Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new subcommand to dump Agent Policies #862

Merged
merged 28 commits into from
Jun 28, 2022
Merged

Add new subcommand to dump Agent Policies #862

merged 28 commits into from
Jun 28, 2022

Conversation

mrodm
Copy link
Contributor

@mrodm mrodm commented Jun 22, 2022

Fixes #671

Add a new subcommand under dump named agent-policies that is in charge of getting and writing the required agent policies.
Example of the usage output for this new subcommand:

 $ ./elastic-package dump agent-policies -h
elastic-package has been installed.
Use this command to dump agent policies created by Fleet as part of a package installation.

Use this command as a exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing.

Usage:
  elastic-package dump agent-policies [flags]

Flags:
      --agent-policy string   name of the agent policy
  -h, --help                  help for agent-policies

Global Flags:
  -o, --output string    path to directory where exported assets will be stored (default "package-dump")
  -P, --package string   name of the package
  -v, --verbose          verbose mode

Examples of usages of this new subcommand:

  • Dump a specific agent policy:
    elastic-package dump agent-policies --agent-policy <agent_policy_id>
    
  • Dump all agent policies set in Fleet:
    elastic-package dump agent-policies
    
  • Dump the agent policies where a package:
    elastic-package dump agent-policies --package <package_name>
    

Currently, these agent policies are obtained directly from Fleet API using this endpoint: <fleet_api>/api/fleet/agent_policies

These agent policies are being stored as they are returned by the APIs without any processing. If there any secrets that must be redacted, probably it would be better to wait until this elastic/package-spec#339

@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 22, 2022

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-06-28T14:28:48.954+0000

  • Duration: 30 min 55 sec

Test stats 🧪

Test Results
Failed 0
Passed 770
Skipped 0
Total 770

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 22, 2022

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (31/31) 💚
Files 66.379% (77/116) 👍 0.008
Classes 61.963% (101/163) 👍 0.571
Methods 49.923% (326/653) 👍 0.238
Lines 33.208% (2919/8790) 👎 -0.102
Conditionals 100.0% (0/0) 💚

internal/kibana/policies.go Outdated Show resolved Hide resolved
Copy link
Member

@jsoriano jsoriano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking good, I also tried it and works well. Added some suggestions.

It'd be also good to add tests, also to be able to see what kind of documents are dumped. You can follow the same strategy used in the dump installed-objects command, where an elasticsearch client is mocked with pre-recorded responses, see

client := estest.ElasticsearchClient(s.T(), s.RecordDir)
.

cmd/dump.go Outdated
@@ -19,30 +20,43 @@ const dumpInstalledObjectsLongDescription = `Use this command to dump objects in

Use this command as a exploratory tool to dump objects as they are installed by Fleet when installing a package. Dumped objects are stored in files as they are returned by APIs of the stack, without any processing.`

const dumpAgentPoliciesLongDescription = `Use this command to dump agent policies created by Fleet as part of a package installation.

Use this command as a exploratory tool to dump agent policies as they are created by Fleet when installing a package. Dumped agent policies are stored in files as they are returned by APIs of the stack, without any processing.`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mention somewhere that if no flag is provided, all policies are dumped.

cmd/dump.go Outdated
if err != nil {
return errors.Wrap(err, "dump failed")
}
cmd.Printf("Dumped %d agent policies filtering by package name %s to %s\n", count, packageName, outputPath)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit. Log a different message if no policies are dumped. It prints now:

Dumped 0 agent policies filtering by package name apache to package-dump

internal/dump/agentpolicies.go Show resolved Hide resolved
cmd/dump.go Show resolved Hide resolved
cmd/dump.go Outdated
Comment on lines 128 to 129
dumper := dump.NewAgentPoliciesDumper(kibanaClient, &agentPolicy)
err = dumper.DumpAgentPolicy(cmd.Context(), outputPath)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit. This API is using different approaches to dump per agent policy or per package name. For agent policy the parameter is passed on the constructor, and for package name in the dump method.

I would suggest to use a consistent approach for both ways of duping policies.

