Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

System tests fail in packages using policy_templates #899

Closed
vinit-chauhan opened this issue Jul 20, 2022 · 4 comments · Fixed by #904
Closed

System tests fail in packages using policy_templates #899

vinit-chauhan opened this issue Jul 20, 2022 · 4 comments · Fixed by #904
Assignees
@andrewkroh
Labels
bug Something isn't working Team:Ecosystem Label for the Packages Ecosystem team

Comments

@vinit-chauhan
Copy link

While running the system tests for AWS we saw abnormal behavior. Before adding securityhub_findings and securityhub_insights data streams in the AWS package system tests are getting passed(only ec2_metrics and redshift data streams have system tests).

When the system tests are added for securityhub data stream it gives us an error in the previously passing tests. Below mentioned are the two scenarios that we observed in the AWS package.

1st Scenario

When the policy template of securityhub is kept first in the manifest file, the system test fails. It gives the error "Input template not found, unable to find input type aws/metrics" (ec2_metrics data-stream). In ec2_metrics is terraform.
And in this scenario, if we run a system test for securityhub_findings and securityhub_insights data streams only ( elastic-package test system -d securityhub_findings,securityhub_insights ) it is passing.

image

2nd Scenario

When the policy template of securityhub is kept at the last level in the manifest file, the system test fails. It gives the error "input template not found, unable to find input type httpjson" (securityhub data-streams). In securityhub is docker.

image
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@darshan-elastic darshan-elastic mentioned this issue Jul 20, 2022
Merged
4 tasks
@andrewkroh andrewkroh transferred this issue from elastic/integrations Jul 20, 2022
@jlind23 jlind23 added the Team:Ecosystem Label for the Packages Ecosystem team label Jul 20, 2022
@andrewkroh
Copy link
Member

andrewkroh commented Jul 20, 2022
edited
Loading

I observed the same error while system testing crowdstrike after adding policy_templates to the package manifest. The CI output can be found from elastic/integrations#2806.

Error: error running package system tests: could not complete test run: could not add data stream config to policy: could not add package to policy; API status code = 500; response body = {"statusCode":500,"error":"Internal Server Error","message":"Input template not found, unable to find input type logfile"}

The code executing the request is at here:

elastic-package/internal/testrunner/runners/system/runner.go

Lines 354 to 358 in dd908a8

logger.Debug("adding package data stream to test policy...")
ds := createPackageDatastream(*policy, *pkgManifest, *dataStreamManifest, *config)
if err := kib.AddPackageDataStreamToPolicy(ds); err != nil {
return result.WithError(errors.Wrap(err, "could not add data stream config to policy"))
}

My suspicion (and WAG) is that the system test is not passing some additional parameter associated to the policy_template when making the POST /api/fleet/package_policies request.

@andrewkroh
Copy link
Member

I intercepted a request from Kibana when working with aws that uses policy_templates and it is sending inputs[].policy_template name in the request, but the struct elastic-package uses is missing a policy_template.

elastic-package/internal/kibana/policies.go

Lines 173 to 179 in 91ac719

// Input represents a package-level input.
type Input struct {
Type string `json:"type"`
Enabled bool `json:"enabled"`
Streams []Stream `json:"streams"`
Vars Vars `json:"vars"`
}

I would also note that the openapi definition appears to be missing the policy_template field as well.

Raw request from Kibana UI to server:

POST kbn:/api/fleet/package_policies

{"name":"aws-1","description":"","namespace":"default","policy_id":"abed2170-086f-11ed-aeeb-17b3244486d6","enabled":true,"output_id":"","inputs":[{"type":"aws/metrics","policy_template":"billing","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.billing"},"vars":{"period":{"value":"12h","type":"text"},"latency":{"type":"text"},"cost_explorer_config.group_by_dimension_keys":{"value":["AZ","INSTANCE_TYPE","SERVICE","LINKED_ACCOUNT"],"type":"text"},"cost_explorer_config.group_by_tag_keys":{"value":["aws:createdBy"],"type":"text"}}}]},{"type":"aws-s3","policy_template":"cloudtrail","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.cloudtrail"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text","value":"https://aws.example.com"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-cloudtrail"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"type":"bool","value":true},"cloudtrail_regex":{"value":"/CloudTrail/","type":"text"},"cloudtrail_digest_regex":{"value":"/CloudTrail-Digest/","type":"text"},"cloudtrail_insight_regex":{"value":"/CloudTrail-Insight/","type":"text"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws-cloudwatch","policy_template":"cloudtrail","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.cloudtrail"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"region_name":{"type":"text"},"log_streams":{"value":[],"type":"text"},"log_streams_prefix":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeput":{"value":"120s","type":"text"},"api_sleep":{"value":"200ms","type":"text"},"tags":{"value":["forwarded","aws-cloudtrail"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"httpjson","policy_template":"cloudtrail","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.cloudtrail"},"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n#  - |\n#    -----BEGIN CERTIFICATE-----\n#    MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n#    ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n#    MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n#    BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n#    fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n#    94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n#    /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n#    PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n#    CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n#    BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n#    8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n#    874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n#    3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n#    H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n#    8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n#    yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n#    sxSmbIUfc2SGJGCJD4I=\n#    -----END CERTIFICATE-----\n","type":"yaml"},"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=aws:cloudtrail","type":"text"},"tags":{"value":["forwarded","aws-cloudtrail"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"aws-s3","policy_template":"cloudwatch","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.cloudwatch_logs"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-cloudwatch-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws-cloudwatch","policy_template":"cloudwatch","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.cloudwatch_logs"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"region_name":{"type":"text"},"log_streams":{"value":[],"type":"text"},"log_streams_prefix":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeput":{"value":"120s","type":"text"},"api_sleep":{"value":"200ms","type":"text"},"tags":{"value":["forwarded","aws-cloudwatch-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"data_stream.dataset":{"value":"generic","type":"text"}}}]},{"type":"aws/metrics","policy_template":"cloudwatch","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"aws.cloudwatch_metrics"},"vars":{"period":{"value":"300s","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"metrics":{"value":"- namespace: AWS/EC2\n  resource_type: ec2:instance\n  name:\n    - CPUUtilization\n    - DiskWriteOps\n  statistic:\n    - Average\n    - Maximum\n  # dimensions:\n   # - name: InstanceId\n      # value: i-123456\n  # tags:\n    # - key: created-by\n      # value: foo\n","type":"yaml"}}}]},{"type":"aws/metrics","policy_template":"dynamodb","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.dynamodb"},"vars":{"period":{"value":"5m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws/metrics","policy_template":"ebs","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.ebs"},"vars":{"period":{"value":"5m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws-s3","policy_template":"ec2","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.ec2_logs"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-ec2-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws-cloudwatch","policy_template":"ec2","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.ec2_logs"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"region_name":{"type":"text"},"log_streams":{"value":[],"type":"text"},"log_streams_prefix":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeput":{"value":"120s","type":"text"},"api_sleep":{"value":"200ms","type":"text"},"tags":{"value":["forwarded","aws-ec2-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"aws/metrics","policy_template":"ec2","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.ec2_metrics"},"vars":{"period":{"value":"5m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws-s3","policy_template":"elb","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.elb_logs"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-elb-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws-cloudwatch","policy_template":"elb","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.elb_logs"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"region_name":{"type":"text"},"log_streams":{"value":[],"type":"text"},"log_streams_prefix":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeput":{"value":"120s","type":"text"},"api_sleep":{"value":"200ms","type":"text"},"tags":{"value":["forwarded","aws-elb-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"aws/metrics","policy_template":"elb","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.elb_metrics"},"vars":{"period":{"value":"1m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws/metrics","policy_template":"lambda","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.lambda"},"vars":{"period":{"value":"5m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws/metrics","policy_template":"natgateway","