Skip to content

Commit

Permalink
[EDR Workflows] Add support to multiple agent id's in a policy for Os…
Browse files Browse the repository at this point in the history
…query (#193987)
  • Loading branch information
tomsonpl authored Sep 26, 2024
1 parent 93414a6 commit 2667db1
Show file tree
Hide file tree
Showing 4 changed files with 28 additions and 27 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ export const useOsqueryPolicies = () => {
return useQuery(
['osqueryPolicies'],
() =>
http.get<{ items: Array<{ policy_id: string; policy_ids: string[] }> }>(
http.get<{ items: Array<{ policy_ids: string[] }> }>(
'/internal/osquery/fleet_wrapper/package_policies',
{ version: API_VERSIONS.internal.v1 }
),
Expand Down
21 changes: 11 additions & 10 deletions x-pack/plugins/osquery/server/lib/fleet_integration.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,16 @@ export const getPackagePolicyDeleteCallback =
]);
await Promise.all(
map(deletedOsqueryManagerPolicies, async (deletedOsqueryManagerPolicy) => {
if (deletedOsqueryManagerPolicy.policy_id) {
const policyIds = deletedOsqueryManagerPolicy.policy_ids?.length
? deletedOsqueryManagerPolicy.policy_ids
: ([deletedOsqueryManagerPolicy.policy_id] as string[]);
if (policyIds[0] !== undefined) {
const foundPacks = await packsClient.find({
type: packSavedObjectType,
hasReference: {
hasReference: policyIds.map((policyId: string) => ({
type: LEGACY_AGENT_POLICY_SAVED_OBJECT_TYPE,
id: deletedOsqueryManagerPolicy.policy_id,
},
id: policyId,
})),
perPage: 1000,
});

Expand All @@ -43,15 +46,13 @@ export const getPackagePolicyDeleteCallback =
packSavedObjectType,
pack.id,
{
shards: filter(
pack.attributes.shards,
(shard) => shard.key !== deletedOsqueryManagerPolicy.policy_id
shards: filter(pack.attributes.shards, (shard) =>
policyIds.includes(shard.key)
),
},
{
references: filter(
pack.references,
(reference) => reference.id !== deletedOsqueryManagerPolicy.policy_id
references: filter(pack.references, (reference) =>
policyIds.includes(reference.id)
),
}
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -152,9 +152,7 @@ export const createPackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
}

set(draft, `inputs[0].config.osquery.value.packs.${packSO.attributes.name}`, {
shard: policyShards[packagePolicy.policy_ids[0]] // TODO
? policyShards[packagePolicy.policy_ids[0]]
: 100,
shard: policyShards[agentPolicyId] ?? 100,
queries: convertSOQueriesToPackConfig(queries),
});

Expand Down
28 changes: 15 additions & 13 deletions x-pack/plugins/osquery/server/routes/pack/update_pack_route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

import moment from 'moment-timezone';
import { set } from '@kbn/safer-lodash-set';
import { unset, has, difference, filter, find, map, mapKeys, uniq, some, isEmpty } from 'lodash';
import { unset, has, difference, filter, map, mapKeys, uniq, some, isEmpty } from 'lodash';
import { produce } from 'immer';
import type { PackagePolicy } from '@kbn/fleet-plugin/common';
import {
Expand Down Expand Up @@ -194,8 +194,9 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte

await Promise.all(
policyIds.map((agentPolicyId) => {
const packagePolicy = find(packagePolicies, ['policy_id', agentPolicyId]);

const packagePolicy = packagePolicies.find((policy) =>
policy.policy_ids.includes(agentPolicyId)
);
if (packagePolicy) {
return packagePolicyService?.update(
internalSavedObjectsClient,
Expand Down Expand Up @@ -224,7 +225,9 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
} else {
await Promise.all(
currentAgentPolicyIds.map((agentPolicyId) => {
const packagePolicy = find(currentPackagePolicies, ['policy_id', agentPolicyId]);
const packagePolicy = currentPackagePolicies.find((policy) =>
policy.policy_ids.includes(agentPolicyId)
);
if (!packagePolicy) return;

return packagePolicyService?.update(
Expand Down Expand Up @@ -254,7 +257,9 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte

await Promise.all(
agentPolicyIdsToRemove.map((agentPolicyId) => {
const packagePolicy = find(currentPackagePolicies, ['policy_id', agentPolicyId]);
const packagePolicy = currentPackagePolicies.find((policy) =>
policy.policy_ids.includes(agentPolicyId)
);
if (packagePolicy) {
return packagePolicyService?.update(
internalSavedObjectsClient,
Expand All @@ -276,8 +281,9 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte

await Promise.all(
agentPolicyIdsToUpdate.map((agentPolicyId) => {
const packagePolicy = find(packagePolicies, ['policy_id', agentPolicyId]);

const packagePolicy = packagePolicies.find((policy) =>
policy.policy_ids.includes(agentPolicyId)
);
if (packagePolicy) {
return packagePolicyService?.update(
internalSavedObjectsClient,
Expand All @@ -296,9 +302,7 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
draft,
`inputs[0].config.osquery.value.packs.${updatedPackSO.attributes.name}`,
{
shard: policyShards[packagePolicy.policy_ids[0]] // TODO
? policyShards[packagePolicy.policy_ids[0]]
: 100,
shard: policyShards[agentPolicyId] ?? 100,
queries: convertSOQueriesToPackConfig(updatedPackSO.attributes.queries),
}
);
Expand Down Expand Up @@ -331,9 +335,7 @@ export const updatePackRoute = (router: IRouter, osqueryContext: OsqueryAppConte
draft,
`inputs[0].config.osquery.value.packs.${updatedPackSO.attributes.name}`,
{
shard: policyShards[packagePolicy.policy_ids[0]] // TODO
? policyShards[packagePolicy.policy_ids[0]]
: 100,
shard: policyShards[agentPolicyId] ?? 100,
queries: convertSOQueriesToPackConfig(updatedPackSO.attributes.queries),
}
);
Expand Down

0 comments on commit 2667db1

Please sign in to comment.