From 003e4a42946390c2eb93dfb3586498ce7520a530 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Thu, 25 Apr 2024 15:13:49 -0400 Subject: [PATCH] [8.13] [Fleet] Fix managed agent policy preconfiguration update (#181624) (#181758) --- .../fleet/common/types/models/agent_policy.ts | 2 +- .../server/services/preconfiguration.test.ts | 124 ++++++++++++++++++ .../fleet/server/services/preconfiguration.ts | 3 +- 3 files changed, 127 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/fleet/common/types/models/agent_policy.ts b/x-pack/plugins/fleet/common/types/models/agent_policy.ts index 4e5d6250208a5..ec9fd518e881c 100644 --- a/x-pack/plugins/fleet/common/types/models/agent_policy.ts +++ b/x-pack/plugins/fleet/common/types/models/agent_policy.ts @@ -39,6 +39,7 @@ export interface NewAgentPolicy { agent_features?: Array<{ name: string; enabled: boolean }>; is_protected?: boolean; overrides?: { [key: string]: any } | null; + keep_monitoring_alive?: boolean | null; } // SO definition for this type is declared in server/types/interfaces @@ -52,7 +53,6 @@ export interface AgentPolicy extends Omit { revision: number; agents?: number; is_protected: boolean; - keep_monitoring_alive?: boolean; } export interface FullAgentPolicyInputStream { diff --git a/x-pack/plugins/fleet/server/services/preconfiguration.test.ts b/x-pack/plugins/fleet/server/services/preconfiguration.test.ts index fa81ae68a0445..12824d16ba202 100644 --- a/x-pack/plugins/fleet/server/services/preconfiguration.test.ts +++ b/x-pack/plugins/fleet/server/services/preconfiguration.test.ts @@ -531,6 +531,130 @@ describe('policy preconfiguration', () => { ); }); + it('should update keep_monitoring_enabled for existing managed policies', async () => { + const soClient = getPutPreconfiguredPackagesMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + mockedPackagePolicyService.findAllForAgentPolicy.mockResolvedValue([ + { name: 'test_package1' } as PackagePolicy, + ]); + + mockConfiguredPolicies.set('test-id', { + name: 'Test policy', + description: 'Test policy description', + unenroll_timeout: 120, + namespace: 'default', + id: 'test-id', + is_managed: true, + package_policies: [ + { + name: 'test_package1', + }, + ], + } as PreconfiguredAgentPolicy); + + await ensurePreconfiguredPackagesAndPolicies( + soClient, + esClient, + [ + { + name: 'Test policy', + namespace: 'default', + id: 'test-id', + is_managed: true, + keep_monitoring_alive: true, + package_policies: [ + { + package: { name: 'test_package' }, + name: 'test_package1', + }, + ], + }, + ] as PreconfiguredAgentPolicy[], + [{ name: 'test_package', version: '3.0.0' }], + mockDefaultOutput, + mockDefaultDownloadService, + DEFAULT_SPACE_ID + ); + + expect(spyAgentPolicyServiceUpdate).toBeCalled(); + expect(spyAgentPolicyServiceUpdate).toBeCalledWith( + expect.anything(), // soClient + expect.anything(), // esClient + 'test-id', + expect.objectContaining({ + download_source_id: 'ds-test-id', + is_managed: true, + keep_monitoring_alive: true, + name: 'Test policy', + }), + { + force: true, + } + ); + }); + + it('should update keep_monitoring_enabled for existing managed policies (even is the SO is out-of-sync)', async () => { + const soClient = getPutPreconfiguredPackagesMock(); + const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + mockedPackagePolicyService.findAllForAgentPolicy.mockResolvedValue([ + { name: 'test_package1' } as PackagePolicy, + ]); + + mockConfiguredPolicies.set('test-id', { + name: 'Test policy', + description: 'Test policy description', + unenroll_timeout: 120, + namespace: 'default', + id: 'test-id', + is_managed: false, // SO out-of-sync and mark the policy as not managed + package_policies: [ + { + name: 'test_package1', + }, + ], + } as PreconfiguredAgentPolicy); + + await ensurePreconfiguredPackagesAndPolicies( + soClient, + esClient, + [ + { + name: 'Test policy', + namespace: 'default', + id: 'test-id', + is_managed: true, + keep_monitoring_alive: true, + package_policies: [ + { + package: { name: 'test_package' }, + name: 'test_package1', + }, + ], + }, + ] as PreconfiguredAgentPolicy[], + [{ name: 'test_package', version: '3.0.0' }], + mockDefaultOutput, + mockDefaultDownloadService, + DEFAULT_SPACE_ID + ); + + expect(spyAgentPolicyServiceUpdate).toBeCalled(); + expect(spyAgentPolicyServiceUpdate).toBeCalledWith( + expect.anything(), // soClient + expect.anything(), // esClient + 'test-id', + expect.objectContaining({ + download_source_id: 'ds-test-id', + is_managed: true, + keep_monitoring_alive: true, + name: 'Test policy', + }), + { + force: true, + } + ); + }); + it('should not try to recreate preconfigure package policy that has been renamed', async () => { const soClient = getPutPreconfiguredPackagesMock(); const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; diff --git a/x-pack/plugins/fleet/server/services/preconfiguration.ts b/x-pack/plugins/fleet/server/services/preconfiguration.ts index 8a4944ddb99ad..c794b259ef3ff 100644 --- a/x-pack/plugins/fleet/server/services/preconfiguration.ts +++ b/x-pack/plugins/fleet/server/services/preconfiguration.ts @@ -163,7 +163,8 @@ export async function ensurePreconfiguredPackagesAndPolicies( ); if (!created) { - if (!policy?.is_managed) return { created, policy }; + if (!policy) return { created, policy }; + if (!policy.is_managed && !preconfiguredAgentPolicy.is_managed) return { created, policy }; const { hasChanged, fields } = comparePreconfiguredPolicyToCurrent( preconfiguredAgentPolicy, policy