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.natgateway"},"vars":{"period":{"value":"1m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"}}}]},{"type":"aws-s3","policy_template":"firewall","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.firewall_logs"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-firewall-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws-cloudwatch","policy_template":"firewall","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.firewall_logs"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"region_name":{"type":"text"},"log_streams":{"value":[],"type":"text"},"log_streams_prefix":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeput":{"value":"120s","type":"text"},"api_sleep":{"value":"200ms","type":"text"},"tags":{"value":["forwarded","aws-firewall-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"aws/metrics","policy_template":"firewall","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.firewall_metrics"},"vars":{"period":{"value":"60s","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"metrics":{"value":"- namespace: AWS/NetworkFirewall\n  name:\n    - DroppedPackets\n    - PassedPackets\n    - ReceivedPackets\n    - Packets\n  statistic:\n    - Sum\n  # dimensions:\n   # - name: FirewallName\n      # value: SampleFirewall\n  # tags:\n    # - key: created-by\n      # value: sample\n","type":"yaml"}}}]},{"type":"aws/metrics","policy_template":"rds","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.rds"},"vars":{"period":{"value":"1m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws-s3","policy_template":"s3","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.s3access"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-s3access"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws/metrics","policy_template":"s3","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.s3_daily_storage"},"vars":{"period":{"value":"24h","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"}}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.s3_request"},"vars":{"period":{"value":"1m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"}}}]},{"type":"aws/metrics","policy_template":"s3_storage_lens","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.s3_storage_lens"},"vars":{"period":{"value":"24h","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"}}}]},{"type":"aws/metrics","policy_template":"sns","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.sns"},"vars":{"period":{"value":"5m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws/metrics","policy_template":"sqs","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.sqs"},"vars":{"period":{"value":"5m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"}}}]},{"type":"aws/metrics","policy_template":"transitgateway","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.transitgateway"},"vars":{"period":{"value":"1m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"}}}]},{"type":"aws/metrics","policy_template":"usage","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.usage"},"vars":{"period":{"value":"1m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"}}}]},{"type":"aws-s3","policy_template":"vpcflow","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.vpcflow"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-vpcflow"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws-cloudwatch","policy_template":"vpcflow","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.vpcflow"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"region_name":{"type":"text"},"log_streams":{"value":[],"type":"text"},"log_streams_prefix":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeput":{"value":"120s","type":"text"},"api_sleep":{"value":"200ms","type":"text"},"tags":{"value":["forwarded","aws-vpcflow"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"aws/metrics","policy_template":"vpn","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"aws.vpn"},"vars":{"period":{"value":"1m","type":"text"},"regions":{"value":[],"type":"text"},"latency":{"type":"text"},"tags_filter":{"value":"# - key: \"created-by\"\n  # value: \"foo\"\n","type":"yaml"}}}]},{"type":"aws-s3","policy_template":"waf","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.waf"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-waf"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]},{"type":"aws-cloudwatch","policy_template":"waf","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"aws.waf"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"region_name":{"type":"text"},"log_streams":{"value":[],"type":"text"},"log_streams_prefix":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeput":{"value":"120s","type":"text"},"api_sleep":{"value":"200ms","type":"text"},"tags":{"value":["forwarded","aws-waf"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"aws-cloudwatch","policy_template":"route53","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.route53_public_logs"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"log_streams":{"type":"text"},"log_stream_prefix":{"type":"text"},"region_name":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeout":{"type":"text"},"api_sleep":{"type":"text"},"tags":{"value":["forwarded","aws-route53_public-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}},{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.route53_resolver_logs"},"vars":{"log_group_arn":{"type":"text"},"log_group_name":{"type":"text"},"log_group_name_prefix":{"type":"text"},"log_streams":{"type":"text"},"log_stream_prefix":{"type":"text"},"region_name":{"type":"text"},"start_position":{"value":"beginning","type":"text"},"scan_frequency":{"value":"1m","type":"text"},"api_timeout":{"type":"text"},"api_sleep":{"type":"text"},"tags":{"value":["forwarded","aws-route53_resolver-logs"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"}}}]},{"type":"aws-s3","policy_template":"cloudfront","enabled":false,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"aws.cloudfront_logs"},"vars":{"visibility_timeout":{"type":"text"},"api_timeout":{"type":"text"},"queue_url":{"type":"text"},"fips_enabled":{"value":false,"type":"bool"},"tags":{"value":["forwarded","aws-cloudfront"],"type":"text"},"processors":{"type":"yaml"},"preserve_original_event":{"value":false,"type":"bool"},"max_number_of_messages":{"value":5,"type":"integer"}}}]}],"package":{"name":"aws","title":"AWS","version":"1.14.0"},"vars":{"shared_credential_file":{"type":"text"},"credential_profile_name":{"type":"text"},"access_key_id":{"type":"text","value":"foo"},"secret_access_key":{"type":"text","value":"bar"},"session_token":{"type":"text"},"role_arn":{"type":"text"},"endpoint":{"value":"amazonaws.com","type":"text"},"proxy_url":{"type":"text"}}}

