introduce notes feature

x-pack/packages/security-solution/features/config.ts

@@ -10,5 +10,6 @@ export { getCasesDefaultProductFeaturesConfig } from './src/cases/product_featur
 export { assistantDefaultProductFeaturesConfig } from './src/assistant/product_feature_config';
 export { attackDiscoveryDefaultProductFeaturesConfig } from './src/attack_discovery/product_feature_config';
 export { timelineDefaultProductFeaturesConfig } from './src/timeline/product_feature_config';
+export { notesDefaultProductFeaturesConfig } from './src/notes/product_feature_config';
 
 export { createEnabledProductFeaturesConfigMap } from './src/helpers';

x-pack/packages/security-solution/features/product_features.ts

@@ -10,3 +10,4 @@ export { getCasesFeature, getCasesV2Feature } from './src/cases';
 export { getAssistantFeature } from './src/assistant';
 export { getAttackDiscoveryFeature } from './src/attack_discovery';
 export { getTimelineFeature } from './src/timeline';
+export { getNotesFeature } from './src/notes';

x-pack/packages/security-solution/features/src/constants.ts

@@ -25,6 +25,7 @@ export const SECURITY_SOLUTION_CASES_APP_ID = 'securitySolutionCases' as const;
 export const ASSISTANT_FEATURE_ID = 'securitySolutionAssistant' as const;
 export const ATTACK_DISCOVERY_FEATURE_ID = 'securitySolutionAttackDiscovery' as const;
 export const TIMELINE_FEATURE_ID = 'securitySolutionTimeline' as const;
+export const NOTES_FEATURE_ID = 'securitySolutionNotes' as const;
 
 // Same as the plugin id defined by Cloud Security Posture
 export const CLOUD_POSTURE_APP_ID = 'csp' as const;

x-pack/packages/security-solution/features/src/notes/index.ts

@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getNotesBaseKibanaFeature } from './kibana_features';
+import type { ProductFeatureParams } from '../types';
+import type { SecurityFeatureParams } from '../security/types';
+
+export const getNotesFeature = (params: SecurityFeatureParams): ProductFeatureParams => ({
+  baseKibanaFeature: getNotesBaseKibanaFeature(params),
+  baseKibanaSubFeatureIds: [],
+  subFeaturesMap: new Map(),
+});

x-pack/packages/security-solution/features/src/notes/kibana_features.ts

@@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common';
+import { i18n } from '@kbn/i18n';
+import { KibanaFeatureScope } from '@kbn/features-plugin/common';
+
+import { APP_ID, NOTES_FEATURE_ID } from '../constants';
+import { type BaseKibanaFeatureConfig } from '../types';
+import type { SecurityFeatureParams } from '../security/types';
+
+export const getNotesBaseKibanaFeature = (
+  params: SecurityFeatureParams
+): BaseKibanaFeatureConfig => ({
+  id: NOTES_FEATURE_ID,
+  name: i18n.translate(
+    'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionNotesTitle',
+    {
+      defaultMessage: 'Notes',
+    }
+  ),
+  order: 1100,
+  category: DEFAULT_APP_CATEGORIES.security,
+  scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
+  app: [NOTES_FEATURE_ID, 'kibana'],
+  catalogue: [APP_ID],
+  privileges: {
+    all: {
+      app: [NOTES_FEATURE_ID, 'kibana'],
+      catalogue: [APP_ID],
+      savedObject: {
+        all: params.savedObjects,
+        read: params.savedObjects,
+      },
+      ui: ['read', 'crud'],
+      api: ['notes_read', 'notes_write'],
+    },
+    read: {
+      app: [NOTES_FEATURE_ID, 'kibana'],
+      catalogue: [APP_ID],
+      savedObject: {
+        all: [],
+        read: params.savedObjects,
+      },
+      ui: ['read'],
+      api: ['notes_read'],
+    },
+  },
+});
+// console.log('figure out what to add to `privileges`');

