elastic · lykkin · Feb 8, 2022 · Feb 8, 2022 · Feb 8, 2022 · Feb 8, 2022
@@ -43,11 +43,12 @@ import (
 )
 
 const (
-	requestRetrySleepEnv     = "KIBANA_REQUEST_RETRY_SLEEP"
-	maxRequestRetriesEnv     = "KIBANA_REQUEST_RETRY_COUNT"
-	defaultRequestRetrySleep = "1s"                             // sleep 1 sec between retries for HTTP requests
-	defaultMaxRequestRetries = "30"                             // maximum number of retries for HTTP requests
-	defaultStateDirectory    = "/usr/share/elastic-agent/state" // directory that will hold the state data
+	requestRetrySleepEnv          = "KIBANA_REQUEST_RETRY_SLEEP"
+	maxRequestRetriesEnv          = "KIBANA_REQUEST_RETRY_COUNT"
+	defaultRequestRetrySleep      = "1s"                             // sleep 1 sec between retries for HTTP requests
+	defaultMaxRequestRetries      = "30"                             // maximum number of retries for HTTP requests
+	defaultStateDirectory         = "/usr/share/elastic-agent/state" // directory that will hold the state data
+	defaultFleetPackagePolicyName = "default-fleet-server-agent-policy"
 )
 
 var (
@@ -498,7 +499,32 @@ func kibanaFetchPolicy(cfg setupConfig, client *kibana.Client, streams *cli.IOSt
 	if err != nil {
 		return nil, err
 	}
-	return findPolicy(cfg, policies.Items)
+	packagePolicies, err := kibanaFetchPackagePolicies(cfg, client, streams)
+	if err != nil {
+		return nil, err
+	}
+	return findPolicy(cfg, policies.Items, packagePolicies)
+}
+
+func kibanaFetchPackagePolicies(cfg setupConfig, client *kibana.Client, streams *cli.IOStreams) (*packagePolicyResponse, error) {
+	var packagePolicies kibanaPackagePolicies
+	err := performGET(cfg, client, "/api/fleet/package_policies", &packagePolicies, streams.Err, "Kibana fetch package policies")
+	if err != nil {
+		return nil, err
+	}
+	return separatePackagePolicies(&packagePolicies), nil
+}
+
+func separatePackagePolicies(packagePolicies *kibanaPackagePolicies) *packagePolicyResponse {
+	result := packagePolicyResponse{}
+	for _, packagePolicy := range packagePolicies.Items {
+		if packagePolicy.Package.Name == "fleet_server" {
+			result.Fleet[packagePolicy.PolicyID] = struct{}{}
+		} else {
+			result.NonFleet[packagePolicy.PolicyID] = struct{}{}
+		}
+	}
+	return &result
 }
 
 func kibanaFetchToken(cfg setupConfig, client *kibana.Client, policy *kibanaPolicy, streams *cli.IOStreams, tokenName string) (string, error) {
@@ -541,7 +567,7 @@ func kibanaClient(cfg kibanaConfig, headers map[string]string) (*kibana.Client,
 	}, 0, "Elastic-Agent")
 }
 
-func findPolicy(cfg setupConfig, policies []kibanaPolicy) (*kibanaPolicy, error) {
+func findPolicy(cfg setupConfig, policies []kibanaPolicy, packagePolicies *packagePolicyResponse) (*kibanaPolicy, error) {
 	policyID := ""
 	policyName := cfg.Fleet.TokenPolicyName
 	if cfg.FleetServer.Enable {
@@ -557,11 +583,11 @@ func findPolicy(cfg setupConfig, policies []kibanaPolicy) (*kibanaPolicy, error)
 				return &policy, nil
 			}
 		} else if cfg.FleetServer.Enable {
-			if policy.IsDefaultFleetServer {
+			if _, ok := packagePolicies.Fleet[policy.ID]; ok {
 				return &policy, nil
 			}
 		} else {
-			if policy.IsDefault {
+			if _, ok := packagePolicies.NonFleet[policy.ID]; ok {
 				return &policy, nil
 			}
 		}
@@ -898,12 +924,30 @@ func copyFile(destPath string, srcPath string, mode os.FileMode) error {
 	return err
 }
 
+type kibanaPackage struct {
+	Name string `json:"name"`
+}
+
+type packagePolicyResponse struct {
+	Fleet    map[string]struct{}
+	NonFleet map[string]struct{}
+}
+
+type kibanaPackagePolicy struct {
+	ID       string        `json:"id"`
+	PolicyID string        `json:"policy_id"`
+	Package  kibanaPackage `json:"package"`
+}
+
+type kibanaPackagePolicies struct {
+	Items []kibanaPackagePolicy `json:"items"`
+}
+
 type kibanaPolicy struct {
-	ID                   string `json:"id"`
-	Name                 string `json:"name"`
-	Status               string `json:"status"`
-	IsDefault            bool   `json:"is_default"`
-	IsDefaultFleetServer bool   `json:"is_default_fleet_server"`
+	ID              string   `json:"id"`
+	Name            string   `json:"name"`
+	Status          string   `json:"status"`
+	PackagePolicies []string `json:"package_policies"`
 }
 
