[8.7] [Security Solution] Invalidate prebuilt rules status after pack…

…age upgrade or installation (#150292) (#151019)

# Backport

This will backport the following commits from `main` to `8.7`:
- [[Security Solution] Invalidate prebuilt rules status after package
upgrade or installation
(#150292)](#150292)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Dmitrii
Shevchenko","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-02-13T15:00:20Z","message":"[Security
Solution] Invalidate prebuilt rules status after package upgrade or
installation (#150292)\n\n**Resolves:
https://github.com/elastic/kibana/issues/150306**\r\n\r\n##
Summary\r\n\r\nFixes the Load Prebuilt rules button not visible when
users visit the\r\nrules management page for the first time (no prebuilt
detection rules\r\npackage installed).\r\n\r\n## Steps to test\r\n\r\n1.
Ensure that the detection engine package is not installed:
<img\r\nsrc=\"https://user-images.githubusercontent.com/1938181/216949857-a49731f3-535e-4813-95d3-62b2995500bb.png\"\r\nwidth=\"600\"
/>\r\n2. Navigate to the rules management page.\r\n\r\n###
Previously\r\n\r\nThe \"Load Elastic Prebuilt Rules\" button is not
visible, and users\r\ncannot install prebuilt
rules.\r\n\r\n<img\r\nsrc=\"https://user-images.githubusercontent.com/1938181/216950430-4c57a3ad-3146-40a0-82c2-08c4fc2f65c3.png\"\r\nwidth=\"600\"
/>\r\n\r\n### With the fix\r\n\r\nUsers now see loading animation,
indicating that the package\r\ninstallation happens in the background.
Once the package installation\r\nfinishes, users see the Load Prebuilt
rules button
appear.\r\n\r\n\r\nhttps://user-images.githubusercontent.com/1938181/217585144-879fe288-0ede-4e01-b585-6aced1d89379.mov","sha":"4f1f2a84fdf3421d6b56aac82274dee2e881d376","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:high","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection
Rules","Feature:Prebuilt Detection
Rules","v8.7.0","v8.8.0"],"number":150292,"url":"https://github.com/elastic/kibana/pull/150292","mergeCommit":{"message":"[Security
Solution] Invalidate prebuilt rules status after package upgrade or
installation (#150292)\n\n**Resolves:
https://github.com/elastic/kibana/issues/150306**\r\n\r\n##
Summary\r\n\r\nFixes the Load Prebuilt rules button not visible when
users visit the\r\nrules management page for the first time (no prebuilt
detection rules\r\npackage installed).\r\n\r\n## Steps to test\r\n\r\n1.
Ensure that the detection engine package is not installed:
<img\r\nsrc=\"https://user-images.githubusercontent.com/1938181/216949857-a49731f3-535e-4813-95d3-62b2995500bb.png\"\r\nwidth=\"600\"
/>\r\n2. Navigate to the rules management page.\r\n\r\n###
Previously\r\n\r\nThe \"Load Elastic Prebuilt Rules\" button is not
visible, and users\r\ncannot install prebuilt
rules.\r\n\r\n<img\r\nsrc=\"https://user-images.githubusercontent.com/1938181/216950430-4c57a3ad-3146-40a0-82c2-08c4fc2f65c3.png\"\r\nwidth=\"600\"
/>\r\n\r\n### With the fix\r\n\r\nUsers now see loading animation,
indicating that the package\r\ninstallation happens in the background.
Once the package installation\r\nfinishes, users see the Load Prebuilt
rules button
appear.\r\n\r\n\r\nhttps://user-images.githubusercontent.com/1938181/217585144-879fe288-0ede-4e01-b585-6aced1d89379.mov","sha":"4f1f2a84fdf3421d6b56aac82274dee2e881d376"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/150292","number":150292,"mergeCommit":{"message":"[Security
Solution] Invalidate prebuilt rules status after package upgrade or
installation (#150292)\n\n**Resolves:
https://github.com/elastic/kibana/issues/150306**\r\n\r\n##
Summary\r\n\r\nFixes the Load Prebuilt rules button not visible when
users visit the\r\nrules management page for the first time (no prebuilt
detection rules\r\npackage installed).\r\n\r\n## Steps to test\r\n\r\n1.
Ensure that the detection engine package is not installed:
<img\r\nsrc=\"https://user-images.githubusercontent.com/1938181/216949857-a49731f3-535e-4813-95d3-62b2995500bb.png\"\r\nwidth=\"600\"
/>\r\n2. Navigate to the rules management page.\r\n\r\n###
Previously\r\n\r\nThe \"Load Elastic Prebuilt Rules\" button is not
visible, and users\r\ncannot install prebuilt
rules.\r\n\r\n<img\r\nsrc=\"https://user-images.githubusercontent.com/1938181/216950430-4c57a3ad-3146-40a0-82c2-08c4fc2f65c3.png\"\r\nwidth=\"600\"
/>\r\n\r\n### With the fix\r\n\r\nUsers now see loading animation,
indicating that the package\r\ninstallation happens in the background.
Once the package installation\r\nfinishes, users see the Load Prebuilt
rules button
appear.\r\n\r\n\r\nhttps://user-images.githubusercontent.com/1938181/217585144-879fe288-0ede-4e01-b585-6aced1d89379.mov","sha":"4f1f2a84fdf3421d6b56aac82274dee2e881d376"}}]}]
BACKPORT-->

