContract(); - - mockScopedClient = elasticsearchServiceMock.createScopedClusterClient(); - mockSavedObjectClient = savedObjectsClientMock.create(); - mockResponse = httpServerMock.createResponseFactory(); - - if (endpointAppContextServiceStartContract.packagePolicyService) { - mockPackagePolicyService = - endpointAppContextServiceStartContract.packagePolicyService as jest.Mocked; - } else { - expect(endpointAppContextServiceStartContract.packagePolicyService).toBeTruthy(); - } - - mockPackagePolicyService.list.mockImplementation(() => { - return Promise.resolve({ - items: [], - total: 0, - page: 1, - perPage: 10, - }); - }); - endpointAppContextService = new EndpointAppContextService(); - endpointAppContextService.setup(createMockEndpointAppContextServiceSetupContract()); - endpointAppContextService.start(endpointAppContextServiceStartContract); - policyHandler = getPolicyListHandler({ - logFactory: loggingSystemMock.create(), - service: endpointAppContextService, - config: () => Promise.resolve(createMockConfig()), - experimentalFeatures: parseExperimentalConfigValue(createMockConfig().enableExperimental), - }); - }); - - afterEach(() => endpointAppContextService.stop()); - - it('should return a list of endpoint package policies', async () => { - const mockRequest = httpServerMock.createKibanaRequest({ - query: {}, - }); - - await policyHandler( - createRouteHandlerContext(mockScopedClient, mockSavedObjectClient), - mockRequest, - mockResponse - ); - expect(mockPackagePolicyService.list).toHaveBeenCalled(); - expect(mockPackagePolicyService.list.mock.calls[0][1]).toEqual({ - kuery: `${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name: endpoint`, - perPage: undefined, - sortField: undefined, - }); - expect(mockResponse.ok).toBeCalled(); - expect(mockResponse.ok.mock.calls[0][0]?.body).toEqual({ - items: [], - total: 0, - page: 1, - perPage: 10, - }); - }); - - it('should add endpoint-specific kuery to the requests kuery', async () => { - const mockRequest = httpServerMock.createKibanaRequest({ - query: { kuery: 'some query' }, - }); - - await policyHandler( - createRouteHandlerContext(mockScopedClient, mockSavedObjectClient), - mockRequest, - mockResponse - ); - expect(mockPackagePolicyService.list.mock.calls[0][1]).toEqual({ - kuery: `(some query) and ${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name: endpoint`, - perPage: undefined, - sortField: undefined, - }); - }); - }); }); /** diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts index beb197ec5d5f7..d02e0402a922e 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts @@ -11,13 +11,10 @@ import { policyIndexPattern } from '../../../../common/endpoint/constants'; import { GetPolicyResponseSchema, GetAgentPolicySummaryRequestSchema, - GetEndpointPackagePolicyRequestSchema, } from '../../../../common/endpoint/schema/policy'; import { EndpointAppContext } from '../../types'; import { getAgentPolicySummary, getPolicyResponseByAgentId } from './service'; import { GetAgentSummaryResponse } from '../../../../common/endpoint/types'; -import { wrapErrorIfNeeded } from '../../utils'; -import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../../../fleet/common'; export const getHostPolicyResponseHandler = function (): RequestHandler< undefined, @@ -65,33 +62,3 @@ export const getAgentPolicySummaryHandler = function ( }); }; }; - -export const getPolicyListHandler = function ( - endpointAppContext: EndpointAppContext -): RequestHandler< - undefined, - TypeOf, - undefined -> { - return async (context, request, response) => { - const soClient = context.core.savedObjects.client; - const fleetServices = endpointAppContext.service.getScopedFleetServices(request); - const endpointFilteredKuery = `${ - request?.query?.kuery ? `(${request.query.kuery}) and ` : '' - }${PACKAGE_POLICY_SAVED_OBJECT_TYPE}.package.name: endpoint`; - try { - const listResponse = await fleetServices.packagePolicy.list(soClient, { - ...request.query, - perPage: request.query.pageSize, - sortField: request.query.sort, - kuery: endpointFilteredKuery, - }); - - return response.ok({ - body: listResponse, - }); - } catch (error) { - throw wrapErrorIfNeeded(error); - } - }; -}; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts index 53afaadc23142..8991dfa9a6bcc 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts @@ -10,16 +10,10 @@ import { EndpointAppContext } from '../../types'; import { GetPolicyResponseSchema, GetAgentPolicySummaryRequestSchema, - GetEndpointPackagePolicyRequestSchema, } from '../../../../common/endpoint/schema/policy'; -import { - getHostPolicyResponseHandler, - getAgentPolicySummaryHandler, - getPolicyListHandler, -} from './handlers'; +import { getHostPolicyResponseHandler, getAgentPolicySummaryHandler } from './handlers'; import { AGENT_POLICY_SUMMARY_ROUTE, - BASE_POLICY_ROUTE, BASE_POLICY_RESPONSE_ROUTE, } from '../../../../common/endpoint/constants'; import { withEndpointAuthz } from '../with_endpoint_authz'; @@ -54,17 +48,4 @@ export function registerPolicyRoutes(router: IRouter, endpointAppContext: Endpoi getAgentPolicySummaryHandler(endpointAppContext) ) ); - - router.get( - { - path: BASE_POLICY_ROUTE, - validate: GetEndpointPackagePolicyRequestSchema, - options: { authRequired: true }, - }, - withEndpointAuthz( - { all: ['canAccessEndpointManagement'] }, - logger, - getPolicyListHandler(endpointAppContext) - ) - ); } diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts index a2b03198234a6..1b9ce8911c5bf 100644 --- a/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts +++ b/x-pack/test/security_solution_endpoint_api_int/apis/endpoint_authz.ts @@ -62,11 +62,6 @@ export default function ({ getService }: FtrProviderContext) { path: '/api/endpoint/policy_response?agentId=1', body: undefined, }, - { - method: 'get', - path: '/api/endpoint/policy', - body: undefined, - }, { method: 'post', path: '/api/endpoint/isolate',