pgayvallet
diff --git a/‎.buildkite/ftr_security_serverless_configs.yml‎
Lines changed: 2 additions & 4 deletions b/‎.buildkite/ftr_security_serverless_configs.yml‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎.buildkite/ftr_security_stateful_configs.yml‎
Lines changed: 6 additions & 0 deletions b/‎.buildkite/ftr_security_stateful_configs.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/constants.ts‎
Lines changed: 5 additions & 1 deletion b/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/constants.ts‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/attack_discovery/routes/internal/privileges/get_missing_privileges.gen.ts‎
Lines changed: 39 additions & 0 deletions b/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/attack_discovery/routes/internal/privileges/get_missing_privileges.gen.ts‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/attack_discovery/routes/internal/privileges/get_missing_privileges.schema.yaml‎
Lines changed: 56 additions & 0 deletions b/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/attack_discovery/routes/internal/privileges/get_missing_privileges.schema.yaml‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/index.ts‎
Lines changed: 1 addition & 0 deletions b/‎x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/schemas/index.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎x-pack/solutions/security/plugins/elastic_assistant/server/__mocks__/request.ts‎
Lines changed: 7 additions & 0 deletions b/‎x-pack/solutions/security/plugins/elastic_assistant/server/__mocks__/request.ts‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎x-pack/solutions/security/plugins/elastic_assistant/server/routes/attack_discovery/privileges/get_missing_privileges.test.ts‎
Lines changed: 222 additions & 0 deletions b/‎x-pack/solutions/security/plugins/elastic_assistant/server/routes/attack_discovery/privileges/get_missing_privileges.test.ts‎
Lines changed: 222 additions & 0 deletions
@@ -111,13 +111,11 @@ enabled:
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/nlp_cleanup_task/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/nlp_cleanup_task/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/startup/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/schedules/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/privileges/trial_license_complete_tier/configs/serverless.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/privileges/basic_license_essentials_tier/configs/serverless.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/schedules/trial_license_complete_tier/configs/serverless.config.ts
-  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/schedules/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/schedules/basic_license_essentials_tier/configs/serverless.config.ts
-  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/conversations/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/conversations/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/basic_license_essentials_tier/configs/serverless.config.ts
 
@@ -95,6 +95,12 @@ enabled:
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/telemetry/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/telemetry/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/user_roles/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/knowledge_base/entries/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/privileges/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/privileges/basic_license_essentials_tier/configs/ess.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/schedules/trial_license_complete_tier/configs/ess.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/attack_discovery/schedules/basic_license_essentials_tier/configs/ess.config.ts
+  - x-pack/solutions/security/test/security_solution_api_integration/test_suites/genai/conversations/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/basic_license_essentials_tier/configs/ess.config.ts
   - x-pack/solutions/security/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/configs/ess.config.ts
 
@@ -105,9 +105,13 @@ export const ATTACK_DISCOVERY_SCHEDULES_BY_ID_DISABLE =
   `${ATTACK_DISCOVERY_SCHEDULES}/{id}/_disable` as const;
 export const ATTACK_DISCOVERY_SCHEDULES_FIND = `${ATTACK_DISCOVERY_SCHEDULES}/_find` as const;
 
-// Attack discovery internal API (depreciated)
+// Attack discovery internal API
 export const ATTACK_DISCOVERY_INTERNAL =
   `${ELASTIC_AI_ASSISTANT_INTERNAL_URL}/attack_discovery` as const;
+export const ATTACK_DISCOVERY_INTERNAL_MISSING_PRIVILEGES =
+  `${ATTACK_DISCOVERY_INTERNAL}/_missing_privileges` as const;
+
+// Attack discovery internal API (depreciated)
 export const ATTACK_DISCOVERY_INTERNAL_BULK = `${ATTACK_DISCOVERY_INTERNAL}/_bulk` as const;
 export const ATTACK_DISCOVERY_INTERNAL_FIND = `${ATTACK_DISCOVERY_INTERNAL}/_find` as const;
 export const ATTACK_DISCOVERY_GENERATIONS_INTERNAL =
 