Co-authored-by: Dmitrii Shevchenko <[email protected]>

x-pack/plugins/security_solution/public/app/home/index.tsx

@@ -18,14 +18,14 @@ import {
   getScopeFromPath,
   useSourcererDataView,
 } from '../../common/containers/sourcerer';
-import { useUpgradeSecurityPackages } from '../../common/hooks/use_upgrade_security_packages';
 import { GlobalHeader } from './global_header';
 import { ConsoleManager } from '../../management/components/console/components/console_manager';
 
 import { TourContextProvider } from '../../common/components/guided_onboarding_tour';
 
 import { useUrlState } from '../../common/hooks/use_url_state';
 import { useUpdateBrowserTitle } from '../../common/hooks/use_update_browser_title';
+import { useUpgradeSecurityPackages } from '../../detection_engine/rule_management/logic/use_upgrade_security_packages';
 
 interface HomePageProps {
   children: React.ReactNode;

x-pack/plugins/security_solution/public/detection_engine/rule_management/api/api.ts

@@ -10,6 +10,9 @@ import type {
   ExceptionListItemSchema,
 } from '@kbn/securitysolution-io-ts-list-types';
 
+import type { BulkInstallPackagesResponse } from '@kbn/fleet-plugin/common';
+import { epmRouteService } from '@kbn/fleet-plugin/common';
+import type { InstallPackageResponse } from '@kbn/fleet-plugin/common/types';
 import type { RuleManagementFiltersResponse } from '../../../../common/detection_engine/rule_management/api/rules/filters/response_schema';
 import { RULE_MANAGEMENT_FILTERS_URL } from '../../../../common/detection_engine/rule_management/api/urls';
 import type { BulkActionsDryRunErrCode } from '../../../../common/constants';
@@ -481,3 +484,61 @@ export const addRuleExceptions = async ({
       signal,
     }
   );
+
+export interface InstallFleetPackageProps {
+  packageName: string;
+  packageVersion: string;
+  prerelease?: boolean;
+  force?: boolean;
+}
+
+/**
+ * Install a Fleet package from the registry
+ *
+ * @param packageName Name of the package to install
+ * @param packageVersion Version of the package to install
+ * @param prerelease Whether to install a prerelease version of the package
+ * @param force Whether to force install the package. If false, the package will only be installed if it is not already installed
+ *
+ * @returns The response from the Fleet API
+ */
+export const installFleetPackage = ({
+  packageName,
+  packageVersion,
+  prerelease = false,
+  force = true,
+}: InstallFleetPackageProps): Promise<InstallPackageResponse> => {
+  return KibanaServices.get().http.post<InstallPackageResponse>(
+    epmRouteService.getInstallPath(packageName, packageVersion),
+    {
+      query: { prerelease },
+      body: JSON.stringify({ force }),
+    }
+  );
+};
+
+export interface BulkInstallFleetPackagesProps {
+  packages: string[];
+  prerelease?: boolean;
+}
+
+/**
+ * Install multiple Fleet packages from the registry
+ *
+ * @param packages Array of package names to install
+ * @param prerelease Whether to install prerelease versions of the packages
+ *
+ * @returns The response from the Fleet API
+ */
+export const bulkInstallFleetPackages = ({
+  packages,
+  prerelease = false,
+}: BulkInstallFleetPackagesProps): Promise<BulkInstallPackagesResponse> => {
+  return KibanaServices.get().http.post<BulkInstallPackagesResponse>(
+    epmRouteService.getBulkInstallPath(),
+    {
+      query: { prerelease },
+      body: JSON.stringify({ packages }),
+    }
+  );
+};

x-pack/plugins/security_solution/public/detection_engine/rule_management/api/hooks/use_bulk_install_fleet_packages_mutation.ts

