[8.x] [SecuritySolution][SIEM migrations] Add macros and lookups supp…

…ort in the API (#199370) (#200644)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[SecuritySolution][SIEM migrations] Add macros and lookups support in
the API (#199370)](#199370)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Sergi
Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2024-11-18T19:47:32Z","message":"[SecuritySolution][SIEM
migrations] Add macros and lookups support in the API
(#199370)","sha":"4f3bbe8d30a962ddb4e9cd5c2d207dabaa063ffb","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting","backport:prev-minor","v8.18.0"],"title":"[SecuritySolution][SIEM
migrations] Add macros and lookups support in the
API","number":199370,"url":"https://github.com/elastic/kibana/pull/199370","mergeCommit":{"message":"[SecuritySolution][SIEM
migrations] Add macros and lookups support in the API
(#199370)","sha":"4f3bbe8d30a962ddb4e9cd5c2d207dabaa063ffb"}},"sourceBranch":"main","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199370","number":199370,"mergeCommit":{"message":"[SecuritySolution][SIEM
migrations] Add macros and lookups support in the API
(#199370)","sha":"4f3bbe8d30a962ddb4e9cd5c2d207dabaa063ffb"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>

x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts

@@ -368,14 +368,20 @@ import type {
   GetAllStatsRuleMigrationResponse,
   GetRuleMigrationRequestParamsInput,
   GetRuleMigrationResponse,
+  GetRuleMigrationResourcesRequestQueryInput,
+  GetRuleMigrationResourcesRequestParamsInput,
+  GetRuleMigrationResourcesResponse,
   GetRuleMigrationStatsRequestParamsInput,
   GetRuleMigrationStatsResponse,
   StartRuleMigrationRequestParamsInput,
   StartRuleMigrationRequestBodyInput,
   StartRuleMigrationResponse,
   StopRuleMigrationRequestParamsInput,
   StopRuleMigrationResponse,
-} from '../siem_migrations/model/api/rules/rules_migration.gen';
+  UpsertRuleMigrationResourcesRequestParamsInput,
+  UpsertRuleMigrationResourcesRequestBodyInput,
+  UpsertRuleMigrationResourcesResponse,
+} from '../siem_migrations/model/api/rules/rule_migration.gen';
 
 export interface ClientOptions {
   kbnClient: KbnClient;
@@ -1446,6 +1452,26 @@ finalize it.
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
+  /**
+   * Retrieves resources for an existing SIEM rules migration
+   */
+  async getRuleMigrationResources(props: GetRuleMigrationResourcesProps) {
+    this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationResources`);
+    return this.kbnClient
+      .request<GetRuleMigrationResourcesResponse>({
+        path: replaceParams(
+          '/internal/siem_migrations/rules/{migration_id}/resources',
+          props.params
+        ),
+        headers: {
+          [ELASTIC_HTTP_VERSION_HEADER]: '1',
+        },
+        method: 'GET',
+
+        query: props.query,
+      })
+      .catch(catchAxiosErrorFormatAndThrow);
+  }
   /**
    * Retrieves the stats of a SIEM rules migration using the migration id provided
    */
@@ -2073,6 +2099,25 @@ detection engine rules.
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
+  /**
+   * Creates or updates resources for an existing SIEM rules migration
+   */
+  async upsertRuleMigrationResources(props: UpsertRuleMigrationResourcesProps) {
+    this.log.info(`${new Date().toISOString()} Calling API UpsertRuleMigrationResources`);
+    return this.kbnClient
+      .request<UpsertRuleMigrationResourcesResponse>({
+        path: replaceParams(
+          '/internal/siem_migrations/rules/{migration_id}/resources',
+          props.params
+        ),
+        headers: {
+          [ELASTIC_HTTP_VERSION_HEADER]: '1',
+        },
+        method: 'POST',
+        body: props.body,
+      })
+      .catch(catchAxiosErrorFormatAndThrow);
+  }
 }
 
 export interface AlertsMigrationCleanupProps {
@@ -2247,6 +2292,10 @@ export interface GetRuleExecutionResultsProps {
 export interface GetRuleMigrationProps {
   params: GetRuleMigrationRequestParamsInput;
 }
+export interface GetRuleMigrationResourcesProps {
+  query: GetRuleMigrationResourcesRequestQueryInput;
+  params: GetRuleMigrationResourcesRequestParamsInput;
+}
 export interface GetRuleMigrationStatsProps {
   params: GetRuleMigrationStatsRequestParamsInput;
 }
@@ -2348,3 +2397,7 @@ export interface UpdateRuleProps {
 export interface UploadAssetCriticalityRecordsProps {
   attachment: FormData;
 }
+export interface UpsertRuleMigrationResourcesProps {
+  params: UpsertRuleMigrationResourcesRequestParamsInput;
+  body: UpsertRuleMigrationResourcesRequestBodyInput;
+}

