From c5618be0d51d5ee93e3837c2afcb83538151872d Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Wed, 3 Apr 2024 14:25:30 +0700 Subject: [PATCH 01/10] [Fleet] Enable subfeature privileges --- x-pack/plugins/fleet/common/experimental_features.ts | 2 +- x-pack/plugins/fleet/server/plugin.ts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/fleet/common/experimental_features.ts b/x-pack/plugins/fleet/common/experimental_features.ts index 8271f0403beda..5bfccd24861ad 100644 --- a/x-pack/plugins/fleet/common/experimental_features.ts +++ b/x-pack/plugins/fleet/common/experimental_features.ts @@ -27,7 +27,7 @@ export const allowedExperimentalValues = Object.freeze>( remoteESOutput: true, agentless: false, enableStrictKQLValidation: false, - subfeaturePrivileges: false, + subfeaturePrivileges: true, }); type ExperimentalConfigKeys = Array; diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts index aad61fd21c9ae..413a54877fefe 100644 --- a/x-pack/plugins/fleet/server/plugin.ts +++ b/x-pack/plugins/fleet/server/plugin.ts @@ -301,7 +301,8 @@ export class FleetPlugin app: [PLUGIN_ID], catalogue: ['fleet'], privilegesTooltip: i18n.translate('xpack.fleet.serverPlugin.privilegesTooltip', { - defaultMessage: 'All Spaces is required for Fleet access.', + defaultMessage: + 'All Spaces is required for Fleet access. Subfeatures privileges functionality is in technical preview and may be changed or removed completely in a future release.', }), reserved: { description: From c85fc26695cb432d6fce1a00790bec1be250b5cc Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Thu, 4 Apr 2024 11:02:08 -0400 Subject: [PATCH 02/10] Fix security FTR tests --- .../apis/security/privileges_basic.ts | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 2773adfe070e8..569ca1babdc0b 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -45,7 +45,18 @@ export default function ({ getService }: FtrProviderContext) { siem: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionCases: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'agent_policies_all', + 'agent_policies_read', + 'agents_all', + 'agents_read', + 'all', + 'minimal_all', + 'minimal_read', + 'read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], @@ -116,7 +127,18 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'agent_policies_all', + 'agent_policies_read', + 'agents_all', + 'agents_read', + 'all', + 'minimal_all', + 'minimal_read', + 'read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], From e7ded61632668346e490f4a0e3b42b83cd29a88e Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Thu, 4 Apr 2024 13:32:34 -0400 Subject: [PATCH 03/10] Fix security FTR tests (for real this time) --- .../apis/security/privileges.ts | 13 +++++++++++- .../apis/security/privileges_basic.ts | 20 +++++++++---------- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts index 04a4177485348..029706ea58fd4 100644 --- a/x-pack/test/api_integration/apis/security/privileges.ts +++ b/x-pack/test/api_integration/apis/security/privileges.ts @@ -40,7 +40,18 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'all', + 'read', + 'minimal_all', + 'minimal_read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 569ca1babdc0b..920b6d01f86be 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -46,14 +46,14 @@ export default function ({ getService }: FtrProviderContext) { securitySolutionAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionCases: ['all', 'read', 'minimal_all', 'minimal_read'], fleetv2: [ - 'agent_policies_all', - 'agent_policies_read', - 'agents_all', - 'agents_read', 'all', + 'read', 'minimal_all', 'minimal_read', - 'read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', 'settings_all', 'settings_read', ], @@ -128,14 +128,14 @@ export default function ({ getService }: FtrProviderContext) { observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], fleetv2: [ - 'agent_policies_all', - 'agent_policies_read', - 'agents_all', - 'agents_read', 'all', + 'read', 'minimal_all', 'minimal_read', - 'read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', 'settings_all', 'settings_read', ], From 2a883db1ebcae656497fba99960fe0bdaae17724 Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Fri, 5 Apr 2024 11:02:03 -0400 Subject: [PATCH 04/10] Fix basic license test --- .../apis/security/privileges_basic.ts | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 920b6d01f86be..185410b75951f 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -45,18 +45,7 @@ export default function ({ getService }: FtrProviderContext) { siem: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionCases: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: [ - 'all', - 'read', - 'minimal_all', - 'minimal_read', - 'agents_all', - 'agents_read', - 'agent_policies_all', - 'agent_policies_read', - 'settings_all', - 'settings_read', - ], + fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], From c1736fb86d06d11d0b33b01f4606fbcd5836648b Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Mon, 8 Apr 2024 11:16:11 -0400 Subject: [PATCH 05/10] Fix tests again? --- .../api_integration/apis/security/privileges.ts | 13 +------------ .../apis/security/privileges_basic.ts | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts index 029706ea58fd4..04a4177485348 100644 --- a/x-pack/test/api_integration/apis/security/privileges.ts +++ b/x-pack/test/api_integration/apis/security/privileges.ts @@ -40,18 +40,7 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: [ - 'all', - 'read', - 'minimal_all', - 'minimal_read', - 'agents_all', - 'agents_read', - 'agent_policies_all', - 'agent_policies_read', - 'settings_all', - 'settings_read', - ], + fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 185410b75951f..1516074f6c8e7 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); - describe('Privileges', () => { + describe('Privileges (basic)', () => { describe('GET /api/security/privileges', () => { it('should return a privilege map with all known privileges, without actions', async () => { // If you're adding a privilege to the following, that's great! @@ -45,7 +45,18 @@ export default function ({ getService }: FtrProviderContext) { siem: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionCases: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'all', + 'read', + 'minimal_all', + 'minimal_read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], From 1713d72af8ebfcc47cf32a9758991a2a031f1fbc Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Mon, 8 Apr 2024 13:27:43 -0400 Subject: [PATCH 06/10] Fix tests again??? --- .../apis/security/privileges_basic.ts | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 1516074f6c8e7..a846678c4781e 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); - describe('Privileges (basic)', () => { + describe('Privileges', () => { describe('GET /api/security/privileges', () => { it('should return a privilege map with all known privileges, without actions', async () => { // If you're adding a privilege to the following, that's great! @@ -127,18 +127,7 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: [ - 'all', - 'read', - 'minimal_all', - 'minimal_read', - 'agents_all', - 'agents_read', - 'agent_policies_all', - 'agent_policies_read', - 'settings_all', - 'settings_read', - ], + fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], From 31c573f87117d287da2dbb0409b3bf6e2aebff2a Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Tue, 9 Apr 2024 12:18:05 -0400 Subject: [PATCH 07/10] Try setting privileges back to original value --- .../apis/security/privileges_basic.ts | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index a846678c4781e..7f0ea3f10f77a 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); - describe('Privileges', () => { + describe('Privileges (basic)', () => { describe('GET /api/security/privileges', () => { it('should return a privilege map with all known privileges, without actions', async () => { // If you're adding a privilege to the following, that's great! @@ -45,18 +45,7 @@ export default function ({ getService }: FtrProviderContext) { siem: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionCases: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: [ - 'all', - 'read', - 'minimal_all', - 'minimal_read', - 'agents_all', - 'agents_read', - 'agent_policies_all', - 'agent_policies_read', - 'settings_all', - 'settings_read', - ], + fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], From b4d947d47aa07944406e4899c7b8ac00ab995e47 Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Wed, 10 Apr 2024 09:42:59 -0400 Subject: [PATCH 08/10] Update privileges_basic.ts --- x-pack/test/api_integration/apis/security/privileges_basic.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 7f0ea3f10f77a..2773adfe070e8 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); - describe('Privileges (basic)', () => { + describe('Privileges', () => { describe('GET /api/security/privileges', () => { it('should return a privilege map with all known privileges, without actions', async () => { // If you're adding a privilege to the following, that's great! From dbcf40843efb1950c3f015cc3f8017e5fc048516 Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Wed, 10 Apr 2024 09:56:57 -0400 Subject: [PATCH 09/10] Reenable subfeaturePrivileges flag + update kibana security tests --- .../plugins/fleet/common/experimental_features.ts | 2 +- .../api_integration/apis/security/privileges.ts | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/fleet/common/experimental_features.ts b/x-pack/plugins/fleet/common/experimental_features.ts index a12711012f307..1c47f91ea241e 100644 --- a/x-pack/plugins/fleet/common/experimental_features.ts +++ b/x-pack/plugins/fleet/common/experimental_features.ts @@ -27,7 +27,7 @@ export const allowedExperimentalValues = Object.freeze>( remoteESOutput: true, agentless: false, enableStrictKQLValidation: false, - subfeaturePrivileges: false, + subfeaturePrivileges: true, enablePackagesStateMachine: true, advancedPolicySettings: true, }); diff --git a/x-pack/test/api_integration/apis/security/privileges.ts b/x-pack/test/api_integration/apis/security/privileges.ts index 04a4177485348..029706ea58fd4 100644 --- a/x-pack/test/api_integration/apis/security/privileges.ts +++ b/x-pack/test/api_integration/apis/security/privileges.ts @@ -40,7 +40,18 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'all', + 'read', + 'minimal_all', + 'minimal_read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'], From 8af5f825e04c50963eb4956032d6aafd0ebc4c93 Mon Sep 17 00:00:00 2001 From: Kyle Pollich Date: Wed, 10 Apr 2024 14:35:54 -0400 Subject: [PATCH 10/10] Fix basic tests --- .../apis/security/privileges_basic.ts | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/x-pack/test/api_integration/apis/security/privileges_basic.ts b/x-pack/test/api_integration/apis/security/privileges_basic.ts index 2773adfe070e8..9c76978e5205b 100644 --- a/x-pack/test/api_integration/apis/security/privileges_basic.ts +++ b/x-pack/test/api_integration/apis/security/privileges_basic.ts @@ -116,7 +116,19 @@ export default function ({ getService }: FtrProviderContext) { ], observabilityAIAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], slo: ['all', 'read', 'minimal_all', 'minimal_read'], - fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + // fleetv2: ['all', 'read', 'minimal_all', 'minimal_read'], + fleetv2: [ + 'all', + 'read', + 'minimal_all', + 'minimal_read', + 'agents_all', + 'agents_read', + 'agent_policies_all', + 'agent_policies_read', + 'settings_all', + 'settings_read', + ], fleet: ['all', 'read', 'minimal_all', 'minimal_read'], actions: ['all', 'read', 'minimal_all', 'minimal_read'], stackAlerts: ['all', 'read', 'minimal_all', 'minimal_read'],