Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Updates Get Installed Integrations route to use Internal SO Client #134373

Merged
merged 3 commits into from
Jun 20, 2022
Merged

[Security Solution][Detections] Updates Get Installed Integrations route to use Internal SO Client #134373

merged 3 commits into from
Jun 20, 2022

Conversation

spong
Copy link
Member

@spong spong commented Jun 14, 2022
edited
Loading

Summary

Follow up to #134299 that updates the Get Installed Integrations route to use the Internal SO Client and removes client-side privilege checks. This change ensures the Related Integrations feature works regardless of client users Fleet/Integration/SOM privileges, enabling all Security Solution users the ability to see which integrations are installed/configured with relation to their Detection Rules.

This change is helpful for low privilege users like T1/T2 Analysts that may not have more broad privileges like SOM or Fleet to still see which of their Detection Rules have the necessary integrations.

Test instructions

To test, configure a role with the 3 mentioned privileges (SOM/Integrations/Fleet) as None, e.g.

Then the UI should still show installed details (installed/not installed badges):

Rules Table

Rules Details

Checklist

Delete any items that are not applicable to this PR.

Risk Ma

@spong spong self-assigned this Jun 14, 2022
@spong spong added bug Fixes for quality problems that affect the customer experience release_note:skip Skip the PR/issue when compiling release notes impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Feature:Detection Rules Anything related to Security Solution's Detection Rules auto-backport Deprecated - use backport:version if exact versions are needed Feature:Rule Management Security Solution Detection Rule Management Team:Detection Rule Management Security Detection Rule Management Team v8.3.0 Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Feature:Rule Details Security Solution Detection Rule Details v8.4.0 labels Jun 14, 2022
@spong spong marked this pull request as ready for review June 14, 2022 17:51
@spong spong requested review from a team as code owners June 14, 2022 17:51
spong
spong commented Jun 14, 2022
View reviewed changes
...lution/public/detections/components/rules/related_integrations/use_integration_privileges.ts
Comment on lines +11 to +16
/**
* Hook for determining if user has fleet/integrations/SOM privileges for fetching
* installed integrations. Initially used as we weren't using the fleet.internalReadonlySoClient
* for fetching integrations, but keeping this around for a release or two as we add more
* fleet/integration features within Security Solution in case it needs to be leveraged for those.
*/
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can remove this hook, but figured it might be nice to have around for a release or two as we add more integrations features. I could see a feature like surfacing # of agents assigned this integration policy being limited by these privileges.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good!

spong
spong commented Jun 14, 2022
View reviewed changes
...detection_engine/routes/fleet/get_installed_integrations/get_installed_integrations_route.ts
const set = createInstalledIntegrationSet();

const packagePolicies = await fleet.packagePolicy.list(soClient, {});
const packagePolicies = await fleet.packagePolicy.list(fleet.internalReadonlySoClient, {});
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the actual functional change. The internalReadonlySoClient is already provided on the fleet services by endpoint and used for the endpoint metadata services.

@banderror banderror mentioned this pull request Jun 14, 2022
Closed
7 tasks
@banderror
Copy link
Contributor

@elasticmachine merge upstream

banderror
banderror approved these changes Jun 20, 2022
View reviewed changes
Copy link
Contributor

@banderror banderror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for finding out that an internal SO client is available to us and for the quick fix @spong 🙏

Tested locally and reviewed the changes. LGTM! 🚢

...lution/public/detections/components/rules/related_integrations/use_integration_privileges.ts
Comment on lines +11 to +16
/**
* Hook for determining if user has fleet/integrations/SOM privileges for fetching
* installed integrations. Initially used as we weren't using the fleet.internalReadonlySoClient
* for fetching integrations, but keeping this around for a release or two as we add more
* fleet/integration features within Security Solution in case it needs to be leveraged for those.
*/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good!

