Merge branch 'main' into versioning-transforms-apis

Author: jgowdyelastic

x-pack/plugins/fleet/common/constants/epm.ts

@@ -17,6 +17,7 @@ export const FLEET_APM_PACKAGE = 'apm';
 export const FLEET_SYNTHETICS_PACKAGE = 'synthetics';
 export const FLEET_KUBERNETES_PACKAGE = 'kubernetes';
 export const FLEET_UNIVERSAL_PROFILING_SYMBOLIZER_PACKAGE = 'profiler_symbolizer';
+export const FLEET_UNIVERSAL_PROFILING_COLLECTOR_PACKAGE = 'profiler_collector';
 export const FLEET_CLOUD_SECURITY_POSTURE_PACKAGE = 'cloud_security_posture';
 export const FLEET_CLOUD_SECURITY_POSTURE_KSPM_POLICY_TEMPLATE = 'kspm';
 export const FLEET_CLOUD_SECURITY_POSTURE_CSPM_POLICY_TEMPLATE = 'cspm';

x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_permissions.test.ts

@@ -188,6 +188,56 @@ packageInfoCache.set('profiler_symbolizer-8.8.0-preview', {
     },
   },
 });
+packageInfoCache.set('profiler_collector-8.9.0-preview', {
+  format_version: '2.7.0',
+  name: 'profiler_collector',
+  title: 'Universal Profiling Collector',
+  version: '8.9.0-preview',
+  license: 'basic',
+  description:
+    'Fleet-wide, whole-system, continuous profiling with zero instrumentation. Collect profiling data.',
+  type: 'integration',
+  release: 'beta',
+  categories: ['monitoring', 'elastic_stack'],
+  icons: [
+    {
+      src: '/img/logo_profiling_symbolizer.svg',
+      title: 'logo symbolizer',
+      size: '32x32',
+      type: 'image/svg+xml',
+    },
+  ],
+  owner: { github: 'elastic/profiling' },
+  data_streams: [],
+  latestVersion: '8.9.0-preview',
+  notice: undefined,
+  status: 'not_installed',
+  assets: {
+    kibana: {
+      csp_rule_template: [],
+      dashboard: [],
+      visualization: [],
+      search: [],
+      index_pattern: [],
+      map: [],
+      lens: [],
+      security_rule: [],
+      ml_module: [],
+      tag: [],
+      osquery_pack_asset: [],
+      osquery_saved_query: [],
+    },
+    elasticsearch: {
+      component_template: [],
+      ingest_pipeline: [],
+      ilm_policy: [],
+      transform: [],
+      index_template: [],
+      data_stream_ilm_policy: [],
+      ml_model: [],
+    },
+  },
+});
 
 describe('storedPackagePoliciesToAgentPermissions()', () => {
   it('Returns `undefined` if there are no package policies', async () => {
@@ -444,6 +494,46 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
       packagePolicies
     );
 
+    expect(permissions).toMatchObject({
+      'package-policy-uuid-test-123': {
+        indices: [
+          {
+            names: ['profiling-*'],
+            privileges: UNIVERSAL_PROFILING_PERMISSIONS,
+          },
+        ],
+      },
+    });
+  });
+  it('Returns the Universal Profiling permissions for profiler_collector package', async () => {
+    const packagePolicies: PackagePolicy[] = [
+      {
+        id: 'package-policy-uuid-test-123',
+        name: 'test-policy',
+        namespace: '',
+        enabled: true,
+        package: { name: 'profiler_collector', version: '8.9.0-preview', title: 'Test Package' },
+        inputs: [
+          {
+            type: 'pf-elastic-collector',
+            enabled: true,
+            streams: [],
+          },
+        ],
+        created_at: '',
+        updated_at: '',
+        created_by: '',
+        updated_by: '',
+        revision: 1,
+        policy_id: '',
+      },
+    ];
+
+    const permissions = await storedPackagePoliciesToAgentPermissions(
+      packageInfoCache,
+      packagePolicies
+    );
+
     expect(permissions).toMatchObject({
       'package-policy-uuid-test-123': {
         indices: [