For example it could be like this:

dumper := dump.NewAgentPoliciesDumper(kibanaClient)
err = dumper.DumpAgentPolicy(cmd.Context(), outputPath, dump.AgentPolicyOptions{Name: agentPolicy})
...
err = dumper.DumpAgentPolicy(cmd.Context(), outputPath, dump.AgentPolicyOptions{PackageName: packageName})

Or with explicit methods:

dumper := dump.NewAgentPoliciesDumper(kibanaClient)
err = dumper.DumpByName(cmd.Context(), outputPath, agentPolicy)
...
err = dumper.DumpByPackage(cmd.Context(), outputPath, packageName)
...
err = dumper.DumpAll(cmd.Context(), outputPath)

Or initialize the dumper for the given configuration:

dumper := dump.NewAgentPoliciesDumper(kibanaClient, agentPolicy, packageName)
err = dumper.Dump(cmd.Context())

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, there was a mix of different approaches in these calls. Updated using explicit methods.

const AgentPoliciesDumpDir = "agent_policies"

type AgentPoliciesDumper struct {
name *string
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When possible, it'd be better to use the zero value to indicate that this is not set, de-referencing pointers is always a risk of panics.

Suggested change
name *string
name string

And then you can check if this is set by checking if name != "".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll change to be a regular string.

@mrodm
Copy link
Contributor Author

mrodm commented Jun 23, 2022

This is looking good, I also tried it and works well. Added some suggestions.

It'd be also good to add tests, also to be able to see what kind of documents are dumped. You can follow the same strategy used in the dump installed-objects command, where an elasticsearch client is mocked with pre-recorded responses, see

client := estest.ElasticsearchClient(s.T(), s.RecordDir)

.

Thanks for all your comments.
Regarding testing, if there is no inconvenience, I'll add those tests in a following branch

@mrodm mrodm marked this pull request as ready for review June 23, 2022 14:59
@mrodm mrodm requested review from a team and jsoriano June 23, 2022 14:59
Copy link
Member

@jsoriano jsoriano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, added some suggestions but nothing really blocking.

internal/dump/agentpolicies.go Outdated Show resolved Hide resolved

itemsRetrieved += len(resp.Items)
currentPage += 1
items = append(items, resp.Items...)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit. To avoid having to store all policies in memory, we could pass a visitor method here, so policies can be directly processed.
The signature of the function would be something like this:

func (c *Client) ForEachRawPolicy(visitFn func(json.RawMessage) error) error {

And then here:

for _, item := range resp.Items {
    if err := visitFn(item); err != nil {
        return err
    }
}

But no need to do it now, we can make this change later if this is a problem at some point.

internal/kibana/policies.go Show resolved Hide resolved
internal/dump/agentpolicies.go Show resolved Hide resolved

dir = filepath.Join(dir, AgentPoliciesDumpDir)
for _, agentPolicy := range agentPolicies {
err := dumpInstalledObject(dir, agentPolicy)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit. Maybe we should rename dumpInstalledObject now 🙂

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've just renamed it to dumpJSONResource.
Do you think it is worthy to move it to different file in the same package dump? @jsoriano

Something like internal/dump/utils.go ? I would move that function and formatJSON

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this could be moved to some common file, maybe called json.go, as you prefer.

Copy link
Member

@jsoriano jsoriano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

internal/kibana/policies.go Show resolved Hide resolved
@jsoriano
Copy link
Member

Failure in CI is related to this change.

@mrodm mrodm force-pushed the dump_agent_policies branch from fd6f2d0 to 7e17639 Compare June 23, 2022 16:25
Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think that there is an option to cover the implementation with tests? I'm thinking about some end-to-end tests like bash scripts.
You could boot up the stack, dump default policies, and take it down.

EDIT:

I guess that you can also modify the test-stack-command and run the dump command before taking down the stack.

If no flag is provided, by default this command dumps all agent policies created by Fleet.

If --package flag is provided, this command dumps all agent policies that the given package has been assigned to it.`

func setupDumpCommand() *cobraext.Command {
dumpInstalledObjectsCmd := &cobra.Command{
Use: "installed-objects",
Short: "Dump objects installed in the stack",
Long: dumpInstalledObjectsLongDescription,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Maybe we can add more guidance to the dump description. agent-policies would be another supported feature :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I've updated the dump description as:

const dumpLongDescription = `Use this command as an exploratory tool to dump resources from Elastic Stack (objects installed as part of package and agent policies).`

Would you add anything else here?

return cobraext.FlagParsingError(err, cobraext.DumpOutputFlagName)
}

tlsSkipVerify, _ := cmd.Flags().GetBool(cobraext.TLSSkipVerifyFlagName)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

side question to @jsoriano:

With your change enforcing SSL mode, will such options (like tlsSkipVerify) work? I'm thinking about the use case when a developer wants to dump agent policies from some random Kibana, not booted with elastic-package.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this flag should continue working after the changes in #847.

