New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File delivery #2666
File delivery #2666
Conversation
This pull request is now in conflicts. Could you fix it @pzl? 🙏
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good so far.
Can you also add a test case for the e2e tests? (or a follow up item to do so)
I built this and ran Fleet Server locally with a Kibana stack to test everything e2e and it worked! I can upload multi-chunk files and Endpoint will be able to download them from ES through this API. The file ends up on the host in the expected folder from Endpoint and is executable by root: from a functionality POV, LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Please follow it up with e2e tests. you can ping me if you need help writing them
Thanks, adding plenty of tests in a followup. Going to merge this to get builds going over the weekend, for other teams to start integrating |
What is the problem this PR solves?
Delivering user-uploaded files (via kibana) to integrations (specifically, endpoint use-case)
How does this PR solve the problem?
an API route was added,
/api/fleet/file/[ID]
. Authenticated calls to this will locate file metadata documents in elasticsearch for the presence of a file, and that the authenticated agent is present in the file'sfile.Meta.target_agents
field (i.e. only allowed client IDs can download). Fleet server iterates through the file contents to send on the response pipeHow to test this PR locally
Alternatively, a simpler setup would be to check out this PR, and modify the authentication section in
internal/pkg/api/handleFileDelivery.go
line 48. Comment out theauthAgent
call (or otherwise mock it), and put a different, perhaps static ID as the last parameter to theFindFileForAgent
call a few lines down (e.g.... fileID, "mockID")
). As long as a file is uploaded to the right indices (.fleet-filedelivery-meta-endpoint
and.fleet-filedelivery-data-endpoint
) with that matching agent_id in thetarget_agents
field, then a command-line curl, wget or similar tohttps://localhost:8221/api/fleet/file/[ID]
should retrieve the file like any other file-based HTTP url.Design Checklist
Checklist
./changelog/fragments
using the changelog toolRelated issues