n8n/packages/nodes-base/nodes/Elastic/ElasticSecurity/ElasticSecurity.node.ts
Jan Oberhauser 0da398b0e4
Nodes as JSON and authentication redesign (#2401)
*  change FE to handle new object type

* 🚸 improve UX of handling invalid credentials

* 🚧 WIP

* 🎨 fix typescript issues

* 🐘 add migrations for all supported dbs

* ✏️ add description to migrations

*  add credential update on import

*  resolve after merge issues

* 👕 fix lint issues

*  check credentials on workflow create/update

* update interface

* 👕 fix ts issues

*  adaption to new credentials UI

* 🐛 intialize cache on BE for credentials check

* 🐛 fix undefined oldCredentials

* 🐛 fix deleting credential

* 🐛 fix check for undefined keys

* 🐛 fix disabling edit in execution

* 🎨 just show credential name on execution view

* ✏️  remove TODO

*  implement review suggestions

*  add cache to getCredentialsByType

*  use getter instead of cache

* ✏️ fix variable name typo

* 🐘 include waiting nodes to migrations

* 🐛 fix reverting migrations command

*  update typeorm command

*  create db:revert command

* 👕 fix lint error

*  Add optional authenticate method to credentials

*  Simplify code and add authentication support to MattermostApi

* 👕 Fix lint issue

*  Add support to own-mode

* 👕 Fix lint issue

*  Add support for predefined auth types bearer and headerAuth

*  Make sure that DateTime Node always returns strings

*  Add support for moment types to If Node

*  Make it possible for HTTP Request Node to use all credential types

*  Add basicAuth support

* Add a new dropcontact node

*  First basic implementation of mainly JSON based nodes

*  Add fixedCollection support, added value parameter and
expression support for value and property

* Improvements to #2389

*  Add credentials verification

*  Small improvement

*  set default time to 45 seconds

*  Add support for preSend and postReceive methods

*  Add lodash merge and set depedency to workflow

* 👕 Fix lint issue

*  Improvements

*  Improvements

*  Improvements

*  Improvements

*  Improvements

* 🐛 Set siren and language correctly

*  Add support for requestDefaults

*  Add support for baseURL to httpRequest

*  Move baseURL to correct location

*  Add support for options loading

* 🐛 Fix error with fullAccess nodes

*  Add credential test functionality

* 🐛 Fix issue with OAuth autentication and lint issue

*  Fix build issue

* 🐛 Fix issue that url got always overwritten to empty

*  Add pagination support

*  Code fix required after merge

*  Remove not needed imports

*  Fix credential test

*  Add expression support for request properties and $self
support on properties

*  Rename $self to $value

* 👕 Fix lint issue

*  Add example how to send data in path

*  Make it possible to not sent in dot notation

*  Add support for postReceive:rootProperty

*  Fix typo

*  Add support for postReceive:set

*  Some fixes

*  Small improvement

* ;zap: Separate RoutingNode code

*  Simplify code and fix bug

*  Remove unused code

*  Make it possible to define "request" and "requestProperty" on
options

* 👕 Fix lint issue

*  Change $credentials variables name

*  Enable expressions and access to credentials in requestDefaults

*  Make parameter option loading use RoutingNode.makeRoutingRequest

*  Allow requestOperations overwrite on LoadOptions

*  Make it possible to access current node parameters in loadOptions

*  Rename parameters variable to make future proof

*  Make it possible to use offset-pagination with body

*  Add support for queryAuth

*  Never return more items than requested

*  Make it possible to overwrite requestOperations on parameter
and option level

* 👕 Fix lint issue

*  Allow simplified auth also with regular nodes

*  Add support for receiving binary data

* 🐛 Fix example node

*  Rename property "name" to "displayName" in loadOptions

*  Send data by default as "query" if nothing is set

*  Rename $self to $parent

*  Change to work with INodeExecutionData instead of IDataObject

*  Improve binaryData handling

*  Property design improvements

*  Fix property name

* 🚨 Add some tests

*  Add also test for request

*  Improve test and fix issues

*  Improvements to loadOptions

*  Normalize loadOptions with rest of code

*  Add info text

*  Add support for $value in postReceive

* 🚨 Add tests for RoutingNode.runNode

*  Remove TODOs and make url property optional

*  Fix bug and lint issue

* 🐛 Fix bug that not the correct property got used

* 🚨 Add tests for CredentialsHelper.authenticate

*  Improve code and resolve expressions also everywhere for
loadOptions and credential test requests

*  Make it possible to define multiple preSend and postReceive
actions

*  Allow to define tests on credentials

*  Remove test data

* ⬆️ Update package-lock.json file

*  Remove old not longer used code

Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
Co-authored-by: Mutasem <mutdmour@gmail.com>
Co-authored-by: PaulineDropcontact <pauline@dropcontact.io>
Co-authored-by: ricardo <ricardoespinoza105@gmail.com>
2022-02-05 22:55:43 +01:00