@@ -72,6 +72,62 @@ func (c *Client) GetPolicy(policyID string) (*Policy, error) {
return &resp.Item, nil
}

// GetRawPolicy fetches the given Policy with all the fields in the Ingest Manager.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, now the Ingest Manager is called the Fleet :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updating comments here. I was not totally sure about whether or not they were referring to the same.
Thanks!

@mrodm
Copy link
Contributor Author

mrodm commented Jun 27, 2022

Do you think that there is an option to cover the implementation with tests? I'm thinking about some end-to-end tests like bash scripts. You could boot up the stack, dump default policies, and take it down.

EDIT:

I guess that you can also modify the test-stack-command and run the dump command before taking down the stack.

At first, I was planning to add the tests in a following branch, but I'll give it a try to add everything (code and tests) in this branch.

I will check for this testing those scripts and the test-stack-command command, and I also wanted to give it a chance to what @jsoriano mentioned in this comment

Comment on lines 83 to 97
func (c *Client) get(resourcePath string) (int, []byte, error) {
func (c *Client) Get(resourcePath string) (int, []byte, error) {
return c.sendRequest(http.MethodGet, resourcePath, nil)
}

func (c *Client) post(resourcePath string, body []byte) (int, []byte, error) {
func (c *Client) Post(resourcePath string, body []byte) (int, []byte, error) {
return c.sendRequest(http.MethodPost, resourcePath, body)
}

func (c *Client) put(resourcePath string, body []byte) (int, []byte, error) {
func (c *Client) Put(resourcePath string, body []byte) (int, []byte, error) {
return c.sendRequest(http.MethodPut, resourcePath, body)
}

func (c *Client) delete(resourcePath string) (int, []byte, error) {
func (c *Client) Delete(resourcePath string) (int, []byte, error) {
return c.sendRequest(http.MethodDelete, resourcePath, nil)
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to be used in internal/kibana/test/http_test.go I had to set get method as public. The others I've changed it to ensure consistency.

