[Fleet] Upgrade APIs to support moving a value from .fleet-policies to secrets index when a field moves to being secret
#162045
Comments
juliaElastic
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
juliaElastic
changed the title
.fleet-policies to secrets index when a field moves to being secret
|
I did a test of this by installing latest system package (1.38.2) and then uploading a newer version where made 2 existing vars secret: Uploaded the package like this: And then upgraded the package and integration policy from the UI. Verified that the secret vars became secret refs, and the agent got the secret values. So I think the main functionality works as expected. One thing I'm not sure is a bug or expected, is that when I look at the agent policy with 
When I look at the same config in agent EDIT: checked the same variables without secrets (system-1.38.2) and the agent gets the full url, so I think this is a bug in fleet-server logic that replaces the variables: EDIT: Raised a pr to do some cleanup elastic/fleet-server#2876 and can't reproduce the |
|
@juliaElastic Doesn't this show that the upgrade scenario in this issue is already working? I think we should have explicit API functional tests for this in any case. |
|
@joshdover Yes, I think this is working. |
|
@jillguyonnet can you add your integration tests PR here as soon as ready? Thanks |
## Summary Closes #162045 This PR adds an API integration test for the following scenario: - Given an integration with some non secret (plain text) vars that become secret in a newer version; - When Fleet has an agent policy with this integration and upgrades from the old to the newer version; - Then the vars that have become secrets should correctly be stored as secret values. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Julia Bardi <[email protected]>
## Summary Closes elastic#162045 This PR adds an API integration test for the following scenario: - Given an integration with some non secret (plain text) vars that become secret in a newer version; - When Fleet has an agent policy with this integration and upgrades from the old to the newer version; - Then the vars that have become secrets should correctly be stored as secret values. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Julia Bardi <[email protected]> (cherry picked from commit 766ff8f)
…64666) # Backport This will backport the following commits from `main` to `8.10`: - [[Fleet] Add secrets package API integration test (#164583)](#164583) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jill Guyonnet","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-08-24T07:37:34Z","message":"[Fleet] Add secrets package API integration test (#164583)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/162045\r\n\r\nThis PR adds an API integration test for the following scenario:\r\n- Given an integration with some non secret (plain text) vars that\r\nbecome secret in a newer version;\r\n- When Fleet has an agent policy with this integration and upgrades from\r\nthe old to the newer version;\r\n- Then the vars that have become secrets should correctly be stored as\r\nsecret values.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Julia Bardi <[email protected]>","sha":"766ff8fa614d6b62b750c0eef9c1d129b2187e4f","branchLabelMapping":{"^v8.11.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v8.10.0","v8.11.0"],"number":164583,"url":"https://github.com/elastic/kibana/pull/164583","mergeCommit":{"message":"[Fleet] Add secrets package API integration test (#164583)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/162045\r\n\r\nThis PR adds an API integration test for the following scenario:\r\n- Given an integration with some non secret (plain text) vars that\r\nbecome secret in a newer version;\r\n- When Fleet has an agent policy with this integration and upgrades from\r\nthe old to the newer version;\r\n- Then the vars that have become secrets should correctly be stored as\r\nsecret values.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Julia Bardi <[email protected]>","sha":"766ff8fa614d6b62b750c0eef9c1d129b2187e4f"}},"sourceBranch":"main","suggestedTargetBranches":["8.10"],"targetPullRequestStates":[{"branch":"8.10","label":"v8.10.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.11.0","labelRegex":"^v8.11.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/164583","number":164583,"mergeCommit":{"message":"[Fleet] Add secrets package API integration test (#164583)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/162045\r\n\r\nThis PR adds an API integration test for the following scenario:\r\n- Given an integration with some non secret (plain text) vars that\r\nbecome secret in a newer version;\r\n- When Fleet has an agent policy with this integration and upgrades from\r\nthe old to the newer version;\r\n- Then the vars that have become secrets should correctly be stored as\r\nsecret values.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Julia Bardi <[email protected]>","sha":"766ff8fa614d6b62b750c0eef9c1d129b2187e4f"}}]}] BACKPORT--> Co-authored-by: Jill Guyonnet <[email protected]>
Part of #154715
Scenario not implemented yet:
The text was updated successfully, but these errors were encountered: