Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Fix secrets exception when installing CSPM or other integrations #174264

Merged
merged 4 commits into from
Jan 8, 2024
Merged

[Fleet] Fix secrets exception when installing CSPM or other integrations #174264

merged 4 commits into from
Jan 8, 2024

Conversation

criamico
Copy link
Contributor

@criamico criamico commented Jan 4, 2024
edited by kibanamachine
Loading

Closes #173718

Summary

Fix secrets exception when installing CSPM or other integrations

Steps to reproduce:

  • Install cloud_security_posture-1.8.0-preview02 (note that a licence is needed to install CSPM)
  • Select Setup access: manual and Preferred manual method: Direct access keys
  • Add some test values a secrets and try to install
  • The integration should install correctly with no exceptions.

Checklist

@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • /oblt-deploy-serverless : Deploy a serverless Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@criamico
Copy link
Contributor Author

criamico commented Jan 4, 2024

@kpollich I found the reason of the original bug, the index used to get the secret in this block was not correct. In the specific case of CSPM we have values of this type:

 secrets:  [{ id: 'secret_id_0001' }];

secretPaths: [
  {
    path: [ 'inputs', '1', 'streams', '0', 'vars', 'secret_access_key' ],
    value: { type: 'text' }
  },
  {
    path: [ 'inputs', '2', 'streams', '0', 'vars', 'secret_access_key' ],
    value: { value: 'xfgdgh' }
  },
...
]

The issue was that secretPathIndex in this case was 1, hence causing the error. I fixed it by adding a second index that is incremented over secrets.

I also wrote this test for cases where there are two valid values in secretPaths (which it should be a feasible occurrence) and two secrets. I'd expect the code to update both values, but instead the policy returns unchanged.

My guess is that in this function acc, that gets the initial value from result, gets reset between iterations of forEach. In fact I printed the values between each iteration and it gets updated then reset again. I'm not really sure what could be the solution for this, since the spread operator is too expensive to use here and lodash set was ruled out before. I'd like to have your opinion here.

@criamico
Copy link
Contributor Author

criamico commented Jan 5, 2024

Thanks @kpollich for the commit, I'm going to open the PR with this change.

@criamico criamico added the Team:Fleet Team label for Observability Data Collection Fleet team label Jan 5, 2024
@criamico criamico self-assigned this Jan 5, 2024
@criamico criamico marked this pull request as ready for review January 5, 2024 13:39
@criamico criamico requested a review from a team as a code owner January 5, 2024 13:39
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@criamico
Copy link
Contributor Author

criamico commented Jan 8, 2024

@elasticmachine merge upstream

@criamico criamico enabled auto-merge (squash) January 8, 2024 08:31
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @criamico

@criamico criamico merged commit 6a7166c into elastic:main Jan 8, 2024
20 checks passed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jan 8, 2024
@criamico
[Fleet] Fix secrets exception when installing CSPM or other integrati…
4888c71 
…ons (elastic#174264)

Closes elastic#173718

## Summary

Fix secrets exception when installing CSPM or other integrations

### Steps to reproduce:

- Install `cloud_security_posture-1.8.0-preview02` (note that a licence
is needed to install CSPM)
- Select Setup access: manual and Preferred manual method: Direct access
keys
- Add some test values a secrets and try to install
- The integration should install correctly with no exceptions.

### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

---------

Co-authored-by: Kyle Pollich <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
(cherry picked from commit 6a7166c)
@kibanamachine kibanamachine mentioned this pull request Jan 8, 2024
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.12

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Jan 8, 2024
@kibanamachine @criamico
[8.12] [Fleet] Fix secrets exception when installing CSPM or other in…
ed210ef 
…tegrations (#174264) (#174432)

