Deprecate csp rule

src/core/server/integration_tests/saved_objects/migrations/check_registered_types.test.ts

@@ -79,7 +79,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "config-global": "b8f559884931609a349e129c717af73d23e7bc76",
         "connector_token": "fa5301aa5a2914795d3b1b82d0a49939444009da",
         "core-usage-stats": "f40a213da2c597b0de94e364a4326a5a1baa4ca9",
-        "csp-rule-template": "3679c5f2431da8153878db79c78a4e695357fb61",
+        "csp-rule-template": "d7e403244d466ee0daaf75e1616b9c5d5fd8c1cb",
         "csp_rule": "d2bb53ea5d2bdfba1a835ad8956dfcd2b2c32e19",
         "dashboard": "7e37790f802b39c852f905c010e13674e893105a",
         "endpoint:user-artifact": "f94c250a52b30d0a2d32635f8b4c5bdabd1e25c0",

x-pack/plugins/cloud_security_posture/common/types.ts

@@ -6,7 +6,7 @@
  */
 
 import type { PackagePolicy, AgentPolicy } from '@kbn/fleet-plugin/common';
-import type { CspRuleMetadata } from './schemas/csp_rule_metadata';
+import { CspRuleMetadata } from './schemas';
 
 export type Evaluation = 'passed' | 'failed' | 'NA';
 /** number between 1-100 */
@@ -90,18 +90,12 @@ interface CspSetupInstalledStatus extends BaseCspSetupStatus {
 
 export type CspSetupStatus = CspSetupInstalledStatus | CspSetupNotInstalledStatus;
 
-export interface CspRulesStatus {
-  all: number;
-  enabled: number;
-  disabled: number;
-}
-
 export type AgentPolicyStatus = Pick<AgentPolicy, 'id' | 'name'> & { agents: number };
 
 export interface Benchmark {
   package_policy: PackagePolicy;
   agent_policy: AgentPolicyStatus;
-  rules: CspRulesStatus;
+  number_of_rules: number;
 }
 
 export type BenchmarkId = CspRuleMetadata['benchmark']['id'];

x-pack/plugins/cloud_security_posture/common/utils/helpers.test.ts

@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createPackagePolicyMock } from '@kbn/fleet-plugin/common/mocks';
+import {
+  extractBenchmarkFromPackagePolicy,
+  getBenchmarkTypeFilterFromBenchmarkId,
+} from './helpers';
+
+describe('test helper methods', () => {
+  it('get default integration type from inputs with multiple enabled types', () => {
+    const mockPackagePolicy = createPackagePolicyMock();
+
+    // Both enabled falls back to default
+    mockPackagePolicy.inputs = [
+      { type: 'cloudbeat/cis_k8s', enabled: true, streams: [] },
+      { type: 'cloudbeat/cis_eks', enabled: true, streams: [] },
+    ];
+    const type = extractBenchmarkFromPackagePolicy(mockPackagePolicy.inputs);
+    expect(type).toMatch('cis_k8s');
+  });
+
+  it('get default integration type from inputs without any enabled types', () => {
+    const mockPackagePolicy = createPackagePolicyMock();
+
+    // None enabled falls back to default
+    mockPackagePolicy.inputs = [
+      { type: 'cloudbeat/cis_k8s', enabled: false, streams: [] },
+      { type: 'cloudbeat/cis_eks', enabled: false, streams: [] },
+    ];
+    const type = extractBenchmarkFromPackagePolicy(mockPackagePolicy.inputs);
+    expect(type).toMatch('cis_k8s');
+  });
+
+  it('get EKS integration type', () => {
+    const mockPackagePolicy = createPackagePolicyMock();
+
+    // Single EKS selected
+    mockPackagePolicy.inputs = [
+      { type: 'cloudbeat/cis_eks', enabled: true, streams: [] },
+      { type: 'cloudbeat/cis_k8s', enabled: false, streams: [] },
+    ];
+    const typeEks = extractBenchmarkFromPackagePolicy(mockPackagePolicy.inputs);
+    expect(typeEks).toMatch('cis_eks');
+  });
+
+  it('get Vanilla K8S integration type', () => {
+    const mockPackagePolicy = createPackagePolicyMock();
+
+    // Single k8s selected
+    mockPackagePolicy.inputs = [
+      { type: 'cloudbeat/cis_eks', enabled: false, streams: [] },
+      { type: 'cloudbeat/cis_k8s', enabled: true, streams: [] },
+    ];
+    const typeK8s = extractBenchmarkFromPackagePolicy(mockPackagePolicy.inputs);
+    expect(typeK8s).toMatch('cis_k8s');
+  });
+  it('get benchmark type filter based on a benchmark id', () => {
+    const typeFilter = getBenchmarkTypeFilterFromBenchmarkId('cis_eks');
+    expect(typeFilter).toMatch('csp-rule-template.attributes.metadata.benchmark.id: "cis_eks"');
+  });
+});