x-pack/packages/security-solution/features/src/notes/product_feature_config.ts

@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ProductFeatureNotesFeatureKey } from '../product_features_keys';
+import type { ProductFeatureKibanaConfig } from '../types';
+
+/**
+ * App features privileges configuration for the Attack discovery feature.
+ * These are the configs that are shared between both offering types (ess and serverless).
+ * They can be extended on each offering plugin to register privileges using different way on each offering type.
+ *
+ * Privileges can be added in different ways:
+ * - `privileges`: the privileges that will be added directly into the main Security feature.
+ * - `subFeatureIds`: the ids of the sub-features that will be added into the Security subFeatures entry.
+ * - `subFeaturesPrivileges`: the privileges that will be added into the existing Security subFeature with the privilege `id` specified.
+ */
+export const notesDefaultProductFeaturesConfig: Record<
+  ProductFeatureNotesFeatureKey,
+  ProductFeatureKibanaConfig
+> = {
+  [ProductFeatureNotesFeatureKey.notes]: {
+    privileges: {
+      all: {
+        ui: [],
+      },
+      read: {
+        ui: [],
+      },
+    },
+    subFeatureIds: [],
+  },
+};
+// console.log('figure out what to put into `ui`, `api` and others');

x-pack/packages/security-solution/features/src/product_features_keys.ts

@@ -118,21 +118,30 @@ export enum ProductFeatureTimelineFeatureKey {
   timeline = 'timeline',
 }
 
+export enum ProductFeatureNotesFeatureKey {
+  /**
+   * Enables Notes
+   */
+  notes = 'notes',
+}
+
 // Merges the two enums.
 export const ProductFeatureKey = {
   ...ProductFeatureSecurityKey,
   ...ProductFeatureCasesKey,
   ...ProductFeatureAssistantKey,
   ...ProductFeatureAttackDiscoveryKey,
   ...ProductFeatureTimelineFeatureKey,
+  ...ProductFeatureNotesFeatureKey,
 };
 // We need to merge the value and the type and export both to replicate how enum works.
 export type ProductFeatureKeyType =
   | ProductFeatureSecurityKey
   | ProductFeatureCasesKey
   | ProductFeatureAssistantKey
   | ProductFeatureAttackDiscoveryKey
-  | ProductFeatureTimelineFeatureKey;
+  | ProductFeatureTimelineFeatureKey
+  | ProductFeatureNotesFeatureKey;
 
 export const ALL_PRODUCT_FEATURE_KEYS = Object.freeze(Object.values(ProductFeatureKey));
 

x-pack/packages/security-solution/features/src/security/v1_features/kibana_features.ts

@@ -27,6 +27,7 @@ import {
   CLOUD_DEFEND_APP_ID,
   SECURITY_FEATURE_ID_V2,
   TIMELINE_FEATURE_ID,
+  NOTES_FEATURE_ID,
 } from '../../constants';
 import type { SecurityFeatureParams } from '../types';
 import type { BaseKibanaFeatureConfig } from '../../types';
@@ -92,7 +93,7 @@ export const getSecurityBaseKibanaFeature = ({
       replacedBy: [
         { feature: SECURITY_FEATURE_ID_V2, privileges: ['all'] },
         { feature: TIMELINE_FEATURE_ID, privileges: ['all'] },
-        // TODO: add notes
+        { feature: NOTES_FEATURE_ID, privileges: ['all'] },
       ],
       app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],
       catalogue: [APP_ID],
@@ -128,7 +129,7 @@ export const getSecurityBaseKibanaFeature = ({
       replacedBy: [
         { feature: SECURITY_FEATURE_ID_V2, privileges: ['read'] },
         { feature: TIMELINE_FEATURE_ID, privileges: ['read'] },
-        // TODO: add notes
+        { feature: NOTES_FEATURE_ID, privileges: ['read'] },
       ],
 
       app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'],

x-pack/plugins/security_solution/server/lib/product_features_service/mocks.ts

@@ -149,6 +149,23 @@ export const createProductFeaturesServiceMock = (
           ])
         )
       ),
+      notes: jest.fn().mockReturnValue(
+        new Map(
+          enabledFeatureKeys.map((key) => [
+            key,
+            {
+              privileges: {
+                all: {
+                  ui: ['entity-analytics'],
+                },
+                read: {
+                  ui: ['entity-analytics'],
+                },
+              },
+            },
+          ])
+        )
+      ),
     });
   }
 

x-pack/plugins/security_solution/server/lib/product_features_service/product_features_service.test.ts

