From dcaf8dade843e7ee9c3a7b2be1826a48b9ee13bf Mon Sep 17 00:00:00 2001 From: John Schulz Date: Fri, 15 Jan 2021 13:06:33 -0500 Subject: [PATCH 01/18] Add is_managed (default false) to SO --- x-pack/plugins/fleet/common/constants/agent_policy.ts | 1 + x-pack/plugins/fleet/common/types/models/agent_policy.ts | 1 + x-pack/plugins/fleet/server/saved_objects/index.ts | 1 + 3 files changed, 3 insertions(+) diff --git a/x-pack/plugins/fleet/common/constants/agent_policy.ts b/x-pack/plugins/fleet/common/constants/agent_policy.ts index 5445fbcacf2ec..329b12253bc71 100644 --- a/x-pack/plugins/fleet/common/constants/agent_policy.ts +++ b/x-pack/plugins/fleet/common/constants/agent_policy.ts @@ -22,6 +22,7 @@ export const DEFAULT_AGENT_POLICY: Omit< status: agentPolicyStatuses.Active, package_policies: [], is_default: true, + is_managed: false, monitoring_enabled: ['logs', 'metrics'] as Array<'logs' | 'metrics'>, }; diff --git a/x-pack/plugins/fleet/common/types/models/agent_policy.ts b/x-pack/plugins/fleet/common/types/models/agent_policy.ts index 75bb2998f2d92..3473fc153261b 100644 --- a/x-pack/plugins/fleet/common/types/models/agent_policy.ts +++ b/x-pack/plugins/fleet/common/types/models/agent_policy.ts @@ -15,6 +15,7 @@ export interface NewAgentPolicy { namespace: string; description?: string; is_default?: boolean; + is_managed?: boolean; monitoring_enabled?: Array>; } diff --git a/x-pack/plugins/fleet/server/saved_objects/index.ts b/x-pack/plugins/fleet/server/saved_objects/index.ts index 20bbee2b1c791..ce8d7e202ac39 100644 --- a/x-pack/plugins/fleet/server/saved_objects/index.ts +++ b/x-pack/plugins/fleet/server/saved_objects/index.ts @@ -156,6 +156,7 @@ const getSavedObjectTypes = ( description: { type: 'text' }, namespace: { type: 'keyword' }, is_default: { type: 'boolean' }, + is_managed: { type: 'boolean' }, status: { type: 'keyword' }, package_policies: { type: 'keyword' }, updated_at: { type: 'date' }, From 42d4848a0c46fb4dabeed54ef8a9a70a9dbe1fa2 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Sat, 16 Jan 2021 15:40:01 -0500 Subject: [PATCH 02/18] is_managed SO prop defaults false. +some ftr tests --- .../fleet/common/types/models/agent_policy.ts | 3 +- .../fleet/server/services/agent_policy.ts | 1 + .../fleet/server/types/models/agent_policy.ts | 2 + .../apis/agent_policy/agent_policy.ts | 53 +++++++++++++++++-- 4 files changed, 54 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/fleet/common/types/models/agent_policy.ts b/x-pack/plugins/fleet/common/types/models/agent_policy.ts index 3473fc153261b..42827a620a0e5 100644 --- a/x-pack/plugins/fleet/common/types/models/agent_policy.ts +++ b/x-pack/plugins/fleet/common/types/models/agent_policy.ts @@ -15,7 +15,7 @@ export interface NewAgentPolicy { namespace: string; description?: string; is_default?: boolean; - is_managed?: boolean; + is_managed?: boolean; // Optional when creating a policy monitoring_enabled?: Array>; } @@ -23,6 +23,7 @@ export interface AgentPolicy extends NewAgentPolicy { id: string; status: ValueOf; package_policies: string[] | PackagePolicy[]; + is_managed: boolean; // required for created policy updated_at: string; updated_by: string; revision: number; diff --git a/x-pack/plugins/fleet/server/services/agent_policy.ts b/x-pack/plugins/fleet/server/services/agent_policy.ts index 0fd41d074effa..bd395bc55354c 100644 --- a/x-pack/plugins/fleet/server/services/agent_policy.ts +++ b/x-pack/plugins/fleet/server/services/agent_policy.ts @@ -126,6 +126,7 @@ class AgentPolicyService { SAVED_OBJECT_TYPE, { ...agentPolicy, + is_managed: agentPolicy.is_managed ?? false, revision: 1, updated_at: new Date().toISOString(), updated_by: options?.user?.username || 'system', diff --git a/x-pack/plugins/fleet/server/types/models/agent_policy.ts b/x-pack/plugins/fleet/server/types/models/agent_policy.ts index a054353e9c9e1..9ddfb80a508e0 100644 --- a/x-pack/plugins/fleet/server/types/models/agent_policy.ts +++ b/x-pack/plugins/fleet/server/types/models/agent_policy.ts @@ -11,6 +11,7 @@ const AgentPolicyBaseSchema = { name: schema.string({ minLength: 1 }), namespace: NamespaceSchema, description: schema.maybe(schema.string()), + is_managed: schema.maybe(schema.boolean()), monitoring_enabled: schema.maybe( schema.arrayOf( schema.oneOf([schema.literal(dataTypes.Logs), schema.literal(dataTypes.Metrics)]) @@ -25,6 +26,7 @@ export const NewAgentPolicySchema = schema.object({ export const AgentPolicySchema = schema.object({ ...AgentPolicyBaseSchema, id: schema.string(), + is_managed: schema.boolean(), status: schema.oneOf([ schema.literal(agentPolicyStatuses.Active), schema.literal(agentPolicyStatuses.Inactive), diff --git a/x-pack/test/fleet_api_integration/apis/agent_policy/agent_policy.ts b/x-pack/test/fleet_api_integration/apis/agent_policy/agent_policy.ts index 4d7ed03998f54..44e9314bbce9f 100644 --- a/x-pack/test/fleet_api_integration/apis/agent_policy/agent_policy.ts +++ b/x-pack/test/fleet_api_integration/apis/agent_policy/agent_policy.ts @@ -25,8 +25,10 @@ export default function ({ getService }: FtrProviderContext) { }); describe('POST /api/fleet/agent_policies', () => { - it('should work with valid values', async () => { - await supertest + it('should work with valid minimum required values', async () => { + const { + body: { item: createdPolicy }, + } = await supertest .post(`/api/fleet/agent_policies`) .set('kbn-xsrf', 'xxxx') .send({ @@ -34,6 +36,28 @@ export default function ({ getService }: FtrProviderContext) { namespace: 'default', }) .expect(200); + + const getRes = await supertest.get(`/api/fleet/agent_policies/${createdPolicy.id}`); + const json = getRes.body; + expect(json.item.is_managed).to.equal(false); + }); + + it('sets given is_managed value', async () => { + const { + body: { item: createdPolicy }, + } = await supertest + .post(`/api/fleet/agent_policies`) + .set('kbn-xsrf', 'xxxx') + .send({ + name: 'TEST2', + namespace: 'default', + is_managed: true, + }) + .expect(200); + + const getRes = await supertest.get(`/api/fleet/agent_policies/${createdPolicy.id}`); + const json = getRes.body; + expect(json.item.is_managed).to.equal(true); }); it('should return a 400 with an empty namespace', async () => { @@ -107,6 +131,7 @@ export default function ({ getService }: FtrProviderContext) { expect(newPolicy).to.eql({ name: 'Copied policy', description: 'Test', + is_managed: false, namespace: 'default', monitoring_enabled: ['logs', 'metrics'], revision: 1, @@ -160,6 +185,7 @@ export default function ({ getService }: FtrProviderContext) { }); describe('PUT /api/fleet/agent_policies/{agentPolicyId}', () => { + let agentPolicyId: undefined | string; it('should work with valid values', async () => { const { body: { item: originalPolicy }, @@ -172,11 +198,11 @@ export default function ({ getService }: FtrProviderContext) { namespace: 'default', }) .expect(200); - + agentPolicyId = originalPolicy.id; const { body: { item: updatedPolicy }, } = await supertest - .put(`/api/fleet/agent_policies/${originalPolicy.id}`) + .put(`/api/fleet/agent_policies/${agentPolicyId}`) .set('kbn-xsrf', 'xxxx') .send({ name: 'Updated name', @@ -192,12 +218,31 @@ export default function ({ getService }: FtrProviderContext) { name: 'Updated name', description: 'Updated description', namespace: 'default', + is_managed: false, revision: 2, updated_by: 'elastic', package_policies: [], }); }); + it('sets given is_managed value', async () => { + const { + body: { item: createdPolicy }, + } = await supertest + .put(`/api/fleet/agent_policies/${agentPolicyId}`) + .set('kbn-xsrf', 'xxxx') + .send({ + name: 'TEST2', + namespace: 'default', + is_managed: true, + }) + .expect(200); + + const getRes = await supertest.get(`/api/fleet/agent_policies/${createdPolicy.id}`); + const json = getRes.body; + expect(json.item.is_managed).to.equal(true); + }); + it('should return a 409 if policy already exists with name given', async () => { const sharedBody = { name: 'Initial name', From 6187b12289b7b88b56018be3ca850afd84cd907f Mon Sep 17 00:00:00 2001 From: John Schulz Date: Tue, 19 Jan 2021 12:26:07 -0500 Subject: [PATCH 03/18] Add is_managed in some tests to fix type errors --- .../fleet/sections/epm/screens/detail/index.test.tsx | 2 ++ .../plugins/security_solution/common/endpoint/generate_data.ts | 1 + 2 files changed, 3 insertions(+) diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/epm/screens/detail/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/epm/screens/detail/index.test.tsx index 7709e494cf9fc..e929e0bd550bd 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/epm/screens/detail/index.