From 882ebfa6ae879f339776b29327a8bea3a8265810 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Mon, 19 Oct 2020 14:26:10 -0400 Subject: [PATCH 1/3] [Fleet] Fix creation of POLICY_CHANGE action during 7.9 => 7.10 migration --- .../server/services/agent_policy_update.ts | 10 ++-- .../server/services/agents/index.ts | 1 + .../server/services/agents/setup.ts | 49 +++++++++++++++++++ .../ingest_manager/server/services/setup.ts | 4 ++ 4 files changed, 57 insertions(+), 7 deletions(-) create mode 100644 x-pack/plugins/ingest_manager/server/services/agents/setup.ts diff --git a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts index 4ddb3cfb6a6a5..28796a47dc61b 100644 --- a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts +++ b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts @@ -6,8 +6,7 @@ import { KibanaRequest, SavedObjectsClientContract } from 'src/core/server'; import { generateEnrollmentAPIKey, deleteEnrollmentApiKeyForAgentPolicyId } from './api_keys'; -import { unenrollForAgentPolicyId } from './agents'; -import { outputService } from './output'; +import { isAgentsSetup, unenrollForAgentPolicyId } from './agents'; import { agentPolicyService } from './agent_policy'; import { appContextService } from './app_context'; @@ -31,11 +30,8 @@ export async function agentPolicyUpdateEventHandler( action: string, agentPolicyId: string ) { - const adminUser = await outputService.getAdminUser(soClient); - const outputId = await outputService.getDefaultOutputId(soClient); - - // If no admin user and no default output fleet is not enabled just skip this hook - if (!adminUser || !outputId) { + // If Agents are not setup skip this hook + if (!isAgentsSetup(soClient)) { return; } diff --git a/x-pack/plugins/ingest_manager/server/services/agents/index.ts b/x-pack/plugins/ingest_manager/server/services/agents/index.ts index c878b666bde88..0800a04fb1b3b 100644 --- a/x-pack/plugins/ingest_manager/server/services/agents/index.ts +++ b/x-pack/plugins/ingest_manager/server/services/agents/index.ts @@ -16,3 +16,4 @@ export * from './update'; export * from './actions'; export * from './reassign'; export * from './authenticate'; +export * from './setup'; diff --git a/x-pack/plugins/ingest_manager/server/services/agents/setup.ts b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts new file mode 100644 index 0000000000000..9674de2e07f14 --- /dev/null +++ b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { SavedObjectsClientContract } from 'src/core/server'; +import { SO_SEARCH_LIMIT } from '../../constants'; +import { agentPolicyService } from '../agent_policy'; +import { outputService } from '../output'; +import { getLatestConfigChangeAction } from './actions'; + +export async function isAgentsSetup(soClient: SavedObjectsClientContract) { + const adminUser = await outputService.getAdminUser(soClient); + const outputId = await outputService.getDefaultOutputId(soClient); + + // If admin user (fleet_enroll) and output id exist Agents are correctly setup + return adminUser && outputId; +} + +/** + * During the migration from 7.9 to 7.10 we introduce a new agent action POLICY_CHANGE per policy + * this function ensure that action exist for each policy + * + * @param soClient + */ +export async function ensureAgentActionPolicyChangeExists(soClient: SavedObjectsClientContract) { + // If Agents are not setup skip + if (!isAgentsSetup(soClient)) { + return; + } + + const { items: agentPolicies } = await agentPolicyService.list(soClient, { + perPage: SO_SEARCH_LIMIT, + }); + + await Promise.all( + agentPolicies.map(async (agentPolicy) => { + const policyChangeActionExist = !!(await getLatestConfigChangeAction( + soClient, + agentPolicy.id + )); + + if (!policyChangeActionExist) { + return agentPolicyService.createFleetPolicyChangeAction(soClient, agentPolicy.id); + } + }) + ); +} diff --git a/x-pack/plugins/ingest_manager/server/services/setup.ts b/x-pack/plugins/ingest_manager/server/services/setup.ts index c7ecf843d6a51..dbd89ae66988b 100644 --- a/x-pack/plugins/ingest_manager/server/services/setup.ts +++ b/x-pack/plugins/ingest_manager/server/services/setup.ts @@ -29,6 +29,7 @@ import { generateEnrollmentAPIKey } from './api_keys'; import { settingsService } from '.'; import { awaitIfPending } from './setup_utils'; import { createDefaultSettings } from './settings'; +import { ensureAgentActionPolicyChangeExists } from './agents'; const FLEET_ENROLL_USERNAME = 'fleet_enroll'; const FLEET_ENROLL_ROLE = 'fleet_enroll'; @@ -80,6 +81,9 @@ async function createSetupSideEffects( ) { throw new Error('Policy not found'); } + + await ensureAgentActionPolicyChangeExists(soClient); + for (const installedPackage of