Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Osquery] Add support for osquery pack integration assets #128109

Merged
Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
10a6399
[Osquery] Add support for osquery pack integration assets
patrykkopycinski Mar 18, 2022
0e1709c
fix types
patrykkopycinski Mar 20, 2022
6385c7d
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-ma…
patrykkopycinski Mar 21, 2022
f59839b
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-ma…
patrykkopycinski Mar 22, 2022
63dc6b3
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-ma…
patrykkopycinski Mar 22, 2022
3ce8e73
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-ma…
patrykkopycinski Mar 23, 2022
648328a
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-ma…
patrykkopycinski Mar 23, 2022
c9bcf9a
update fleet fixtures
patrykkopycinski Mar 23, 2022
04fe523
fix route
patrykkopycinski Mar 23, 2022
3b3d1f0
fix
patrykkopycinski Mar 23, 2022
6aa85d0
Merge branch 'main' into feat/osquery-manager-prebuilt-packs
kibanamachine Mar 23, 2022
19d3808
fix
patrykkopycinski Mar 23, 2022
2094fa7
Merge branch 'main' into feat/osquery-manager-prebuilt-packs
kibanamachine Mar 23, 2022
ebdd893
fix
patrykkopycinski Mar 23, 2022
27e58ed
fix
patrykkopycinski Mar 23, 2022
c4e1dd6
fix
patrykkopycinski Mar 23, 2022
ba4d192
fix
patrykkopycinski Mar 24, 2022
8c1166e
fix
patrykkopycinski Mar 24, 2022
2805e7b
Merge branch 'main' of github.com:elastic/kibana into feat/osquery-ma…
patrykkopycinski Mar 24, 2022
79f5eb4
add uninstall check
patrykkopycinski Mar 24, 2022
f58240b
Merge branch 'main' into feat/osquery-manager-prebuilt-packs
patrykkopycinski Mar 24, 2022
3e7abc2
fix
patrykkopycinski Mar 24, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ const previouslyRegisteredTypes = [
'ml-telemetry',
'monitoring-telemetry',
'osquery-pack',
'osquery-pack-asset',
'osquery-saved-query',
'osquery-usage-metric',
'osquery-manager-usage-metric',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,7 @@ export const item: GetInfoResponse['item'] = {
map: [],
security_rule: [],
tag: [],
osquery_pack_asset: [],
},
elasticsearch: {
ingest_pipeline: [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ export const item: GetInfoResponse['item'] = {
index_pattern: [],
lens: [],
ml_module: [],
osquery_pack_asset: [],
security_rule: [],
tag: [],
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ describe('Fleet - packageToPackagePolicy', () => {
ml_module: [],
security_rule: [],
tag: [],
osquery_pack_asset: [],
},
elasticsearch: {
ingest_pipeline: [],
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugins/fleet/common/types/models/epm.ts
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ export enum KibanaAssetType {
securityRule = 'security_rule',
mlModule = 'ml_module',
tag = 'tag',
osqueryPackAsset = 'osquery_pack_asset',
}

/*
Expand All @@ -89,6 +90,7 @@ export enum KibanaSavedObjectType {
mlModule = 'ml-module',
securityRule = 'security-rule',
tag = 'tag',
osqueryPackAsset = 'osquery-pack-asset',
}

export enum ElasticsearchAssetType {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ export const AssetsFacetGroup = ({ width }: Args) => {
security_rule: [],
ml_module: [],
tag: [],
osquery_pack_asset: [],
},
elasticsearch: {
component_template: [],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import { i18n } from '@kbn/i18n';
import type { ServiceName } from '../../types';
import { ElasticsearchAssetType, KibanaAssetType } from '../../types';

// only allow Kibana assets for the kibana key, ES asssets for elasticsearch, etc
// only allow Kibana assets for the kibana key, ES assets for elasticsearch, etc
type ServiceNameToAssetTypes = Record<Extract<ServiceName, 'kibana'>, KibanaAssetType[]> &
Record<Extract<ServiceName, 'elasticsearch'>, ElasticsearchAssetType[]>;