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/epm/screens/detail/index.test.tsx @@ -686,6 +686,7 @@ On Windows, the module was tested with Nginx installed from the Chocolatey repos 'e8a37031-2907-44f6-89d2-98bd493f60dc', ], is_default: true, + is_managed: false, monitoring_enabled: ['logs', 'metrics'], revision: 6, updated_at: '2020-12-09T13:46:31.840Z', @@ -700,6 +701,7 @@ On Windows, the module was tested with Nginx installed from the Chocolatey repos status: 'active', package_policies: ['e8a37031-2907-44f6-89d2-98bd493f60cd'], is_default: false, + is_managed: false, monitoring_enabled: ['logs', 'metrics'], revision: 2, updated_at: '2020-12-09T13:46:31.840Z', diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts index fafd0c2772842..c3486d59e23ae 100644 --- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts +++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts @@ -1275,6 +1275,7 @@ export class EndpointDocGenerator { status: agentPolicyStatuses.Active, description: 'Some description', namespace: 'default', + is_managed: false, monitoring_enabled: ['logs', 'metrics'], revision: 2, updated_at: '2020-07-22T16:36:49.196Z', From 73414f9110f602c5338e1a295bec70730ec0d26b Mon Sep 17 00:00:00 2001 From: John Schulz Date: Tue, 19 Jan 2021 14:17:40 -0500 Subject: [PATCH 04/18] Block unenrolling from a managed agent policy --- x-pack/plugins/fleet/server/services/agents/unenroll.ts | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.ts index 9c2b2bdfe7f6d..b09ca6b25b825 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.ts @@ -6,13 +6,18 @@ import { SavedObjectsClientContract } from 'src/core/server'; import { AgentSOAttributes } from '../../types'; import { AGENT_SAVED_OBJECT_TYPE } from '../../constants'; -import { getAgent } from './crud'; +import { agentPolicyService } from '../agent_policy'; import * as APIKeyService from '../api_keys'; import { createAgentAction, bulkCreateAgentActions } from './actions'; -import { getAgents, listAllAgents } from './crud'; +import { getAgent, getAgents, listAllAgents } from './crud'; export async function unenrollAgent(soClient: SavedObjectsClientContract, agentId: string) { const now = new Date().toISOString(); + const agent = await getAgent(soClient, agentId); + if (!agent.policy_id) throw new Error(`Cannot find agent ${agentId}`); + const agentPolicy = await agentPolicyService.get(soClient, agent.policy_id, false); + if (agentPolicy?.is_managed) throw new Error('Cannot unenroll from a managed agent policy'); + await createAgentAction(soClient, { agent_id: agentId, created_at: now, From a4c39c510ce2f7d2b60b5cc5dfe0dac39bc0bede Mon Sep 17 00:00:00 2001 From: John Schulz Date: Tue, 19 Jan 2021 15:04:49 -0500 Subject: [PATCH 05/18] Cannot reassign agent enrolled in managed policy --- .../fleet/server/services/agents/reassign.ts | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.ts b/x-pack/plugins/fleet/server/services/agents/reassign.ts index b656ab12e96c8..128a8f6a41242 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.ts @@ -9,7 +9,7 @@ import Boom from '@hapi/boom'; import { AGENT_SAVED_OBJECT_TYPE } from '../../constants'; import { AgentSOAttributes } from '../../types'; import { agentPolicyService } from '../agent_policy'; -import { getAgents, listAllAgents } from './crud'; +import { getAgent, getAgents, listAllAgents } from './crud'; import { createAgentAction, bulkCreateAgentActions } from './actions'; export async function reassignAgent( @@ -17,11 +17,20 @@ export async function reassignAgent( agentId: string, newAgentPolicyId: string ) { - const agentPolicy = await agentPolicyService.get(soClient, newAgentPolicyId); - if (!agentPolicy) { + const newAgentPolicy = await agentPolicyService.get(soClient, newAgentPolicyId); + if (!newAgentPolicy) { throw Boom.notFound(`Agent policy not found: ${newAgentPolicyId}`); } + const agent = await getAgent(soClient, agentId); + if (!agent.policy_id) { + throw new Error(`Cannot find agent ${agentId}`); + } + const agentPolicy = await agentPolicyService.get(soClient, agent.policy_id); + if (agentPolicy?.is_managed) { + throw new Error(`Cannot reassign an agent from managed agent policy ${agentPolicy?.id}`); + } + await soClient.update(AGENT_SAVED_OBJECT_TYPE, agentId, { policy_id: newAgentPolicyId, policy_revision: null, From bb3923f29fb8f618670ea94c9bed36f932123848 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Thu, 21 Jan 2021 15:26:03 -0500 Subject: [PATCH 06/18] Add tests for AgentPolicyService create & update --- .../server/services/agent_policy.test.ts | 84 +++++++++++++++- .../server/services/agents/unenroll.test.ts | 96 +++++++++++++++++++ .../fleet/server/services/agents/unenroll.ts | 29 ++++-- 3 files changed, 200 insertions(+), 9 deletions(-) create mode 100644 x-pack/plugins/fleet/server/services/agents/unenroll.test.ts diff --git a/x-pack/plugins/fleet/server/services/agent_policy.test.ts b/x-pack/plugins/fleet/server/services/agent_policy.test.ts index f9a8b63bb83ad..0a1a136be4b45 100644 --- a/x-pack/plugins/fleet/server/services/agent_policy.test.ts +++ b/x-pack/plugins/fleet/server/services/agent_policy.test.ts @@ -7,17 +7,16 @@ import { savedObjectsClientMock } from 'src/core/server/mocks'; import { agentPolicyService } from './agent_policy'; import { agentPolicyUpdateEventHandler } from './agent_policy_update'; -import { Output } from '../types'; +import type { AgentPolicy, NewAgentPolicy, Output } from '../types'; function getSavedObjectMock(agentPolicyAttributes: any) { const mock = savedObjectsClientMock.create(); - mock.get.mockImplementation(async (type: string, id: string) => { return { type, id, references: [], - attributes: agentPolicyAttributes, + attributes: agentPolicyAttributes as AgentPolicy, }; }); mock.find.mockImplementation(async (options) => { @@ -68,10 +67,57 @@ function getAgentPolicyUpdateMock() { >; } +function getAgentPolicyCreateMock() { + const soClient = savedObjectsClientMock.create(); + soClient.create.mockImplementation(async (type, attributes) => { + return { + attributes: (attributes as unknown) as NewAgentPolicy, + id: 'mocked', + type: 'mocked', + references: [], + }; + }); + return soClient; +} describe('agent policy', () => { beforeEach(() => { getAgentPolicyUpdateMock().mockClear(); }); + + describe('create', () => { + it('is_managed present and false by default', async () => { + // ignore unrelated unique name constraint + agentPolicyService.requireUniqueName = async () => {}; + const soClient = getAgentPolicyCreateMock(); + + await expect( + agentPolicyService.create(soClient, { + name: 'No is_managed provided', + namespace: 'default', + }) + ).resolves.toHaveProperty('is_managed', false); + + const [, attributes] = soClient.create.mock.calls[0]; + expect(attributes).toHaveProperty('is_managed', false); + }); + + it('should set is_managed property, if given', async () => { + // ignore unrelated unique name constraint + agentPolicyService.requireUniqueName = async () => {}; + const soClient = getAgentPolicyCreateMock(); + await expect( + agentPolicyService.create(soClient, { + name: 'is_managed: true provided', + namespace: 'default', + is_managed: true, + }) + ).resolves.toHaveProperty('is_managed', true); + + const [, attributes] = soClient.create.mock.calls[0]; + expect(attributes).toHaveProperty('is_managed', true); + }); + }); + describe('bumpRevision', () => { it('should call agentPolicyUpdateEventHandler with updated event once', async () => { const soClient = getSavedObjectMock({ @@ -203,4 +249,36 @@ describe('agent policy', () => { }); }); }); + + describe('update', () => { + it('should update is_managed property, if given', async () => { + // ignore unrelated unique name constraint + agentPolicyService.requireUniqueName = async () => {}; + const soClient = savedObjectsClientMock.create(); + + soClient.get.mockResolvedValue({ + attributes: {}, + id: 'mocked', + type: 'mocked', + references: [], + }); + await agentPolicyService.update(soClient, 'mocked', { + name: 'mocked', + namespace: 'default', + is_managed: false, + }); + // soClient.update is called with updated values + let calledWith = soClient.update.mock.calls[0]; + expect(calledWith[2]).toHaveProperty('is_managed', false); + + await agentPolicyService.update(soClient, 'mocked', { + name: 'is_managed: true provided', + namespace: 'default', + is_managed: true, + }); + // soClient.update is called with updated values + calledWith = soClient.update.mock.calls[1]; + expect(calledWith[2]).toHaveProperty('is_managed', true); + }); + }); }); diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts new file mode 100644 index 0000000000000..a2428069250fe --- /dev/null +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts @@ -0,0 +1,96 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { savedObjectsClientMock } from 'src/core/server/mocks'; +import type { SavedObject } from 'kibana/server'; +import type { Agent, AgentPolicy } from '../../types'; +import { unenrollAgent, unenrollAgents } from './unenroll'; + +const agentInManagedSO = { + id: 'agent-in-managed-policy', + attributes: { policy_id: 'managed-agent-policy' }, +} as SavedObject; +const agentInUnmanagedSO = { + id: 'agent-in-unmanaged-policy', + attributes: { policy_id: 'unmanaged-agent-policy' }, +} as SavedObject; +const unmanagedAgentPolicySO = { + id: 'unmanaged-agent-policy', + attributes: { is_managed: false }, +} as SavedObject; +const managedAgentPolicySO = { + id: 'managed-agent-policy', + attributes: { is_managed: true }, +} as SavedObject; + +describe('unenrollAgent (singular)', () => { + it('can unenroll from unmanaged policy', async () => { + const soClient = createClientMock(); + await unenrollAgent(soClient, agentInUnmanagedSO.id); + + // calls ES update with correct values + expect(soClient.update).toBeCalledTimes(1); + const calledWith = soClient.update.mock.calls[0]; + expect(calledWith[1]).toBe(agentInUnmanagedSO.id); + expect(calledWith[2]).toHaveProperty('unenrollment_started_at'); + }); + + it('cannot unenroll from managed policy', async () => { + const soClient = createClientMock(); + await expect(unenrollAgent(soClient, agentInManagedSO.id)).rejects.toThrow('managed'); + // does not call ES update + expect(soClient.update).toBeCalledTimes(0); + }); +}); + +describe('unenrollAgents (plural)', () => { + it('cannot unenroll from a manged policy', async () => { + const soClient = createClientMock(); + const idsToUnenroll = [agentInUnmanagedSO.id, agentInManagedSO.id, agentInUnmanagedSO.id]; + await unenrollAgents(soClient, { agentIds: idsToUnenroll }); + + // calls ES update with correct values + const calledWith = soClient.bulkUpdate.mock.calls[0][0]; + expect(calledWith.length).toBe(2); // only 2 in agentIds are unmanaged + for (const params of calledWith) { + expect(params.attributes).toHaveProperty('unenrollment_started_at'); + } + }); +}); + +function createClientMock() { + const soClientMock = savedObjectsClientMock.create(); + + // need to mock .create & bulkCreate due to (bulk)createAgentAction(s) in unenrollAgent(s) + soClientMock.create.mockResolvedValue(agentInUnmanagedSO); + soClientMock.bulkCreate.mockImplementation(async ([{ type, attributes }]) => { + return { + saved_objects: [await soClientMock.create(type, attributes)], + }; + }); + + soClientMock.get.mockImplementation(async (_, id) => { + switch (id) { + case unmanagedAgentPolicySO.id: + return unmanagedAgentPolicySO; + case managedAgentPolicySO.id: + return managedAgentPolicySO; + case agentInManagedSO.id: + return agentInManagedSO; + case agentInUnmanagedSO.id: + default: + return agentInUnmanagedSO; + } + }); + + soClientMock.bulkGet.mockImplementation(async (options) => { + return { + saved_objects: await Promise.all(options!.map(({ type, id }) => soClientMock.get(type, id))), + }; + }); + + return soClientMock; +} diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.ts index b09ca6b25b825..742a12ff24291 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.ts @@ -11,13 +11,23 @@ import * as APIKeyService from '../api_keys'; import { createAgentAction, bulkCreateAgentActions } from './actions'; import { getAgent, getAgents, listAllAgents } from './crud'; -export async function unenrollAgent(soClient: SavedObjectsClientContract, agentId: string) { - const now = new Date().toISOString(); +async function agentCanUnenroll(soClient: SavedObjectsClientContract, agentId: string) { const agent = await getAgent(soClient, agentId); - if (!agent.policy_id) throw new Error(`Cannot find agent ${agentId}`); + if (!agent.policy_id) { + throw new Error(`${agentId} is not enrolled in a policy`); + } const agentPolicy = await agentPolicyService.get(soClient, agent.policy_id, false); - if (agentPolicy?.is_managed) throw new Error('Cannot unenroll from a managed agent policy'); + if (agentPolicy?.is_managed) { + throw new Error(`Cannot unenroll ${agentId} from a managed agent policy ${agent.policy_id}`); + } + + return true; +} +export async function unenrollAgent(soClient: SavedObjectsClientContract, agentId: string) { + await agentCanUnenroll(soClient, agentId); + + const now = new Date().toISOString(); await createAgentAction(soClient, { agent_id: agentId, created_at: now, @@ -38,7 +48,6 @@ export async function unenrollAgents( kuery: string; } ) { - // Filter to agents that do not already unenrolled, or unenrolling const agents = 'agentIds' in options ? await getAgents(soClient, options.agentIds) @@ -48,9 +57,17 @@ export async function unenrollAgents( showInactive: false, }) ).agents; - const agentsToUpdate = agents.filter( + + // Filter to agents that are not already unenrolled, or unenrolling + const agentsEnrolled = agents.filter( (agent) => !agent.unenrollment_started_at && !agent.unenrolled_at ); + // And which are allowed to unenroll + const settled = await Promise.allSettled( + agentsEnrolled.map((agent) => agentCanUnenroll(soClient, agent.id).then((_) => agent)) + ); + const agentsToUpdate = agentsEnrolled.filter((_, index) => settled[index].status === 'fulfilled'); + const now = new Date().toISOString(); // Create unenroll action for each agent From ac10a47e291a74c36b71b54e006919d172febeed Mon Sep 17 00:00:00 2001 From: John Schulz Date: Fri, 22 Jan 2021 13:26:40 -0500 Subject: [PATCH 07/18] API tests for agents (bulk_)unenroll endpoints --- .../apis/agents/unenroll.ts | 70 ++++++++++++++++--- 1 file changed, 59 insertions(+), 11 deletions(-) diff --git a/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts b/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts index 0c40797699c86..6192ecddea9ef 100644 --- a/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts +++ b/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts @@ -64,17 +64,28 @@ export default function (providerContext: FtrProviderContext) { await esArchiver.unload('fleet/agents'); }); - it('should allow to unenroll single agent', async () => { + it('/agents/{agent_id}/unenroll should fail for managed policy', async () => { + // set policy to managed await supertest - .post(`/api/fleet/agents/agent1/unenroll`) + .put(`/api/fleet/agent_policies/policy1`) .set('kbn-xsrf', 'xxx') - .send({ - force: true, - }) + .send({ name: 'Test policy', namespace: 'default', is_managed: true }) + .expect(200); + + await supertest.post(`/api/fleet/agents/agent1/unenroll`).set('kbn-xsrf', 'xxx').expect(500); + }); + + it('/agents/{agent_id}/unenroll should allow from unmanaged policy', async () => { + // set policy to unmanaged + await supertest + .put(`/api/fleet/agent_policies/policy1`) + .set('kbn-xsrf', 'xxx') + .send({ name: 'Test policy', namespace: 'default', is_managed: false }) .expect(200); + await supertest.post(`/api/fleet/agents/agent1/unenroll`).set('kbn-xsrf', 'xxx').expect(200); }); - it('should invalidate related API keys', async () => { + it('/agents/{agent_id}/unenroll { force: true } should invalidate related API keys', async () => { await supertest .post(`/api/fleet/agents/agent1/unenroll`) .set('kbn-xsrf', 'xxx') @@ -96,7 +107,44 @@ export default function (providerContext: FtrProviderContext) { expect(outputAPIKeys[0].invalidated).eql(true); }); - it('should allow to unenroll multiple agents by id', async () => { + it('/agents/{agent_id}/bulk_unenroll should not allow unenroll from managed policy', async () => { + // set policy to managed + await supertest + .put(`/api/fleet/agent_policies/policy1`) + .set('kbn-xsrf', 'xxx') + .send({ name: 'Test policy', namespace: 'default', is_managed: true }) + .expect(200); + + // try to unenroll + await supertest + .post(`/api/fleet/agents/bulk_unenroll`) + .set('kbn-xsrf', 'xxx') + .send({ + agents: ['agent2', 'agent3'], + }) + // http request succeeds + .expect(200); + + // but agents are still enrolled + const [agent2data, agent3data] = await Promise.all([ + supertest.get(`/api/fleet/agents/agent2`), + supertest.get(`/api/fleet/agents/agent3`), + ]); + expect(typeof agent2data.body.item.unenrollment_started_at).to.eql('undefined'); + expect(typeof agent2data.body.item.unenrolled_at).to.eql('undefined'); + expect(agent2data.body.item.active).to.eql(true); + expect(typeof agent3data.body.item.unenrollment_started_at).to.be('undefined'); + expect(typeof agent3data.body.item.unenrolled_at).to.be('undefined'); + expect(agent2data.body.item.active).to.eql(true); + }); + + it('/agents/{agent_id}/bulk_unenroll should allow to unenroll multiple agents by id from an unmanaged policy', async () => { + // set policy to unmanaged + await supertest + .put(`/api/fleet/agent_policies/policy1`) + .set('kbn-xsrf', 'xxx') + .send({ name: 'Test policy', namespace: 'default', is_managed: false }) + .expect(200); await supertest .post(`/api/fleet/agents/bulk_unenroll`) .set('kbn-xsrf', 'xxx') @@ -105,8 +153,8 @@ export default function (providerContext: FtrProviderContext) { }) .expect(200); const [agent2data, agent3data] = await Promise.all([ - supertest.get(`/api/fleet/agents/agent2`).set('kbn-xsrf', 'xxx'), - supertest.get(`/api/fleet/agents/agent3`).set('kbn-xsrf', 'xxx'), + supertest.get(`/api/fleet/agents/agent2`), + supertest.get(`/api/fleet/agents/agent3`), ]); expect(typeof agent2data.body.item.unenrollment_started_at).to.eql('string'); expect(agent2data.body.item.active).to.eql(true); @@ -114,7 +162,7 @@ export default function (providerContext: FtrProviderContext) { expect(agent2data.body.item.active).to.eql(true); }); - it('should allow to unenroll multiple agents by kuery', async () => { + it('/agents/{agent_id}/bulk_unenroll should allow to unenroll multiple agents by kuery', async () => { await supertest .post(`/api/fleet/agents/bulk_unenroll`) .set('kbn-xsrf', 'xxx') @@ -124,7 +172,7 @@ export default function (providerContext: FtrProviderContext) { }) .expect(200); - const { body } = await supertest.get(`/api/fleet/agents`).set('kbn-xsrf', 'xxx'); + const { body } = await supertest.get(`/api/fleet/agents`); expect(body.total).to.eql(0); }); }); From 988b700606043660111c860e8a04a84d7e9775db Mon Sep 17 00:00:00 2001 From: John Schulz Date: Fri, 22 Jan 2021 14:51:00 -0500 Subject: [PATCH 08/18] Add a method to get the agent policy for an agent --- .../fleet/server/services/agents/crud.ts | 14 +++++++++++++- .../fleet/server/services/agents/reassign.ts | 18 +++++++++--------- .../fleet/server/services/agents/unenroll.ts | 17 ++++++----------- 3 files changed, 28 insertions(+), 21 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/crud.ts b/x-pack/plugins/fleet/server/services/agents/crud.ts index bcd409e5f7eab..e82d3cd6a8f00 100644 --- a/x-pack/plugins/fleet/server/services/agents/crud.ts +++ b/x-pack/plugins/fleet/server/services/agents/crud.ts @@ -10,7 +10,7 @@ import { AGENT_SAVED_OBJECT_TYPE, AGENT_EVENT_SAVED_OBJECT_TYPE } from '../../co import { AgentSOAttributes, Agent, AgentEventSOAttributes, ListWithKuery } from '../../types'; import { escapeSearchQueryPhrase, normalizeKuery, findAllSOs } from '../saved_object'; import { savedObjectToAgent } from './saved_objects'; -import { appContextService } from '../../services'; +import { appContextService, agentPolicyService } from '../../services'; const ACTIVE_AGENT_CONDITION = `${AGENT_SAVED_OBJECT_TYPE}.attributes.active:true`; const INACTIVE_AGENT_CONDITION = `NOT (${ACTIVE_AGENT_CONDITION})`; @@ -151,6 +151,18 @@ export async function getAgents(soClient: SavedObjectsClientContract, agentIds: return agents; } +export async function getAgentPolicyForAgent( + soClient: SavedObjectsClientContract, + agentId: string +) { + const agent = await getAgent(soClient, agentId); + if (!agent.policy_id) { + throw new Error(`${agentId} is not enrolled in a policy`); + } + const agentPolicy = await agentPolicyService.get(soClient, agent.policy_id, false); + return agentPolicy; +} + export async function getAgentByAccessAPIKeyId( soClient: SavedObjectsClientContract, accessAPIKeyId: string diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.ts b/x-pack/plugins/fleet/server/services/agents/reassign.ts index 128a8f6a41242..70fb787f174a5 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.ts @@ -9,7 +9,7 @@ import Boom from '@hapi/boom'; import { AGENT_SAVED_OBJECT_TYPE } from '../../constants'; import { AgentSOAttributes } from '../../types'; import { agentPolicyService } from '../agent_policy'; -import { getAgent, getAgents, listAllAgents } from './crud'; +import { getAgentPolicyForAgent, getAgents, listAllAgents } from './crud'; import { createAgentAction, bulkCreateAgentActions } from './actions'; export async function reassignAgent( @@ -22,14 +22,7 @@ export async function reassignAgent( throw Boom.notFound(`Agent policy not found: ${newAgentPolicyId}`); } - const agent = await getAgent(soClient, agentId); - if (!agent.policy_id) { - throw new Error(`Cannot find agent ${agentId}`); - } - const agentPolicy = await agentPolicyService.get(soClient, agent.policy_id); - if (agentPolicy?.is_managed) { - throw new Error(`Cannot reassign an agent from managed agent policy ${agentPolicy?.id}`); - } + await reassignAgentIsAllowed(soClient, agentId); await soClient.update(AGENT_SAVED_OBJECT_TYPE, agentId, { policy_id: newAgentPolicyId, @@ -43,6 +36,13 @@ export async function reassignAgent( }); } +async function reassignAgentIsAllowed(soClient: SavedObjectsClientContract, agentId: string) { + const agentPolicy = await getAgentPolicyForAgent(soClient, agentId); + if (agentPolicy?.is_managed) { + throw new Error(`Cannot reassign an agent from managed agent policy ${agentPolicy?.id}`); + } +} + export async function reassignAgents( soClient: SavedObjectsClientContract, options: diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.ts index 742a12ff24291..70b55f7dc647c 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.ts @@ -6,26 +6,21 @@ import { SavedObjectsClientContract } from 'src/core/server'; import { AgentSOAttributes } from '../../types'; import { AGENT_SAVED_OBJECT_TYPE } from '../../constants'; -import { agentPolicyService } from '../agent_policy'; import * as APIKeyService from '../api_keys'; import { createAgentAction, bulkCreateAgentActions } from './actions'; -import { getAgent, getAgents, listAllAgents } from './crud'; +import { getAgent, getAgentPolicyForAgent, getAgents, listAllAgents } from './crud'; -async function agentCanUnenroll(soClient: SavedObjectsClientContract, agentId: string) { - const agent = await getAgent(soClient, agentId); - if (!agent.policy_id) { - throw new Error(`${agentId} is not enrolled in a policy`); - } - const agentPolicy = await agentPolicyService.get(soClient, agent.policy_id, false); +async function unenrollAgentIsAllowed(soClient: SavedObjectsClientContract, agentId: string) { + const agentPolicy = await getAgentPolicyForAgent(soClient, agentId); if (agentPolicy?.is_managed) { - throw new Error(`Cannot unenroll ${agentId} from a managed agent policy ${agent.policy_id}`); + throw new Error(`Cannot unenroll ${agentId} from a managed agent policy ${agentPolicy.id}`); } return true; } export async function unenrollAgent(soClient: SavedObjectsClientContract, agentId: string) { - await agentCanUnenroll(soClient, agentId); + await unenrollAgentIsAllowed(soClient, agentId); const now = new Date().toISOString(); await createAgentAction(soClient, { @@ -64,7 +59,7 @@ export async function unenrollAgents( ); // And which are allowed to unenroll const settled = await Promise.allSettled( - agentsEnrolled.map((agent) => agentCanUnenroll(soClient, agent.id).then((_) => agent)) + agentsEnrolled.map((agent) => unenrollAgentIsAllowed(soClient, agent.id).then((_) => agent)) ); const agentsToUpdate = agentsEnrolled.filter((_, index) => settled[index].status === 'fulfilled'); From a01e524ed844d4beaea44c0632df2abf16258b57 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Mon, 25 Jan 2021 12:36:39 -0500 Subject: [PATCH 09/18] Add unsaved/missing esClient arguments after merging main --- x-pack/plugins/fleet/server/services/agents/crud.ts | 3 ++- .../fleet/server/services/agents/unenroll.test.ts | 11 +++++++---- x-pack/plugins/fleet/server/services/agents/update.ts | 2 +- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/crud.ts b/x-pack/plugins/fleet/server/services/agents/crud.ts index b0f3af1d0f5b2..9efc8fd6ce937 100644 --- a/x-pack/plugins/fleet/server/services/agents/crud.ts +++ b/x-pack/plugins/fleet/server/services/agents/crud.ts @@ -86,9 +86,10 @@ export async function getAgents(soClient: SavedObjectsClientContract, agentIds: export async function getAgentPolicyForAgent( soClient: SavedObjectsClientContract, + esClient: ElasticsearchClient, agentId: string ) { - const agent = await getAgent(soClient, agentId); + const agent = await getAgent(soClient, esClient, agentId); if (!agent.policy_id) { throw new Error(`${agentId} is not enrolled in a policy`); } diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts index a2428069250fe..079d4c41d5df1 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { savedObjectsClientMock } from 'src/core/server/mocks'; +import { elasticsearchServiceMock, savedObjectsClientMock } from 'src/core/server/mocks'; import type { SavedObject } from 'kibana/server'; import type { Agent, AgentPolicy } from '../../types'; import { unenrollAgent, unenrollAgents } from './unenroll'; @@ -29,7 +29,8 @@ const managedAgentPolicySO = { describe('unenrollAgent (singular)', () => { it('can unenroll from unmanaged policy', async () => { const soClient = createClientMock(); - await unenrollAgent(soClient, agentInUnmanagedSO.id); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + await unenrollAgent(soClient, esClient, agentInUnmanagedSO.id); // calls ES update with correct values expect(soClient.update).toBeCalledTimes(1); @@ -40,7 +41,8 @@ describe('unenrollAgent (singular)', () => { it('cannot unenroll from managed policy', async () => { const soClient = createClientMock(); - await expect(unenrollAgent(soClient, agentInManagedSO.id)).rejects.toThrow('managed'); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + await expect(unenrollAgent(soClient, esClient, agentInManagedSO.id)).rejects.toThrow('managed'); // does not call ES update expect(soClient.update).toBeCalledTimes(0); }); @@ -49,8 +51,9 @@ describe('unenrollAgent (singular)', () => { describe('unenrollAgents (plural)', () => { it('cannot unenroll from a manged policy', async () => { const soClient = createClientMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; const idsToUnenroll = [agentInUnmanagedSO.id, agentInManagedSO.id, agentInUnmanagedSO.id]; - await unenrollAgents(soClient, { agentIds: idsToUnenroll }); + await unenrollAgents(soClient, esClient, { agentIds: idsToUnenroll }); // calls ES update with correct values const calledWith = soClient.bulkUpdate.mock.calls[0][0]; diff --git a/x-pack/plugins/fleet/server/services/agents/update.ts b/x-pack/plugins/fleet/server/services/agents/update.ts index 7bd807bf4e575..27f3d51fbbdf6 100644 --- a/x-pack/plugins/fleet/server/services/agents/update.ts +++ b/x-pack/plugins/fleet/server/services/agents/update.ts @@ -28,7 +28,7 @@ export async function unenrollForAgentPolicyId( hasMore = false; } for (const agent of agents) { - await unenrollAgent(soClient, agent.id); + await unenrollAgent(soClient, esClient, agent.id); } } } From 9936144858d2097b96f7a2242ce98caa298093ee Mon Sep 17 00:00:00 2001 From: John Schulz Date: Wed, 27 Jan 2021 12:30:48 -0500 Subject: [PATCH 10/18] Don't throw if there's no associated agent policy --- x-pack/plugins/fleet/server/services/agents/crud.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/crud.ts b/x-pack/plugins/fleet/server/services/agents/crud.ts index 9efc8fd6ce937..f54f1911a1214 100644 --- a/x-pack/plugins/fleet/server/services/agents/crud.ts +++ b/x-pack/plugins/fleet/server/services/agents/crud.ts @@ -91,10 +91,13 @@ export async function getAgentPolicyForAgent( ) { const agent = await getAgent(soClient, esClient, agentId); if (!agent.policy_id) { - throw new Error(`${agentId} is not enrolled in a policy`); + return; } + const agentPolicy = await agentPolicyService.get(soClient, agent.policy_id, false); - return agentPolicy; + if (agentPolicy) { + return agentPolicy; + } } export async function getAgentByAccessAPIKeyId( From bbefa045d54113c2594b8e6bbce1099d25ecf921 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Wed, 27 Jan 2021 12:31:09 -0500 Subject: [PATCH 11/18] typo --- x-pack/plugins/fleet/server/services/agents/unenroll.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts index 079d4c41d5df1..41538b45c47aa 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts @@ -49,7 +49,7 @@ describe('unenrollAgent (singular)', () => { }); describe('unenrollAgents (plural)', () => { - it('cannot unenroll from a manged policy', async () => { + it('cannot unenroll from a managed policy', async () => { const soClient = createClientMock(); const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; const idsToUnenroll = [agentInUnmanagedSO.id, agentInManagedSO.id, agentInUnmanagedSO.id]; From 8cddf6dedb32dbac8931a67e7baf724e5bcc6af3 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Wed, 27 Jan 2021 15:33:11 -0500 Subject: [PATCH 12/18] Tests for reassign --- .../fleet/server/services/agents/reassign.ts | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.ts b/x-pack/plugins/fleet/server/services/agents/reassign.ts index 58a1c898ff541..3534587fd41ab 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.ts @@ -23,7 +23,7 @@ export async function reassignAgent( throw Boom.notFound(`Agent policy not found: ${newAgentPolicyId}`); } - await reassignAgentIsAllowed(soClient, esClient, agentId); + await reassignAgentIsAllowed(soClient, esClient, agentId, newAgentPolicyId); await soClient.update(AGENT_SAVED_OBJECT_TYPE, agentId, { policy_id: newAgentPolicyId, @@ -37,15 +37,23 @@ export async function reassignAgent( }); } -async function reassignAgentIsAllowed( +export async function reassignAgentIsAllowed( soClient: SavedObjectsClientContract, esClient: ElasticsearchClient, - agentId: string + agentId: string, + newAgentPolicyId: string ) { const agentPolicy = await getAgentPolicyForAgent(soClient, esClient, agentId); if (agentPolicy?.is_managed) { - throw new Error(`Cannot reassign an agent from managed agent policy ${agentPolicy?.id}`); + throw new Error(`Cannot reassign an agent from managed agent policy ${agentPolicy.id}`); + } + + const newAgentPolicy = await getAgentPolicyForAgent(soClient, esClient, newAgentPolicyId); + if (newAgentPolicy?.is_managed) { + throw new Error(`Cannot reassign an agent to managed agent policy ${newAgentPolicy.id}`); } + + return true; } export async function reassignAgents( @@ -75,7 +83,15 @@ export async function reassignAgents( showInactive: false, }) ).agents; - const agentsToUpdate = agents.filter((agent) => agent.policy_id !