@@ -91,13 +91,15 @@ describe('ProductFeaturesService', () => {
     const mockAssistantConfig = new Map() as ProductFeaturesConfig<AssistantSubFeatureId>;
     const mockAttackDiscoveryConfig = new Map() as ProductFeaturesConfig;
     const mockTimelineConfig = new Map() as ProductFeaturesConfig;
+    const mockNotesConfig = new Map() as ProductFeaturesConfig;
 
     const configurator: ProductFeaturesConfigurator = {
       attackDiscovery: jest.fn(() => mockAttackDiscoveryConfig),
       security: jest.fn(() => mockSecurityConfig),
       cases: jest.fn(() => mockCasesConfig),
       securityAssistant: jest.fn(() => mockAssistantConfig),
       timeline: jest.fn(() => mockTimelineConfig),
+      notes: jest.fn(() => mockNotesConfig),
     };
     productFeaturesService.setProductFeaturesConfigurator(configurator);
 
@@ -142,13 +144,15 @@ describe('ProductFeaturesService', () => {
       [ProductFeatureKey.attackDiscovery, {}],
     ]) as ProductFeaturesConfig;
     const mockTimelineConfig = new Map([[ProductFeatureKey.timeline, {}]]) as ProductFeaturesConfig;
+    const mockNotesConfig = new Map([[ProductFeatureKey.notes, {}]]) as ProductFeaturesConfig;
 
     const configurator: ProductFeaturesConfigurator = {
       attackDiscovery: jest.fn(() => mockAttackDiscoveryConfig),
       security: jest.fn(() => mockSecurityConfig),
       cases: jest.fn(() => mockCasesConfig),
       securityAssistant: jest.fn(() => mockAssistantConfig),
       timeline: jest.fn(() => mockTimelineConfig),
+      notes: jest.fn(() => mockNotesConfig),
     };
     productFeaturesService.setProductFeaturesConfigurator(configurator);
 

x-pack/plugins/security_solution/server/lib/product_features_service/product_features_service.ts

@@ -23,6 +23,7 @@ import {
   getCasesV2Feature,
   getSecurityV2Feature,
   getTimelineFeature,
+  getNotesFeature,
 } from '@kbn/security-solution-features/product_features';
 import type { RecursiveReadonly } from '@kbn/utility-types';
 import type { ExperimentalFeatures } from '../../../common';
@@ -31,6 +32,7 @@ import { ProductFeatures } from './product_features';
 import type { ProductFeaturesConfigurator } from './types';
 import {
   securityDefaultSavedObjects,
+  securityNotesSavedObjects,
   securityTimelineSavedObjects,
 } from './security_saved_objects';
 import { casesApiTags, casesUiCapabilities } from './cases_privileges';
@@ -46,6 +48,7 @@ export class ProductFeaturesService {
   private securityAssistantProductFeatures: ProductFeatures;
   private attackDiscoveryProductFeatures: ProductFeatures;
   private timelineProductFeatures: ProductFeatures;
+  private notesProductFeatures: ProductFeatures;
   private productFeatures?: Set<ProductFeatureKeyType>;
 
   constructor(
@@ -118,13 +121,25 @@ export class ProductFeaturesService {
 
     const timelineFeature = getTimelineFeature({
       savedObjects: securityTimelineSavedObjects,
+      experimentalFeatures: {},
     });
     this.timelineProductFeatures = new ProductFeatures(
       this.logger,
       timelineFeature.subFeaturesMap,
       timelineFeature.baseKibanaFeature,
       timelineFeature.baseKibanaSubFeatureIds
     );
+
+    const notesFeature = getNotesFeature({
+      savedObjects: securityNotesSavedObjects,
+      experimentalFeatures: {},
+    });
+    this.notesProductFeatures = new ProductFeatures(
+      this.logger,
+      notesFeature.subFeaturesMap,
+      notesFeature.baseKibanaFeature,
+      notesFeature.baseKibanaSubFeatureIds
+    );
   }
 
   public init(featuresSetup: FeaturesPluginSetup) {
@@ -135,6 +150,7 @@ export class ProductFeaturesService {
     this.securityAssistantProductFeatures.init(featuresSetup);
     this.attackDiscoveryProductFeatures.init(featuresSetup);
     this.timelineProductFeatures.init(featuresSetup);
+    this.notesProductFeatures.init(featuresSetup);
   }
 
   public setProductFeaturesConfigurator(configurator: ProductFeaturesConfigurator) {
@@ -155,13 +171,17 @@ export class ProductFeaturesService {
     const timelineProductFeaturesConfig = configurator.timeline();
     this.timelineProductFeatures.setConfig(timelineProductFeaturesConfig);
 