625 lines
18 KiB
TypeScript

import {
IExecuteFunctions,
} from 'n8n-core';
import {
ICredentialsDecrypted,
ICredentialTestFunctions,
IDataObject,
ILoadOptionsFunctions,
INodeCredentialTestResult,
INodeExecutionData,
INodePropertyOptions,
INodeType,
INodeTypeDescription,
NodeOperationError,
} from 'n8n-workflow';
import {
elasticSecurityApiRequest,
getConnector,
getVersion,
handleListing,
throwOnEmptyUpdate,
tolerateTrailingSlash,
} from './GenericFunctions';
import {
caseCommentFields,
caseCommentOperations,
caseFields,
caseOperations,
caseTagFields,
caseTagOperations,
connectorFields,
connectorOperations,
} from './descriptions';
import {
Connector,
ConnectorCreatePayload,
ConnectorType,
ElasticSecurityApiCredentials,
} from './types';
import {
OptionsWithUri,
} from 'request';
export class ElasticSecurity implements INodeType {
description: INodeTypeDescription = {
displayName: 'Elastic Security',
name: 'elasticSecurity',
icon: 'file:elasticSecurity.svg',
group: ['transform'],
version: 1,
subtitle: '={{$parameter["operation"] + ": " + $parameter["resource"]}}',
description: 'Consume the Elastic Security API',
defaults: {
name: 'Elastic Security',
},
inputs: ['main'],
outputs: ['main'],
credentials: [
{
name: 'elasticSecurityApi',
required: true,
testedBy: 'elasticSecurityApiTest',
},
],
properties: [
{
displayName: 'Resource',
name: 'resource',
noDataExpression: true,
type: 'options',
options: [
{
name: 'Case',
value: 'case',
},
{
name: 'Case Comment',
value: 'caseComment',
},
{
name: 'Case Tag',
value: 'caseTag',
},
{
name: 'Connector',
value: 'connector',
},
],
default: 'case',
},
...caseOperations,
...caseFields,
...caseCommentOperations,
...caseCommentFields,
...caseTagOperations,
...caseTagFields,
...connectorOperations,
...connectorFields,
],
};
methods = {
loadOptions: {
async getTags(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
const tags = await elasticSecurityApiRequest.call(this, 'GET', '/cases/tags') as string[];
return tags.map(tag => ({ name: tag, value: tag }));
},
async getConnectors(this: ILoadOptionsFunctions): Promise<INodePropertyOptions[]> {
const endpoint = '/cases/configure/connectors/_find';
const connectors = await elasticSecurityApiRequest.call(this, 'GET', endpoint) as Connector[];
return connectors.map(({ name, id }) => ({ name, value: id }));
},
},
credentialTest: {
async elasticSecurityApiTest(
this: ICredentialTestFunctions,
credential: ICredentialsDecrypted,
): Promise<INodeCredentialTestResult> {
const {
username,
password,
baseUrl: rawBaseUrl,
} = credential.data as ElasticSecurityApiCredentials;
const baseUrl = tolerateTrailingSlash(rawBaseUrl);
const token = Buffer.from(`${username}:${password}`).toString('base64');
const endpoint = '/cases/status';
const options: OptionsWithUri = {
headers: {
Authorization: `Basic ${token}`,
'kbn-xsrf': true,
},
method: 'GET',
body: {},
qs: {},
uri: `${baseUrl}/api${endpoint}`,
json: true,
};
try {
await this.helpers.request(options);
return {
status: 'OK',
message: 'Authentication successful',
};
} catch (error) {
return {
status: 'Error',
message: error.message,
};
}
},
},
};
async execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]> {
const items = this.getInputData();
const returnData: IDataObject[] = [];
const resource = this.getNodeParameter('resource', 0) as string;
const operation = this.getNodeParameter('operation', 0) as string;
let responseData;
for (let i = 0; i < items.length; i++) {
try {
if (resource === 'case') {
// **********************************************************************
// case
// **********************************************************************
if (operation === 'create') {
// ----------------------------------------
// case: create
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-create.html
const body = {
title: this.getNodeParameter('title', i),
connector: {},
owner: 'securitySolution',
description: '',
tags: [], // set via `caseTag: add` but must be present
settings: {
syncAlerts: this.getNodeParameter('additionalFields.syncAlerts', i, false),
},
} as IDataObject;
const connectorId = this.getNodeParameter('connectorId', i) as ConnectorType;
const {
id: fetchedId,
name: fetchedName,
type: fetchedType,
} = await getConnector.call(this, connectorId);
const selectedConnectorType = this.getNodeParameter('connectorType', i) as ConnectorType;
if (fetchedType !== selectedConnectorType) {
throw new NodeOperationError(
this.getNode(),
'Connector Type does not match the type of the connector in Connector Name',
);
}
const connector = {
id: fetchedId,
name: fetchedName,
type: fetchedType,
fields: {},
};
if (selectedConnectorType === '.jira') {
connector.fields = {
issueType: this.getNodeParameter('issueType', i),
priority: this.getNodeParameter('priority', i),
parent: null, // required but unimplemented
};
} else if (selectedConnectorType === '.servicenow') {