== newAgentPolicyId); + // And which are allowed to unenroll + const settled = await Promise.allSettled( + agents.map((agent) => + reassignAgentIsAllowed(soClient, esClient, agent.id, newAgentPolicyId).then((_) => agent) + ) + ); + const agentsToUpdate = agents.filter( + (agent, index) => settled[index].status === 'fulfilled' && agent.policy_id !== newAgentPolicyId + ); // Update the necessary agents const res = await soClient.bulkUpdate( From e19b0d6858502641831906a7199165d28d251a97 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Wed, 27 Jan 2021 15:33:25 -0500 Subject: [PATCH 13/18] Tests for reassign --- .../server/services/agents/reassign.test.ts | 125 ++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 x-pack/plugins/fleet/server/services/agents/reassign.test.ts diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts new file mode 100644 index 0000000000000..78f8c359948ec --- /dev/null +++ b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts @@ -0,0 +1,125 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { elasticsearchServiceMock, savedObjectsClientMock } from 'src/core/server/mocks'; +import type { SavedObject } from 'kibana/server'; +import type { Agent, AgentPolicy } from '../../types'; +import { reassignAgent, reassignAgents } from './reassign'; + +const agentInManagedSO = { + id: 'agent-in-managed-policy', + attributes: { policy_id: 'managed-agent-policy' }, +} as SavedObject; +const agentInManagedSO2 = { + id: 'agent-in-managed-policy2', + attributes: { policy_id: 'managed-agent-policy' }, +} as SavedObject; +const agentInUnmanagedSO = { + id: 'agent-in-unmanaged-policy', + attributes: { policy_id: 'unmanaged-agent-policy' }, +} as SavedObject; +const agentInUnmanagedSO2 = { + id: 'agent-in-unmanaged-policy2', + attributes: { policy_id: 'unmanaged-agent-policy' }, +} as SavedObject; +const unmanagedAgentPolicySO = { + id: 'unmanaged-agent-policy', + attributes: { is_managed: false }, +} as SavedObject; +const managedAgentPolicySO = { + id: 'managed-agent-policy', + attributes: { is_managed: true }, +} as SavedObject; + +describe('reassignAgent (singular)', () => { + it('can reassign from unmanaged policy to unmanaged', async () => { + const soClient = createClientMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + await reassignAgent(soClient, esClient, agentInUnmanagedSO.id, agentInUnmanagedSO2.id); + + // calls ES update with correct values + expect(soClient.update).toBeCalledTimes(1); + const calledWith = soClient.update.mock.calls[0]; + expect(calledWith[1]).toBe(agentInUnmanagedSO.id); + expect(calledWith[2]).toHaveProperty('policy_id', agentInUnmanagedSO2.id); + }); + + it('cannot reassign from unmanaged policy to managed', async () => { + const soClient = createClientMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + await expect( + reassignAgent(soClient, esClient, agentInUnmanagedSO.id, agentInManagedSO.id) + ).rejects.toThrow('to managed'); + + // does not call ES update + expect(soClient.update).toBeCalledTimes(0); + }); + + it('cannot reassign from managed policy', async () => { + const soClient = createClientMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + await expect( + reassignAgent(soClient, esClient, agentInManagedSO.id, agentInManagedSO2.id) + ).rejects.toThrow('from managed'); + // does not call ES update + expect(soClient.update).toBeCalledTimes(0); + + await expect( + reassignAgent(soClient, esClient, agentInManagedSO.id, agentInUnmanagedSO.id) + ).rejects.toThrow('from managed'); + // does not call ES update + expect(soClient.update).toBeCalledTimes(0); + }); +}); + +describe('reassignAgents (plural)', () => { + it('cannot reassign from a managed policy', async () => { + const soClient = createClientMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + const idsToReassign = [agentInUnmanagedSO.id, agentInManagedSO.id, agentInUnmanagedSO.id]; + await reassignAgents(soClient, esClient, { agentIds: idsToReassign }, agentInUnmanagedSO.id); + + // calls ES update with correct values + const calledWith = soClient.bulkUpdate.mock.calls[0][0]; + const expectedResults = [agentInUnmanagedSO.id, agentInUnmanagedSO.id]; + expect(calledWith.length).toBe(expectedResults.length); // only 2 in agentIds are unmanaged + expect(calledWith.map(({ id }) => id)).toEqual(expectedResults); + }); +}); + +function createClientMock() { + const soClientMock = savedObjectsClientMock.create(); + + // need to mock .create & bulkCreate due to (bulk)createAgentAction(s) in reassignAgent(s) + soClientMock.create.mockResolvedValue(agentInUnmanagedSO); + soClientMock.bulkCreate.mockImplementation(async ([{ type, attributes }]) => { + return { + saved_objects: [await soClientMock.create(type, attributes)], + }; + }); + + soClientMock.get.mockImplementation(async (_, id) => { + switch (id) { + case unmanagedAgentPolicySO.id: + return unmanagedAgentPolicySO; + case managedAgentPolicySO.id: + return managedAgentPolicySO; + case agentInManagedSO.id: + return agentInManagedSO; + case agentInUnmanagedSO.id: + default: + return agentInUnmanagedSO; + } + }); + + soClientMock.bulkGet.mockImplementation(async (options) => { + return { + saved_objects: await Promise.all(options!.map(({ type, id }) => soClientMock.get(type, id))), + }; + }); + + return soClientMock; +} From 445e74692bbe88096150e1a2a0fef0cf3d7158c4 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Thu, 28 Jan 2021 11:09:06 -0500 Subject: [PATCH 14/18] Add migration for managed agent policy --- .../plugins/fleet/server/saved_objects/index.ts | 3 ++- .../server/saved_objects/migrations/to_v7_12_0.ts | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/fleet/server/saved_objects/index.ts b/x-pack/plugins/fleet/server/saved_objects/index.ts index a4f5bdc89fd9a..7da053d4f9a00 100644 --- a/x-pack/plugins/fleet/server/saved_objects/index.ts +++ b/x-pack/plugins/fleet/server/saved_objects/index.ts @@ -28,7 +28,7 @@ import { migrateSettingsToV7100, migrateAgentActionToV7100, } from './migrations/to_v7_10_0'; -import { migrateAgentToV7120 } from './migrations/to_v7_12_0'; +import { migrateAgentToV7120, migrateAgentPolicyToV7120 } from './migrations/to_v7_12_0'; /* * Saved object types and mappings @@ -168,6 +168,7 @@ const getSavedObjectTypes = ( }, migrations: { '7.10.0': migrateAgentPolicyToV7100, + '7.12.0': migrateAgentPolicyToV7120, }, }, [ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE]: { diff --git a/x-pack/plugins/fleet/server/saved_objects/migrations/to_v7_12_0.ts b/x-pack/plugins/fleet/server/saved_objects/migrations/to_v7_12_0.ts index 841e56a60091b..a167f5e244501 100644 --- a/x-pack/plugins/fleet/server/saved_objects/migrations/to_v7_12_0.ts +++ b/x-pack/plugins/fleet/server/saved_objects/migrations/to_v7_12_0.ts @@ -4,8 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ -import { SavedObjectMigrationFn } from 'kibana/server'; -import { Agent } from '../../types'; +import type { SavedObjectMigrationFn } from 'kibana/server'; +import type { Agent, AgentPolicy } from '../../types'; export const migrateAgentToV7120: SavedObjectMigrationFn = ( agentDoc @@ -14,3 +14,14 @@ export const migrateAgentToV7120: SavedObjectMigrationFn, + AgentPolicy +> = (agentPolicyDoc) => { + const