[Security Solution][Endpoint] Add validation to artifact create/update APIs for management of ownerSpaceId
#211325
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
paul-tavares
added
release_note:skip
paul-tavares
force-pushed
the
task/olm-11873-spaces-restrict-artifact-space-tag-management
branch
from
44217ee to
18a4a2c
Compare
…stToEndpointIndex()`
paul-tavares
force-pushed
the
task/olm-11873-spaces-restrict-artifact-space-tag-management
branch
from
18a4a2c to
56deafc
Compare
… called with and preserve all other values
…es-restrict-artifact-space-tag-management
…es-restrict-artifact-space-tag-management
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
…es-restrict-artifact-space-tag-management
…ad has a owner tag
…global artifact privilege + added more tests
…es-restrict-artifact-space-tag-management
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
Page load bundle
History
|
joeypoon
approved these changes
Feb 25, 2025
ashokaditya
approved these changes
Feb 25, 2025
paul-tavares
deleted the
task/olm-11873-spaces-restrict-artifact-space-tag-management
branch
|
Starting backport for target branches: 9.0 https://github.com/elastic/kibana/actions/runs/13529757945 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
paul-tavares
added a commit
to paul-tavares/kibana
that referenced
this pull request
Feb 25, 2025
…e APIs for management of `ownerSpaceId` (elastic#211325) ## Summary #### Changes in support of space awareness > currently behind feature flag: `endpointManagementSpaceAwarenessEnabled` - Add logic to the server-side Lists plugin extension points for endpoint artifacts to ensure that only a user with the new Global Artifact Management privilege can update/change/add `ownerSpaceId` tags on an artifact - Added validation to all endpoint artifacts (Trusted Apps, Event Filters, Blocklists, Host Isolation Exceptions and Endpoint Exceptions) #### Other changes: - Fix UI bug that failed to display artifact submit API failures. API errors are now displayed in the artifact's respective edit/create forms if encountered - Fixed a bug where "unknown" artifact `tags` were being dropped whenever the artifact assignment (global, per-policy) was updated in the UI ## Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 1ee97c3) # Conflicts: # x-pack/test/security_solution_api_integration/tsconfig.json
paul-tavares
added a commit
that referenced
this pull request
Feb 26, 2025
…/update APIs for management of `ownerSpaceId` (#211325) (#212446) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution][Endpoint] Add validation to artifact create/update APIs for management of `ownerSpaceId` (#211325)](#211325) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Paul Tavares","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-02-25T19:52:08Z","message":"[Security Solution][Endpoint] Add validation to artifact create/update APIs for management of `ownerSpaceId` (#211325)\n\n## Summary\n\n\n#### Changes in support of space awareness\n\n> currently behind feature flag:\n`endpointManagementSpaceAwarenessEnabled`\n\n- Add logic to the server-side Lists plugin extension points for\nendpoint artifacts to ensure that only a user with the new Global\nArtifact Management privilege can update/change/add `ownerSpaceId` tags\non an artifact\n- Added validation to all endpoint artifacts (Trusted Apps, Event\nFilters, Blocklists, Host Isolation Exceptions and Endpoint Exceptions)\n\n\n#### Other changes:\n\n- Fix UI bug that failed to display artifact submit API failures. API\nerrors are now displayed in the artifact's respective edit/create forms\nif encountered\n- Fixed a bug where \"unknown\" artifact `tags` were being dropped\nwhenever the artifact assignment (global, per-policy) was updated in the\nUI\n\n\n\n\n\n\n\n\n## Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>","sha":"1ee97c3c8f3780cde8c23edb03b37738b506aefa","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","Team:Defend Workflows","backport:prev-minor","v9.1.0"],"title":"[Security Solution][Endpoint] Add validation to artifact create/update APIs for management of `ownerSpaceId`","number":211325,"url":"https://github.com/elastic/kibana/pull/211325","mergeCommit":{"message":"[Security Solution][Endpoint] Add validation to artifact create/update APIs for management of `ownerSpaceId` (#211325)\n\n## Summary\n\n\n#### Changes in support of space awareness\n\n> currently behind feature flag:\n`endpointManagementSpaceAwarenessEnabled`\n\n- Add logic to the server-side Lists plugin extension points for\nendpoint artifacts to ensure that only a user with the new Global\nArtifact Management privilege can update/change/add `ownerSpaceId` tags\non an artifact\n- Added validation to all endpoint artifacts (Trusted Apps, Event\nFilters, Blocklists, Host Isolation Exceptions and Endpoint Exceptions)\n\n\n#### Other changes:\n\n- Fix UI bug that failed to display artifact submit API failures. API\nerrors are now displayed in the artifact's respective edit/create forms\nif encountered\n- Fixed a bug where \"unknown\" artifact `tags` were being dropped\nwhenever the artifact assignment (global, per-policy) was updated in the\nUI\n\n\n\n\n\n\n\n\n## Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>","sha":"1ee97c3c8f3780cde8c23edb03b37738b506aefa"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211325","number":211325,"mergeCommit":{"message":"[Security Solution][Endpoint] Add validation to artifact create/update APIs for management of `ownerSpaceId` (#211325)\n\n## Summary\n\n\n#### Changes in support of space awareness\n\n> currently behind feature flag:\n`endpointManagementSpaceAwarenessEnabled`\n\n- Add logic to the server-side Lists plugin extension points for\nendpoint artifacts to ensure that only a user with the new Global\nArtifact Management privilege can update/change/add `ownerSpaceId` tags\non an artifact\n- Added validation to all endpoint artifacts (Trusted Apps, Event\nFilters, Blocklists, Host Isolation Exceptions and Endpoint Exceptions)\n\n\n#### Other changes:\n\n- Fix UI bug that failed to display artifact submit API failures. API\nerrors are now displayed in the artifact's respective edit/create forms\nif encountered\n- Fixed a bug where \"unknown\" artifact `tags` were being dropped\nwhenever the artifact assignment (global, per-policy) was updated in the\nUI\n\n\n\n\n\n\n\n\n## Checklist\n\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>","sha":"1ee97c3c8f3780cde8c23edb03b37738b506aefa"}}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Changes in support of space awareness
ownerSpaceIdtags on an artifactOther changes:
tagswere being dropped whenever the artifact assignment (global, per-policy) was updated in the UIChecklist