[Cloud Security][CIS GCP]Migration for new fields

x-pack/plugins/fleet/server/saved_objects/index.ts

@@ -30,17 +30,14 @@ import {
   migratePackagePolicyToV8110,
 } from './migrations/security_solution/to_v8_11_0';
 
+import { migrateCspPackagePolicyToV8110 } from './migrations/cloud_security_posture';
+
 import { migrateOutputEvictionsFromV8100, migrateOutputToV8100 } from './migrations/to_v8_10_0';
 
 import { migrateSyntheticsPackagePolicyToV8100 } from './migrations/synthetics/to_v8_10_0';
 
 import { migratePackagePolicyEvictionsFromV8100 } from './migrations/security_solution/to_v8_10_0';
 
-import {
-  migratePackagePolicyEvictionsFromV81102,
-  migratePackagePolicyToV81102,
-} from './migrations/security_solution/to_v8_11_0_2';
-
 import {
   migrateAgentPolicyToV7100,
   migratePackagePolicyToV7100,
@@ -78,6 +75,10 @@ import {
 } from './migrations/security_solution';
 import { migratePackagePolicyToV880 } from './migrations/to_v8_8_0';
 import { migrateAgentPolicyToV890 } from './migrations/to_v8_9_0';
+import {
+  migratePackagePolicyToV81102,
+  migratePackagePolicyEvictionsFromV81102,
+} from './migrations/security_solution/to_v8_11_0_2';
 
 /*
  * Saved object types and mappings
@@ -346,6 +347,10 @@ const getSavedObjectTypes = (): { [key: string]: SavedObjectsType } => ({
             type: 'data_backfill',
             backfillFn: migratePackagePolicyToV81102,
           },
+          {
+            type: 'data_backfill',
+            backfillFn: migrateCspPackagePolicyToV8110,
+          },
         ],
         schemas: {
           forwardCompatibility: migratePackagePolicyEvictionsFromV81102,

x-pack/plugins/fleet/server/saved_objects/migrations/cloud_security_posture/index.ts

@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { migrateCspPackagePolicyToV8110 } from './to_v8_11_0';

x-pack/plugins/fleet/server/saved_objects/migrations/cloud_security_posture/to_v8_11_0.test.ts

@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObjectModelTransformationContext } from '@kbn/core-saved-objects-server';
+
+import { migrateCspPackagePolicyToV8110 as migration } from './to_v8_11_0';
+
+describe('8.11.0 Cloud Security Posture Package Policy migration', () => {
+  const policyDoc = (
+    accountType: string,
+    isAccountTypeCorrect: boolean,
+    packageName: string
+  ): any => {
+    return {
+      id: 'mock-saved-csp-object-id',
+      attributes: {
+        name: 'cloud_security_posture_test',
+        package: {
+          name: packageName,
+          title: '',
+          version: '',
+        },
+        id: 'ID_123',
+        policy_id: '',
+        enabled: true,
+        namespace: '',
+        revision: 0,
+        updated_at: '',
+        updated_by: '',
+        created_at: '',
+        created_by: '',
+        inputs: [
+          {
+            type: accountType,
+            enabled: true,
+            streams: [
+              {
+                vars: {
+                  ...(isAccountTypeCorrect && {
+                    'gcp.account_type': { value: 'single-account', type: 'text' },
+                  }),
+                },
+              },
+            ],
+            config: {},
+          },
+        ],
+      },
+      type: ' nested',
+    };
+  };
+
+  it('adds gcp.account_type to policy, set to single', () => {
+    const initialDoc = policyDoc('cloudbeat/cis_gcp', false, 'cloud_security_posture');
+    const migratedDoc = policyDoc('cloudbeat/cis_gcp', true, 'cloud_security_posture');
+    expect(migration(initialDoc, {} as SavedObjectModelTransformationContext)).toEqual({
+      attributes: migratedDoc.attributes,
+    });
+  });
+
+  it('if there are no type cloudbeat/cis_gcp, do not add gcp.account_type', () => {
+    const initialDoc = policyDoc('cloudbeat/cis_aws', false, 'cloud_security_posture');
+    const migratedDoc = policyDoc('cloudbeat/cis_aws', false, 'cloud_security_posture');
+    expect(migration(initialDoc, {} as SavedObjectModelTransformationContext)).toEqual({
+      attributes: migratedDoc.attributes,
+    });
+  });
+
+  it('if there are no cloud_security_posture package, do not change the doc', () => {
+    const initialDoc = policyDoc('cloudbeat/cis_gcp', false, 'NOT_cloud_security_posture');
+    const migratedDoc = policyDoc('cloudbeat/cis_gcp', false, 'NOT_cloud_security_posture');
+    expect(migration(initialDoc, {} as SavedObjectModelTransformationContext)).toEqual({
+      attributes: migratedDoc.attributes,
+    });
+  });
+});

x-pack/plugins/fleet/server/saved_objects/migrations/cloud_security_posture/to_v8_11_0.ts

@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { SavedObjectModelDataBackfillFn } from '@kbn/core-saved-objects-server';
+
+import type { PackagePolicy } from '../../../../common';
+
+export const migrateCspPackagePolicyToV8110: SavedObjectModelDataBackfillFn<
+  PackagePolicy,
+  PackagePolicy
+> = (packagePolicyDoc) => {
+  if (packagePolicyDoc.attributes.package?.name !== 'cloud_security_posture') {
+    return { attributes: packagePolicyDoc.attributes };
+  }
+
+  const updatedAttributes = packagePolicyDoc.attributes;
+
+  const gcpPackage = updatedAttributes.inputs.find((input) => input.type === 'cloudbeat/cis_gcp');
+
+  if (gcpPackage) {
+    const isGcpAccountTypeExists = gcpPackage.streams[0]?.vars?.hasOwnProperty('gcp.account_type');
+
+    if (!isGcpAccountTypeExists) {
+      const migratedPolicy = { 'gcp.account_type': { value: 'single-account', type: 'text' } };
+      gcpPackage.streams[0].vars = { ...(gcpPackage.streams[0].vars || {}), ...migratedPolicy };
+    }
+  }
+
+  return {
+    attributes: updatedAttributes,
+  };
+};