Add basic Fleet plugin #65275
Add basic Fleet plugin #65275
Conversation
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
|
Thank you! Could you please add support for as well maybe? Currently coding agents actions with these assumptions. Could possibly change of course. |
|
I think we need to move this to be a plugin within x-pack and change all headers to elastic ones |
modules/fleet/src/javaRestTest/java/org/elasticsearch/fleet/FleetSystemIndexIT.java
Outdated
Show resolved
Hide resolved
modules/fleet/src/test/java/org/elasticsearch/fleet/FleetModuleTests.java
Outdated
Show resolved
Hide resolved
|
Are we able to prohibit direct access to just the Fleet indices? I ask because they're new, so we can start off by ensuring all consumers use the APIs. If it's an all-or-nothing settings, then nevermind. |
Yes, will update shortly.
Good call, will do. I spaced on the licensing aspect of it in my haste. For the Fleet folks, this won't change the endpoints or anything, it's just an internal change.
I would be open to this in principle, but I'm not sure there's a great way to implement it without doing something like hardcoding these index patterns into |
| new Object[] { ".fleet-policies-enrollment-keys" }, | ||
| new Object[] { ".fleet-policies-inputs" }, | ||
| new Object[] { ".fleet-agents" }, | ||
| new Object[] { ".fleet-agents-checkins" } |
There was a problem hiding this comment.
These have changed slightly the following indexes are needed:
.fleet-servers
.fleet-policies
.fleet-policies-leader
.fleet-agents
.fleet-actions
.fleet-actions-results
As for the Agent check-ins that will occur in logs-elastic_agent.checkin-default. This will follow the indexing strategy of Fleet and will be a datastream. I don't know if this needs to be registered in this plugin or not?
There was a problem hiding this comment.
Thanks, I'll update the indices shortly.
The dividing line is "Should a user ever directly query, visualize, and/or write to this index?" - if the answer is no, then it should probably be a system index. There's also a practical consideration in that there's no such thing as a "system data stream" (currently), so if being a data stream is a requirement, it can't be a system index.
There was a problem hiding this comment.
I've updated the plugin to use this list and removed the ones which were not on the list.
There was a problem hiding this comment.
A user should be able to directly query and visualize the logs-elastic_agent.checkin-default.
|
|
||
| Request getRequest = new Request("GET", "/_fleet/" + indexName + "/_doc/1"); | ||
| Response getResponse = client().performRequest(getRequest); | ||
| assertThat(getResponse.getStatusLine().getStatusCode(), is(200)); |
There was a problem hiding this comment.
| assertThat(getResponse.getStatusLine().getStatusCode(), is(200)); | |
| assertOK(response); |
| Request searchRequest = new Request("GET", "/_fleet/" + indexName + "/_search"); | ||
| searchRequest.setJsonEntity("{ \"query\" : { \"match_all\" : {} } }\n"); | ||
| Response getResponse = client().performRequest(searchRequest); | ||
| assertThat(getResponse.getStatusLine().getStatusCode(), is(200)); |
There was a problem hiding this comment.
| assertThat(getResponse.getStatusLine().getStatusCode(), is(200)); | |
| assertOK(response); |
|
|
||
| Request deleteRequest = new Request("DELETE", "/_fleet/" + indexName + "/_doc/1"); | ||
| Response deleteResponse = client().performRequest(deleteRequest); | ||
| assertThat(deleteResponse.getStatusLine().getStatusCode(), is(200)); |
There was a problem hiding this comment.
| assertThat(deleteResponse.getStatusLine().getStatusCode(), is(200)); | |
| assertOK(response); |
| "{ \"index\" : { \"_index\" : \"" | ||
| + indexName | ||
| + "\", \"_id\" : \"1\" } }\n{ \"foo\" : \"bar\" }\n" | ||
| + "{ \"index\" : { \"_index\" : \"" | ||
| + indexName | ||
| + "\", \"_id\" : \"2\" } }\n{ \"baz\" : \"tag\" }\n" |
There was a problem hiding this comment.
Nothing to change, but I kinda wish we could do something like:
String.join("\n",
toJson(Map.of("index", Map.of("_index", indexName, "_id", "1"))),
toJson(Map.of("foo", "bar")),
toJson(Map.of("index", Map.of("_index", indexName, "_id", "2"))),
toJson(Map.of("baz", "tag"))
)
| Request dbqRequest = new Request("POST", "/_fleet/" + indexName + "/_delete_by_query"); | ||
| dbqRequest.setJsonEntity("{ \"query\" : { \"match_all\" : {} } }\n"); | ||
| Response dbqResponse = client().performRequest(dbqRequest); | ||
| assertThat(dbqResponse.getStatusLine().getStatusCode(), is(200)); |
There was a problem hiding this comment.
| assertThat(dbqResponse.getStatusLine().getStatusCode(), is(200)); | |
| assertOK(response); |
There was a problem hiding this comment.
There's a bunch more, but I'll stop flagging them 😁
There was a problem hiding this comment.
My find/replace missed a bunch! Thanks.
|
@gwbrown Anything that is blocking this from landing? |
A very basic plugin to manage Fleet system indices. Currently, just registers these patterns as system indices: - `.fleet-servers*` - `.fleet-policies*` - `.fleet-agents*` - `.fleet-actions*`
|
👍 Thank you! |
A very basic plugin to manage Fleet system indices. Currently, just registers these patterns as system indices: - `.fleet-servers*` - `.fleet-policies*` - `.fleet-agents*` - `.fleet-actions*`
A very basic plugin to manage Fleet system indices.
Currently, just registers these patterns as system indices:
.fleet-servers*.fleet-policies*.fleet-agents*.fleet-actions*Relates to #64971