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Get Attack discovery indices missing privileges - Internal API endpoint
+ *   version: 1
+ */
+
+import { z } from '@kbn/zod';
+
+export type AttackDiscoveryMissingPrivileges = z.infer<typeof AttackDiscoveryMissingPrivileges>;
+export const AttackDiscoveryMissingPrivileges = z.object({
+  /**
+   * The index name of the privilege missing
+   */
+  index_name: z.string(),
+  /**
+   * The index privileges level missing
+   */
+  privileges: z.array(z.string()),
+});
+
+/**
+ * The missing index privileges required for Attack discovery
+ */
+export type GetAttackDiscoveryMissingPrivilegesInternalResponse = z.infer<
+  typeof GetAttackDiscoveryMissingPrivilegesInternalResponse
+>;
+export const GetAttackDiscoveryMissingPrivilegesInternalResponse = z.array(
+  AttackDiscoveryMissingPrivileges
+);
@@ -0,0 +1,56 @@
+openapi: 3.0.0
+info:
+  title: Get Attack discovery indices missing privileges - Internal API endpoint
+  version: '1'
+paths:
+  /internal/elastic_assistant/attack_discovery/_missing_privileges:
+    get:
+      x-codegen-enabled: true
+      x-labels: [ess, serverless]
+      operationId: GetAttackDiscoveryMissingPrivilegesInternal
+      description: Identifies the privileges required for Attack discovery and returns the missing privileges
+      summary: Retrieves the missing privileges for Attack discovery
+      deprecated: true
+      tags:
+        - attack_discovery
+        - attack_discovery_missing_privileges
+      responses:
+        200:
+          description: Indicates privileges have been retrieved correctly.
+          content:
+            application/json:
+              schema:
+                type: array
+                description: The missing index privileges required for Attack discovery
+                items:
+                  $ref: '#/components/schemas/AttackDiscoveryMissingPrivileges'
+        400:
+          description: Generic Error
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  statusCode:
+                    type: number
+                  error:
+                    type: string
+                  message:
+                    type: string
+
+components:
+  schemas:
+    AttackDiscoveryMissingPrivileges:
+      type: object
+      required:
+        - index_name
+        - privileges
+      properties:
+        index_name:
+          type: string
+          description: The index name of the privilege missing
+        privileges:
+          type: array
+          items:
+            type: string
+          description: The index privileges level missing
@@ -32,6 +32,7 @@ export * from './attack_discovery/routes/internal/get/get_attack_discovery_gener
 export * from './attack_discovery/routes/internal/post/post_attack_discovery_generations_dismiss.route.gen';
 export * from './attack_discovery/routes/internal/schedules/find_attack_discovery_schedules_route.gen';
 export * from './attack_discovery/routes/internal/schedules/schedules.gen';
+export * from './attack_discovery/routes/internal/privileges/get_missing_privileges.gen';
 
 export { AttackDiscoveryApiSchedule } from './attack_discovery/routes/public/schedules/schedules_api.gen';
 
 
@@ -52,6 +52,7 @@ import {
   ELASTIC_AI_ASSISTANT_PROMPTS_URL_BULK_ACTION,
   ELASTIC_AI_ASSISTANT_PROMPTS_URL_FIND,
   ELASTIC_AI_ASSISTANT_SECURITY_AI_PROMPTS_URL_FIND,
+  ATTACK_DISCOVERY_INTERNAL_MISSING_PRIVILEGES,
 } from '@kbn/elastic-assistant-common';
 import {
   getAppendConversationMessagesSchemaMock,
@@ -332,6 +333,12 @@ export const postDefendInsightsRequest = (body: DefendInsightsPostRequestBody) =
     body,
   });
 