isV12 = 'is_managed' in agentPolicyDoc.attributes; + if (!isV12) { + agentPolicyDoc.attributes.is_managed = false; + } + return agentPolicyDoc; +}; From c77c8517534fc269e548f89547974608a881e06f Mon Sep 17 00:00:00 2001 From: John Schulz Date: Fri, 29 Jan 2021 13:41:30 -0500 Subject: [PATCH 15/18] Fix broken code in reassignment permissions check --- .../server/services/agents/reassign.test.ts | 4 +-- .../fleet/server/services/agents/reassign.ts | 2 +- .../server/services/agents/unenroll.test.ts | 26 +++++++++++++++++-- .../apis/agents/reassign.ts | 2 +- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts index 78f8c359948ec..e27b92d3223d8 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts @@ -76,7 +76,7 @@ describe('reassignAgent (singular)', () => { }); describe('reassignAgents (plural)', () => { - it('cannot reassign from a managed policy', async () => { + it('agents in managed policies are not updated', async () => { const soClient = createClientMock(); const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; const idsToReassign = [agentInUnmanagedSO.id, agentInManagedSO.id, agentInUnmanagedSO.id]; @@ -85,7 +85,7 @@ describe('reassignAgents (plural)', () => { // calls ES update with correct values const calledWith = soClient.bulkUpdate.mock.calls[0][0]; const expectedResults = [agentInUnmanagedSO.id, agentInUnmanagedSO.id]; - expect(calledWith.length).toBe(expectedResults.length); // only 2 in agentIds are unmanaged + expect(calledWith.length).toBe(expectedResults.length); // only 2 are unmanaged expect(calledWith.map(({ id }) => id)).toEqual(expectedResults); }); }); diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.ts b/x-pack/plugins/fleet/server/services/agents/reassign.ts index 3534587fd41ab..c29ace6e6245b 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.ts @@ -48,7 +48,7 @@ export async function reassignAgentIsAllowed( throw new Error(`Cannot reassign an agent from managed agent policy ${agentPolicy.id}`); } - const newAgentPolicy = await getAgentPolicyForAgent(soClient, esClient, newAgentPolicyId); + const newAgentPolicy = await agentPolicyService.get(soClient, newAgentPolicyId); if (newAgentPolicy?.is_managed) { throw new Error(`Cannot reassign an agent to managed agent policy ${newAgentPolicy.id}`); } diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts index 41538b45c47aa..57ac6d4334885 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts @@ -17,6 +17,10 @@ const agentInUnmanagedSO = { id: 'agent-in-unmanaged-policy', attributes: { policy_id: 'unmanaged-agent-policy' }, } as SavedObject; +const agentInUnmanagedSO2 = { + id: 'agent-in-unmanaged-policy2', + attributes: { policy_id: 'unmanaged-agent-policy' }, +} as SavedObject; const unmanagedAgentPolicySO = { id: 'unmanaged-agent-policy', attributes: { is_managed: false }, @@ -49,15 +53,31 @@ describe('unenrollAgent (singular)', () => { }); describe('unenrollAgents (plural)', () => { + it('can unenroll from an unmanaged policy', async () => { + const soClient = createClientMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + const idsToUnenroll = [agentInUnmanagedSO.id, agentInUnmanagedSO2.id]; + await unenrollAgents(soClient, esClient, { agentIds: idsToUnenroll }); + + // calls ES update with correct values + const calledWith = soClient.bulkUpdate.mock.calls[0][0]; + expect(calledWith.length).toBe(idsToUnenroll.length); + expect(calledWith.map(({ id }) => id)).toEqual(idsToUnenroll); + for (const params of calledWith) { + expect(params.attributes).toHaveProperty('unenrollment_started_at'); + } + }); it('cannot unenroll from a managed policy', async () => { const soClient = createClientMock(); const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; - const idsToUnenroll = [agentInUnmanagedSO.id, agentInManagedSO.id, agentInUnmanagedSO.id]; + const idsToUnenroll = [agentInUnmanagedSO.id, agentInManagedSO.id, agentInUnmanagedSO2.id]; await unenrollAgents(soClient, esClient, { agentIds: idsToUnenroll }); // calls ES update with correct values const calledWith = soClient.bulkUpdate.mock.calls[0][0]; - expect(calledWith.length).toBe(2); // only 2 in agentIds are unmanaged + const onlyUnmanaged = [agentInUnmanagedSO.id, agentInUnmanagedSO2.id]; + expect(calledWith.length).toBe(onlyUnmanaged.length); + expect(calledWith.map(({ id }) => id)).toEqual(onlyUnmanaged); for (const params of calledWith) { expect(params.attributes).toHaveProperty('unenrollment_started_at'); } @@ -83,6 +103,8 @@ function createClientMock() { return managedAgentPolicySO; case agentInManagedSO.id: return agentInManagedSO; + case agentInUnmanagedSO2.id: + return agentInUnmanagedSO2; case agentInUnmanagedSO.id: default: return agentInUnmanagedSO; diff --git a/x-pack/test/fleet_api_integration/apis/agents/reassign.ts b/x-pack/test/fleet_api_integration/apis/agents/reassign.ts index 081f9dd3375a2..ae0da2eb759f6 100644 --- a/x-pack/test/fleet_api_integration/apis/agents/reassign.ts +++ b/x-pack/test/fleet_api_integration/apis/agents/reassign.ts @@ -29,7 +29,7 @@ export default function (providerContext: FtrProviderContext) { policy_id: 'policy2', }) .expect(200); - const { body } = await supertest.get(`/api/fleet/agents/agent1`).set('kbn-xsrf', 'xxx'); + const { body } = await supertest.get(`/api/fleet/agents/agent1`); expect(body.item.policy_id).to.eql('policy2'); }); From 92f888b47a94e8c27761cab9a10c9ed2e60362bf Mon Sep 17 00:00:00 2001 From: John Schulz Date: Fri, 29 Jan 2021 19:35:32 -0500 Subject: [PATCH 16/18] Fix broken test. Pass correct value --- .../plugins/fleet/server/services/agents/reassign.test.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts index e27b92d3223d8..49a38166e9cc7 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts @@ -51,7 +51,12 @@ describe('reassignAgent (singular)', () => { const soClient = createClientMock(); const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; await expect( - reassignAgent(soClient, esClient, agentInUnmanagedSO.id, agentInManagedSO.id) + reassignAgent( + soClient, + esClient, + agentInUnmanagedSO.id, + agentInManagedSO.attributes.policy_id! + ) ).rejects.toThrow('to managed'); // does not call ES update From 86d69589d618c9cb8ddcfff22489c2d5ec9aab37 Mon Sep 17 00:00:00 2001 From: John Schulz Date: Tue, 2 Feb 2021 15:35:22 -0500 Subject: [PATCH 17/18] Add IngestManagerError and tests --- x-pack/plugins/fleet/server/errors/index.ts | 2 ++ .../server/services/agents/reassign.test.ts | 7 ++-- .../fleet/server/services/agents/reassign.ts | 13 +++++--- .../server/services/agents/unenroll.test.ts | 5 ++- .../fleet/server/services/agents/unenroll.ts | 9 +++-- .../apis/agents/reassign.ts | 33 +++++++++++++++++-- .../apis/agents/unenroll.ts | 2 +- 7 files changed, 57 insertions(+), 14 deletions(-) diff --git a/x-pack/plugins/fleet/server/errors/index.ts b/x-pack/plugins/fleet/server/errors/index.ts index 700750761def4..6e25a4719cd0f 100644 --- a/x-pack/plugins/fleet/server/errors/index.ts +++ b/x-pack/plugins/fleet/server/errors/index.ts @@ -31,3 +31,5 @@ export class PackageCacheError extends IngestManagerError {} export class PackageOperationNotSupportedError extends IngestManagerError {} export class FleetAdminUserInvalidError extends IngestManagerError {} export class ConcurrentInstallOperationError extends IngestManagerError {} +export class AgentReassignmentError extends IngestManagerError {} +export class AgentUnenrollmentError extends IngestManagerError {} diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts index 49a38166e9cc7..5a940818c280d 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts @@ -7,6 +7,7 @@ import { elasticsearchServiceMock, savedObjectsClientMock } from 'src/core/server/mocks'; import type { SavedObject } from 'kibana/server'; import type { Agent, AgentPolicy } from '../../types'; +import { AgentReassignmentError } from '../../errors'; import { reassignAgent, reassignAgents } from './reassign'; const