elastic · nnamdifrankie · Feb 21, 2020 · Feb 19, 2020 · Feb 19, 2020 · Feb 20, 2020
diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/managing/middleware.test.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/managing/middleware.test.ts
@@ -72,7 +72,7 @@ describe('endpoint list saga', () => {
     expect(fakeHttpServices.post).not.toHaveBeenCalled();
     dispatch({ type: 'userNavigatedToPage', payload: 'managementPage' });
     await sleep();
-    expect(fakeHttpServices.post).toHaveBeenCalledWith('/api/endpoint/endpoints', {
+    expect(fakeHttpServices.post).toHaveBeenCalledWith('/api/endpoint/metadata', {
       body: JSON.stringify({
         paging_properties: [{ page_index: 0 }, { page_size: 10 }],
       }),

diff --git a/x-pack/plugins/endpoint/public/applications/endpoint/store/managing/middleware.ts b/x-pack/plugins/endpoint/public/applications/endpoint/store/managing/middleware.ts
@@ -18,7 +18,7 @@ export const managementMiddlewareFactory: MiddlewareFactory<ManagementListState>
     ) {
       const managementPageIndex = pageIndex(getState());
       const managementPageSize = pageSize(getState());
-      const response = await coreStart.http.post('/api/endpoint/endpoints', {
+      const response = await coreStart.http.post('/api/endpoint/metadata', {
         body: JSON.stringify({
           paging_properties: [
             { page_index: managementPageIndex },

diff --git a/x-pack/plugins/endpoint/server/plugin.ts b/x-pack/plugins/endpoint/server/plugin.ts
@@ -10,7 +10,7 @@ import { createConfig$, EndpointConfigType } from './config';
 import { EndpointAppContext } from './types';
 
 import { addRoutes } from './routes';
-import { registerEndpointRoutes } from './routes/endpoints';
+import { registerEndpointRoutes } from './routes/metadata';
 import { registerAlertRoutes } from './routes/alerts';
 import { registerResolverRoutes } from './routes/resolver';
 

diff --git a/.../endpoint/server/routes/endpoints.test.ts → ...s/endpoint/server/routes/metadata.test.ts b/.../endpoint/server/routes/endpoints.test.ts → ...s/endpoint/server/routes/metadata.test.ts
@@ -20,9 +20,9 @@ import {
 } from '../../../../../src/core/server/mocks';
 import { EndpointMetadata, EndpointResultList } from '../../common/types';
 import { SearchResponse } from 'elasticsearch';
-import { registerEndpointRoutes } from './endpoints';
+import { registerEndpointRoutes } from './metadata';
 import { EndpointConfigSchema } from '../config';
-import * as data from '../test_data/all_endpoints_data.json';
+import * as data from '../test_data/all_metadata_data.json';
 
 describe('test endpoint route', () => {
   let routerMock: jest.Mocked<IRouter>;
@@ -54,7 +54,7 @@ describe('test endpoint route', () => {
     >;
     mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
-      path.startsWith('/api/endpoint/endpoints')
+      path.startsWith('/api/endpoint/metadata')
     )!;
 
     await routeHandler(
@@ -96,7 +96,7 @@ describe('test endpoint route', () => {
       Promise.resolve((data as unknown) as SearchResponse<EndpointMetadata>)
     );
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
-      path.startsWith('/api/endpoint/endpoints')
+      path.startsWith('/api/endpoint/metadata')
     )!;
 
     await routeHandler(
@@ -143,7 +143,7 @@ describe('test endpoint route', () => {
       Promise.resolve((data as unknown) as SearchResponse<EndpointMetadata>)
     );
     [routeConfig, routeHandler] = routerMock.post.mock.calls.find(([{ path }]) =>
-      path.startsWith('/api/endpoint/endpoints')
+      path.startsWith('/api/endpoint/metadata')
     )!;
 
     await routeHandler(
@@ -208,7 +208,7 @@ describe('test endpoint route', () => {
         })
       );
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
-        path.startsWith('/api/endpoint/endpoints')
+        path.startsWith('/api/endpoint/metadata')
       )!;
 
       await routeHandler(
@@ -239,7 +239,7 @@ describe('test endpoint route', () => {
       >;
       mockScopedClient.callAsCurrentUser.mockImplementationOnce(() => Promise.resolve(response));
       [routeConfig, routeHandler] = routerMock.get.mock.calls.find(([{ path }]) =>
-        path.startsWith('/api/endpoint/endpoints')
+        path.startsWith('/api/endpoint/metadata')
       )!;
 
