Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Fleet] Don't auto upgrade policies for AUTO_UPDATE packages #115199

Merged
merged 3 commits into from
Oct 15, 2021

Conversation

kpollich
Copy link
Member

@kpollich kpollich commented Oct 15, 2021

Summary

Ref #114914 (review)

We had an error in our logic for automatic package policies update via the keep_policies_up_to_date flag that incorrectly upgraded policies for any package flagged as AUTO_UPDATE in

export const autoUpdatePackages = [
FLEET_ENDPOINT_PACKAGE,
FLEET_APM_PACKAGE,
FLEET_SYNTHETICS_PACKAGE,
];

It feels like this should have been caught by our unit tests, but I'm not sure whether we should try to mock this AUTO_UPDATE_PACKAGES list, or use a "hardcoded" package name in our tests. Open to suggestions here, as I would like to make sure this case is covered by automated tests.

@kpollich kpollich added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team auto-backport Deprecated - use backport:version if exact versions are needed v7.16.0 labels Oct 15, 2021
@kpollich kpollich self-assigned this Oct 15, 2021
@kpollich kpollich requested a review from a team as a code owner October 15, 2021 14:08
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 How complicated it will be to add a unit test for that? (it could be a great way to document what we want to be auto upgraded, ...)

@kpollich
Copy link
Member Author

We do have a test now that I think has had its robustness improved by this PR:

it('should not upgrade policies for non-managed package', async () => {
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
const soClient = savedObjectsClientMock.create();
(packagePolicyService.get as jest.Mock).mockImplementationOnce(
(savedObjectsClient: any, id: string) => {
return {
id,
inputs: {},
version: '',
revision: 1,
updated_at: '',
updated_by: '',
created_at: '',
created_by: '',
package: {
name: 'non-managed-package',
title: 'Non-Managed Package',
version: '0.0.1',
},
};
}
);
(packagePolicyService.getUpgradeDryRunDiff as jest.Mock).mockImplementationOnce(
(savedObjectsClient: any, id: string) => {
return {
name: 'non-managed-package-policy',
diff: [{ id: 'foo' }, { id: 'bar' }],
hasErrors: false,
};
}
);
(getPackageInfo as jest.Mock).mockImplementationOnce(
({ savedObjectsClient, pkgName, pkgVersion }) => ({
name: pkgName,
version: pkgVersion,
keepPoliciesUpToDate: false,
})
);
await upgradeManagedPackagePolicies(soClient, esClient, ['non-managed-package-id']);
expect(packagePolicyService.upgrade).not.toBeCalled();
});

I think this test gives us confidence that any package not flagged as keep_policies_up_to_date will not be auto-upgraded.

Maybe a good way to improve coverage here would be to move the shouldUpgradePolicies boolean into a function that can then be tested as a unit? Then we can assert something like "should not upgrade policies, even if package appears in AUTO_UPDATE_PACKAGES" - does that make sense?

@nchaulet
Copy link
Member

Maybe a good way to improve coverage here would be to move the shouldUpgradePolicies boolean into a function that can then be tested as a unit? Then we can assert something like "should not upgrade policies, even if package appears in AUTO_UPDATE_PACKAGES" - does that make sense?

Ye it totally make sense

@kpollich kpollich enabled auto-merge (squash) October 15, 2021 18:32
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @kpollich

@kpollich kpollich merged commit e18afaa into elastic:master Oct 15, 2021
@kpollich kpollich deleted the fix-auto-policy-upgrade-logic branch October 15, 2021 20:15
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 15, 2021
…#115199)

* Don't auto upgrade policies for AUTO_UPDATE packages

* Fix unused import

* Improve test coverage for upgrade policies check
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Oct 15, 2021
#115273)

* Don't auto upgrade policies for AUTO_UPDATE packages

* Fix unused import

* Improve test coverage for upgrade policies check

Co-authored-by: Kyle Pollich <[email protected]>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Oct 18, 2021
…-migrate-away-from-injected-css-js

* 'master' of github.com:elastic/kibana: (237 commits)
  [Uptime] Added uptime query inspector panel (elastic#115170)
  [Osquery] Add packs (elastic#107345)
  [App Search] Allow for query parameter to indicate ingestion mechanism for new engines (elastic#115188)
  [Alerting] Active alerts do not recover after re-enabling a rule (elastic#111671)
  skip flaky tests.  elastic#115308, elastic#115313
  [Breaking] Remove deprecated `enabled` settings from plugins. (elastic#113495)
  skip flaky suite.  elastic#107057
  skip flaky tests. elastic#89052, elastic#113418, elastic#115304
  skip flaky test. elastic#113892
  Bump node to 16.11.1 (elastic#110684)
  [Security Solution] Restores Alerts table local storage persistence and the Remove Column action (elastic#114742)
  skip flaky suite.  elastic#115130
  one line remove assert (elastic#115127)
  Fixes migration bug where I was deleting attributes (elastic#115098)
  [Security Solutions] Fixes the newer notification system throttle resets and enabling immediate execution on first detection of a signal  (elastic#114214)
  [build] Dockerfile update (elastic#115237)
  Fixes Cypress flake cypress test (elastic#115270)
  Disable APM e2e tests
  log an invalid type for SO (elastic#115175)
  [Fleet] Don't auto upgrade policies for AUTO_UPDATE packages (elastic#115199)
  ...

# Conflicts:
#	src/plugins/dashboard/public/application/dashboard_app.tsx
#	src/plugins/dashboard/public/types.ts
#	x-pack/plugins/reporting/server/lib/layouts/print_layout.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v7.16.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants