Skip to content

Commit

Permalink
[8.13] [Fleet] Fix managed agent policy preconfiguration update (#181624
Browse files Browse the repository at this point in the history
  • Loading branch information
nchaulet authored Apr 25, 2024
1 parent ebf4bf2 commit 003e4a4
Show file tree
Hide file tree
Showing 3 changed files with 127 additions and 2 deletions.
2 changes: 1 addition & 1 deletion x-pack/plugins/fleet/common/types/models/agent_policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ export interface NewAgentPolicy {
agent_features?: Array<{ name: string; enabled: boolean }>;
is_protected?: boolean;
overrides?: { [key: string]: any } | null;
keep_monitoring_alive?: boolean | null;
}

// SO definition for this type is declared in server/types/interfaces
Expand All @@ -52,7 +53,6 @@ export interface AgentPolicy extends Omit<NewAgentPolicy, 'id'> {
revision: number;
agents?: number;
is_protected: boolean;
keep_monitoring_alive?: boolean;
}

export interface FullAgentPolicyInputStream {
Expand Down
124 changes: 124 additions & 0 deletions x-pack/plugins/fleet/server/services/preconfiguration.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -531,6 +531,130 @@ describe('policy preconfiguration', () => {
);
});

it('should update keep_monitoring_enabled for existing managed policies', async () => {
const soClient = getPutPreconfiguredPackagesMock();
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
mockedPackagePolicyService.findAllForAgentPolicy.mockResolvedValue([
{ name: 'test_package1' } as PackagePolicy,
]);

mockConfiguredPolicies.set('test-id', {
name: 'Test policy',
description: 'Test policy description',
unenroll_timeout: 120,
namespace: 'default',
id: 'test-id',
is_managed: true,
package_policies: [
{
name: 'test_package1',
},
],
} as PreconfiguredAgentPolicy);

await ensurePreconfiguredPackagesAndPolicies(
soClient,
esClient,
[
{
name: 'Test policy',
namespace: 'default',
id: 'test-id',
is_managed: true,
keep_monitoring_alive: true,
package_policies: [
{
package: { name: 'test_package' },
name: 'test_package1',
},
],
},
] as PreconfiguredAgentPolicy[],
[{ name: 'test_package', version: '3.0.0' }],
mockDefaultOutput,
mockDefaultDownloadService,
DEFAULT_SPACE_ID
);

expect(spyAgentPolicyServiceUpdate).toBeCalled();
expect(spyAgentPolicyServiceUpdate).toBeCalledWith(
expect.anything(), // soClient
expect.anything(), // esClient
'test-id',
expect.objectContaining({
download_source_id: 'ds-test-id',
is_managed: true,
keep_monitoring_alive: true,
name: 'Test policy',
}),
{
force: true,
}
);
});

it('should update keep_monitoring_enabled for existing managed policies (even is the SO is out-of-sync)', async () => {
const soClient = getPutPreconfiguredPackagesMock();
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
mockedPackagePolicyService.findAllForAgentPolicy.mockResolvedValue([
{ name: 'test_package1' } as PackagePolicy,
]);

mockConfiguredPolicies.set('test-id', {
name: 'Test policy',
description: 'Test policy description',
unenroll_timeout: 120,
namespace: 'default',
id: 'test-id',
is_managed: false, // SO out-of-sync and mark the policy as not managed
package_policies: [
{
name: 'test_package1',
},
],
} as PreconfiguredAgentPolicy);

await ensurePreconfiguredPackagesAndPolicies(
soClient,
esClient,
[
{
name: 'Test policy',
namespace: 'default',
id: 'test-id',
is_managed: true,
keep_monitoring_alive: true,
package_policies: [
{
package: { name: 'test_package' },
name: 'test_package1',
},
],
},
] as PreconfiguredAgentPolicy[],
[{ name: 'test_package', version: '3.0.0' }],
mockDefaultOutput,
mockDefaultDownloadService,
DEFAULT_SPACE_ID
);

expect(spyAgentPolicyServiceUpdate).toBeCalled();
expect(spyAgentPolicyServiceUpdate).toBeCalledWith(
expect.anything(), // soClient
expect.anything(), // esClient
'test-id',
expect.objectContaining({
download_source_id: 'ds-test-id',
is_managed: true,
keep_monitoring_alive: true,
name: 'Test policy',
}),
{
force: true,
}
);
});

it('should not try to recreate preconfigure package policy that has been renamed', async () => {
const soClient = getPutPreconfiguredPackagesMock();
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
Expand Down
3 changes: 2 additions & 1 deletion x-pack/plugins/fleet/server/services/preconfiguration.ts
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,8 @@ export async function ensurePreconfiguredPackagesAndPolicies(
);

if (!created) {
if (!policy?.is_managed) return { created, policy };
if (!policy) return { created, policy };
if (!policy.is_managed && !preconfiguredAgentPolicy.is_managed) return { created, policy };
const { hasChanged, fields } = comparePreconfiguredPolicyToCurrent(
preconfiguredAgentPolicy,
policy
Expand Down

0 comments on commit 003e4a4

Please sign in to comment.