From ed210ef4ad3b9bbcd4ac865bd094cccffe45f762 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Mon, 8 Jan 2024 05:31:54 -0500
Subject: [PATCH] [8.12] [Fleet] Fix secrets exception when installing CSPM or
 other integrations (#174264) (#174432)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Fleet] Fix secrets exception when installing CSPM or other
integrations (#174264)](https://github.com/elastic/kibana/pull/174264)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Cristina
Amico","email":"criamico@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-01-08T09:19:29Z","message":"[Fleet]
Fix secrets exception when installing CSPM or other integrations
(#174264)\n\nCloses
https://github.com/elastic/kibana/issues/173718\r\n\r\n##
Summary\r\n\r\nFix secrets exception when installing CSPM or other
integrations\r\n\r\n### Steps to reproduce:\r\n\r\n- Install
`cloud_security_posture-1.8.0-preview02` (note that a licence\r\nis
needed to install CSPM)\r\n- Select Setup access: manual and Preferred
manual method: Direct access\r\nkeys\r\n- Add some test values a secrets
and try to install\r\n- The integration should install correctly with no
exceptions.\r\n\r\n### Checklist\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by:
Kyle Pollich <kyle.pollich@elastic.co>\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"6a7166c4e8782fe8067b1f8d93952b282db5627a","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Fleet","v8.12.0","v8.13.0"],"title":"[Fleet]
Fix secrets exception when installing CSPM or other
integrations","number":174264,"url":"https://github.com/elastic/kibana/pull/174264","mergeCommit":{"message":"[Fleet]
Fix secrets exception when installing CSPM or other integrations
(#174264)\n\nCloses
https://github.com/elastic/kibana/issues/173718\r\n\r\n##
Summary\r\n\r\nFix secrets exception when installing CSPM or other
integrations\r\n\r\n### Steps to reproduce:\r\n\r\n- Install
`cloud_security_posture-1.8.0-preview02` (note that a licence\r\nis
needed to install CSPM)\r\n- Select Setup access: manual and Preferred
manual method: Direct access\r\nkeys\r\n- Add some test values a secrets
and try to install\r\n- The integration should install correctly with no
exceptions.\r\n\r\n### Checklist\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by:
Kyle Pollich <kyle.pollich@elastic.co>\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"6a7166c4e8782fe8067b1f8d93952b282db5627a"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174264","number":174264,"mergeCommit":{"message":"[Fleet]
Fix secrets exception when installing CSPM or other integrations
(#174264)\n\nCloses
https://github.com/elastic/kibana/issues/173718\r\n\r\n##
Summary\r\n\r\nFix secrets exception when installing CSPM or other
integrations\r\n\r\n### Steps to reproduce:\r\n\r\n- Install
`cloud_security_posture-1.8.0-preview02` (note that a licence\r\nis
needed to install CSPM)\r\n- Select Setup access: manual and Preferred
manual method: Direct access\r\nkeys\r\n- Add some test values a secrets
and try to install\r\n- The integration should install correctly with no
exceptions.\r\n\r\n### Checklist\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by:
Kyle Pollich <kyle.pollich@elastic.co>\r\nCo-authored-by: Kibana Machine
<42973632+kibanamachine@users.noreply.github.com>","sha":"6a7166c4e8782fe8067b1f8d93952b282db5627a"}}]}]
BACKPORT-->

Co-authored-by: Cristina Amico <criamico@users.noreply.github.com>
---
 x-pack/plugins/fleet/server/services/secrets.test.ts | 7 +++++--
 x-pack/plugins/fleet/server/services/secrets.ts      | 6 +++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/x-pack/plugins/fleet/server/services/secrets.test.ts b/x-pack/plugins/fleet/server/services/secrets.test.ts
index 8e92836e3fbf4..729c74a3ddec0 100644
--- a/x-pack/plugins/fleet/server/services/secrets.test.ts
+++ b/x-pack/plugins/fleet/server/services/secrets.test.ts
@@ -1018,9 +1018,11 @@ describe('secrets', () => {
       it('returns single secret reference for required secret', async () => {
         const mockPackagePolicy = {
           vars: {
-            'pkg-secret-1': {
-              value: 'pkg-secret-1-val',
+            'pkg-secret-1': {},
+            'pkg-secret-2': {
+              value: 'pkg-secret-2-val',
             },
+            'dot-notation.stream.pkg-secret-3': {},
           },
           inputs: [],
         } as unknown as NewPackagePolicy;
@@ -1198,6 +1200,7 @@ describe('secrets', () => {
               value: 'pkg-secret-1-val',
             },
             'pkg-secret-2': {},
+            'dot-notation.pkg-secret-3': {},
           },
           inputs: [],
         } as unknown as PackagePolicy;
diff --git a/x-pack/plugins/fleet/server/services/secrets.ts b/x-pack/plugins/fleet/server/services/secrets.ts
index 6f50b2cd8b73b..c01c64e37e59e 100644
--- a/x-pack/plugins/fleet/server/services/secrets.ts
+++ b/x-pack/plugins/fleet/server/services/secrets.ts
@@ -241,7 +241,11 @@ export async function extractAndWriteSecrets(opts: {
     values: secretsToCreate.map((secretPath) => secretPath.value.value),
   });
 
-  const policyWithSecretRefs = getPolicyWithSecretReferences(secretPaths, secrets, packagePolicy);
+  const policyWithSecretRefs = getPolicyWithSecretReferences(
+    secretsToCreate,
+    secrets,
+    packagePolicy
+  );
 
   return {
     packagePolicy: policyWithSecretRefs,