[SECURITY_SOLUTION][ENDPOINT] Add creation of Trusted Apps Agnostic List (#74868)
* Add method to ExceptionsListClient for creating trusted apps list
This commit is contained in:
parent
02fcbaa794
commit
d46227421e
|
@ -50,3 +50,12 @@ export const ENDPOINT_LIST_NAME = 'Elastic Endpoint Security Exception List';
|
||||||
export const ENDPOINT_LIST_DESCRIPTION = 'Elastic Endpoint Security Exception List';
|
export const ENDPOINT_LIST_DESCRIPTION = 'Elastic Endpoint Security Exception List';
|
||||||
|
|
||||||
export const MAX_EXCEPTION_LIST_SIZE = 10000;
|
export const MAX_EXCEPTION_LIST_SIZE = 10000;
|
||||||
|
|
||||||
|
/** ID of trusted apps agnostic list */
|
||||||
|
export const ENDPOINT_TRUSTED_APPS_LIST_ID = 'endpoint_trusted_apps';
|
||||||
|
|
||||||
|
/** Name of trusted apps agnostic list */
|
||||||
|
export const ENDPOINT_TRUSTED_APPS_LIST_NAME = 'Elastic Endpoint Security Trusted Apps List';
|
||||||
|
|
||||||
|
/** Description of trusted apps agnostic list */
|
||||||
|
export const ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION = 'Elastic Endpoint Security Trusted Apps List';
|
||||||
|
|
|
@ -0,0 +1,77 @@
|
||||||
|
/*
|
||||||
|
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||||
|
* or more contributor license agreements. Licensed under the Elastic License;
|
||||||
|
* you may not use this file except in compliance with the Elastic License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import { SavedObjectsClientContract } from 'kibana/server';
|
||||||
|
import uuid from 'uuid';
|
||||||
|
|
||||||
|
import {
|
||||||
|
ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION,
|
||||||
|
ENDPOINT_TRUSTED_APPS_LIST_ID,
|
||||||
|
ENDPOINT_TRUSTED_APPS_LIST_NAME,
|
||||||
|
} from '../../../common/constants';
|
||||||
|
import { ExceptionListSchema, ExceptionListSoSchema, Version } from '../../../common/schemas';
|
||||||
|
|
||||||
|
import { getSavedObjectType, transformSavedObjectToExceptionList } from './utils';
|
||||||
|
|
||||||
|
interface CreateEndpointListOptions {
|
||||||
|
savedObjectsClient: SavedObjectsClientContract;
|
||||||
|
user: string;
|
||||||
|
tieBreaker?: string;
|
||||||
|
version: Version;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates the Endpoint Trusted Apps agnostic list if it does not yet exist
|
||||||
|
*
|
||||||
|
* @param savedObjectsClient
|
||||||
|
* @param user
|
||||||
|
* @param tieBreaker
|
||||||
|
* @param version
|
||||||
|
*/
|
||||||
|
export const createEndpointTrustedAppsList = async ({
|
||||||
|
savedObjectsClient,
|
||||||
|
user,
|
||||||
|
tieBreaker,
|
||||||
|
version,
|
||||||
|
}: CreateEndpointListOptions): Promise<ExceptionListSchema | null> => {
|
||||||
|
const savedObjectType = getSavedObjectType({ namespaceType: 'agnostic' });
|
||||||
|
const dateNow = new Date().toISOString();
|
||||||
|
try {
|
||||||
|
const savedObject = await savedObjectsClient.create<ExceptionListSoSchema>(
|
||||||
|
savedObjectType,
|
||||||
|
{
|
||||||
|
_tags: [],
|
||||||
|
comments: undefined,
|
||||||
|
created_at: dateNow,
|
||||||
|
created_by: user,
|
||||||
|
description: ENDPOINT_TRUSTED_APPS_LIST_DESCRIPTION,
|
||||||
|
entries: undefined,
|
||||||
|
immutable: false,
|
||||||
|
item_id: undefined,
|
||||||
|
list_id: ENDPOINT_TRUSTED_APPS_LIST_ID,
|
||||||
|
list_type: 'list',
|
||||||
|
meta: undefined,
|
||||||
|
name: ENDPOINT_TRUSTED_APPS_LIST_NAME,
|
||||||
|
tags: [],
|
||||||
|
tie_breaker_id: tieBreaker ?? uuid.v4(),
|
||||||
|
type: 'endpoint',
|
||||||
|
updated_by: user,
|
||||||
|
version,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
// We intentionally hard coding the id so that there can only be one Trusted apps list within the space
|
||||||
|
id: ENDPOINT_TRUSTED_APPS_LIST_ID,
|
||||||
|
}
|
||||||
|
);
|
||||||
|
return transformSavedObjectToExceptionList({ savedObject });
|
||||||
|
} catch (err) {
|
||||||
|
if (savedObjectsClient.errors.isConflictError(err)) {
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
throw err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
|
@ -46,6 +46,7 @@ import { findExceptionListItem } from './find_exception_list_item';
|
||||||
import { findExceptionList } from './find_exception_list';
|
import { findExceptionList } from './find_exception_list';
|
||||||
import { findExceptionListsItem } from './find_exception_list_items';
|
import { findExceptionListsItem } from './find_exception_list_items';
|
||||||
import { createEndpointList } from './create_endpoint_list';
|
import { createEndpointList } from './create_endpoint_list';
|
||||||
|
import { createEndpointTrustedAppsList } from './create_endpoint_trusted_apps_list';
|
||||||
|
|
||||||
export class ExceptionListClient {
|
export class ExceptionListClient {
|
||||||
private readonly user: string;
|
private readonly user: string;
|
||||||
|
@ -90,6 +91,18 @@ export class ExceptionListClient {
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create the Trusted Apps Agnostic list if it does not yet exist (`null` is returned if it does exist)
|
||||||
|
*/
|
||||||
|
public createTrustedAppsList = async (): Promise<ExceptionListSchema | null> => {
|
||||||
|
const { savedObjectsClient, user } = this;
|
||||||
|
return createEndpointTrustedAppsList({
|
||||||
|
savedObjectsClient,
|
||||||
|
user,
|
||||||
|
version: 1,
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This is the same as "createListItem" except it applies specifically to the agnostic endpoint list and will
|
* This is the same as "createListItem" except it applies specifically to the agnostic endpoint list and will
|
||||||
* auto-call the "createEndpointList" for you so that you have the best chance of the agnostic endpoint
|
* auto-call the "createEndpointList" for you so that you have the best chance of the agnostic endpoint
|
||||||
|
|
Loading…
Reference in a new issue