@mrodm mrodm requested review from mtojek and jsoriano June 28, 2022 08:04
@@ -0,0 +1 @@
{"items":[{"id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"Load Balancers Servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:59.587Z","updated_by":"elastic","package_policies":[{"id":"a09f2609-9e8b-4b48-998f-ce99340da027","version":"WzEzMjAsMV0=","name":"system-3","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-a09f2609-9e8b-4b48-998f-ce99340da027","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-a09f2609-9e8b-4b48-998f-ce99340da027"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-a09f2609-9e8b-4b48-998f-ce99340da027"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:33:55.519Z","created_by":"elastic","updated_at":"2022-06-27T15:33:55.519Z","updated_by":"elastic"},{"id":"46331ee9-90a9-4b1f-b568-98641e9bafc9","version":"WzEzMjIsMV0=","name":"nginx-load-balancers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"8c913da0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-46331ee9-90a9-4b1f-b568-98641e9bafc9"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-46331ee9-90a9-4b1f-b568-98641e9bafc9"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-46331ee9-90a9-4b1f-b568-98641e9bafc9","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:58.606Z","created_by":"elastic","updated_at":"2022-06-27T15:33:58.606Z","updated_by":"elastic"}],"agents":0},{"id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","name":"HTTP servers","description":"","namespace":"default","monitoring_enabled":["logs","metrics"],"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:33:05.252Z","updated_by":"elastic","package_policies":[{"id":"863e86ed-8d12-466c-a6b9-b5c3769f4f80","version":"WzkyMywxXQ==","name":"system-2","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-863e86ed-8d12-466c-a6b9-b5c3769f4f80","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-863e86ed-8d12-466c-a6b9-b5c3769f4f80"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-863e86ed-8d12-466c-a6b9-b5c3769f4f80"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:32:53.484Z","created_by":"elastic","updated_at":"2022-06-27T15:32:53.484Z","updated_by":"elastic"},{"id":"9be915b0-9b9b-45e2-adfc-37f18b64d468","version":"WzEwMjIsMV0=","name":"nginx-http-servers-test","namespace":"default","description":"","package":{"name":"nginx","title":"Nginx","version":"1.4.0"},"enabled":true,"policy_id":"67c64ba0-f62e-11ec-9a9f-c3fb2ce46e7f","output_id":"","inputs":[{"type":"logfile","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"paths":{"value":["/var/log/nginx/access.log*"],"type":"text"},"tags":{"value":["nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/access.log*"],"tags":["nginx-access"],"exclude_files":[".gz$"],"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"paths":{"value":["/var/log/nginx/error.log*"],"type":"text"},"tags":{"value":["nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"logfile-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"paths":["/var/log/nginx/error.log*"],"tags":["nginx-error"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\d{4}\\/\\d{2}\\/\\d{2} ","negate":true,"match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"httpjson","policy_template":"nginx","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.access"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:access","type":"text"},"tags":{"value":["forwarded","nginx-access"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.access-9be915b0-9b9b-45e2-adfc-37f18b64d468"},{"enabled":false,"data_stream":{"type":"logs","dataset":"nginx.error"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=nginx:plus:error","type":"text"},"tags":{"value":["forwarded","nginx-error"],"type":"text"},"preserve_original_event":{"value":false,"type":"bool"},"processors":{"type":"yaml"}},"id":"httpjson-nginx.error-9be915b0-9b9b-45e2-adfc-37f18b64d468"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}},{"type":"nginx/metrics","policy_template":"nginx","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"metrics","dataset":"nginx.stubstatus"},"vars":{"period":{"value":"10s","type":"text"},"server_status_path":{"value":"/nginx_status","type":"text"}},"id":"nginx/metrics-nginx.stubstatus-9be915b0-9b9b-45e2-adfc-37f18b64d468","compiled_stream":{"metricsets":["stubstatus"],"hosts":["http://127.0.0.1:80"],"period":"10s","server_status_path":"/nginx_status"}}],"vars":{"hosts":{"value":["http://127.0.0.1:80"],"type":"text"}}}],"revision":1,"created_at":"2022-06-27T15:33:04.248Z","created_by":"elastic","updated_at":"2022-06-27T15:33:04.248Z","updated_by":"elastic"}],"agents":0},{"id":"fleet-server-policy","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Fleet Server (elastic-package)","is_default_fleet_server":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:03.382Z","updated_by":"system","package_policies":[{"id":"default-fleet-server","version":"WzYyNCwxXQ==","name":"fleet_server-1","namespace":"default","package":{"name":"fleet_server","title":"Fleet Server","version":"1.2.0"},"enabled":true,"policy_id":"fleet-server-policy","output_id":"fleet-default-output","inputs":[{"type":"fleet-server","policy_template":"fleet_server","enabled":true,"streams":[],"vars":{"host":{"value":["0.0.0.0"],"type":"text"},"port":{"value":[8220],"type":"integer"},"max_agents":{"type":"integer"},"max_connections":{"type":"integer"},"custom":{"value":"","type":"yaml"}},"compiled_input":{"server":{"port":8220,"host":"0.0.0.0"}}}],"revision":1,"created_at":"2022-06-27T15:31:03.351Z","created_by":"system","updated_at":"2022-06-27T15:31:03.351Z","updated_by":"system"}],"agents":1},{"id":"elastic-agent-managed-ep","namespace":"default","monitoring_enabled":["logs","metrics"],"name":"Elastic-Agent (elastic-package)","is_default":true,"is_preconfigured":true,"status":"active","is_managed":false,"revision":2,"updated_at":"2022-06-27T15:31:01.360Z","updated_by":"system","package_policies":[{"id":"default-system","version":"WzYyMiwxXQ==","name":"system-1","namespace":"default","package":{"name":"system","title":"System","version":"1.16.2"},"enabled":true,"policy_id":"elastic-agent-managed-ep","output_id":"fleet-default-output","inputs":[{"type":"logfile","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.auth"},"vars":{"paths":{"value":["/var/log/auth.log*","/var/log/secure*"],"type":"text"}},"id":"logfile-system.auth-default-system","compiled_stream":{"paths":["/var/log/auth.log*","/var/log/secure*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.syslog"},"vars":{"paths":{"value":["/var/log/messages*","/var/log/syslog*"],"type":"text"}},"id":"logfile-system.syslog-default-system","compiled_stream":{"paths":["/var/log/messages*","/var/log/syslog*"],"exclude_files":[".gz$"],"multiline":{"pattern":"^\\s","match":"after"},"processors":[{"add_locale":null}]}}]},{"type":"winlog","policy_template":"system","enabled":true,"streams":[{"enabled":true,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.application-default-system","compiled_stream":{"name":"Application","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.security-default-system","compiled_stream":{"name":"Security","condition":"${host.platform} == 