# Backport

This will backport the following commits from `main` to `8.12`:
- [[Fleet] Fix secrets exception when installing CSPM or other
integrations (#174264)](#174264)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Cristina
Amico","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-01-08T09:19:29Z","message":"[Fleet]
Fix secrets exception when installing CSPM or other integrations
(#174264)\n\nCloses
https://github.com/elastic/kibana/issues/173718\r\n\r\n##
Summary\r\n\r\nFix secrets exception when installing CSPM or other
integrations\r\n\r\n### Steps to reproduce:\r\n\r\n- Install
`cloud_security_posture-1.8.0-preview02` (note that a licence\r\nis
needed to install CSPM)\r\n- Select Setup access: manual and Preferred
manual method: Direct access\r\nkeys\r\n- Add some test values a secrets
and try to install\r\n- The integration should install correctly with no
exceptions.\r\n\r\n### Checklist\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by:
Kyle Pollich <[email protected]>\r\nCo-authored-by: Kibana Machine
<[email protected]>","sha":"6a7166c4e8782fe8067b1f8d93952b282db5627a","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Fleet","v8.12.0","v8.13.0"],"title":"[Fleet]
Fix secrets exception when installing CSPM or other
integrations","number":174264,"url":"https://github.com/elastic/kibana/pull/174264","mergeCommit":{"message":"[Fleet]
Fix secrets exception when installing CSPM or other integrations
(#174264)\n\nCloses
https://github.com/elastic/kibana/issues/173718\r\n\r\n##
Summary\r\n\r\nFix secrets exception when installing CSPM or other
integrations\r\n\r\n### Steps to reproduce:\r\n\r\n- Install
`cloud_security_posture-1.8.0-preview02` (note that a licence\r\nis
needed to install CSPM)\r\n- Select Setup access: manual and Preferred
manual method: Direct access\r\nkeys\r\n- Add some test values a secrets
and try to install\r\n- The integration should install correctly with no
exceptions.\r\n\r\n### Checklist\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by:
Kyle Pollich <[email protected]>\r\nCo-authored-by: Kibana Machine
<[email protected]>","sha":"6a7166c4e8782fe8067b1f8d93952b282db5627a"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","branchLabelMappingKey":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/174264","number":174264,"mergeCommit":{"message":"[Fleet]
Fix secrets exception when installing CSPM or other integrations
(#174264)\n\nCloses
https://github.com/elastic/kibana/issues/173718\r\n\r\n##
Summary\r\n\r\nFix secrets exception when installing CSPM or other
integrations\r\n\r\n### Steps to reproduce:\r\n\r\n- Install
`cloud_security_posture-1.8.0-preview02` (note that a licence\r\nis
needed to install CSPM)\r\n- Select Setup access: manual and Preferred
manual method: Direct access\r\nkeys\r\n- Add some test values a secrets
and try to install\r\n- The integration should install correctly with no
exceptions.\r\n\r\n### Checklist\r\n- [ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n---------\r\n\r\nCo-authored-by:
Kyle Pollich <[email protected]>\r\nCo-authored-by: Kibana Machine
<[email protected]>","sha":"6a7166c4e8782fe8067b1f8d93952b282db5627a"}}]}]
BACKPORT-->

Co-authored-by: Cristina Amico <[email protected]>
delanni pushed a commit to delanni/kibana that referenced this pull request Jan 11, 2024
@criamico @kpollich
@kibanamachine @delanni
[Fleet] Fix secrets exception when installing CSPM or other integrati…
0edaaa2 
…ons (elastic#174264)

Closes elastic#173718

## Summary

Fix secrets exception when installing CSPM or other integrations

### Steps to reproduce:

- Install `cloud_security_posture-1.8.0-preview02` (note that a licence
is needed to install CSPM)
- Select Setup access: manual and Preferred manual method: Direct access
keys
- Add some test values a secrets and try to install
- The integration should install correctly with no exceptions.

### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

---------

Co-authored-by: Kyle Pollich <[email protected]>
Co-authored-by: Kibana Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliaElastic juliaElastic juliaElastic approved these changes

@kpollich kpollich kpollich approved these changes

Assignees

@criamico criamico

Labels
release_note:fix Team:Fleet Team label for Observability Data Collection Fleet team v8.12.0 v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Fleet] Exception when trying to save CSPM integration with a Secret
7 participants
@criamico @apmmachine @elasticmachine @kibana-ci @kibanamachine @kpollich @juliaElastic