x-pack/plugins/cloud_security_posture/common/utils/helpers.ts

@@ -6,7 +6,18 @@
  */
 
 import { Truthy } from 'lodash';
-import { CSP_RULE_SAVED_OBJECT_TYPE } from '../constants';
+import {
+  NewPackagePolicy,
+  NewPackagePolicyInput,
+  PackagePolicy,
+  PackagePolicyInput,
+} from '@kbn/fleet-plugin/common';
+import {
+  CLOUD_SECURITY_POSTURE_PACKAGE_NAME,
+  CLOUDBEAT_VANILLA,
+  CSP_RULE_TEMPLATE_SAVED_OBJECT_TYPE,
+} from '../constants';
+import { BenchmarkId } from '../types';
 
 /**
  * @example
@@ -25,13 +36,30 @@ export const extractErrorMessage = (e: unknown, defaultMessage = 'Unknown Error'
   return defaultMessage; // TODO: i18n
 };
 
-export const createCspRuleSearchFilterByPackagePolicy = ({
-  packagePolicyId,
-  policyId,
-}: {
-  packagePolicyId: string;
-  policyId?: string;
-}): string =>
-  `${CSP_RULE_SAVED_OBJECT_TYPE}.attributes.package_policy_id: "${packagePolicyId}"${
-    policyId ? ` AND ${CSP_RULE_SAVED_OBJECT_TYPE}.attributes.policy_id: "${policyId}"` : ''
-  }`;
+export const getBenchmarkTypeFilterFromBenchmarkId = (type: BenchmarkId): string =>
+  `${CSP_RULE_TEMPLATE_SAVED_OBJECT_TYPE}.attributes.metadata.benchmark.id: "${type}"`;
+
+export const isEnabledBenchmarkInputType = (input: PackagePolicyInput | NewPackagePolicyInput) =>
+  !!input.type && input.enabled;
+
+export const isCspPackage = (packageName?: string) =>
+  packageName === CLOUD_SECURITY_POSTURE_PACKAGE_NAME;
+
+export const extractBenchmarkFromPackagePolicy = (
+  inputs: PackagePolicy['inputs'] | NewPackagePolicy['inputs']
+): BenchmarkId => {
+  const enabledInputs = inputs.filter(isEnabledBenchmarkInputType);
+
+  // Use the only enabled input
+  if (enabledInputs.length === 1) {
+    return getInputType(enabledInputs[0].type);
+  }
+
+  // Use the default benchmark id for multiple/none selected
+  return getInputType(CLOUDBEAT_VANILLA);
+};
+
+const getInputType = (inputType: string): string => {
+  // Get the last part of the input type, input type structure: cloudbeat/<benchmark_id>
+  return inputType.split('/')[1];
+};

x-pack/plugins/cloud_security_posture/public/pages/benchmarks/benchmarks_table.tsx

