[8.x] [ResponseOps] Granular Connector RBAC (#203503)

src/platform/packages/shared/kbn-actions-types/action_types.ts

@@ -9,6 +9,11 @@
 
 import type { LicenseType } from '@kbn/licensing-plugin/common/types';
 
+export enum SUB_FEATURE {
+  endpointSecurity,
+}
+export type SubFeature = keyof typeof SUB_FEATURE;
+
 export interface ActionType {
   id: string;
   name: string;
@@ -18,4 +23,5 @@ export interface ActionType {
   minimumLicenseRequired: LicenseType;
   supportedFeatureIds: string[];
   isSystemActionType: boolean;
+  subFeature?: SubFeature;
 }

src/platform/packages/shared/kbn-alerts-ui-shared/src/common/apis/fetch_connector_types/transform_connector_types_response.test.ts

@@ -21,6 +21,7 @@ describe('transformConnectorTypesResponse', () => {
         minimum_license_required: 'basic',
         supported_feature_ids: ['stackAlerts'],
         is_system_action_type: true,
+        sub_feature: 'endpointSecurity',
       },
       {
         id: 'actionType2Id',
@@ -44,6 +45,7 @@ describe('transformConnectorTypesResponse', () => {
         minimumLicenseRequired: 'basic',
         supportedFeatureIds: ['stackAlerts'],
         isSystemActionType: true,
+        subFeature: 'endpointSecurity',
       },
       {
         id: 'actionType2Id',

src/platform/packages/shared/kbn-alerts-ui-shared/src/common/apis/fetch_connector_types/transform_connector_types_response.ts

@@ -15,13 +15,15 @@ const transformConnectorType: RewriteRequestCase<ActionType> = ({
   minimum_license_required: minimumLicenseRequired,
   supported_feature_ids: supportedFeatureIds,
   is_system_action_type: isSystemActionType,
+  sub_feature: subFeature,
   ...res
 }: AsApiContract<ActionType>) => ({
   enabledInConfig,
   enabledInLicense,
   minimumLicenseRequired,
   supportedFeatureIds,
   isSystemActionType,
+  subFeature,
   ...res,
 });
 

src/platform/packages/shared/kbn-alerts-ui-shared/src/common/types/action_types.ts

@@ -11,6 +11,7 @@ import type { ComponentType, ReactNode } from 'react';
 import type { RuleActionParam, ActionVariable } from '@kbn/alerting-types';
 import { IconType, RecursivePartial } from '@elastic/eui';
 import { PublicMethodsOf } from '@kbn/utility-types';
+import { SubFeature } from '@kbn/actions-types';
 import { TypeRegistry } from '../type_registry';
 import { RuleFormParamsErrors } from './rule_types';
 
@@ -130,6 +131,7 @@ export interface ActionTypeModel<ActionConfig = any, ActionSecrets = any, Action
   hideInUi?: boolean;
   modalWidth?: number;
   isSystemActionType?: boolean;
+  subFeature?: SubFeature;
 }
 
 export type ActionTypeRegistryContract<Connector = unknown, Params = unknown> = PublicMethodsOf<

x-pack/platform/packages/shared/kbn-elastic-assistant/impl/mock/connectors.ts

@@ -18,6 +18,7 @@ export const mockActionTypes = [
     minimumLicenseRequired: 'basic',
     isSystemActionType: true,
     supportedFeatureIds: ['generativeAI'],
+    subFeature: undefined,
   } as ActionType,
   {
     id: '.bedrock',
@@ -28,6 +29,7 @@ export const mockActionTypes = [
     minimumLicenseRequired: 'basic',
     isSystemActionType: true,
     supportedFeatureIds: ['generativeAI'],
+    subFeature: undefined,
   } as ActionType,
   {
     id: '.gemini',
@@ -38,6 +40,7 @@ export const mockActionTypes = [
     minimumLicenseRequired: 'basic',
     isSystemActionType: true,
     supportedFeatureIds: ['generativeAI'],
+    subFeature: undefined,
   } as ActionType,
 ];
 