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 3079 3078 -1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 5.3MB 5.3MB -448.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @spong

@banderror banderror added Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jun 20, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror merged commit 01b8482 into elastic:main Jun 20, 2022
kibanamachine pushed a commit that referenced this pull request Jun 20, 2022
@spong
[Security Solution][Detections] Updates Get Installed Integrations ro…
ca2e136 
…ute to use Internal SO Client (#134373)

## Summary

Follow up to #134299 that updates the `Get Installed Integrations` route to use the Internal SO Client and removes client-side privilege checks. This change ensures the `Related Integrations` feature works regardless of client users Fleet/Integration/SOM privileges, enabling all Security Solution users the ability to see which integrations are installed/configured with relation to their Detection Rules.

This change is helpful for low privilege users like T1/T2 Analysts that may not have more broad privileges like SOM or Fleet to still see which of their Detection Rules have the necessary integrations.

### Test instructions

To test, configure a role with the 3 mentioned privileges (SOM/Integrations/Fleet) as `None`, e.g.

<p align="center">
  <img width="500" src="https://user-images.githubusercontent.com/2946766/173156872-dfaece7e-a6ef-4774-b01d-e2fa7b66a068.png" />
</p>

Then the UI should _still show_ installed details (installed/not installed badges):

##### Rules Table
<p align="center">
  <img width="500" src="https://user-images.githubusercontent.com/2946766/173658501-9b384ce6-ddef-4643-a36e-3da3082c8972.png" />
</p>

##### Rules Details
<p align="center">
  <img width="500" src="https://user-images.githubusercontent.com/2946766/173658533-a60b6e96-7283-441a-8faa-ed186476c1ac.png" />
</p>

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
  * Working docs as part of elastic/security-docs#2015
- [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

### Risk Ma

(cherry picked from commit 01b8482)
@kibanamachine kibanamachine mentioned this pull request Jun 20, 2022
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.3

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Jun 20, 2022
@kibanamachine @spong
[Security Solution][Detections] Updates Get Installed Integrations ro…
aaf73ed 
…ute to use Internal SO Client (#134373) (#134734)

## Summary

Follow up to #134299 that updates the `Get Installed Integrations` route to use the Internal SO Client and removes client-side privilege checks. This change ensures the `Related Integrations` feature works regardless of client users Fleet/Integration/SOM privileges, enabling all Security Solution users the ability to see which integrations are installed/configured with relation to their Detection Rules.

This change is helpful for low privilege users like T1/T2 Analysts that may not have more broad privileges like SOM or Fleet to still see which of their Detection Rules have the necessary integrations.

### Test instructions

To test, configure a role with the 3 mentioned privileges (SOM/Integrations/Fleet) as `None`, e.g.

<p align="center">
  <img width="500" src="https://user-images.githubusercontent.com/2946766/173156872-dfaece7e-a6ef-4774-b01d-e2fa7b66a068.png" />
</p>

Then the UI should _still show_ installed details (installed/not installed badges):

##### Rules Table
<p align="center">
  <img width="500" src="https://user-images.githubusercontent.com/2946766/173658501-9b384ce6-ddef-4643-a36e-3da3082c8972.png" />
</p>

##### Rules Details
<p align="center">
  <img width="500" src="https://user-images.githubusercontent.com/2946766/173658533-a60b6e96-7283-441a-8faa-ed186476c1ac.png" />
</p>

### Checklist

Delete any items that are not applicable to this PR.

- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
  * Working docs as part of elastic/security-docs#2015
- [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

### Risk Ma

(cherry picked from commit 01b8482)

Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
@spong spong deleted the related-integrations-using-internal-client branch June 20, 2022 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@banderror banderror banderror approved these changes

Assignees

@spong spong

Labels
auto-backport Deprecated - use backport:version if exact versions are needed bug Fixes for quality problems that affect the customer experience Feature:Detection Rules Anything related to Security Solution's Detection Rules Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules Feature:Rule Details Security Solution Detection Rule Details Feature:Rule Management Security Solution Detection Rule Management impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.3.0 v8.4.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@spong @banderror @kibana-ci @elasticmachine @kibanamachine