'windows'","ignore_older":"72h"}},{"enabled":true,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"preserve_original_event":{"value":false,"type":"bool"},"event_id":{"type":"text"},"ignore_older":{"value":"72h","type":"text"},"language":{"value":0,"type":"text"},"tags":{"value":[],"type":"text"},"processors":{"type":"yaml"}},"id":"winlog-system.system-default-system","compiled_stream":{"name":"System","condition":"${host.platform} == 'windows'","ignore_older":"72h"}}]},{"type":"system/metrics","policy_template":"system","enabled":true,"streams":[{"enabled":false,"data_stream":{"type":"metrics","dataset":"system.core"},"vars":{"period":{"value":"10s","type":"text"},"core.metrics":{"value":["percentages"],"type":"text"}},"id":"system/metrics-system.core-default-system"},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.cpu"},"vars":{"period":{"value":"10s","type":"text"},"cpu.metrics":{"value":["percentages","normalized_percentages"],"type":"text"}},"id":"system/metrics-system.cpu-default-system","compiled_stream":{"metricsets":["cpu"],"cpu.metrics":["percentages","normalized_percentages"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.diskio"},"vars":{"period":{"value":"10s","type":"text"},"diskio.include_devices":{"value":[],"type":"text"}},"id":"system/metrics-system.diskio-default-system","compiled_stream":{"metricsets":["diskio"],"diskio.include_devices":null,"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.filesystem"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"},"filesystem.ignore_types":{"value":[],"type":"text"}},"id":"system/metrics-system.filesystem-default-system","compiled_stream":{"metricsets":["filesystem"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.filesystem.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.fsstat"},"vars":{"period":{"value":"1m","type":"text"},"processors":{"value":"- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n","type":"yaml"}},"id":"system/metrics-system.fsstat-default-system","compiled_stream":{"metricsets":["fsstat"],"period":"1m","processors":[{"drop_event.when.regexp":{"system.fsstat.mount_point":"^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)"}}]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.load"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.load-default-system","compiled_stream":{"metricsets":["load"],"condition":"${host.platform} != 'windows'","period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.memory"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.memory-default-system","compiled_stream":{"metricsets":["memory"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.network"},"vars":{"period":{"value":"10s","type":"text"},"network.interfaces":{"value":[],"type":"text"}},"id":"system/metrics-system.network-default-system","compiled_stream":{"metricsets":["network"],"period":"10s","network.interfaces":null}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process"},"vars":{"period":{"value":"10s","type":"text"},"process.include_top_n.by_cpu":{"value":5,"type":"integer"},"process.include_top_n.by_memory":{"value":5,"type":"integer"},"process.cmdline.cache.enabled":{"value":true,"type":"bool"},"process.cgroups.enabled":{"value":false,"type":"bool"},"process.env.whitelist":{"value":[],"type":"text"},"process.include_cpu_ticks":{"value":false,"type":"bool"},"processes":{"value":[".*"],"type":"text"}},"id":"system/metrics-system.process-default-system","compiled_stream":{"metricsets":["process"],"period":"10s","process.include_top_n.by_cpu":5,"process.include_top_n.by_memory":5,"process.cmdline.cache.enabled":true,"process.cgroups.enabled":false,"process.include_cpu_ticks":false,"processes":[".*"]}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.process.summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.process.summary-default-system","compiled_stream":{"metricsets":["process_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.socket_summary"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.socket_summary-default-system","compiled_stream":{"metricsets":["socket_summary"],"period":"10s"}},{"enabled":true,"data_stream":{"type":"metrics","dataset":"system.uptime"},"vars":{"period":{"value":"10s","type":"text"}},"id":"system/metrics-system.uptime-default-system","compiled_stream":{"metricsets":["uptime"],"period":"10s"}}],"vars":{"system.hostfs":{"type":"text"}}},{"type":"httpjson","policy_template":"system","enabled":false,"streams":[{"enabled":false,"data_stream":{"type":"logs","dataset":"system.application"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Application\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.application-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.security"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:Security\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.security-default-system"},{"enabled":false,"data_stream":{"type":"logs","dataset":"system.system"},"vars":{"interval":{"value":"10s","type":"text"},"search":{"value":"search sourcetype=\"XmlWinEventLog:System\"","type":"text"},"tags":{"value":["forwarded"],"type":"text"}},"id":"httpjson-system.system-default-system"}],"vars":{"url":{"value":"https://server.example.com:8089","type":"text"},"username":{"type":"text"},"password":{"type":"password"},"token":{"type":"password"},"preserve_original_event":{"value":false,"type":"bool"},"ssl":{"value":"#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n","type":"yaml"}}}],"revision":1,"created_at":"2022-06-27T15:31:00.403Z","created_by":"system","updated_at":"2022-06-27T15:31:00.403Z","updated_by":"system"}],"agents":1}],"total":4,"page":1,"perPage":20}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: is such filename safe on Windows :)? Seriously, I don't know...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ouch... According to this doc the question mark is not a valid char in filenames on Windows. I will add that char to be replaced by ".". I don't think there will be no issue to replace both "&" and "?" chars by "." because they are used just in the query params.