+export const getAttackDiscoveryMissingPrivilegesRequest = () =>
+  requestMock.create({
+    method: 'get',
+    path: ATTACK_DISCOVERY_INTERNAL_MISSING_PRIVILEGES,
+  });
+
 export const findAttackDiscoverySchedulesRequest = () =>
   requestMock.create({
     method: 'get',
 
@@ -0,0 +1,222 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { KibanaRequest } from '@kbn/core-http-server';
+import { httpServiceMock, httpServerMock } from '@kbn/core-http-server-mocks';
+import type { SecurityHasPrivilegesResponse } from '@elastic/elasticsearch/lib/api/types';
+
+import { getMissingIndexPrivilegesInternalRoute } from './get_missing_privileges';
+import * as helpers from '../../helpers';
+import type { AttackDiscoveryDataClient } from '../../../lib/attack_discovery/persistence';
+import { mockAuthenticatedUser } from '../../../__mocks__/mock_authenticated_user';
+import { requestContextMock } from '../../../__mocks__/request_context';
+
+const { context: mockContext } = requestContextMock.createTools();
+
+describe('getMissingIndexPrivilegesInternalRoute', () => {
+  let router: ReturnType<typeof httpServiceMock.createRouter>;
+  let mockRequest: Partial<KibanaRequest<unknown, unknown, unknown>>;
+  let mockResponse: ReturnType<typeof httpServerMock.createResponseFactory>;
+  let mockDataClient: {
+    spaceId: string;
+    getAdHocAlertsIndexPattern: jest.Mock;
+  };
+  let addVersionMock: jest.Mock;
+  let getHandler: (ctx: unknown, req: unknown, res: unknown) => Promise<unknown>;
+  let mockEsClient: {
+    security: {
+      hasPrivileges: jest.Mock;
+    };
+  };
+
+  const scheduledIndexPattern = '.alerts-security.attack.discovery.alerts-default';
+  const adhocIndexPattern = '.internal.alerts-security.alerts-attack-discovery-adhoc-default';
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    router = httpServiceMock.createRouter();
+    mockDataClient = {
+      spaceId: 'default',
+      getAdHocAlertsIndexPattern: jest.fn().mockReturnValue(adhocIndexPattern),
+    };
+    mockContext.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(
+      mockDataClient as unknown as AttackDiscoveryDataClient
+    );
+    mockRequest = {};
+    mockResponse = httpServerMock.createResponseFactory();
+    jest
+      .spyOn(helpers, 'performChecks')
+      .mockResolvedValue({ isSuccess: true, currentUser: mockAuthenticatedUser });
+
+    mockEsClient = {
+      security: {
+        hasPrivileges: jest.fn(),
+      },
+    };
+    (mockContext.core.elasticsearch.client.asCurrentUser as unknown) = mockEsClient;
+
+    addVersionMock = jest.fn();
+    (router.versioned.get as jest.Mock).mockReturnValue({ addVersion: addVersionMock });
+    getMissingIndexPrivilegesInternalRoute(router as never);
+    getHandler = addVersionMock.mock.calls[0][1];
+  });
+
+  it('returns 200 and an empty array when all privileges are present', async () => {
+    const mockPrivilegesResponse: SecurityHasPrivilegesResponse = {
+      username: 'elastic',
+      has_all_requested: true,
+      cluster: {},
+      index: {
+        [scheduledIndexPattern]: {
+          read: true,
+          write: true,
+          view_index_metadata: true,
+          maintenance: true,
+        },
+        [adhocIndexPattern]: {
+          read: true,
+          write: true,
+          view_index_metadata: true,
+          maintenance: true,
+        },
+      },
+      application: {},
+    };
+    mockEsClient.security.hasPrivileges.mockResolvedValue({ body: mockPrivilegesResponse });
+
+    await getHandler(mockContext, mockRequest, mockResponse);
+
+    expect(mockResponse.ok).toHaveBeenCalledWith({
+      body: [],
+    });
+  });
+
+  it('returns 200 and missing privileges for the scheduled index', async () => {