x-pack/plugins/security_solution/common/siem_migrations/constants.ts

@@ -9,13 +9,13 @@ export const SIEM_MIGRATIONS_PATH = '/internal/siem_migrations' as const;
 export const SIEM_RULE_MIGRATIONS_PATH = `${SIEM_MIGRATIONS_PATH}/rules` as const;
 
 export const SIEM_RULE_MIGRATIONS_ALL_STATS_PATH = `${SIEM_RULE_MIGRATIONS_PATH}/stats` as const;
-export const SIEM_RULE_MIGRATIONS_GET_PATH = `${SIEM_RULE_MIGRATIONS_PATH}/{migration_id}` as const;
-export const SIEM_RULE_MIGRATIONS_START_PATH =
-  `${SIEM_RULE_MIGRATIONS_PATH}/{migration_id}/start` as const;
-export const SIEM_RULE_MIGRATIONS_STATS_PATH =
-  `${SIEM_RULE_MIGRATIONS_PATH}/{migration_id}/stats` as const;
-export const SIEM_RULE_MIGRATIONS_STOP_PATH =
-  `${SIEM_RULE_MIGRATIONS_PATH}/{migration_id}/stop` as const;
+export const SIEM_RULE_MIGRATION_PATH = `${SIEM_RULE_MIGRATIONS_PATH}/{migration_id}` as const;
+export const SIEM_RULE_MIGRATION_START_PATH = `${SIEM_RULE_MIGRATION_PATH}/start` as const;
+export const SIEM_RULE_MIGRATION_RETRY_PATH = `${SIEM_RULE_MIGRATION_PATH}/retry` as const;
+export const SIEM_RULE_MIGRATION_STATS_PATH = `${SIEM_RULE_MIGRATION_PATH}/stats` as const;
+export const SIEM_RULE_MIGRATION_STOP_PATH = `${SIEM_RULE_MIGRATION_PATH}/stop` as const;
+
+export const SIEM_RULE_MIGRATION_RESOURCES_PATH = `${SIEM_RULE_MIGRATION_PATH}/resources` as const;
 
 export enum SiemMigrationStatus {
   PENDING = 'pending',

x-pack/plugins/security_solution/common/siem_migrations/model/api/common.gen.ts

@@ -10,7 +10,7 @@
  * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
  *
  * info:
- *   title: Common SIEM Migrations Attributes
+ *   title: SIEM Rule Migrations API common components
  *   version: not applicable
  */
 

x-pack/plugins/security_solution/common/siem_migrations/model/api/common.schema.yaml

@@ -1,6 +1,6 @@
 openapi: 3.0.3
 info:
-  title: Common SIEM Migrations Attributes
+  title: SIEM Rule Migrations API common components
   version: 'not applicable'
 paths: {}
 components:

x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.gen.ts → x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rule_migration.gen.ts

@@ -10,17 +10,21 @@
  * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
  *
  * info:
- *   title: SIEM Rules Migration API endpoint
+ *   title: SIEM Rules Migration API
  *   version: 1
  */
 
 import { z } from '@kbn/zod';
+import { ArrayFromString } from '@kbn/zod-helpers';
 
 import {
   OriginalRule,
   RuleMigrationAllTaskStats,
   RuleMigration,
   RuleMigrationTaskStats,
+  RuleMigrationResourceData,
+  RuleMigrationResourceType,
+  RuleMigrationResource,
 } from '../../rule_migration.gen';
 import { ConnectorId, LangSmithOptions } from '../common.gen';
 
@@ -47,6 +51,29 @@ export type GetRuleMigrationRequestParamsInput = z.input<typeof GetRuleMigration
 
 export type GetRuleMigrationResponse = z.infer<typeof GetRuleMigrationResponse>;
 export const GetRuleMigrationResponse = z.array(RuleMigration);
+export type GetRuleMigrationResourcesRequestQuery = z.infer<
+  typeof GetRuleMigrationResourcesRequestQuery
+>;
+export const GetRuleMigrationResourcesRequestQuery = z.object({
+  type: RuleMigrationResourceType.optional(),
+  names: ArrayFromString(z.string()).optional(),
+});
+export type GetRuleMigrationResourcesRequestQueryInput = z.input<
+  typeof GetRuleMigrationResourcesRequestQuery
+>;
+
+export type GetRuleMigrationResourcesRequestParams = z.infer<
+  typeof GetRuleMigrationResourcesRequestParams
+>;
+export const GetRuleMigrationResourcesRequestParams = z.object({
+  migration_id: z.string(),
+});
+export type GetRuleMigrationResourcesRequestParamsInput = z.input<
+  typeof GetRuleMigrationResourcesRequestParams
+>;
+
+export type GetRuleMigrationResourcesResponse = z.infer<typeof GetRuleMigrationResourcesResponse>;
+export const GetRuleMigrationResourcesResponse = z.array(RuleMigrationResource);
 
