-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet][Agent Tampering] Remove unused created_at
field from uninstall token SO mapping
#159985
Conversation
Pinging @elastic/fleet (Team:Fleet) |
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to capture the reason behind this decision. These mappings were introduced into 8.9.0 and as such have not yet been released which is why we can remove these mappings even though in general it's not possible.
💚 Build Succeeded
Metrics [docs]Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
…159944) ## Summary > **Note** > For testing: enable the `agentTamperProtectionEnabled` feature flag. This PR modifies the quite new `GET /api/fleet/uninstall_tokens` API: - `GET /api/fleet/uninstall_tokens`, returns token 'metadata' (i.e. **uninstall token id**, policy ID and creation date) for the latest token for every policy, without the token itself. - it is paginated (query params `page`, `perPage`), - and can be searched by partial policy ID (query param `policyId`). - this route is not used at the moment, will be used very soon - `GET /api/fleet/uninstall_tokens/{id}` returns one decrypted token identified by its ID - ~`GET /api/fleet/agent_policies/{policyId}/uninstall_tokens`, returns the decrypted token history for one policy~ - ~this route is used by the `UninstallCommandFlyout`~ - this was added and then removed, because not a necessity at the moment, and let's keep open all doors for agent tampering v2 ### Todo - done ✅ `created_at` field was removed from the uninstall token saved object mapping (21855ce), because it was unused and messed up ordering by the saved object's own `created_at` field. This removal is not allowed, though, so this issue needs to be fixed. **Update:** after a discussion with Kibana Core team, the `created_at` field was removed in a separate PR which is merged in v8.9.0. Reason: it's okay to use the SO's internal `created_at` field for sorting. Also, the mapping will be released in v8.9.0 first, so it's okay to modify it this time. The PR: #159985 ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
created_at
field was added to the mapping for the uninstall token Saved Object, but it's not used and causes trouble.There is a discussion whether to remove it from the mapping or not, before the recently added mapping itself is released with v8.9.0, so I prepared this PR to merge in case we want to remove it.The discussion ended with the decision to remove the field, so the aim is to merge this PR.