x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_permissions.ts

@@ -5,7 +5,10 @@
  * 2.0.
  */
 
-import { FLEET_UNIVERSAL_PROFILING_SYMBOLIZER_PACKAGE } from '../../../common/constants';
+import {
+  FLEET_UNIVERSAL_PROFILING_COLLECTOR_PACKAGE,
+  FLEET_UNIVERSAL_PROFILING_SYMBOLIZER_PACKAGE,
+} from '../../../common/constants';
 
 import { getNormalizedDataStreams } from '../../../common/services';
 
@@ -56,7 +59,10 @@ export async function storedPackagePoliciesToAgentPermissions(
 
       // Special handling for Universal Profiling packages, as it does not use data streams _only_,
       // but also indices that do not adhere to the convention.
-      if (pkg.name === FLEET_UNIVERSAL_PROFILING_SYMBOLIZER_PACKAGE) {
+      if (
+        pkg.name === FLEET_UNIVERSAL_PROFILING_SYMBOLIZER_PACKAGE ||
+        pkg.name === FLEET_UNIVERSAL_PROFILING_COLLECTOR_PACKAGE
+      ) {
         return Promise.resolve(universalProfilingPermissions(packagePolicy.id));
       }
 

x-pack/plugins/osquery/common/constants.ts

@@ -9,7 +9,12 @@ export const DEFAULT_MAX_TABLE_QUERY_SIZE = 10000;
 export const DEFAULT_DARK_MODE = 'theme:darkMode';
 export const OSQUERY_INTEGRATION_NAME = 'osquery_manager';
 export const BASE_PATH = '/app/osquery';
-export const ACTIONS_INDEX = `.logs-${OSQUERY_INTEGRATION_NAME}.actions`;
+
+export const OSQUERY_LOGS_BASE = `.logs-${OSQUERY_INTEGRATION_NAME}`;
+export const ACTIONS_INDEX = `${OSQUERY_LOGS_BASE}.actions`;
+export const RESULTS_INDEX = `${OSQUERY_LOGS_BASE}.results`;
+export const OSQUERY_ACTIONS_INDEX = `${ACTIONS_INDEX}-*`;
+
 export const ACTION_RESPONSES_INDEX = `.logs-${OSQUERY_INTEGRATION_NAME}.action.responses`;
 
 export const DEFAULT_PLATFORM = 'linux,windows,darwin';

x-pack/plugins/osquery/common/types/osquery_action.ts

@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export interface LogsOsqueryAction {
+  '@timestamp': string;
+  action_id: string;
+  alert_ids: string[];
+  expiration: string;
+  input_type: 'osquery';
+  queries: Array<{
+    action_id: string;
+    id: string;
+    query: string;
+    agents: string[];
+    ecs_mapping?: unknown;
+    version?: string;
+    platform?: string;
+    saved_query_id?: string;
+    expiration?: string;
+  }>;
+  type: 'INPUT_ACTION';
+}

x-pack/plugins/osquery/public/plugin.ts

@@ -17,6 +17,7 @@ import { Storage } from '@kbn/kibana-utils-plugin/public';
 import { useAllLiveQueries } from './actions/use_all_live_queries';
 import { getLazyOsqueryResponseActionTypeForm } from './shared_components/lazy_osquery_action_params_form';
 import { useFetchStatus } from './fleet_integration/use_fetch_status';
+import { getLazyOsqueryResult } from './shared_components/lazy_osquery_result';
 import { getLazyOsqueryResults } from './shared_components/lazy_osquery_results';
 import type {
   OsqueryPluginSetup,
@@ -122,6 +123,12 @@ export class OsqueryPlugin implements Plugin<OsqueryPluginSetup, OsqueryPluginSt
         ...core,
         ...plugins,
       }),
+      OsqueryResult: getLazyOsqueryResult({
+        ...core,
+        ...plugins,
+        storage: this.storage,
+        kibanaVersion: this.kibanaVersion,
+      }),
       OsqueryResults: getLazyOsqueryResults({
         ...core,
         ...plugins,