Expand Down Expand Up @@ -62,6 +62,9 @@ export const AssetTitleMap: Record<DisplayedAssetType, string> = {
security_rule: i18n.translate('xpack.fleet.epm.assetTitles.securityRules', {
defaultMessage: 'Security rules',
}),
osquery_pack_asset: i18n.translate('xpack.fleet.epm.assetTitles.osqueryPackAsset', {
defaultMessage: 'Osquery packs',
}),
ml_module: i18n.translate('xpack.fleet.epm.assetTitles.mlModules', {
defaultMessage: 'ML modules',
}),
Expand Down Expand Up @@ -91,6 +94,7 @@ export const AssetIcons: Record<KibanaAssetType, IconType> = {
security_rule: 'securityApp',
ml_module: 'mlApp',
tag: 'tagApp',
osquery_pack_asset: 'osqueryApp',
};

export const ServiceIcons: Record<ServiceName, IconType> = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ const KibanaSavedObjectTypeMapping: Record<KibanaAssetType, KibanaSavedObjectTyp
[KibanaAssetType.mlModule]: KibanaSavedObjectType.mlModule,
[KibanaAssetType.securityRule]: KibanaSavedObjectType.securityRule,
[KibanaAssetType.tag]: KibanaSavedObjectType.tag,
[KibanaAssetType.osqueryPackAsset]: KibanaSavedObjectType.osqueryPackAsset,
};

const AssetFilters: Record<string, (kibanaAssets: ArchiveAsset[]) => ArchiveAsset[]> = {
Expand Down Expand Up @@ -250,7 +251,7 @@ export async function installKibanaSavedObjects({
/*
A reference error here means that a saved object reference in the references
array cannot be found. This is an error in the package its-self but not a fatal
one. For example a dashboard may still refer to the legacy `metricbeat-*` index
one. For example a dashboard may still refer to the legacy `metricbeat-*` index
pattern. We ignore reference errors here so that legacy version of a package
can still be installed, but if a warning is logged it should be reported to
the integrations team. */
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
security_rule: [],
ml_module: [],
tag: [],
osquery_pack_asset: [],
},
elasticsearch: {
component_template: [],
Expand Down Expand Up @@ -179,6 +180,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
security_rule: [],
ml_module: [],
tag: [],
osquery_pack_asset: [],
},
elasticsearch: {
component_template: [],
Expand Down Expand Up @@ -271,6 +273,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
security_rule: [],
ml_module: [],
tag: [],
osquery_pack_asset: [],
},
elasticsearch: {
component_template: [],
Expand Down Expand Up @@ -395,6 +398,7 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
security_rule: [],
ml_module: [],
tag: [],
osquery_pack_asset: [],
},
elasticsearch: {
component_template: [],
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugins/osquery/common/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import { PackagePolicy, PackagePolicyInput, PackagePolicyInputStream } from '../

export const savedQuerySavedObjectType = 'osquery-saved-query';
export const packSavedObjectType = 'osquery-pack';
export const packAssetSavedObjectType = 'osquery-pack-asset';
export const usageMetricSavedObjectType = 'osquery-manager-usage-metric';
export type SavedObjectType =
| 'osquery-saved-query'
Expand Down Expand Up @@ -68,4 +69,5 @@ export interface OsqueryManagerPackagePolicyInput extends Omit<PackagePolicyInpu

export interface OsqueryManagerPackagePolicy extends Omit<PackagePolicy, 'inputs'> {
inputs: OsqueryManagerPackagePolicyInput[];
read_only?: boolean;
}
8 changes: 8 additions & 0 deletions x-pack/plugins/osquery/public/assets/constants.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

export const INTEGRATION_ASSETS_STATUS_ID = 'integrationAssetsStatus';
23 changes: 23 additions & 0 deletions x-pack/plugins/osquery/public/assets/use_assets_status.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { SavedObject } from 'kibana/public';
import { useQuery } from 'react-query';
import { useKibana } from '../common/lib/kibana';
import { INTEGRATION_ASSETS_STATUS_ID } from './constants';

export const useAssetsStatus = () => {
const { http } = useKibana().services;

return useQuery<{ install: SavedObject[]; update: SavedObject[]; upToDate: SavedObject[] }>(
[INTEGRATION_ASSETS_STATUS_ID],
() => http.get('/internal/osquery/assets'),
{
keepPreviousData: true,
}
);
};
42 changes: 42 additions & 0 deletions x-pack/plugins/osquery/public/assets/use_import_assets.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { useMutation, useQueryClient } from 'react-query';
import { useKibana } from '../common/lib/kibana';
import { useErrorToast } from '../common/hooks/use_error_toast';
import { PACKS_ID } from '../packs/constants';
import { INTEGRATION_ASSETS_STATUS_ID } from './constants';