@@ -50,7 +50,6 @@ const IntegrationButtonLink = ({
   policyId: string;
 }) => {
   const { application } = useKibana().services;
-
   return (
     <EuiLink
       href={application.getUrlForApp('security', {
@@ -83,7 +82,7 @@ const BENCHMARKS_TABLE_COLUMNS: Array<EuiBasicTableColumn<Benchmark>> = [
     'data-test-subj': TEST_SUBJ.BENCHMARKS_TABLE_COLUMNS.INTEGRATION_NAME,
   },
   {
-    field: 'rules.enabled',
+    field: 'number_of_rules',
     name: i18n.translate('xpack.csp.benchmarks.benchmarksTable.rulesColumnTitle', {
       defaultMessage: 'Rules',
     }),

x-pack/plugins/cloud_security_posture/public/pages/rules/rules_container.test.tsx

@@ -52,14 +52,9 @@ const getWrapper =
   };
 
 const getRuleMock = ({
-  packagePolicyId = chance.guid(),
-  policyId = chance.guid(),
   savedObjectId = chance.guid(),
   id = chance.guid(),
-  enabled,
 }: {
-  packagePolicyId?: string;
-  policyId?: string;
   savedObjectId?: string;
   id?: string;
   enabled: boolean;
@@ -73,6 +68,7 @@ const getRuleMock = ({
         benchmark: {
           name: chance.word(),
           version: chance.sentence(),
+          id: chance.word(),
         },
         default_value: chance.sentence(),
         description: chance.sentence(),
@@ -88,15 +84,11 @@ const getRuleMock = ({
         tags: [chance.word(), chance.word()],
         version: chance.sentence(),
       },
-      package_policy_id: packagePolicyId,
-      policy_id: policyId,
-      enabled,
       muted: false,
     },
   } as RuleSavedObject);
 
 const params = {
-  policyId: chance.guid(),
   packagePolicyId: chance.guid(),
 };
 
@@ -118,6 +110,7 @@ describe('<RulesContainer />', () => {
         total: 1,
         savedObjects: [rule1],
       },
+      policyId: params.packagePolicyId,
     });
 
     render(

x-pack/plugins/cloud_security_posture/public/pages/rules/rules_container.tsx

@@ -7,11 +7,7 @@
 import React, { useState, useMemo } from 'react';
 import { EuiPanel, EuiSpacer } from '@elastic/eui';
 import { useParams } from 'react-router-dom';
-import {
-  extractErrorMessage,
-  createCspRuleSearchFilterByPackagePolicy,
-  isNonNullable,
-} from '../../../common/utils/helpers';
+import { extractErrorMessage, isNonNullable } from '../../../common/utils/helpers';
 import { RulesTable } from './rules_table';
 import { RulesTableHeader } from './rules_table_header';
 import {
@@ -72,21 +68,21 @@ export const RulesContainer = () => {
   const [selectedRuleId, setSelectedRuleId] = useState<string | null>(null);
   const { pageSize, setPageSize } = usePageSize(LOCAL_STORAGE_PAGE_SIZE_RULES_KEY);
   const [rulesQuery, setRulesQuery] = useState<RulesQuery>({
-    filter: createCspRuleSearchFilterByPackagePolicy({
-      packagePolicyId: params.packagePolicyId,
-      policyId: params.policyId,
-    }),
+    filter: '',
     search: '',
     page: 0,
     perPage: pageSize || 10,
   });
 
