From ea9747c6592288c40d7da45d9bbe136fe4e6dc56 Mon Sep 17 00:00:00 2001 From: Paul Tavares Date: Fri, 2 Oct 2020 14:34:08 -0400 Subject: [PATCH] Fix agentPolicyUpdateEventHandler() to use app context soClient for creation of actions --- .../server/services/agent_policy_update.ts | 27 ++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts index ff20e25e5bf0d..4ddb3cfb6a6a5 100644 --- a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts +++ b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts @@ -4,11 +4,27 @@ * you may not use this file except in compliance with the Elastic License. */ -import { SavedObjectsClientContract } from 'src/core/server'; +import { KibanaRequest, SavedObjectsClientContract } from 'src/core/server'; import { generateEnrollmentAPIKey, deleteEnrollmentApiKeyForAgentPolicyId } from './api_keys'; import { unenrollForAgentPolicyId } from './agents'; import { outputService } from './output'; import { agentPolicyService } from './agent_policy'; +import { appContextService } from './app_context'; + +const fakeRequest = ({ + headers: {}, + getBasePath: () => '', + path: '/', + route: { settings: {} }, + url: { + href: '/', + }, + raw: { + req: { + url: '/', + }, + }, +} as unknown) as KibanaRequest; export async function agentPolicyUpdateEventHandler( soClient: SavedObjectsClientContract, @@ -17,20 +33,25 @@ export async function agentPolicyUpdateEventHandler( ) { const adminUser = await outputService.getAdminUser(soClient); const outputId = await outputService.getDefaultOutputId(soClient); + // If no admin user and no default output fleet is not enabled just skip this hook if (!adminUser || !outputId) { return; } + // `soClient` from ingest `appContextService` is used to create policy change actions + // to ensure encrypted SOs are handled correctly + const internalSoClient = appContextService.getInternalUserSOClient(fakeRequest); + if (action === 'created') { await generateEnrollmentAPIKey(soClient, { agentPolicyId, }); - await agentPolicyService.createFleetPolicyChangeAction(soClient, agentPolicyId); + await agentPolicyService.createFleetPolicyChangeAction(internalSoClient, agentPolicyId); } if (action === 'updated') { - await agentPolicyService.createFleetPolicyChangeAction(soClient, agentPolicyId); + await agentPolicyService.createFleetPolicyChangeAction(internalSoClient, agentPolicyId); } if (action === 'deleted') {