x-pack/plugins/osquery/public/routes/components/empty_prompt.tsx

@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+import { EuiCode, EuiEmptyPrompt } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n-react';
+import { PERMISSION_DENIED } from '../../shared_components/osquery_action/translations';
+
+const EmptyPromptComponent = () => (
+  <EuiEmptyPrompt
+    iconType="logoOsquery"
+    title={<h2>{PERMISSION_DENIED}</h2>}
+    titleSize="xs"
+    body={
+      <FormattedMessage
+        id="xpack.osquery.results.permissionDenied"
+        defaultMessage="To access these results, ask your administrator for {osquery} Kibana
+              privileges."
+        // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
+        values={{
+          osquery: <EuiCode>osquery</EuiCode>,
+        }}
+      />
+    }
+  />
+);
+
+export const EmptyPrompt = React.memo(EmptyPromptComponent);

x-pack/plugins/osquery/public/shared_components/attachments/lazy_external_reference_content.tsx

@@ -6,13 +6,10 @@
  */
 
 import React, { lazy, Suspense } from 'react';
-import { EuiCode, EuiEmptyPrompt } from '@elastic/eui';
-import { FormattedMessage } from '@kbn/i18n-react';
-import { OsqueryIcon } from '../../components/osquery_icon';
 import { useKibana } from '../../common/lib/kibana';
 import type { ServicesWrapperProps } from '../services_wrapper';
 import ServicesWrapper from '../services_wrapper';
-import { PERMISSION_DENIED } from '../osquery_action/translations';
+import { EmptyPrompt } from '../../routes/components/empty_prompt';
 
 export interface IExternalReferenceMetaDataProps {
   externalReferenceMetadata: {
@@ -35,24 +32,7 @@ export const getLazyExternalContent =
     } = useKibana();
 
     if (!osquery.read) {
-      return (
-        <EuiEmptyPrompt
-          icon={<OsqueryIcon />}
-          title={<h2>{PERMISSION_DENIED}</h2>}
-          titleSize="xs"
-          body={
-            <FormattedMessage
-              id="xpack.osquery.cases.permissionDenied"
-              defaultMessage=" To access these results, ask your administrator for {osquery} Kibana
-              privileges."
-              // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop
-              values={{
-                osquery: <EuiCode>osquery</EuiCode>,
-              }}
-            />
-          }
-        />
-      );
+      return <EmptyPrompt />;
     }
 
     return (

x-pack/plugins/osquery/public/shared_components/index.tsx

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+export { getLazyOsqueryResult } from './lazy_osquery_result';
 export { getLazyOsqueryResults } from './lazy_osquery_results';
 export { getLazyOsqueryAction } from './lazy_osquery_action';
 export { getLazyLiveQueryField } from './lazy_live_query_field';

x-pack/plugins/osquery/public/shared_components/lazy_osquery_result.tsx

@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React, { lazy, Suspense } from 'react';
+import type { OsqueryActionResultProps } from './osquery_results/types';
+import type { StartServices } from '../types';
+
+interface BigServices extends StartServices {
+  kibanaVersion: string;
+  storage: unknown;
+}
+
+const OsqueryResult = lazy(() => import('./osquery_results/osquery_result_wrapper'));
+
+export const getLazyOsqueryResult =
+  // eslint-disable-next-line react/display-name
+  (services: BigServices) => (props: OsqueryActionResultProps) =>
+    (
+      <Suspense fallback={null}>
+        <OsqueryResult services={services} {...props} />
+      </Suspense>
+    );