Skip to content

Commit

Permalink
[Fleet] support force flag to add/remove package_policies (#96713)
Browse files Browse the repository at this point in the history
## Summary

Can now pass a `force=true` parameter to add & remove integrations on hosted policies as originally intended [1] & [2]

 * Add `force` param for `POST` `/api/fleet/package_policies` & `/api/fleet/package_policies/delete` to a policy. Update tests to confirm
 * Not strictly required, but "while I was in there"
   * Updated a few places to throw `IngestManagerError` vs `Error` for `400` response vs `500`. Updated tests.
   * removed a few unnecessary `await`s of sync function

[1] #92426 (comment)
[2] #90445

### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

Co-authored-by: Kibana Machine <[email protected]>
  • Loading branch information
John Schulz and kibanamachine authored Apr 12, 2021
1 parent e7f5d07 commit cb3c4e3
Show file tree
Hide file tree
Showing 7 changed files with 247 additions and 227 deletions.
12 changes: 7 additions & 5 deletions x-pack/plugins/fleet/server/routes/package_policy/handlers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -79,18 +79,20 @@ export const createPackagePolicyHandler: RequestHandler<
> = async (context, request, response) => {
const soClient = context.core.savedObjects.client;
const esClient = context.core.elasticsearch.client.asCurrentUser;
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
const { force, ...newPolicy } = request.body;
try {
const newData = await packagePolicyService.runExternalCallbacks(
'packagePolicyCreate',
{ ...request.body },
newPolicy,
context,
request
);

// Create package policy
const packagePolicy = await packagePolicyService.create(soClient, esClient, newData, {
user,
force,
});
const body: CreatePackagePolicyResponse = { item: packagePolicy };
return response.ok({
Expand All @@ -114,7 +116,7 @@ export const updatePackagePolicyHandler: RequestHandler<
> = async (context, request, response) => {
const soClient = context.core.savedObjects.client;
const esClient = context.core.elasticsearch.client.asCurrentUser;
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
const packagePolicy = await packagePolicyService.get(soClient, request.params.packagePolicyId);

if (!packagePolicy) {
Expand Down Expand Up @@ -155,13 +157,13 @@ export const deletePackagePolicyHandler: RequestHandler<
> = async (context, request, response) => {
const soClient = context.core.savedObjects.client;
const esClient = context.core.elasticsearch.client.asCurrentUser;
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined;
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined;
try {
const body: DeletePackagePoliciesResponse = await packagePolicyService.delete(
soClient,
esClient,
request.body.packagePolicyIds,
{ user }
{ user, force: request.body.force }
);
return response.ok({
body,
Expand Down
10 changes: 6 additions & 4 deletions x-pack/plugins/fleet/server/services/agent_policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -466,15 +466,17 @@ class AgentPolicyService {
esClient: ElasticsearchClient,
id: string,
packagePolicyIds: string[],
options: { user?: AuthenticatedUser; bumpRevision: boolean } = { bumpRevision: true }
options: { user?: AuthenticatedUser; bumpRevision: boolean; force?: boolean } = {
bumpRevision: true,
}
): Promise<AgentPolicy> {
const oldAgentPolicy = await this.get(soClient, id, false);

if (!oldAgentPolicy) {
throw new Error('Agent policy not found');
}

if (oldAgentPolicy.is_managed) {
if (oldAgentPolicy.is_managed && !options?.force) {
throw new IngestManagerError(`Cannot update integrations of managed policy ${id}`);
}

Expand All @@ -497,15 +499,15 @@ class AgentPolicyService {
esClient: ElasticsearchClient,
id: string,
packagePolicyIds: string[],
options?: { user?: AuthenticatedUser }
options?: { user?: AuthenticatedUser; force?: boolean }
): Promise<AgentPolicy> {
const oldAgentPolicy = await this.get(soClient, id, false);

if (!oldAgentPolicy) {
throw new Error('Agent policy not found');
}

if (oldAgentPolicy.is_managed) {
if (oldAgentPolicy.is_managed && !options?.force) {
throw new IngestManagerError(`Cannot remove integrations of managed policy ${id}`);
}

Expand Down
14 changes: 9 additions & 5 deletions x-pack/plugins/fleet/server/services/package_policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -60,14 +60,14 @@ class PackagePolicyService {
soClient: SavedObjectsClientContract,
esClient: ElasticsearchClient,
packagePolicy: NewPackagePolicy,
options?: { id?: string; user?: AuthenticatedUser; bumpRevision?: boolean }
options?: { id?: string; user?: AuthenticatedUser; bumpRevision?: boolean; force?: boolean }
): Promise<PackagePolicy> {
// Check that its agent policy does not have a package policy with the same name
const parentAgentPolicy = await agentPolicyService.get(soClient, packagePolicy.policy_id);
if (!parentAgentPolicy) {
throw new Error('Agent policy not found');
}
if (parentAgentPolicy.is_managed) {
if (parentAgentPolicy.is_managed && !options?.force) {
throw new IngestManagerError(
`Cannot add integrations to managed policy ${parentAgentPolicy.id}`
);
Expand All @@ -77,7 +77,9 @@ class PackagePolicyService {
(siblingPackagePolicy) => siblingPackagePolicy.name === packagePolicy.name
)
) {
throw new Error('There is already a package with the same name on this agent policy');
throw new IngestManagerError(
'There is already a package with the same name on this agent policy'
);
}

// Add ids to stream
Expand Down Expand Up @@ -106,7 +108,7 @@ class PackagePolicyService {
if (isPackageLimited(pkgInfo)) {
const agentPolicy = await agentPolicyService.get(soClient, packagePolicy.policy_id, true);
if (agentPolicy && doesAgentPolicyAlreadyIncludePackage(agentPolicy, pkgInfo.name)) {
throw new Error(
throw new IngestManagerError(
`Unable to create package policy. Package '${pkgInfo.name}' already exists on this agent policy.`
);
}
Expand Down Expand Up @@ -140,6 +142,7 @@ class PackagePolicyService {
{
user: options?.user,
bumpRevision: options?.bumpRevision ?? true,
force: options?.force,
}
);

Expand Down Expand Up @@ -367,7 +370,7 @@ class PackagePolicyService {
soClient: SavedObjectsClientContract,
esClient: ElasticsearchClient,
ids: string[],
options?: { user?: AuthenticatedUser; skipUnassignFromAgentPolicies?: boolean }
options?: { user?: AuthenticatedUser; skipUnassignFromAgentPolicies?: boolean; force?: boolean }
): Promise<DeletePackagePoliciesResponse> {
const result: DeletePackagePoliciesResponse = [];

Expand All @@ -385,6 +388,7 @@ class PackagePolicyService {
[packagePolicy.id],
{
user: options?.user,
force: options?.force,
}
);
}
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/fleet/server/types/models/package_policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ const PackagePolicyBaseSchema = {

export const NewPackagePolicySchema = schema.object({
...PackagePolicyBaseSchema,
force: schema.maybe(schema.boolean()),
});

export const UpdatePackagePolicySchema = schema.object({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,5 +33,6 @@ export const UpdatePackagePolicyRequestSchema = {
export const DeletePackagePoliciesRequestSchema = {
body: schema.object({
packagePolicyIds: schema.arrayOf(schema.string()),
force: schema.maybe(schema.boolean()),
}),
};
Loading

0 comments on commit cb3c4e3

Please sign in to comment.