agentInManagedSO = { @@ -57,7 +58,7 @@ describe('reassignAgent (singular)', () => { agentInUnmanagedSO.id, agentInManagedSO.attributes.policy_id! ) - ).rejects.toThrow('to managed'); + ).rejects.toThrowError(AgentReassignmentError); // does not call ES update expect(soClient.update).toBeCalledTimes(0); @@ -68,13 +69,13 @@ describe('reassignAgent (singular)', () => { const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; await expect( reassignAgent(soClient, esClient, agentInManagedSO.id, agentInManagedSO2.id) - ).rejects.toThrow('from managed'); + ).rejects.toThrowError(AgentReassignmentError); // does not call ES update expect(soClient.update).toBeCalledTimes(0); await expect( reassignAgent(soClient, esClient, agentInManagedSO.id, agentInUnmanagedSO.id) - ).rejects.toThrow('from managed'); + ).rejects.toThrowError(AgentReassignmentError); // does not call ES update expect(soClient.update).toBeCalledTimes(0); }); diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.ts b/x-pack/plugins/fleet/server/services/agents/reassign.ts index c29ace6e6245b..97ab737734734 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.ts @@ -4,10 +4,11 @@ * you may not use this file except in compliance with the Elastic License. */ -import { SavedObjectsClientContract, ElasticsearchClient } from 'kibana/server'; +import type { SavedObjectsClientContract, ElasticsearchClient } from 'kibana/server'; import Boom from '@hapi/boom'; import { AGENT_SAVED_OBJECT_TYPE } from '../../constants'; -import { AgentSOAttributes } from '../../types'; +import type { AgentSOAttributes } from '../../types'; +import { AgentReassignmentError } from '../../errors'; import { agentPolicyService } from '../agent_policy'; import { getAgentPolicyForAgent, getAgents, listAllAgents } from './crud'; import { createAgentAction, bulkCreateAgentActions } from './actions'; @@ -45,12 +46,16 @@ export async function reassignAgentIsAllowed( ) { const agentPolicy = await getAgentPolicyForAgent(soClient, esClient, agentId); if (agentPolicy?.is_managed) { - throw new Error(`Cannot reassign an agent from managed agent policy ${agentPolicy.id}`); + throw new AgentReassignmentError( + `Cannot reassign an agent from managed agent policy ${agentPolicy.id}` + ); } const newAgentPolicy = await agentPolicyService.get(soClient, newAgentPolicyId); if (newAgentPolicy?.is_managed) { - throw new Error(`Cannot reassign an agent to managed agent policy ${newAgentPolicy.id}`); + throw new AgentReassignmentError( + `Cannot reassign an agent to managed agent policy ${newAgentPolicy.id}` + ); } return true; diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts index 57ac6d4334885..a65d64d0e8ae1 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts @@ -7,6 +7,7 @@ import { elasticsearchServiceMock, savedObjectsClientMock } from 'src/core/server/mocks'; import type { SavedObject } from 'kibana/server'; import type { Agent, AgentPolicy } from '../../types'; +import { AgentUnenrollmentError } from '../../errors'; import { unenrollAgent, unenrollAgents } from './unenroll'; const agentInManagedSO = { @@ -46,7 +47,9 @@ describe('unenrollAgent (singular)', () => { it('cannot unenroll from managed policy', async () => { const soClient = createClientMock(); const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; - await expect(unenrollAgent(soClient, esClient, agentInManagedSO.id)).rejects.toThrow('managed'); + await expect(unenrollAgent(soClient, esClient, agentInManagedSO.id)).rejects.toThrowError( + AgentUnenrollmentError + ); // does not call ES update expect(soClient.update).toBeCalledTimes(0); }); diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.ts index eab99d9cc145d..aec628e78e405 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.ts @@ -3,8 +3,9 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import { ElasticsearchClient, SavedObjectsClientContract } from 'src/core/server'; -import { AgentSOAttributes } from '../../types'; +import type { ElasticsearchClient, SavedObjectsClientContract } from 'src/core/server'; +import type { AgentSOAttributes } from '../../types'; +import { AgentUnenrollmentError } from '../../errors'; import { AGENT_SAVED_OBJECT_TYPE } from '../../constants'; import * as APIKeyService from '../api_keys'; import { createAgentAction, bulkCreateAgentActions } from './actions'; @@ -17,7 +18,9 @@ async function unenrollAgentIsAllowed( ) { const agentPolicy = await getAgentPolicyForAgent(soClient, esClient, agentId); if (agentPolicy?.is_managed) { - throw new Error(`Cannot unenroll ${agentId} from a managed agent policy ${agentPolicy.id}`); + throw new AgentUnenrollmentError( + `Cannot unenroll ${agentId} from a managed agent policy ${agentPolicy.id}` + ); } return true; diff --git a/x-pack/test/fleet_api_integration/apis/agents/reassign.ts b/x-pack/test/fleet_api_integration/apis/agents/reassign.ts index ae0da2eb759f6..d0e6ca2f8e8b6 100644 --- a/x-pack/test/fleet_api_integration/apis/agents/reassign.ts +++ b/x-pack/test/fleet_api_integration/apis/agents/reassign.ts @@ -14,10 +14,10 @@ export default function (providerContext: FtrProviderContext) { describe('fleet_reassign_agent', () => { setupFleetAndAgents(providerContext); - before(async () => { + beforeEach(async () => { await esArchiver.loadIfNeeded('fleet/agents'); }); - after(async () => { + afterEach(async () => { await esArchiver.unload('fleet/agents'); }); @@ -86,5 +86,34 @@ export default function (providerContext: FtrProviderContext) { }) .expect(404); }); + + it('can reassign from unmanaged policy to unmanaged', async () => { + // policy2 is not managed + // reassign succeeds + await supertest + .put(`/api/fleet/agents/agent1/reassign`) + .set('kbn-xsrf', 'xxx') + .send({ + policy_id: 'policy2', + }) + .expect(200); + }); + it('cannot reassign from unmanaged policy to managed', async () => { + // agent1 is enrolled in policy1. set policy1 to managed + await supertest + .put(`/api/fleet/agent_policies/policy1`) + .set('kbn-xsrf', 'xxx') + .send({ name: 'Test policy', namespace: 'default', is_managed: true }) + .expect(200); + + // reassign fails + await supertest + .put(`/api/fleet/agents/agent1/reassign`) + .set('kbn-xsrf', 'xxx') + .send({ + policy_id: 'policy2', + }) + .expect(400); + }); }); } diff --git a/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts b/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts index 6192ecddea9ef..87dc636b180e9 100644 --- a/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts +++ b/x-pack/test/fleet_api_integration/apis/agents/unenroll.ts @@ -72,7 +72,7 @@ export default function (providerContext: FtrProviderContext) { .send({ name: 'Test policy', namespace: 'default', is_managed: true }) .expect(200); - await supertest.post(`/api/fleet/agents/agent1/unenroll`).set('kbn-xsrf', 'xxx').expect(500); + await supertest.post(`/api/fleet/agents/agent1/unenroll`).set('kbn-xsrf', 'xxx').expect(400); }); it('/agents/{agent_id}/unenroll should allow from unmanaged policy', async () => { From 13994c7fde43e9ea5cedebac7caff4d81736a2af Mon Sep 17 00:00:00 2001 From: John Schulz Date: Thu, 4 Feb 2021 12:22:59 -0500 Subject: [PATCH 18/18] Fix license header --- x-pack/plugins/fleet/server/services/agents/reassign.test.ts | 5 +++-- x-pack/plugins/fleet/server/services/agents/unenroll.test.ts | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts index 5a940818c280d..7338c440483ea 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.test.ts @@ -1,7 +1,8 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. */ import { elasticsearchServiceMock, savedObjectsClientMock } from 'src/core/server/mocks'; diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts index a65d64d0e8ae1..b8c1b7befb443 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.test.ts @@ -1,7 +1,8 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. */ import { elasticsearchServiceMock, savedObjectsClientMock } from 'src/core/server/mocks';