From d350c66cf5f2d37ea55f1928643df7e732f42097 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Tue, 20 Oct 2020 16:50:54 -0400 Subject: [PATCH] [Fleet] Fix creation of POLICY_CHANGE action during 7.9 => 7.10 migration (#81041) (#81228) --- .../server/services/agent_policy_update.ts | 10 ++-- .../server/services/agents/index.ts | 1 + .../server/services/agents/setup.ts | 48 +++++++++++++++++++ .../ingest_manager/server/services/output.ts | 4 +- .../ingest_manager/server/services/setup.ts | 4 ++ 5 files changed, 58 insertions(+), 9 deletions(-) create mode 100644 x-pack/plugins/ingest_manager/server/services/agents/setup.ts diff --git a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts index 4ddb3cfb6a6a5..fe06de765bbff 100644 --- a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts +++ b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts @@ -6,8 +6,7 @@ import { KibanaRequest, SavedObjectsClientContract } from 'src/core/server'; import { generateEnrollmentAPIKey, deleteEnrollmentApiKeyForAgentPolicyId } from './api_keys'; -import { unenrollForAgentPolicyId } from './agents'; -import { outputService } from './output'; +import { isAgentsSetup, unenrollForAgentPolicyId } from './agents'; import { agentPolicyService } from './agent_policy'; import { appContextService } from './app_context'; @@ -31,11 +30,8 @@ export async function agentPolicyUpdateEventHandler( action: string, agentPolicyId: string ) { - const adminUser = await outputService.getAdminUser(soClient); - const outputId = await outputService.getDefaultOutputId(soClient); - - // If no admin user and no default output fleet is not enabled just skip this hook - if (!adminUser || !outputId) { + // If Agents are not setup skip this hook + if (!(await isAgentsSetup(soClient))) { return; } diff --git a/x-pack/plugins/ingest_manager/server/services/agents/index.ts b/x-pack/plugins/ingest_manager/server/services/agents/index.ts index c878b666bde88..0800a04fb1b3b 100644 --- a/x-pack/plugins/ingest_manager/server/services/agents/index.ts +++ b/x-pack/plugins/ingest_manager/server/services/agents/index.ts @@ -16,3 +16,4 @@ export * from './update'; export * from './actions'; export * from './reassign'; export * from './authenticate'; +export * from './setup'; diff --git a/x-pack/plugins/ingest_manager/server/services/agents/setup.ts b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts new file mode 100644 index 0000000000000..1393e732e89d1 --- /dev/null +++ b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts @@ -0,0 +1,48 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { SavedObjectsClientContract } from 'src/core/server'; +import { SO_SEARCH_LIMIT } from '../../constants'; +import { agentPolicyService } from '../agent_policy'; +import { outputService } from '../output'; +import { getLatestConfigChangeAction } from './actions'; + +export async function isAgentsSetup(soClient: SavedObjectsClientContract): Promise { + const adminUser = await outputService.getAdminUser(soClient, false); + const outputId = await outputService.getDefaultOutputId(soClient); + // If admin user (fleet_enroll) and output id exist Agents are correctly setup + return adminUser && outputId ? true : false; +} + +/** + * During the migration from 7.9 to 7.10 we introduce a new agent action POLICY_CHANGE per policy + * this function ensure that action exist for each policy + * + * @param soClient + */ +export async function ensureAgentActionPolicyChangeExists(soClient: SavedObjectsClientContract) { + // If Agents are not setup skip + if (!(await isAgentsSetup(soClient))) { + return; + } + + const { items: agentPolicies } = await agentPolicyService.list(soClient, { + perPage: SO_SEARCH_LIMIT, + }); + + await Promise.all( + agentPolicies.map(async (agentPolicy) => { + const policyChangeActionExist = !!(await getLatestConfigChangeAction( + soClient, + agentPolicy.id + )); + + if (!policyChangeActionExist) { + return agentPolicyService.createFleetPolicyChangeAction(soClient, agentPolicy.id); + } + }) + ); +} diff --git a/x-pack/plugins/ingest_manager/server/services/output.ts b/x-pack/plugins/ingest_manager/server/services/output.ts index f780bd95faedc..0e3b652422faa 100644 --- a/x-pack/plugins/ingest_manager/server/services/output.ts +++ b/x-pack/plugins/ingest_manager/server/services/output.ts @@ -65,8 +65,8 @@ class OutputService { return outputs.saved_objects[0].id; } - public async getAdminUser(soClient: SavedObjectsClientContract) { - if (cachedAdminUser) { + public async getAdminUser(soClient: SavedObjectsClientContract, useCache = true) { + if (useCache && cachedAdminUser) { return cachedAdminUser; } diff --git a/x-pack/plugins/ingest_manager/server/services/setup.ts b/x-pack/plugins/ingest_manager/server/services/setup.ts index c7ecf843d6a51..7f379d3ea4f13 100644 --- a/x-pack/plugins/ingest_manager/server/services/setup.ts +++ b/x-pack/plugins/ingest_manager/server/services/setup.ts @@ -29,6 +29,7 @@ import { generateEnrollmentAPIKey } from './api_keys'; import { settingsService } from '.'; import { awaitIfPending } from './setup_utils'; import { createDefaultSettings } from './settings'; +import { ensureAgentActionPolicyChangeExists } from './agents'; const FLEET_ENROLL_USERNAME = 'fleet_enroll'; const FLEET_ENROLL_ROLE = 'fleet_enroll'; @@ -80,6 +81,7 @@ async function createSetupSideEffects( ) { throw new Error('Policy not found'); } + for (const installedPackage of installedPackages) { const packageShouldBeInstalled = DEFAULT_AGENT_POLICIES_PACKAGES.some( (packageName) => installedPackage.name === packageName @@ -105,6 +107,8 @@ async function createSetupSideEffects( } } + await ensureAgentActionPolicyChangeExists(soClient); + return { isIntialized: true }; }