       await routeHandler(

diff --git a/...ugins/endpoint/server/routes/endpoints.ts → ...lugins/endpoint/server/routes/metadata.ts b/...ugins/endpoint/server/routes/endpoints.ts → ...lugins/endpoint/server/routes/metadata.ts
@@ -9,9 +9,9 @@ import { SearchResponse } from 'elasticsearch';
 import { schema } from '@kbn/config-schema';
 
 import {
-  kibanaRequestToEndpointListQuery,
-  kibanaRequestToEndpointFetchQuery,
-} from '../services/endpoint/endpoint_query_builders';
+  kibanaRequestToMetadataListESQuery,
+  kibanaRequestToMetadataGetESQuery,
+} from '../services/endpoint/metadata_query_builders';
 import { EndpointMetadata, EndpointResultList } from '../../common/types';
 import { EndpointAppContext } from '../types';
 
@@ -22,7 +22,7 @@ interface HitSource {
 export function registerEndpointRoutes(router: IRouter, endpointAppContext: EndpointAppContext) {
   router.post(
     {
-      path: '/api/endpoint/endpoints',
+      path: '/api/endpoint/metadata',
       validate: {
         body: schema.nullable(
           schema.object({
@@ -53,7 +53,7 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
     },
     async (context, req, res) => {
       try {
-        const queryParams = await kibanaRequestToEndpointListQuery(req, endpointAppContext);
+        const queryParams = await kibanaRequestToMetadataListESQuery(req, endpointAppContext);
         const response = (await context.core.elasticsearch.dataClient.callAsCurrentUser(
           'search',
           queryParams
@@ -67,15 +67,15 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
 
   router.get(
     {
-      path: '/api/endpoint/endpoints/{id}',
+      path: '/api/endpoint/metadata/{id}',
       validate: {
         params: schema.object({ id: schema.string() }),
       },
       options: { authRequired: true },
     },
     async (context, req, res) => {
       try {
-        const query = kibanaRequestToEndpointFetchQuery(req, endpointAppContext);
+        const query = kibanaRequestToMetadataGetESQuery(req, endpointAppContext);
         const response = (await context.core.elasticsearch.dataClient.callAsCurrentUser(
           'search',
           query

diff --git a/.../endpoint/endpoint_query_builders.test.ts → .../endpoint/metadata_query_builders.test.ts b/.../endpoint/endpoint_query_builders.test.ts → .../endpoint/metadata_query_builders.test.ts
@@ -6,17 +6,18 @@
 import { httpServerMock, loggingServiceMock } from '../../../../../../src/core/server/mocks';
 import { EndpointConfigSchema } from '../../config';
 import {
-  kibanaRequestToEndpointListQuery,
-  kibanaRequestToEndpointFetchQuery,
-} from './endpoint_query_builders';
+  kibanaRequestToMetadataListESQuery,
+  kibanaRequestToMetadataGetESQuery,
+} from './metadata_query_builders';
+import { EndpointAppConstants } from '../../../common/types';
 
 describe('query builder', () => {
-  describe('EndpointListQuery', () => {
-    it('test default query params for all endpoints when no params or body is provided', async () => {
+  describe('MetadataListESQuery', () => {
+    it('test default query params for all endpoints metadata when no params or body is provided', async () => {
       const mockRequest = httpServerMock.createKibanaRequest({
         body: {},
       });
-      const query = await kibanaRequestToEndpointListQuery(mockRequest, {
+      const query = await kibanaRequestToMetadataListESQuery(mockRequest, {
         logFactory: loggingServiceMock.create(),
         config: () => Promise.resolve(EndpointConfigSchema.validate({})),
       });
@@ -50,19 +51,19 @@ describe('query builder', () => {
         },
         from: 0,
         size: 10,
-        index: 'endpoint-agent*',
+        index: EndpointAppConstants.ENDPOINT_INDEX_NAME,
       } as Record<string, any>);
     });
   });
 
   describe('test query builder with kql filter', () => {
-    it('test default query params for all endpoints when no params or body is provided', async () => {
+    it('test default query params for all endpoints metadata when body filter is provided', async () => {
       const mockRequest = httpServerMock.createKibanaRequest({
         body: {
           filter: 'not host.ip:10.140.73.246',
         },
       });
-      const query = await kibanaRequestToEndpointListQuery(mockRequest, {
+      const query = await kibanaRequestToMetadataListESQuery(mockRequest, {
         logFactory: loggingServiceMock.create(),
         config: () => Promise.resolve(EndpointConfigSchema.validate({})),
       });
@@ -109,20 +110,20 @@ describe('query builder', () => {
         },
         from: 0,
         size: 10,
-        index: 'endpoint-agent*',
+        index: EndpointAppConstants.ENDPOINT_INDEX_NAME,
       } as Record<string, any>);
     });
   });
 