@@ -41,7 +41,7 @@ func (a *Agent) String() string {

// ListAgents returns the list of agents enrolled with Fleet.
func (c *Client) ListAgents() ([]Agent, error) {
statusCode, respBody, err := c.get(fmt.Sprintf("%s/agents", FleetAPI))
statusCode, respBody, err := c.Get(fmt.Sprintf("%s/agents", FleetAPI))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that you had to modify methods in many places. If this is only because the test is in a different package, I would rather keep it in the same one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll check this option. I prefer to keep those methods as private if possible.

func pathForURL(url string) string {
clean := strings.Trim(url, "/")
if len(clean) == 0 {
return "root.jsn"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: root.json?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, it must be json
Thanks!

@@ -23,14 +23,14 @@ type Policy struct {
Revision int `json:"revision,omitempty"`
}

// CreatePolicy persists the given Policy in the Ingest Manager.
// CreatePolicy persists the given Policy in Fleet.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

if err := os.MkdirAll(dir, 0755); err != nil {
return fmt.Errorf("failed to create dump directory: %w", err)
}
formatted, err := formatJSON(object.JSON())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is formatter package in elastic-package, maybe you can use it here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, ok! Better reuse the formatter package.
I'll use it and update all the dumped files.
Thanks!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to this #862 (comment) , I'll keep using this method (formatJSON) to write the files.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, please do :)

mrodm added 3 commits June 28, 2022 12:33
Move test client into the same kibana package to allow use private
methods of the package.
"set": {
"field": "event.outcome",
"value": "success",
"if": "ctx?.http?.response?.status_code != null \u0026\u0026 ctx.http.response.status_code \u003c 400"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take into account that the JSONformatter is replacing invalid HTML characters with the UTF-8 encoding, this is done by default for HTML purpouses, but not really needed here. Previous formatter was just indenting the files for readability, without Marshalling and Unmarshalling them.

In any case I guess it doesn't mind here if we are comparing documents formatted in the same way.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would keep it as is for consistency reasons - the same formatter used everywhere, unless HTML entities are considered to be a bug in this case.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, thinking a second time about this, this is not only used for testing. We have to take into account that these are dumps from Elasticsearch/Kibana, we are modifying them here, what could be unexpected, a user dumping these objects with elastic-package is going to see something different to what is seen in Kibana or using the APIs.

Also, if we modify them, we should also check that they continue being valid and generate the same result if imported back in Elasticsearch/Kibana.

Thinking about this, and the purpouse of the dump command I would suggest to go back to the previous formatting.

Copy link
Contributor Author

@mrodm mrodm Jun 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I see now the reason there was an explicit formatJSON method previously.
As you mentioned, it should be equivalent. However, as these dump commands are intended to be used as an exploratory tool for users, I think it would be better to just revert this change/commit and use the previous one, so these files can be inspected/debugged easier.
I'll revert this change

@mrodm mrodm merged commit 91ac719 into main Jun 28, 2022
@mrodm mrodm deleted the dump_agent_policies branch June 28, 2022 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Dump policy using elastic-agent
4 participants