+    const mockPrivilegesResponse: SecurityHasPrivilegesResponse = {
+      username: 'elastic',
+      has_all_requested: false,
+      cluster: {},
+      index: {
+        [scheduledIndexPattern]: {
+          read: true,
+          write: false,
+          view_index_metadata: true,
+          maintenance: false,
+        },
+        [adhocIndexPattern]: {
+          read: true,
+          write: true,
+          view_index_metadata: true,
+          maintenance: true,
+        },
+      },
+      application: {},
+    };
+    mockEsClient.security.hasPrivileges.mockResolvedValue({ body: mockPrivilegesResponse });
+
+    await getHandler(mockContext, mockRequest, mockResponse);
+
+    expect(mockResponse.ok).toHaveBeenCalledWith({
+      body: [
+        {
+          index_name: scheduledIndexPattern,
+          privileges: ['write', 'maintenance'],
+        },
+      ],
+    });
+  });
+
+  it('returns 200 and missing privileges for both indices', async () => {
+    const mockPrivilegesResponse: SecurityHasPrivilegesResponse = {
+      username: 'elastic',
+      has_all_requested: false,
+      cluster: {},
+      index: {
+        [scheduledIndexPattern]: {
+          read: false,
+          write: false,
+          view_index_metadata: true,
+          maintenance: true,
+        },
+        [adhocIndexPattern]: {
+          read: true,
+          write: true,
+          view_index_metadata: false,
+          maintenance: false,
+        },
+      },
+      application: {},
+    };
+    mockEsClient.security.hasPrivileges.mockResolvedValue({ body: mockPrivilegesResponse });
+
+    await getHandler(mockContext, mockRequest, mockResponse);
+
+    expect(mockResponse.ok).toHaveBeenCalledWith({
+      body: [
+        {
+          index_name: scheduledIndexPattern,
+          privileges: ['read', 'write'],
+        },
+        {
+          index_name: adhocIndexPattern,
+          privileges: ['view_index_metadata', 'maintenance'],
+        },
+      ],
+    });
+  });
+
+  it('returns 500 if the data client is not initialized', async () => {
+    mockContext.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValueOnce(null);
+
+    await getHandler(mockContext, mockRequest, mockResponse);
+
+    expect(mockResponse.custom).toHaveBeenCalledWith({
+      body: Buffer.from(
+        JSON.stringify({
+          message: 'Attack discovery data client not initialized',
+          status_code: 500,
+        })
+      ),
+      headers: expect.any(Object),
+      statusCode: 500,
+    });
+  });
+
+  it('returns an error when performChecks fails', async () => {
+    (helpers.performChecks as jest.Mock).mockResolvedValueOnce({
+      isSuccess: false,
+      response: { status: 403, payload: { message: 'Forbidden' } },
+    });
+
+    const result = await getHandler(mockContext, mockRequest, mockResponse);
+
+    expect(result).toEqual({ status: 403, payload: { message: 'Forbidden' } });
+  });
+
+  describe('when hasPrivileges throws', () => {
+    const thrownError = new Error('fail!');
+
+    beforeEach(() => {
+      mockEsClient.security.hasPrivileges.mockRejectedValueOnce(thrownError);
+    });
+
+    it('includes the error message in the response body', async () => {
+      await getHandler(mockContext, mockRequest, mockResponse);
+      const customCall = mockResponse.custom?.mock.calls[0]?.[0];
+      const bodyString = customCall && customCall.body ? customCall.body.toString() : '';
+
+      expect(bodyString).toContain(thrownError.message);
+    });
+
+    it('returns status code 500', async () => {
+      await getHandler(mockContext, mockRequest, mockResponse);
+      const customCall = mockResponse.custom?.mock.calls[0]?.[0];
+
+      expect(customCall.statusCode).toBe(500);
+    });
+  });
+});