-  describe('EndpointFetchQuery', () => {
+  describe('MetadataGetQuery', () => {
     it('searches for the correct ID', () => {
       const mockID = 'AABBCCDD-0011-2233-AA44-DEADBEEF8899';
       const mockRequest = httpServerMock.createKibanaRequest({
         params: {
           id: mockID,
         },
       });
-      const query = kibanaRequestToEndpointFetchQuery(mockRequest, {
+      const query = kibanaRequestToMetadataGetESQuery(mockRequest, {
         logFactory: loggingServiceMock.create(),
         config: () => Promise.resolve(EndpointConfigSchema.validate({})),
       });
@@ -132,7 +133,7 @@ describe('query builder', () => {
           sort: [{ 'event.created': { order: 'desc' } }],
           size: 1,
         },
-        index: 'endpoint-agent*',
+        index: EndpointAppConstants.ENDPOINT_INDEX_NAME,
       });
     });
   });

diff --git a/...vices/endpoint/endpoint_query_builders.ts → ...vices/endpoint/metadata_query_builders.ts b/...vices/endpoint/endpoint_query_builders.ts → ...vices/endpoint/metadata_query_builders.ts
@@ -8,7 +8,7 @@ import { EndpointAppConstants } from '../../../common/types';
 import { EndpointAppContext } from '../../types';
 import { esKuery } from '../../../../../../src/plugins/data/server';
 
-export const kibanaRequestToEndpointListQuery = async (
+export const kibanaRequestToMetadataListESQuery = async (
   request: KibanaRequest<any, any, any>,
   endpointAppContext: EndpointAppContext
 ): Promise<Record<string, any>> => {
@@ -74,7 +74,7 @@ function buildQueryBody(request: KibanaRequest<any, any, any>): Record<string, a
   };
 }
 
-export const kibanaRequestToEndpointFetchQuery = (
+export const kibanaRequestToMetadataGetESQuery = (
   request: KibanaRequest<any, any, any>,
   endpointAppContext: EndpointAppContext
 ) => {

diff --git a/.../server/test_data/all_endpoints_data.json → ...t/server/test_data/all_metadata_data.json b/.../server/test_data/all_endpoints_data.json → ...t/server/test_data/all_metadata_data.json
diff --git a/x-pack/test/api_integration/apis/endpoint/index.ts b/x-pack/test/api_integration/apis/endpoint/index.ts
@@ -10,7 +10,7 @@ export default function endpointAPIIntegrationTests({ loadTestFile }: FtrProvide
   describe('Endpoint plugin', function() {
     this.tags(['endpoint']);
     loadTestFile(require.resolve('./resolver'));
-    loadTestFile(require.resolve('./endpoints'));
+    loadTestFile(require.resolve('./metadata'));
     loadTestFile(require.resolve('./alerts'));
   });
 }
diff --git a/...pi_integration/apis/endpoint/endpoints.ts → ...api_integration/apis/endpoint/metadata.ts b/...pi_integration/apis/endpoint/endpoints.ts → ...api_integration/apis/endpoint/metadata.ts
@@ -9,12 +9,12 @@ import { FtrProviderContext } from '../../ftr_provider_context';
 export default function({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
   const supertest = getService('supertest');
-  describe('test endpoints api', () => {
-    describe('POST /api/endpoint/endpoints when index is empty', () => {
-      it('endpoints api should return empty result when index is empty', async () => {
-        await esArchiver.unload('endpoint/endpoints/api_feature');
+  describe('test metadata api', () => {
+    describe('POST /api/endpoint/metadata when index is empty', () => {
+      it('metadata api should return empty result when index is empty', async () => {
+        await esArchiver.unload('endpoint/metadata/api_feature');
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send()
           .expect(200);
@@ -25,12 +25,12 @@ export default function({ getService }: FtrProviderContext) {
       });
     });
 