@andrewkroh andrewkroh changed the title System test is throwing error of "index template not found", when securityhub data-streams are added in AWS Package System tests fail in packages using policy_templates Jul 20, 2022
@andrewkroh
Copy link
Member

Adding some research on Kibana API behavior.

If policy_template is not specified then the first policy_template in the package manifest is used.

https://github.com/elastic/kibana/blob/184f8070aa142c67f243750e00db0c18eeca6961/x-pack/plugins/fleet/server/services/package_policy.ts#L1024-L1028

andrewkroh added a commit to andrewkroh/elastic-package that referenced this issue Jul 21, 2022
@andrewkroh
Pass policy_template name to Kibana for system tests
04cca09 
When calling `POST /api/fleet/package_policies` for packages that
containing multiple policy_templates, the name of the policy_template
associated to the input under test should be specified.

If the policy_template is not specified then Kibana will default to
the first policy_template which may not contain the input or may
not contain the expected package level variables for the test.

This affected testing packages like AWS.

The error that this fixes is:

    Error: error running package system tests: could not complete test run:
    could not add data stream config to policy: could not add package to policy;
    API status code = 500; response body = {"statusCode":500,
    "error":"Internal Server Error","message":"Input template not found, unable
    to find input type logfile"}

Fixes elastic#899
@andrewkroh andrewkroh mentioned this issue Jul 21, 2022
Merged
andrewkroh added a commit to andrewkroh/elastic-package that referenced this issue Jul 21, 2022
@andrewkroh
Pass policy_template name to Kibana for system tests
ed264b7 
When calling `POST /api/fleet/package_policies` for packages that
containing multiple policy_templates, the name of the policy_template
associated to the input under test should be specified.

If the policy_template is not specified then Kibana will default to
the first policy_template which may not contain the input or may
not contain the expected package level variables for the test.

This affected testing packages like AWS.

The error that this fixes is:

    Error: error running package system tests: could not complete test run:
    could not add data stream config to policy: could not add package to policy;
    API status code = 500; response body = {"statusCode":500,
    "error":"Internal Server Error","message":"Input template not found, unable
    to find input type logfile"}

Fixes elastic#899
andrewkroh added a commit to andrewkroh/elastic-package that referenced this issue Jul 21, 2022
@andrewkroh
Pass policy_template name to Kibana for system tests
61e6e5c 
When calling `POST /api/fleet/package_policies` for packages that
containing multiple policy_templates, the name of the policy_template
associated to the input under test should be specified.

If the policy_template is not specified then Kibana will default to
the first policy_template which may not contain the input or may
not contain the expected package level variables for the test.

This affected testing packages like AWS.

The error that this fixes is:

    Error: error running package system tests: could not complete test run:
    could not add data stream config to policy: could not add package to policy;
    API status code = 500; response body = {"statusCode":500,
    "error":"Internal Server Error","message":"Input template not found, unable
    to find input type logfile"}

Fixes elastic#899
andrewkroh added a commit to andrewkroh/elastic-package that referenced this issue Aug 24, 2022
@andrewkroh
Pass policy_template name to Kibana for system tests
bdfe548 
When calling `POST /api/fleet/package_policies` for packages that
containing multiple policy_templates, the name of the policy_template
associated to the input under test should be specified.

If the policy_template is not specified then Kibana will default to
the first policy_template which may not contain the input or may
not contain the expected package level variables for the test.

This affected testing packages like AWS.

The error that this fixes is:

    Error: error running package system tests: could not complete test run:
    could not add data stream config to policy: could not add package to policy;
    API status code = 500; response body = {"statusCode":500,
    "error":"Internal Server Error","message":"Input template not found, unable
    to find input type logfile"}

Fixes elastic#899
jsoriano pushed a commit that referenced this issue Oct 4, 2022
@andrewkroh
Pass policy_template name to Kibana for system tests (#904)
5eabab2 
When calling `POST /api/fleet/package_policies` for packages that
containing multiple policy_templates, the name of the policy_template
associated to the input under test should be specified.

If the policy_template is not specified then Kibana will default to
the first policy_template which may not contain the input or may
not contain the expected package level variables for the test.

This affected testing packages like AWS.

The error that this fixes is:

    Error: error running package system tests: could not complete test run:
    could not add data stream config to policy: could not add package to policy;
    API status code = 500; response body = {"statusCode":500,
    "error":"Internal Server Error","message":"Input template not found, unable
    to find input type logfile"}

Fixes #899
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewkroh andrewkroh

Labels
bug Something isn't working Team:Ecosystem Label for the Packages Ecosystem team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Pass policy_template name to Kibana for system tests andrewkroh/elastic-package
4 participants
@andrewkroh @elasticmachine @jlind23 @vinit-chauhan