 type kibanaPolicies struct {

@@ -0,0 +1,181 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package cmd
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+var (
+	defaultFleetPolicy = kibanaPolicy{
+		ID:     "499b5aa7-d214-5b5d-838b-3cd76469844e",
+		Name:   "Default Fleet Server policy",
+		Status: "active",
+		PackagePolicies: []string{
+			"default-fleet-server-agent-policy",
+		},
+	}
+	defaultAgentPolicy = kibanaPolicy{
+		ID:     "2016d7cc-135e-5583-9758-3ba01f5a06e5",
+		Name:   "Default policy",
+		Status: "active",
+		PackagePolicies: []string{
+			"default-system-policy",
+		},
+	}
+	nondefaultAgentPolicy = kibanaPolicy{
+		ID:     "bc634ea6-8460-4925-babd-7540c3e7df24",
+		Name:   "Another free policy",
+		Status: "active",
+		PackagePolicies: []string{
+			"3668df9e-f2a3-4b65-9e6c-58ed352f2b63",
+		},
+	}
+
+	nondefaultFleetPolicy = kibanaPolicy{
+		ID:     "7b0093d2-7eab-4862-86c8-63b3dd1db001",
+		Name:   "Some kinda dependent policy",
+		Status: "active",
+		PackagePolicies: []string{
+			"63e2f84f-ab11-439c-93fa-531ff5b53e20",
+		},
+	}
+)
+
+var policies kibanaPolicies = kibanaPolicies{
+	Items: []kibanaPolicy{
+		defaultFleetPolicy,
+		defaultAgentPolicy,
+		nondefaultAgentPolicy,
+		nondefaultFleetPolicy,
+	},
+}
+
+var PackagePolicies = packagePolicyResponse{
+	Fleet: map[string]struct{}{
+		"7b0093d2-7eab-4862-86c8-63b3dd1db001": {},
+		"499b5aa7-d214-5b5d-838b-3cd76469844e": {},
+	},
+	NonFleet: map[string]struct{}{
+		"bc634ea6-8460-4925-babd-7540c3e7df24": {},
+		"2016d7cc-135e-5583-9758-3ba01f5a06e5": {},
+	},
+}
+
+func TestFindPolicyById(t *testing.T) {
+	cfg := setupConfig{
+		FleetServer: fleetServerConfig{
+			Enable:   true,
+			PolicyID: "7b0093d2-7eab-4862-86c8-63b3dd1db001",
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &PackagePolicies)
+	require.NoError(t, err)
+	require.Equal(t, &nondefaultFleetPolicy, policy)
+}
+
+func TestFindPolicyByName(t *testing.T) {
+	cfg := setupConfig{
+		Fleet: fleetConfig{
+			TokenPolicyName: "Default policy",
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &PackagePolicies)
+	require.NoError(t, err)
+	require.Equal(t, &defaultAgentPolicy, policy)
+}
+
+func TestFindPolicyByIdOverName(t *testing.T) {
+	cfg := setupConfig{
+		Fleet: fleetConfig{
+			TokenPolicyName: "Default policy",
+		},
+		FleetServer: fleetServerConfig{
+			Enable:   true,
+			PolicyID: "7b0093d2-7eab-4862-86c8-63b3dd1db001",
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &PackagePolicies)
+	require.NoError(t, err)
+	require.Equal(t, &nondefaultFleetPolicy, policy)
+}
+
+func TestFindPolicyByIdMiss(t *testing.T) {
+	cfg := setupConfig{
+		FleetServer: fleetServerConfig{
+			Enable:   true,
+			PolicyID: "invalid id",
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &PackagePolicies)
+	require.Error(t, err)
+	require.Nil(t, policy)
+}
+
+func TestFindPolicyByNameMiss(t *testing.T) {
+	cfg := setupConfig{
+		Fleet: fleetConfig{
+			TokenPolicyName: "invalid name",
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &PackagePolicies)
+	require.Error(t, err)
+	require.Nil(t, policy)
+}
+
+func TestFindPolicyDefaultFleet(t *testing.T) {
+	cfg := setupConfig{
+		FleetServer: fleetServerConfig{
+			Enable: true,
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &PackagePolicies)
+	require.NoError(t, err)
+	require.Equal(t, &defaultFleetPolicy, policy)
+}
+
+func TestFindPolicyDefaultNonFleet(t *testing.T) {
+	cfg := setupConfig{
+		FleetServer: fleetServerConfig{
+			Enable: false,
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &PackagePolicies)
+	require.NoError(t, err)
+	require.Equal(t, &defaultAgentPolicy, policy)
+}
+
+func TestFindPolicyNoMatchNonFleet(t *testing.T) {
+	cfg := setupConfig{
+		FleetServer: fleetServerConfig{
+			Enable: false,
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &packagePolicyResponse{Fleet: PackagePolicies.Fleet})
+	require.Error(t, err)
+	require.Nil(t, policy)
+}
+
+func TestFindPolicyNoMatchFleet(t *testing.T) {
+	cfg := setupConfig{
+		FleetServer: fleetServerConfig{
+			Enable: true,
+		},
+	}
+
+	policy, err := findPolicy(cfg, policies.Items, &packagePolicyResponse{NonFleet: PackagePolicies.NonFleet})
+	require.Error(t, err)
+	require.Nil(t, policy)
+}