[Security Solution][Endpoint] Allow wildcard in trusted app paths

[ashokaditya]

Summary

Adds a dropdown for the path field to enable adding wildcards as well as adding specific paths for creating trusted apps.
See elastic/security-team/issues/543 for more details.

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

[dasansol92]

Few comments added but it looks awesome! 🔥 🔥

[elasticmachine]

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

[kevinlog]

@ashokaditya

checked it out and it looks great so far!

A couple things to call out:

1. We're saving the entry with matches, however the Endpoint should be reading the field as wildcard_caseless - does this value get set during artifact creation? cc/ @paul-tavares

2. In addition, I see that matches is being saved in the SO, but the UI still reflects is for the operator in the saved entry. I would imagine this should reflect the input and say matches

Similarly if I go to edit the entry, the operator is set to is where it should be matches

Let me know if you have any questions. The requirements in the original ticket may not have been clear enough on item 2, happy to adjust!

[ashokaditya]

@elasticmachine merge upstream

[paul-tavares]

Left some comments. Looking good :)

[marshallmain]

Changes to the shared exception list types look great! Thanks for all the hard work on this 😄

@ashokaditya, @yctercero, and I met today to discuss how the detection engine exception UI should handle the addition of wildcard entries. Until now, the exceptions UI has been built on the assumption that it supports all entry types, however the addition of wildcard entries means this is no longer true. We hope to add wildcard entry support in the detection exceptions UI at some point, so we settled on continuing to use the complete entry-type-union (EntriesArray) as a static type in the exceptions UI and we'll simply hide the wildcard option until we implement it.

The alternative option was decoupling the exceptions UI from the list of all entry types by adding a new union that contains only the subset of entry types supported by detection exceptions. However, that refactoring effort was deemed to be too significant to include in this PR. Long term, if we need entry types that are specific to trusted apps (i.e. detections will never support them) we should consider decoupling the exceptions UI to make it easier to add new entry types.

[yctercero]

LGTM! Just had some small comments about removing some type casts. I don't know the ins and outs of the trusted apps logic, so focused mainly on the exception type changes and testing basic functionality.

Not sure if a ticket already exists, but would be great to have a ticket to reference for the work needed detections side to hide this operator for now in UI and add a check API side to throw if a wildcard entry is trying to be added to a detection type exception list.

Just to note: I think @marshallmain point of decoupling types and creating unions could be a really good idea. I know we discussed it over zoom and it's definitely something to keep in mind for the larger discussions around exceptions refactoring, but I think it would add a whole lot of changes were we to jump to that right now.

[paul-tavares]

🔥 🔥
Left just a minor comment, but it should not hold merging this in.

Awesome job on this

[paul-tavares]

I suggest that this be a function instead of object definition in order to ensure they are not mutated.
Also - are these for testing? if so, I would also suggest moving them to a file (or directory) whose name as "test" in it. like test_utils.ts

[ashokaditya]

Ah, I see your point with the mutation. I would change this to a function. Although, I'm just reusing the same text values within the getPlaceholderText function and also within the unit tests and thus I believe it is not necessary to move this to a test_utils.ts kind of file.

[ashokaditya]

@elasticmachine merge upstream

[dasansol92]

LGTM!!🔥 🔥
Just a function naming comment but not needs to be changed now.

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 4e7dce9
• Storybooks Preview

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
lists	165	166	+1
securitySolution	2181	2182	+1
total			+2

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
lists	237	239	+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	7.0MB	7.0MB	+1.8KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
lists	210.2KB	210.7KB	+521.0B

Unknown metric groups

API count

id	before	after	diff
lists	258	260	+2

History

• 💚 Build #123171 succeeded e8e9ce5
• 💔 Build #123184 failed ab49010e404be6dc2955102a7608ec2bb29a5413
• 💚 Build #122951 succeeded d7cb47b
• 💚 Build #122932 succeeded eb8c572
• 💚 Build #122911 succeeded 2dc4fd3

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[kibanamachine]

💔 Backport failed

Status	Branch	Result
❌	7.x	Commit could not be cherrypicked due to conflicts

To backport manually run:
node scripts/backport --pr 97623