elastic · paul-tavares · Mar 22, 2021 · Mar 18, 2021 · Mar 18, 2021 · Mar 18, 2021
diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts
@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export type ExperimentalFeatures = typeof allowedExperimentalValues;
+
+/**
+ * A list of allowed values that can be used in `xpack.securitySolution.enableExperimental`.
+ * This object is then used to validate and parse the value entered.
+ */
+const allowedExperimentalValues = Object.freeze({
+  fleetServerEnabled: false,
+});
+
+type Mutable<T> = { -readonly [P in keyof T]: T[P] };
+
+const SecuritySolutionInvalidExperimentalValueError = class extends Error {};
+
+/**
+ * A Map of allowed experimental values in uppercase (for data normalization purposes) to an object
+ * containing internal information about the value (currently only the non-uppercased key).
+ * Used for validation of values entered via the plugin config setting.
+ */
+const allowedKeys = (Object.keys(allowedExperimentalValues) as Array<
+  keyof ExperimentalFeatures
+>).reduce((map, key) => {
+  map.set(key.toUpperCase(), { key });
+  return map;
+}, new Map<string, { key: keyof ExperimentalFeatures }>());
+
+/**
+ * Parses the string value used in `xpack.securitySolution.enableExperimental` kibana configuration,
+ * which should be a string of values delimited by a comma (`,`)
+ *
+ * @param configValue
+ * @throws SecuritySolutionInvalidExperimentalValue
+ */
+export const parseExperimentalConfigValue = (configValue: string): ExperimentalFeatures => {
+  const stringValues = configValue
+    .split(/,/)
+    .filter(Boolean)
+    .map((value) => value.trim());
+  const enabledFeatures: Mutable<Partial<ExperimentalFeatures>> = {};
+
+  for (const value of stringValues) {
+    const allowedKey = allowedKeys.get(value.toUpperCase());
+
+    if (!allowedKey) {
+      throw new SecuritySolutionInvalidExperimentalValueError(
+        `[${value}] is not a valid value for 'xpack.securitySolution.enableExperimental'. Valid values are: ${Object.keys(
+          allowedExperimentalValues
+        ).join(', ')}`
+      );
+    } else {
+      enabledFeatures[allowedKey.key] = true;
+    }
+  }
+
+  return {
+    ...allowedExperimentalValues,
+    ...enabledFeatures,
+  };
+};
diff --git a/x-pack/plugins/security_solution/server/config.ts b/x-pack/plugins/security_solution/server/config.ts
@@ -8,6 +8,7 @@
 import { schema, TypeOf } from '@kbn/config-schema';
 import { PluginInitializerContext } from '../../../../src/core/server';
 import { SIGNALS_INDEX_KEY, DEFAULT_SIGNALS_INDEX } from '../common/constants';
+import { parseExperimentalConfigValue } from '../common/experimental_features';
 
 export const configSchema = schema.object({
   enabled: schema.boolean({ defaultValue: true }),
@@ -17,8 +18,26 @@ export const configSchema = schema.object({
   maxTimelineImportPayloadBytes: schema.number({ defaultValue: 10485760 }),
   [SIGNALS_INDEX_KEY]: schema.string({ defaultValue: DEFAULT_SIGNALS_INDEX }),
 
-  /** Fleet server integration */
-  fleetServerEnabled: schema.boolean({ defaultValue: false }),
+  /**
+   * For internal use. A list of string values (comma delimited) that will enable experimental
+   * type of functionality that is not yet released. Valid values for this settings need to
+   * be defined in:
+   * `x-pack/plugins/security_solution/common/experimental_features.ts`
+   * under the `allowedExperimentalValues` object
+   *
+   * @example
+   * xpack.securitySolution.enableExperimental: "fleetServerEnabled, trustedAppsByPolicyEnabled"
+   */
+  enableExperimental: schema.string({
+    defaultValue: '',
+    validate(value) {
+      try {
+        parseExperimentalConfigValue(value);
+      } catch (e) {
+        return e.message;
+      }
+    },
+  }),
 
   /**
    * Host Endpoint Configuration

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/index.ts
@@ -21,7 +21,7 @@ export const createMockConfig = (): ConfigType => ({
   maxRuleImportPayloadBytes: 10485760,
   maxTimelineImportExportSize: 10000,
   maxTimelineImportPayloadBytes: 10485760,
-  fleetServerEnabled: true,
+  enableExperimental: '',
   endpointResultListDefaultFirstPageIndex: 0,
   endpointResultListDefaultPageSize: 10,
   alertResultListDefaultDateRange: {

diff --git a/x-pack/plugins/security_solution/server/plugin.ts b/x-pack/plugins/security_solution/server/plugin.ts
@@ -77,6 +77,7 @@ import {
 import { licenseService } from './lib/license/license';
 import { PolicyWatcher } from './endpoint/lib/policy/license_watch';
 import { securitySolutionTimelineEqlSearchStrategyProvider } from './search_strategy/timeline/eql';
+import { parseExperimentalConfigValue } from '../common/experimental_features';
 
 export interface SetupPlugins {
   alerting: AlertingSetup;
@@ -357,7 +358,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
           logger: this.logger,
           cache: this.artifactsCache,
         },
-        this.config.fleetServerEnabled
+        parseExperimentalConfigValue(this.config.enableExperimental).fleetServerEnabled
       );
 
       if (this.manifestTask) {