[Security Solution] Top-level Cases feature under the Security

[XavierM]

Summary

Create new top-level Cases feature under the Security category just for 8.x, we will have a follow up PR for 7.x to deprecate the sub feature of cases into the top level feature

#109158

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[elasticmachine]

Pinging @elastic/security-threat-hunting-cases (Team:Threat Hunting:Cases)

[XavierM]

@elasticmachine merge upstream

[XavierM]

@elasticmachine merge upstream

[semd]

I have a conflicting PR #113046 but no worries I will sync mine when this one is merged

[jonathan-buttner]

Code changes look good. I tested this locally too 👍

One thing I did notice that is slightly different behavior than before is that a user can have cases read or all and not have security and they will not be able to access cases because the entire security plugin will be disabled.

This is slightly different from how it worked as a sub feature because it was not possible to grant cases privileges when the security privilege was set to none

The toggle is grayed out:

[XavierM]

@jonathan-buttner that's a valid point, let me see what I can do here and let me talk to @semd and see if we can register cases routes outside.

[semd]

@XavierM
About that:

@jonathan-buttner that's a valid point, let me see what I can do here and let me talk to @semd and see if we can register cases routes outside.

Currently, the Cases routes are defined outside the plugin, the SecuritySolutions and O11y plugins define the Cases routes and deep links, and then they import and render the Cases pages accordingly. This is something we'd like to change and define all the routes within the Cases plugin, so there is only one entry point, but right now it is the parent plugin responsibility.
In addition, we would need to implement the main app components and logic in Cases plugin to render it as a "standalone" plugin, which does not exist right now.

So, maybe another option would be to register and mount SecuritySolutions plugin anyway (even I am not sure how to do it), and have only the Cases pages visible, hiding the rest of the sections.

Or otherwise, keep the same precedence and not show Cases if Security is disabled, while we prepare the Cases plugin to be rendered alone. 🤷‍♂️

What do you think? @cnasikas

[jportner]

LGTM, a couple minor nits below.
Discussed offline that a follow-on PR will be submitted to deal with a user who has access to Cases but not the Security Solution.

[kibanamachine]

💛 Build succeeded, but was flaky

• continuous-integration/kibana-ci/pull-request
• Commit: 19897a7
• Storybooks Preview
• Documentation Changes
• Flaky suites:
  • xpack-securitySolutionCypressChrome

---

Test Failures

Kibana Pipeline / general / Should have the same query and open the timeline modal.Create a timeline from a template Should have the same query and open the timeline modal

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

CypressError: Timed out retrying after 60050ms: `cy.click()` failed because this element:

`<button class="euiButtonIcon euiButtonIcon--text euiButtonIcon--empty euiButtonIcon--xSmall" type="button" aria-label="All actions" data-test-subj="euiCollapsedItemActionsButton">...</button>`

is being covered by another element:

`<div class="euiFlexGroup euiFlexGroup--alignItemsCenter euiFlexGroup--directionRow euiFlexGroup--responsive" aria-label="You are in group 1">...</div>`

Fix this problem, or use {force: true} to disable error checking.

https://on.cypress.io/element-cannot-be-interacted-with
    at $Cy.ensureDescendents (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:160669:87)
    at ensureDescendents (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:147543:8)
    at ensureDescendentsAndScroll (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:147550:14)
    at ensureElIsNotCovered (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:147684:5)
    at runAllChecks (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:147871:52)
    at retryActionability (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:147894:16)
    at tryCatcher (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:13212:23)
    at Function.Promise.attempt.Promise.try (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:10486:29)
    at tryFn (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:165329:61)
    at whenStable (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:165368:14)
    at http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:164855:18
    at tryCatcher (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:13212:23)
    at Promise._settlePromiseFromHandler (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:11147:31)
    at Promise._settlePromise (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:11204:18)
    at Promise._settlePromise0 (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:11249:10)
    at Promise._settlePromises (http://elastic:changeme@localhost:61161/__cypress/runner/cypress_runner.js:11329:18)
From Your Spec Code:
    at Object.expandEventAction (http://localhost:61161/__cypress/tests?p=cypress/integration/timelines/creation.spec.ts:17235:61)
    at Context.eval (http://localhost:61161/__cypress/tests?p=cypress/integration/timelines/creation.spec.ts:15613:24)

---

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	4.3MB	4.3MB	-83.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
securitySolution	109.8KB	109.9KB	+64.0B

History

• 💚 Build #155740 succeeded 620e616d97be0892a98801a040a3363ce5ec0a6d
• 💚 Build #155575 succeeded d4d1575
• 💔 Build #155566 failed 2643199
• 💔 Build #155472 failed 7ac2d5b
• 💔 Build #155443 failed adbea89

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[kibanamachine]

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create backports run node scripts/backport --pr 112980 or prevent reminders by adding the backport:skip label.

[kibanamachine]

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create backports run node scripts/backport --pr 112980 or prevent reminders by adding the backport:skip label.