x-pack/platform/plugins/shared/actions/common/connector_feature_config.ts

@@ -28,6 +28,14 @@ export const SecurityConnectorFeatureId = 'siem';
 export const GenerativeAIForSecurityConnectorFeatureId = 'generativeAIForSecurity';
 export const GenerativeAIForObservabilityConnectorFeatureId = 'generativeAIForObservability';
 export const GenerativeAIForSearchPlaygroundConnectorFeatureId = 'generativeAIForSearchPlayground';
+export const EndpointSecurityConnectorFeatureId = 'endpointSecurity';
+
+const compatibilityEndpointSecurity = i18n.translate(
+  'xpack.actions.availableConnectorFeatures.compatibility.endpointSecurity',
+  {
+    defaultMessage: 'Endpoint Security',
+  }
+);
 
 const compatibilityGenerativeAIForSecurity = i18n.translate(
   'xpack.actions.availableConnectorFeatures.compatibility.generativeAIForSecurity',
@@ -120,6 +128,12 @@ export const GenerativeAIForSearchPlaygroundFeature: ConnectorFeatureConfig = {
   compatibility: compatibilityGenerativeAIForSearchPlayground,
 };
 
+export const EndpointSecurityConnectorFeature: ConnectorFeatureConfig = {
+  id: EndpointSecurityConnectorFeatureId,
+  name: compatibilityEndpointSecurity,
+  compatibility: compatibilityEndpointSecurity,
+};
+
 const AllAvailableConnectorFeatures = {
   [AlertingConnectorFeature.id]: AlertingConnectorFeature,
   [CasesConnectorFeature.id]: CasesConnectorFeature,
@@ -128,6 +142,7 @@ const AllAvailableConnectorFeatures = {
   [GenerativeAIForSecurityFeature.id]: GenerativeAIForSecurityFeature,
   [GenerativeAIForObservabilityFeature.id]: GenerativeAIForObservabilityFeature,
   [GenerativeAIForSearchPlaygroundFeature.id]: GenerativeAIForSearchPlaygroundFeature,
+  [EndpointSecurityConnectorFeature.id]: EndpointSecurityConnectorFeature,
 };
 
 export function areValidFeatures(ids: string[]) {

x-pack/platform/plugins/shared/actions/common/routes/connector/response/schemas/v1.ts

@@ -97,6 +97,13 @@ export const connectorTypesResponseSchema = schema.object({
   is_system_action_type: schema.boolean({
     meta: { description: 'Indicates whether the action is a system action.' },
   }),
+  sub_feature: schema.maybe(
+    schema.oneOf([schema.literal('endpointSecurity')], {
+      meta: {
+        description: 'Indicates the sub-feature type the connector is grouped under.',
+      },
+    })
+  ),
 });
 
 export const connectorExecuteResponseSchema = schema.object({

x-pack/platform/plugins/shared/actions/common/routes/connector/response/types/v1.ts

@@ -41,6 +41,7 @@ export interface ConnectorTypesResponse {
   minimum_license_required: ConnectorTypesResponseSchemaType['minimum_license_required'];
   supported_feature_ids: ConnectorTypesResponseSchemaType['supported_feature_ids'];
   is_system_action_type: ConnectorTypesResponseSchemaType['is_system_action_type'];
+  sub_feature?: ConnectorTypesResponseSchemaType['sub_feature'];
 }
 
 type ConnectorExecuteResponseSchemaType = TypeOf<typeof connectorExecuteResponseSchema>;

x-pack/platform/plugins/shared/actions/common/types.ts

@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import { SUB_FEATURE } from '@kbn/actions-types';
 import { LicenseType } from '@kbn/licensing-plugin/common/types';
 import { TaskErrorSource } from '@kbn/task-manager-plugin/common';
 
@@ -15,6 +16,9 @@ export {
   SecurityConnectorFeatureId,
   GenerativeAIForSecurityConnectorFeatureId,
 } from './connector_feature_config';
+
+export type SubFeature = keyof typeof SUB_FEATURE;
+
 export interface ActionType {
   id: string;
   name: string;
@@ -24,6 +28,7 @@ export interface ActionType {
   minimumLicenseRequired: LicenseType;
   supportedFeatureIds: string[];
   isSystemActionType: boolean;
+  subFeature?: SubFeature;
 }
 
 export enum InvalidEmailReason {

x-pack/platform/plugins/shared/actions/server/action_type_registry.mock.ts

@@ -19,7 +19,8 @@ const createActionTypeRegistryMock = () => {
     isActionExecutable: jest.fn(),
     isSystemActionType: jest.fn(),
     getUtils: jest.fn(),
-    getSystemActionKibanaPrivileges: jest.fn(),
+    getActionKibanaPrivileges: jest.fn(),
+    hasSubFeature: jest.fn(),
   };
   return mocked;
 };