installedPackages) { const packageShouldBeInstalled = DEFAULT_AGENT_POLICIES_PACKAGES.some( (packageName) => installedPackage.name === packageName From 8f197e80cf7e62f0b3f99f1b9f8b9419a5e377d7 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Mon, 19 Oct 2020 20:09:23 -0400 Subject: [PATCH 2/3] Fix tests --- .../server/services/agent_policy_update.ts | 2 +- .../ingest_manager/server/services/agents/setup.ts | 9 ++++----- x-pack/plugins/ingest_manager/server/services/output.ts | 4 ++-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts index 28796a47dc61b..fe06de765bbff 100644 --- a/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts +++ b/x-pack/plugins/ingest_manager/server/services/agent_policy_update.ts @@ -31,7 +31,7 @@ export async function agentPolicyUpdateEventHandler( agentPolicyId: string ) { // If Agents are not setup skip this hook - if (!isAgentsSetup(soClient)) { + if (!(await isAgentsSetup(soClient))) { return; } diff --git a/x-pack/plugins/ingest_manager/server/services/agents/setup.ts b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts index 9674de2e07f14..a7b5072bab7f1 100644 --- a/x-pack/plugins/ingest_manager/server/services/agents/setup.ts +++ b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts @@ -10,12 +10,11 @@ import { agentPolicyService } from '../agent_policy'; import { outputService } from '../output'; import { getLatestConfigChangeAction } from './actions'; -export async function isAgentsSetup(soClient: SavedObjectsClientContract) { - const adminUser = await outputService.getAdminUser(soClient); +export async function isAgentsSetup(soClient: SavedObjectsClientContract): Promise { + const adminUser = await outputService.getAdminUser(soClient, false); const outputId = await outputService.getDefaultOutputId(soClient); - // If admin user (fleet_enroll) and output id exist Agents are correctly setup - return adminUser && outputId; + return adminUser !== null && outputId !== null; } /** @@ -26,7 +25,7 @@ export async function isAgentsSetup(soClient: SavedObjectsClientContract) { */ export async function ensureAgentActionPolicyChangeExists(soClient: SavedObjectsClientContract) { // If Agents are not setup skip - if (!isAgentsSetup(soClient)) { + if (!(await isAgentsSetup(soClient))) { return; } diff --git a/x-pack/plugins/ingest_manager/server/services/output.ts b/x-pack/plugins/ingest_manager/server/services/output.ts index f780bd95faedc..0e3b652422faa 100644 --- a/x-pack/plugins/ingest_manager/server/services/output.ts +++ b/x-pack/plugins/ingest_manager/server/services/output.ts @@ -65,8 +65,8 @@ class OutputService { return outputs.saved_objects[0].id; } - public async getAdminUser(soClient: SavedObjectsClientContract) { - if (cachedAdminUser) { + public async getAdminUser(soClient: SavedObjectsClientContract, useCache = true) { + if (useCache && cachedAdminUser) { return cachedAdminUser; } From 4098efe29930204802719e276c1e5d0f9014500f Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Tue, 20 Oct 2020 12:34:41 -0400 Subject: [PATCH 3/3] Fix after review --- x-pack/plugins/ingest_manager/server/services/agents/setup.ts | 2 +- x-pack/plugins/ingest_manager/server/services/setup.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/ingest_manager/server/services/agents/setup.ts b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts index a7b5072bab7f1..1393e732e89d1 100644 --- a/x-pack/plugins/ingest_manager/server/services/agents/setup.ts +++ b/x-pack/plugins/ingest_manager/server/services/agents/setup.ts @@ -14,7 +14,7 @@ export async function isAgentsSetup(soClient: SavedObjectsClientContract): Promi const adminUser = await outputService.getAdminUser(soClient, false); const outputId = await outputService.getDefaultOutputId(soClient); // If admin user (fleet_enroll) and output id exist Agents are correctly setup - return adminUser !== null && outputId !== null; + return adminUser && outputId ? true : false; } /** diff --git a/x-pack/plugins/ingest_manager/server/services/setup.ts b/x-pack/plugins/ingest_manager/server/services/setup.ts index dbd89ae66988b..7f379d3ea4f13 100644 --- a/x-pack/plugins/ingest_manager/server/services/setup.ts +++ b/x-pack/plugins/ingest_manager/server/services/setup.ts @@ -82,8 +82,6 @@ async function createSetupSideEffects( throw new Error('Policy not found'); } - await ensureAgentActionPolicyChangeExists(soClient); - for (const installedPackage of installedPackages) { const packageShouldBeInstalled = DEFAULT_AGENT_POLICIES_PACKAGES.some( (packageName) => installedPackage.name === packageName @@ -109,6 +107,8 @@ async function createSetupSideEffects( } } + await ensureAgentActionPolicyChangeExists(soClient); + return { isIntialized: true }; }