 export type GetRuleMigrationStatsRequestParams = z.infer<typeof GetRuleMigrationStatsRequestParams>;
 export const GetRuleMigrationStatsRequestParams = z.object({
@@ -93,3 +120,31 @@ export const StopRuleMigrationResponse = z.object({
    */
   stopped: z.boolean(),
 });
+
+export type UpsertRuleMigrationResourcesRequestParams = z.infer<
+  typeof UpsertRuleMigrationResourcesRequestParams
+>;
+export const UpsertRuleMigrationResourcesRequestParams = z.object({
+  migration_id: z.string(),
+});
+export type UpsertRuleMigrationResourcesRequestParamsInput = z.input<
+  typeof UpsertRuleMigrationResourcesRequestParams
+>;
+
+export type UpsertRuleMigrationResourcesRequestBody = z.infer<
+  typeof UpsertRuleMigrationResourcesRequestBody
+>;
+export const UpsertRuleMigrationResourcesRequestBody = z.array(RuleMigrationResourceData);
+export type UpsertRuleMigrationResourcesRequestBodyInput = z.input<
+  typeof UpsertRuleMigrationResourcesRequestBody
+>;
+
+export type UpsertRuleMigrationResourcesResponse = z.infer<
+  typeof UpsertRuleMigrationResourcesResponse
+>;
+export const UpsertRuleMigrationResourcesResponse = z.object({
+  /**
+   * The request has been processed correctly.
+   */
+  acknowledged: z.boolean(),
+});

x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rules_migration.schema.yaml → x-pack/plugins/security_solution/common/siem_migrations/model/api/rules/rule_migration.schema.yaml

@@ -1,8 +1,11 @@
 openapi: 3.0.3
 info:
-  title: SIEM Rules Migration API endpoint
+  title: SIEM Rules Migration API
   version: '1'
 paths:
+
+  # Rule migrations APIs
+
   /internal/siem_migrations/rules:
     post:
       summary: Creates a new rule migration
@@ -49,6 +52,8 @@ paths:
               schema:
                 $ref: '../../rule_migration.schema.yaml#/components/schemas/RuleMigrationAllTaskStats'
 
+  ## Specific rule migration APIs
+
   /internal/siem_migrations/rules/{migration_id}:
     get:
       summary: Retrieves all the rules of a migration
@@ -175,3 +180,81 @@ paths:
                     description: Indicates the migration has been stopped.
         204:
           description: Indicates the migration id was not found running.
+
+  # Rule migration resources APIs
+
+  /internal/siem_migrations/rules/{migration_id}/resources:
+    post:
+      summary: Creates or updates rule migration resources for a migration
+      operationId: UpsertRuleMigrationResources
+      x-codegen-enabled: true
+      description: Creates or updates resources for an existing SIEM rules migration
+      tags:
+        - SIEM Rule Migrations
+        - Resources
+      parameters:
+        - name: migration_id
+          in: path
+          required: true
+          schema:
+            type: string
+            description: The migration id to attach the resources
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: array
+              items:
+                $ref: '../../rule_migration.schema.yaml#/components/schemas/RuleMigrationResourceData'
+      responses:
+        200:
+          description: Indicates migration resources have been created or updated correctly.
+          content:
+            application/json:
+              schema:
+                type: object
+                required:
+                  - acknowledged
+                properties:
+                  acknowledged:
+                    type: boolean
+                    description: The request has been processed correctly.
+
+    get:
+      summary: Gets rule migration resources for a migration
+      operationId: GetRuleMigrationResources
+      x-codegen-enabled: true
+      description: Retrieves resources for an existing SIEM rules migration
+      tags:
+        - SIEM Rule Migrations
+        - Resources
+      parameters:
+        - name: migration_id
+          in: path
+          required: true
+          schema:
+            type: string
+            description: The migration id to attach the resources
+        - name: type
+          in: query
+          required: false
+          schema:
+            $ref: '../../rule_migration.schema.yaml#/components/schemas/RuleMigrationResourceType'
+        - name: names
+          in: query
+          required: false
+          schema:
+            type: array
+            description: The names of the resource to retrieve
+            items:
+              type: string
+      responses:
+        200:
+          description: Indicates migration resources have been retrieved correctly
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '../../rule_migration.schema.yaml#/components/schemas/RuleMigrationResource'