Skip to content

Commit

Permalink
[Fleet] Re-enable and fix Fleet policy secret integration tests (#163428
Browse files Browse the repository at this point in the history
)

## Summary

Closes #162732 
Closes #157503

Wanted to sneak this in before we move over to the internal index, I
have tidied the tests a bit to make that transition easier.

Since we restricted the fleet service account permissions, we can no
longer use a test index for the secret tests. The test index was added
while .fleet-secrets didn't exist so I have switched to using the real
index.

---------

Co-authored-by: kibanamachine <[email protected]>
  • Loading branch information
hop-dev and kibanamachine authored Aug 10, 2023
1 parent f99be4e commit 94432d8
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 81 deletions.
1 change: 0 additions & 1 deletion x-pack/plugins/fleet/server/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ export const config: PluginConfigDescriptor = {
disableRegistryVersionCheck: schema.boolean({ defaultValue: false }),
allowAgentUpgradeSourceUri: schema.boolean({ defaultValue: false }),
bundledPackageLocation: schema.string({ defaultValue: DEFAULT_BUNDLED_PACKAGE_LOCATION }),
testSecretsIndex: schema.maybe(schema.string()),
}),
packageVerification: schema.object({
gpgKeyPath: schema.string({ defaultValue: DEFAULT_GPG_KEY_PATH }),
Expand Down
122 changes: 43 additions & 79 deletions x-pack/test/fleet_api_integration/apis/policy_secrets.ts
Original file line number Diff line number Diff line change
Expand Up @@ -41,37 +41,43 @@ function createdPolicyToUpdatePolicy(policy: any) {
return updatedPolicy;
}

const SECRETS_INDEX_NAME = '.fleet-secrets';
export default function (providerContext: FtrProviderContext) {
// FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/162732
describe.skip('fleet policy secrets', () => {
describe('fleet policy secrets', () => {
const { getService } = providerContext;

const es: Client = getService('es');
const supertest = getService('supertest');
const kibanaServer = getService('kibanaServer');

const getPackagePolicyById = async (id: string) => {
const { body } = await supertest.get(`/api/fleet/package_policies/${id}`);
return body.item;
const getSecrets = async (ids?: string[]) => {
const query = ids ? { terms: { _id: ids } } : { match_all: {} };
return es.search({
index: SECRETS_INDEX_NAME,
body: {
query,
},
});
};

const maybeCreateSecretsIndex = async () => {
// create mock .secrets index for testing
if (await es.indices.exists({ index: '.fleet-test-secrets' })) {
await es.indices.delete({ index: '.fleet-test-secrets' });
}
await es.indices.create({
index: '.fleet-test-secrets',
body: {
mappings: {
properties: {
value: {
type: 'keyword',
},
const deleteAllSecrets = async () => {
try {
await es.deleteByQuery({
index: SECRETS_INDEX_NAME,
body: {
query: {
match_all: {},
},
},
},
});
});
} catch (err) {
// index doesnt exis
}
};

const getPackagePolicyById = async (id: string) => {
const { body } = await supertest.get(`/api/fleet/package_policies/${id}`);
return body.item;
};

const getFullAgentPolicyById = async (id: string) => {
Expand Down Expand Up @@ -137,10 +143,8 @@ export default function (providerContext: FtrProviderContext) {
let agentPolicyId: string;
before(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await getService('esArchiver').load(
'x-pack/test/functional/es_archives/fleet/empty_fleet_server'
);
await maybeCreateSecretsIndex();

await deleteAllSecrets();
});

setupFleetAndAgents(providerContext);
Expand Down Expand Up @@ -261,16 +265,7 @@ export default function (providerContext: FtrProviderContext) {
});

it('should have correctly created the secrets', async () => {
const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
ids: {
values: [packageVarId, inputVarId, streamVarId],
},
},
},
});
const searchRes = await getSecrets([packageVarId, inputVarId, streamVarId]);

expect(searchRes.hits.hits.length).to.eql(3);

Expand Down Expand Up @@ -337,14 +332,7 @@ export default function (providerContext: FtrProviderContext) {
});

it('should have correctly deleted unused secrets after update', async () => {
const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
const searchRes = await getSecrets();

expect(searchRes.hits.hits.length).to.eql(3); // should have created 1 and deleted 1 doc

Expand Down Expand Up @@ -374,14 +362,7 @@ export default function (providerContext: FtrProviderContext) {

expectCompiledPolicyVars(policyDoc, updatedPackageVarId);

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
const searchRes = await getSecrets();

expect(searchRes.hits.hits.length).to.eql(3);

Expand Down Expand Up @@ -413,53 +394,36 @@ export default function (providerContext: FtrProviderContext) {
updatedPackagePolicy.vars.package_var_secret.value.id,
updatedPackageVarId,
];

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
terms: {
_id: packageVarSecretIds,
},
},
},
});
const searchRes = await getSecrets(packageVarSecretIds);

expect(searchRes.hits.hits.length).to.eql(2);
});

it('should not delete used secrets on package policy delete', async () => {
return supertest
await supertest
.delete(`/api/fleet/package_policies/${duplicatedPackagePolicyId}`)
.set('kbn-xsrf', 'xxxx')
.expect(200);

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
// sleep to allow for secrets to be deleted
await new Promise((resolve) => setTimeout(resolve, 1000));

const searchRes = await getSecrets();

// should have deleted new_package_secret_val_2
expect(searchRes.hits.hits.length).to.eql(3);
});

it('should delete all secrets on package policy delete', async () => {
return supertest
await supertest
.delete(`/api/fleet/package_policies/${createdPackagePolicyId}`)
.set('kbn-xsrf', 'xxxx')
.expect(200);

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
// sleep to allow for secrets to be deleted
await new Promise((resolve) => setTimeout(resolve, 1000));

const searchRes = await getSecrets();

expect(searchRes.hits.hits.length).to.eql(0);
});
Expand Down
1 change: 0 additions & 1 deletion x-pack/test/fleet_api_integration/config.base.ts
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
'secretsStorage',
'agentTamperProtectionEnabled',
])}`,
`--xpack.fleet.developer.testSecretsIndex=.fleet-test-secrets`,
`--logging.loggers=${JSON.stringify([
...getKibanaCliLoggers(xPackAPITestsConfig.get('kbnTestServer.serverArgs')),
Expand Down

0 comments on commit 94432d8

Please sign in to comment.