connector.fields = {
urgency: this.getNodeParameter('urgency', i),
severity: this.getNodeParameter('severity', i),
impact: this.getNodeParameter('impact', i),
category: this.getNodeParameter('category', i),
subcategory: null, // required but unimplemented
};
} else if (selectedConnectorType === '.resilient') {
const rawIssueTypes = this.getNodeParameter('issueTypes', i) as string;
connector.fields = {
issueTypes: rawIssueTypes.split(',').map(Number),
severityCode: this.getNodeParameter('severityCode', i) as number,
incidentTypes: null, // required but undocumented
};
}
body.connector = connector;
const {
syncAlerts, // ignored because already set
...rest
} = this.getNodeParameter('additionalFields', i) as IDataObject;
if (Object.keys(rest).length) {
Object.assign(body, rest);
}
responseData = await elasticSecurityApiRequest.call(this, 'POST', '/cases', body);
} else if (operation === 'delete') {
// ----------------------------------------
// case: delete
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-delete-case.html
const caseId = this.getNodeParameter('caseId', i);
await elasticSecurityApiRequest.call(this, 'DELETE', `/cases?ids=["${caseId}"]`);
responseData = { success: true };
} else if (operation === 'get') {
// ----------------------------------------
// case: get
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-get-case.html
const caseId = this.getNodeParameter('caseId', i);
responseData = await elasticSecurityApiRequest.call(this, 'GET', `/cases/${caseId}`);
} else if (operation === 'getAll') {
// ----------------------------------------
// case: getAll
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-find-cases.html
const qs = {} as IDataObject;
const {
tags,
status,
} = this.getNodeParameter('filters', i) as IDataObject & { tags: string[], status: string };
const sortOptions = this.getNodeParameter('sortOptions', i) as IDataObject;
qs.sortField = sortOptions.sortField ?? 'createdAt';
qs.sortOrder = sortOptions.sortOrder ?? 'asc';
if (status) {
qs.status = status;
}
if (tags?.length) {
qs.tags = tags.join(',');
}
responseData = await handleListing.call(this, 'GET', '/cases/_find', {}, qs);
} else if (operation === 'getStatus') {
// ----------------------------------------
// case: getStatus
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-get-status.html
responseData = await elasticSecurityApiRequest.call(this, 'GET', '/cases/status');
} else if (operation === 'update') {
// ----------------------------------------
// case: update
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-update.html
const caseId = this.getNodeParameter('caseId', i);
const body = {} as IDataObject;
const updateFields = this.getNodeParameter('updateFields', i) as IDataObject;
if (!Object.keys(updateFields).length) {
throwOnEmptyUpdate.call(this, resource);
}
const { syncAlerts, ...rest } = updateFields;
Object.assign(body, {
cases: [
{
id: caseId,
version: await getVersion.call(this, `/cases/${caseId}`),
...(syncAlerts && { settings: { syncAlerts } }),
...rest,
},
],
});
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', '/cases', body);
}
} else if (resource === 'caseTag') {
// **********************************************************************
// caseTag
// **********************************************************************
if (operation === 'add') {
// ----------------------------------------
// caseTag: add
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-create.html
const caseId = this.getNodeParameter('caseId', i);
const {
title,
connector,
owner,
description,
settings,
tags,
} = await elasticSecurityApiRequest.call(this, 'GET', `/cases/${caseId}`);
const tagToAdd = this.getNodeParameter('tag', i);
if (tags.includes(tagToAdd)) {
throw new NodeOperationError(
this.getNode(),
`Cannot add tag "${tagToAdd}" to case ID ${caseId} because this case already has this tag.`,
);
}
const body = {};
Object.assign(body, {
cases: [
{
id: caseId,
title,
connector,
owner,
description,
settings,
version: await getVersion.call(this, `/cases/${caseId}`),
tags: [...tags, tagToAdd],
},
],
});
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', '/cases', body);
} else if (operation === 'remove') {
// https://www.elastic.co/guide/en/security/current/cases-api-update.html
const caseId = this.getNodeParameter('caseId', i);
const tagToRemove = this.getNodeParameter('tag', i) as string;
const {
title,
connector,
owner,
description,
settings,
tags,
} = await elasticSecurityApiRequest.call(this, 'GET', `/cases/${caseId}`) as IDataObject & { tags: string[] };
if (!tags.includes(tagToRemove)) {
throw new NodeOperationError(this.getNode(), `Cannot remove tag "${tagToRemove}" from case ID ${caseId} because this case does not have this tag.`);
}
const body = {};
Object.assign(body, {
cases: [
{
id: caseId,
title,
connector,
owner,
description,
settings,