@@ -0,0 +1,44 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { EPM_API_ROUTES } from '@kbn/fleet-plugin/common';
+import type { BulkInstallPackagesResponse } from '@kbn/fleet-plugin/common/types';
+import type { UseMutationOptions } from '@tanstack/react-query';
+import { useMutation } from '@tanstack/react-query';
+import { PREBUILT_RULES_PACKAGE_NAME } from '../../../../../common/detection_engine/constants';
+import type { BulkInstallFleetPackagesProps } from '../api';
+import { bulkInstallFleetPackages } from '../api';
+import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
+
+export const BULK_INSTALL_FLEET_PACKAGES_MUTATION_KEY = [
+  'POST',
+  EPM_API_ROUTES.BULK_INSTALL_PATTERN,
+];
+
+export const useBulkInstallFleetPackagesMutation = (
+  options?: UseMutationOptions<BulkInstallPackagesResponse, Error, BulkInstallFleetPackagesProps>
+) => {
+  const invalidatePrePackagedRulesStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
+
+  return useMutation((props: BulkInstallFleetPackagesProps) => bulkInstallFleetPackages(props), {
+    ...options,
+    mutationKey: BULK_INSTALL_FLEET_PACKAGES_MUTATION_KEY,
+    onSettled: (...args) => {
+      const response = args[0];
+      const rulesPackage = response?.items.find(
+        (item) => item.name === PREBUILT_RULES_PACKAGE_NAME
+      );
+      if (rulesPackage && 'result' in rulesPackage && rulesPackage.result.status === 'installed') {
+        // The rules package was installed/updated, so invalidate the pre-packaged rules status query
+        invalidatePrePackagedRulesStatus();
+      }
+
+      if (options?.onSettled) {
+        options.onSettled(...args);
+      }
+    },
+  });
+};

x-pack/plugins/security_solution/public/detection_engine/rule_management/api/hooks/use_install_fleet_package_mutation.ts

@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import { EPM_API_ROUTES } from '@kbn/fleet-plugin/common';
+import type { InstallPackageResponse } from '@kbn/fleet-plugin/common/types';
+import type { UseMutationOptions } from '@tanstack/react-query';
+import { useMutation } from '@tanstack/react-query';
+import { PREBUILT_RULES_PACKAGE_NAME } from '../../../../../common/detection_engine/constants';
+import type { InstallFleetPackageProps } from '../api';
+import { installFleetPackage } from '../api';
+import { useInvalidateFetchPrebuiltRulesStatusQuery } from './use_fetch_prebuilt_rules_status_query';
+
+export const INSTALL_FLEET_PACKAGE_MUTATION_KEY = [
+  'POST',
+  EPM_API_ROUTES.INSTALL_FROM_REGISTRY_PATTERN,
+];
+
+export const useInstallFleetPackageMutation = (
+  options?: UseMutationOptions<InstallPackageResponse, Error, InstallFleetPackageProps>
+) => {
+  const invalidatePrePackagedRulesStatus = useInvalidateFetchPrebuiltRulesStatusQuery();
+
+  return useMutation((props: InstallFleetPackageProps) => installFleetPackage(props), {
+    ...options,
+    mutationKey: INSTALL_FLEET_PACKAGE_MUTATION_KEY,
+    onSettled: (...args) => {
+      const { packageName } = args[2];
+      if (packageName === PREBUILT_RULES_PACKAGE_NAME) {
+        // Invalidate the pre-packaged rules status query as there might be new rules to install
+        invalidatePrePackagedRulesStatus();
+      }
+
+      if (options?.onSettled) {
+        options.onSettled(...args);
+      }
+    },
+  });
+};

x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/use_install_pre_packaged_rules.ts

@@ -4,8 +4,12 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
+import { useIsMutating } from '@tanstack/react-query';
 import { useAppToasts } from '../../../common/hooks/use_app_toasts';
-import { useCreatePrebuiltRulesMutation } from '../api/hooks/use_create_prebuilt_rules_mutation';
+import {
+  CREATE_PREBUILT_RULES_MUTATION_KEY,
+  useCreatePrebuiltRulesMutation,
+} from '../api/hooks/use_create_prebuilt_rules_mutation';
 import * as i18n from './translations';
 
 export const useInstallPrePackagedRules = () => {
@@ -21,6 +25,11 @@ export const useInstallPrePackagedRules = () => {
   });
 };
 
+export const useIsInstallingPrePackagedRules = () => {
+  const mutationsCount = useIsMutating(CREATE_PREBUILT_RULES_MUTATION_KEY);
+  return mutationsCount > 0;
+};
+
 const getSuccessToastMessage = (result: {
   rules_installed: number;
   rules_updated: number;