Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Endpoint] Add step to the security solution plugin start phase (non-blocking) to check endpoint policy indices #198089

Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Unit tests
paul-tavares committed Oct 28, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 7f710ae0c031a980c005ba640b11042069067324
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { createMockEndpointAppContextService } from '../mocks';
import { ensureIndicesExistsForPolicies } from './ensure_indices_exists_for_policies';
import { createPolicyDataStreamsIfNeeded as _createPolicyDataStreamsIfNeeded } from '../../fleet_integration/handlers/create_policy_datastreams';

jest.mock('../../fleet_integration/handlers/create_policy_datastreams');
const createPolicyDataStreamsIfNeededMock = _createPolicyDataStreamsIfNeeded as jest.Mock;

describe('Ensure indices exists for policies migration', () => {
let endpointAppContextServicesMock: ReturnType<typeof createMockEndpointAppContextService>;

beforeEach(() => {
endpointAppContextServicesMock = createMockEndpointAppContextService();

endpointAppContextServicesMock
.getInternalFleetServices()
.packagePolicy.listIds.mockResolvedValue({
items: ['foo-1', 'foo-2', 'foo-3'],
});
});

it('should query fleet looking for all endpoint integration policies', async () => {
const fleetServicesMock = endpointAppContextServicesMock.getInternalFleetServices();
await ensureIndicesExistsForPolicies(endpointAppContextServicesMock);

expect(fleetServicesMock.packagePolicy.listIds).toHaveBeenCalledWith(expect.anything(), {
kuery: fleetServicesMock.endpointPolicyKuery,
perPage: 10000,
});
});

it('should call createPolicyDataStreamsIfNeeded() with list of existing policies', async () => {
await ensureIndicesExistsForPolicies(endpointAppContextServicesMock);

expect(createPolicyDataStreamsIfNeededMock).toHaveBeenCalledWith({
endpointServices: endpointAppContextServicesMock,
endpointPolicyIds: ['foo-1', 'foo-2', 'foo-3'],
});
});
});
Original file line number Diff line number Diff line change
@@ -11,13 +11,19 @@ import type { EndpointAppContextService } from '../endpoint_app_context_services
export const ensureIndicesExistsForPolicies = async (
endpointServices: EndpointAppContextService
): Promise<void> => {
const logger = endpointServices.createLogger('startupPolicyIndicesChecker');

const fleetServices = endpointServices.getInternalFleetServices();
const soClient = fleetServices.savedObjects.createInternalUnscopedSoClient();
const endpointPoliciesIds = await fleetServices.packagePolicy.listIds(soClient, {
kuery: fleetServices.endpointPolicyKuery,
perPage: 10000,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the maximum number of items returned here? Might be a good idea to paginate if 100+.

Kibana runs on pretty low resources in some environments and might be doing other things at the same time.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for 👀
The likelihood - especially for serverless - is that the returned count of items will be low. maybe a handful of policies.

});

logger.info(
`Checking to ensure [${endpointPoliciesIds.items.length}] endpoint policies have backing indices`
);

await createPolicyDataStreamsIfNeeded({
endpointServices,
endpointPolicyIds: endpointPoliciesIds.items,