interface UseImportAssetsProps {
successToastText: string;
}

export const useImportAssets = ({ successToastText }: UseImportAssetsProps) => {
const queryClient = useQueryClient();
const {
http,
notifications: { toasts },
} = useKibana().services;
const setErrorToast = useErrorToast();

return useMutation(
() =>
// eslint-disable-next-line @typescript-eslint/no-explicit-any
http.post<any>('/internal/osquery/assets/update'),
{
onSuccess: () => {
setErrorToast();
queryClient.invalidateQueries(PACKS_ID);
queryClient.invalidateQueries(INTEGRATION_ASSETS_STATUS_ID);
toasts.addSuccess(successToastText);
},
onError: (error) => {
setErrorToast(error);
},
}
);
};
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import { useAgentPolicies } from '../agent_policies/use_agent_policies';
import { ConfirmDeployAgentPolicyModal } from './form/confirmation_modal';
import { useErrorToast } from '../common/hooks/use_error_toast';
import { useUpdatePack } from './use_update_pack';
import { PACKS_ID } from './constants';

const StyledEuiLoadingSpinner = styled(EuiLoadingSpinner)`
margin-right: ${({ theme }) => theme.eui.paddingSizes.s};
Expand Down Expand Up @@ -55,7 +56,7 @@ const ActiveStateSwitchComponent: React.FC<ActiveStateSwitchProps> = ({ item })
options: {
// @ts-expect-error update types
onSuccess: (response) => {
queryClient.invalidateQueries('packList');
queryClient.invalidateQueries(PACKS_ID);
setErrorToast();
toasts.addSuccess(
response.attributes.enabled
Expand Down
33 changes: 33 additions & 0 deletions x-pack/plugins/osquery/public/packs/add_pack_button.tsx
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import React from 'react';
import { FormattedMessage } from '@kbn/i18n-react';
import { EuiButton, EuiButtonProps } from '@elastic/eui';
import { useKibana, useRouterNavigate } from '../common/lib/kibana';

interface AddPackButtonComponentProps {
fill?: EuiButtonProps['fill'];
}

const AddPackButtonComponent: React.FC<AddPackButtonComponentProps> = ({ fill = true }) => {
const permissions = useKibana().services.application.capabilities.osquery;
const newQueryLinkProps = useRouterNavigate('packs/add');

return (
<EuiButton
fill={!!fill}
{...newQueryLinkProps}
iconType="plusInCircle"
isDisabled={!permissions.writePacks}
>
<FormattedMessage id="xpack.osquery.packList.addPackButtonLabel" defaultMessage="Add pack" />
</EuiButton>
);
};

export const AddPackButton = React.memo(AddPackButtonComponent);
8 changes: 6 additions & 2 deletions x-pack/plugins/osquery/public/packs/form/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ interface PackFormProps {
}

const PackFormComponent: React.FC<PackFormProps> = ({ defaultValue, editMode = false }) => {
const isReadOnly = !!defaultValue?.read_only;
const [showConfirmationModal, setShowConfirmationModal] = useState(false);
const handleHideConfirmationModal = useCallback(() => setShowConfirmationModal(false), []);

Expand Down Expand Up @@ -183,18 +184,20 @@ const PackFormComponent: React.FC<PackFormProps> = ({ defaultValue, editMode = f
setShowConfirmationModal(false);
}, [submit]);

const euiFieldProps = useMemo(() => ({ isDisabled: isReadOnly }), [isReadOnly]);

return (
<>
<Form form={form}>
<EuiFlexGroup>
<EuiFlexItem>
<CommonUseField path="name" />
<CommonUseField path="name" euiFieldProps={euiFieldProps} />
</EuiFlexItem>
</EuiFlexGroup>

<EuiFlexGroup>
<EuiFlexItem>
<CommonUseField path="description" />
<CommonUseField path="description" euiFieldProps={euiFieldProps} />
</EuiFlexItem>
</EuiFlexGroup>

Expand All @@ -213,6 +216,7 @@ const PackFormComponent: React.FC<PackFormProps> = ({ defaultValue, editMode = f
path="queries"
component={QueriesField}
handleNameChange={handleNameChange}
euiFieldProps={euiFieldProps}
/>

<CommonUseField path="enabled" component={GhostFormField} />
Expand Down
Loading