+    const notesProductFeaturesConfig = configurator.notes();
+    this.notesProductFeatures.setConfig(notesProductFeaturesConfig);
+
     this.productFeatures = new Set<ProductFeatureKeyType>(
       Object.freeze([
         ...securityProductFeaturesConfig.keys(),
         ...casesProductFeaturesConfig.keys(),
         ...securityAssistantProductFeaturesConfig.keys(),
         ...attackDiscoveryProductFeaturesConfig.keys(),
         ...timelineProductFeaturesConfig.keys(),
+        ...notesProductFeaturesConfig.keys(),
       ]) as readonly ProductFeatureKeyType[]
     );
   }
@@ -181,7 +201,8 @@ export class ProductFeaturesService {
       this.casesProductV2Features.isActionRegistered(action) ||
       this.securityAssistantProductFeatures.isActionRegistered(action) ||
       this.attackDiscoveryProductFeatures.isActionRegistered(action) ||
-      this.timelineProductFeatures.isActionRegistered(action)
+      this.timelineProductFeatures.isActionRegistered(action) ||
+      this.notesProductFeatures.isActionRegistered(action)
     );
   }
 

x-pack/plugins/security_solution/server/lib/product_features_service/types.ts

@@ -18,4 +18,5 @@ export interface ProductFeaturesConfigurator {
   cases: () => ProductFeaturesConfig<CasesSubFeatureId>;
   securityAssistant: () => ProductFeaturesConfig<AssistantSubFeatureId>;
   timeline: () => ProductFeaturesConfig;
+  notes: () => ProductFeaturesConfig;
 }

x-pack/plugins/security_solution_ess/server/product_features/index.ts

@@ -12,6 +12,7 @@ import { getSecurityProductFeaturesConfigurator } from './security_product_featu
 import { getSecurityAssistantProductFeaturesConfigurator } from './assistant_product_features_config';
 import { getAttackDiscoveryProductFeaturesConfigurator } from './attack_discovery_product_features_config';
 import { getTimelineProductFeaturesConfigurator } from './timeline_product_features_config';
+import { getNotesProductFeaturesConfigurator } from './notes_product_features_config';
 
 export const getProductProductFeaturesConfigurator = (
   enabledProductFeatureKeys: ProductFeatureKeys
@@ -22,5 +23,6 @@ export const getProductProductFeaturesConfigurator = (
     cases: getCasesProductFeaturesConfigurator(enabledProductFeatureKeys),
     securityAssistant: getSecurityAssistantProductFeaturesConfigurator(enabledProductFeatureKeys),
     timeline: getTimelineProductFeaturesConfigurator(enabledProductFeatureKeys),
+    notes: getNotesProductFeaturesConfigurator(enabledProductFeatureKeys),
   };
 };

x-pack/plugins/security_solution_ess/server/product_features/notes_product_features_config.ts

@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type {
+  ProductFeatureKeys,
+  ProductFeaturesNotesConfig,
+} from '@kbn/security-solution-features';
+import {
+  createEnabledProductFeaturesConfigMap,
+  notesDefaultProductFeaturesConfig,
+} from '@kbn/security-solution-features/config';
+import type { ProductFeatureNotesFeatureKey } from '@kbn/security-solution-features/keys';
+
+/**
+ * Maps the ProductFeatures keys to Kibana privileges that will be merged
+ * into the base privileges config for the Security app.
+ *
+ * Privileges can be added in different ways:
+ * - `privileges`: the privileges that will be added directly into the main Attack discovery feature.
+ * - `subFeatureIds`: the ids of the sub-features that will be added into the Attack discovery subFeatures entry.
+ * - `subFeaturesPrivileges`: the privileges that will be added into the existing Attack discovery subFeature with the privilege `id` specified.
+ */
+const notesProductFeaturesConfig: Record<
+  ProductFeatureNotesFeatureKey,
+  ProductFeaturesNotesConfig
+> = {
+  ...notesDefaultProductFeaturesConfig,
+  // ess-specific app features configs here
+};
+
+export const getNotesProductFeaturesConfigurator =
+  (enabledProductFeatureKeys: ProductFeatureKeys) => (): ProductFeaturesNotesConfig =>
+    createEnabledProductFeaturesConfigMap(notesProductFeaturesConfig, enabledProductFeatureKeys);