-  const { data, status, error } = useFindCspRules({
-    filter: rulesQuery.filter,
-    search: rulesQuery.search,
-    page: 1,
-    perPage: MAX_ITEMS_PER_PAGE,
-  });
+  const { data, status, error } = useFindCspRules(
+    {
+      filter: rulesQuery.filter,
+      search: rulesQuery.search,
+      page: 1,
+      perPage: MAX_ITEMS_PER_PAGE,
+    },
+    params.packagePolicyId
+  );
 
   const rulesPageData = useMemo(
     () => getRulesPageData({ data, error, status }, rulesQuery),

x-pack/plugins/cloud_security_posture/public/pages/rules/use_csp_rules.ts

@@ -7,29 +7,46 @@
 import { useQuery } from '@tanstack/react-query';
 import { FunctionKeys } from 'utility-types';
 import type { SavedObjectsFindOptions, SimpleSavedObject } from '@kbn/core/public';
-import { CSP_RULE_SAVED_OBJECT_TYPE } from '../../../common/constants';
-import type { CspRule } from '../../../common/schemas';
+import { NewPackagePolicy, PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '@kbn/fleet-plugin/common';
+import {
+  extractBenchmarkFromPackagePolicy,
+  getBenchmarkTypeFilterFromBenchmarkId,
+} from '../../../common/utils/helpers';
+import { CSP_RULE_TEMPLATE_SAVED_OBJECT_TYPE } from '../../../common/constants';
+import { CspRuleTemplate } from '../../../common/schemas';
 import { useKibana } from '../../common/hooks/use_kibana';
 
-export type RuleSavedObject = Omit<SimpleSavedObject<CspRule>, FunctionKeys<SimpleSavedObject>>;
+export type RuleSavedObject = Omit<
+  SimpleSavedObject<CspRuleTemplate>,
+  FunctionKeys<SimpleSavedObject>
+>;
 
 export type RulesQuery = Required<
   Pick<SavedObjectsFindOptions, 'search' | 'page' | 'perPage' | 'filter'>
 >;
 export type RulesQueryResult = ReturnType<typeof useFindCspRules>;
 
-export const useFindCspRules = ({ search, page, perPage, filter }: RulesQuery) => {
+export const useFindCspRules = (
+  { search, page, perPage, filter }: RulesQuery,
+  packagePolicyId: string
+) => {
   const { savedObjects } = useKibana().services;
 
-  return useQuery([CSP_RULE_SAVED_OBJECT_TYPE, { search, page, perPage }], () =>
-    savedObjects.client.find<CspRule>({
-      type: CSP_RULE_SAVED_OBJECT_TYPE,
-      search: search ? `"${search}"*` : '',
-      searchFields: ['metadata.name.text'],
-      page: 1,
-      sortField: 'metadata.name',
-      perPage,
-      filter,
-    })
+  return useQuery([CSP_RULE_TEMPLATE_SAVED_OBJECT_TYPE, { search, page, perPage }], () =>
+    savedObjects.client
+      .get<NewPackagePolicy>(PACKAGE_POLICY_SAVED_OBJECT_TYPE, packagePolicyId)
+      .then((res) => {
+        const benchmarkId = extractBenchmarkFromPackagePolicy(res.attributes.inputs);
+
+        return savedObjects.client.find<CspRuleTemplate>({
+          type: CSP_RULE_TEMPLATE_SAVED_OBJECT_TYPE,
+          search: search ? `"${search}"*` : '',
+          searchFields: ['metadata.name.text'],
+          page: 1,
+          sortField: 'metadata.name',
+          perPage,
+          filter: getBenchmarkTypeFilterFromBenchmarkId(benchmarkId),
+        });
+      })
   );
 };

x-pack/plugins/cloud_security_posture/public/test/fixtures/csp_benchmark_integration.ts

@@ -55,13 +55,9 @@ export const createCspBenchmarkIntegrationFixture = ({
     name: chance.sentence(),
     agents: chance.integer({ min: 0 }),
   },
-  rules = {
-    all: chance.integer(),
-    enabled: chance.integer(),
-    disabled: chance.integer(),
-  },
+  number_of_rules = chance.integer({ min: 0, max: 10 }),
 }: CreateCspBenchmarkIntegrationFixtureInput = {}): Benchmark => ({
   package_policy,
   agent_policy,
-  rules,
+  number_of_rules,
 });