version: await getVersion.call(this, `/cases/${caseId}`),
tags: tags.filter((tag) => tag !== tagToRemove),
},
],
});
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', '/cases', body);
}
} else if (resource === 'caseComment') {
// **********************************************************************
// caseComment
// **********************************************************************
if (operation === 'add') {
// ----------------------------------------
// caseComment: add
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-add-comment.html
const simple = this.getNodeParameter('simple', i) as boolean;
const additionalFields = this.getNodeParameter('additionalFields', i) as IDataObject;
const body = {
comment: this.getNodeParameter('comment', i),
type: 'user',
owner: additionalFields.owner || 'securitySolution',
} as IDataObject;
const caseId = this.getNodeParameter('caseId', i);
const endpoint = `/cases/${caseId}/comments`;
responseData = await elasticSecurityApiRequest.call(this, 'POST', endpoint, body);
if (simple === true) {
const { comments } = responseData;
responseData = comments[comments.length - 1];
}
} else if (operation === 'get') {
// ----------------------------------------
// caseComment: get
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-get-comment.html
const caseId = this.getNodeParameter('caseId', i);
const commentId = this.getNodeParameter('commentId', i);
const endpoint = `/cases/${caseId}/comments/${commentId}`;
responseData = await elasticSecurityApiRequest.call(this, 'GET', endpoint);
} else if (operation === 'getAll') {
// ----------------------------------------
// caseComment: getAll
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-get-all-case-comments.html
const caseId = this.getNodeParameter('caseId', i);
const endpoint = `/cases/${caseId}/comments`;
responseData = await handleListing.call(this, 'GET', endpoint);
} else if (operation === 'remove') {
// ----------------------------------------
// caseComment: remove
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-delete-comment.html
const caseId = this.getNodeParameter('caseId', i);
const commentId = this.getNodeParameter('commentId', i);
const endpoint = `/cases/${caseId}/comments/${commentId}`;
await elasticSecurityApiRequest.call(this, 'DELETE', endpoint);
responseData = { success: true };
} else if (operation === 'update') {
// ----------------------------------------
// caseComment: update
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/cases-api-update-comment.html
const simple = this.getNodeParameter('simple', i) as boolean;
const caseId = this.getNodeParameter('caseId', i);
const commentId = this.getNodeParameter('commentId', i);
const body = {
comment: this.getNodeParameter('comment', i),
id: commentId,
type: 'user',
owner: 'securitySolution',
version: await getVersion.call(this, `/cases/${caseId}/comments/${commentId}`),
} as IDataObject;
const patchEndpoint = `/cases/${caseId}/comments`;
responseData = await elasticSecurityApiRequest.call(this, 'PATCH', patchEndpoint, body);
if (simple === true) {
const { comments } = responseData;
responseData = comments[comments.length - 1];
}
}
} else if (resource === 'connector') {
if (operation === 'create') {
// ----------------------------------------
// connector: create
// ----------------------------------------
// https://www.elastic.co/guide/en/security/current/register-connector.html
const connectorType = this.getNodeParameter('connectorType', i) as ConnectorType;
const body: ConnectorCreatePayload = {
connector_type_id: connectorType,
name: this.getNodeParameter('name', i) as string,
};
if (connectorType === '.jira') {
body.config = {
apiUrl: this.getNodeParameter('apiUrl', i) as string,
projectKey: this.getNodeParameter('projectKey', i) as string,
};
body.secrets = {
email: this.getNodeParameter('email', i) as string,
apiToken: this.getNodeParameter('apiToken', i) as string,
};
} else if (connectorType === '.resilient') {
body.config = {
apiUrl: this.getNodeParameter('apiUrl', i) as string,
orgId: this.getNodeParameter('orgId', i) as string,
};
body.secrets = {
apiKeyId: this.getNodeParameter('apiKeyId', i) as string,
apiKeySecret: this.getNodeParameter('apiKeySecret', i) as string,
};
} else if (connectorType === '.servicenow') {
body.config = {
apiUrl: this.getNodeParameter('apiUrl', i) as string,
};
body.secrets = {
username: this.getNodeParameter('username', i) as string,
password: this.getNodeParameter('password', i) as string,
};
}
responseData = await elasticSecurityApiRequest.call(this, 'POST', '/actions/connector', body);
}
}
Array.isArray(responseData)
? returnData.push(...responseData)
: returnData.push(responseData);
} catch (error) {
if (this.continueOnFail()) {
returnData.push({ error: error.message });
continue;
}
throw error;
}
}
return [this.helpers.returnJsonArray(returnData)];
}
}