-    describe('POST /api/endpoint/endpoints when index is not empty', () => {
-      before(() => esArchiver.load('endpoint/endpoints/api_feature'));
-      after(() => esArchiver.unload('endpoint/endpoints/api_feature'));
-      it('endpoints api should return one entry for each endpoint with default paging', async () => {
+    describe('POST /api/endpoint/metadata when index is not empty', () => {
+      before(() => esArchiver.load('endpoint/metadata/api_feature'));
+      after(() => esArchiver.unload('endpoint/metadata/api_feature'));
+      it('metadata api should return one entry for each endpoint with default paging', async () => {
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send()
           .expect(200);
@@ -40,9 +40,9 @@ export default function({ getService }: FtrProviderContext) {
         expect(body.request_page_index).to.eql(0);
       });
 
-      it('endpoints api should return page based on paging properties passed.', async () => {
+      it('metadata api should return page based on paging properties passed.', async () => {
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send({
             paging_properties: [
@@ -61,12 +61,12 @@ export default function({ getService }: FtrProviderContext) {
         expect(body.request_page_index).to.eql(1);
       });
 
-      /* test that when paging properties produces no result, the total should reflect the actual number of endpoints
+      /* test that when paging properties produces no result, the total should reflect the actual number of metadata
       in the index.
        */
-      it('endpoints api should return accurate total endpoints if page index produces no result', async () => {
+      it('metadata api should return accurate total metadata if page index produces no result', async () => {
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send({
             paging_properties: [
@@ -85,9 +85,9 @@ export default function({ getService }: FtrProviderContext) {
         expect(body.request_page_index).to.eql(30);
       });
 
-      it('endpoints api should return 400 when pagingProperties is below boundaries.', async () => {
+      it('metadata api should return 400 when pagingProperties is below boundaries.', async () => {
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send({
             paging_properties: [
@@ -103,9 +103,9 @@ export default function({ getService }: FtrProviderContext) {
         expect(body.message).to.contain('Value is [0] but it must be equal to or greater than [1]');
       });
 
-      it('endpoints api should return page based on filters passed.', async () => {
+      it('metadata api should return page based on filters passed.', async () => {
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send({ filter: 'not host.ip:10.101.149.26' })
           .expect(200);
@@ -115,10 +115,10 @@ export default function({ getService }: FtrProviderContext) {
         expect(body.request_page_index).to.eql(0);
       });
 
-      it('endpoints api should return page based on filters and paging passed.', async () => {
+      it('metadata api should return page based on filters and paging passed.', async () => {
         const notIncludedIp = '10.101.149.26';
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send({
             paging_properties: [
@@ -143,10 +143,10 @@ export default function({ getService }: FtrProviderContext) {
         expect(body.request_page_index).to.eql(0);
       });
 
-      it('endpoints api should return page based on host.os.variant filter.', async () => {
+      it('metadata api should return page based on host.os.variant filter.', async () => {
         const variantValue = 'Windows Pro';
         const { body } = await supertest
-          .post('/api/endpoint/endpoints')
+          .post('/api/endpoint/metadata')
           .set('kbn-xsrf', 'xxx')
           .send({
             filter: `host.os.variant.keyword:${variantValue}`,
@@ -161,6 +161,40 @@ export default function({ getService }: FtrProviderContext) {
         expect(body.request_page_size).to.eql(10);
         expect(body.request_page_index).to.eql(0);
       });
+
+      it('metadata api should return the latest event for all the events for an endpoint', async () => {
+        const targetEndpointIp = '10.192.213.130';
+        const { body } = await supertest
+          .post('/api/endpoint/metadata')
+          .set('kbn-xsrf', 'xxx')
+          .send({
+            filter: `host.ip:${targetEndpointIp}`,
+          })
+          .expect(200);
+        expect(body.total).to.eql(1);
+        const resultIp: string = body.endpoints[0].host.ip.filter(
+          (ip: string) => ip === targetEndpointIp
+        );
+        expect(resultIp).to.eql([targetEndpointIp]);
+        expect(body.endpoints[0].event.created).to.eql('2020-01-24T16:06:09.541Z');
+        expect(body.endpoints.length).to.eql(1);
+        expect(body.request_page_size).to.eql(10);
+        expect(body.request_page_index).to.eql(0);
+      });
+
+      it('metadata api should return  all endpoints when filter is empty string', async () => {
+        const { body } = await supertest
+          .post('/api/endpoint/metadata')
+          .set('kbn-xsrf', 'xxx')
+          .send({
+            filter: '',
+          })
+          .expect(200);
+        expect(body.total).to.eql(3);
+        expect(body.endpoints.length).to.eql(3);
+        expect(body.request_page_size).to.eql(10);
+        expect(body.request_page_index).to.eql(0);
+      });
     });
   });
 }