Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet][Agent Tampering] Remove unused created_at field from uninstall token SO mapping #159985

Merged
merged 3 commits into from
Jun 20, 2023
Merged

[Fleet][Agent Tampering] Remove unused created_at field from uninstall token SO mapping #159985

merged 3 commits into from
Jun 20, 2023

Conversation

gergoabraham
Copy link
Contributor

@gergoabraham gergoabraham commented Jun 20, 2023
edited
Loading

Summary

created_at field was added to the mapping for the uninstall token Saved Object, but it's not used and causes trouble.
There is a discussion whether to remove it from the mapping or not, before the recently added mapping itself is released with v8.9.0, so I prepared this PR to merge in case we want to remove it. The discussion ended with the decision to remove the field, so the aim is to merge this PR.

@gergoabraham gergoabraham added release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting Team:Fleet Team label for Observability Data Collection Fleet team Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Jun 20, 2023
@gergoabraham gergoabraham requested a review from a team as a code owner June 20, 2023 09:30
@gergoabraham gergoabraham self-assigned this Jun 20, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@gergoabraham gergoabraham requested a review from a team as a code owner June 20, 2023 11:38
rudolf
rudolf approved these changes Jun 20, 2023
View reviewed changes
Copy link
Contributor

@rudolf rudolf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to capture the reason behind this decision. These mappings were introduced into 8.9.0 and as such have not yet been released which is why we can remove these mappings even though in general it's not possible.

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 13 15 +2
securitySolution 411 415 +4
total +6

Total ESLint disabled count

id before after diff
enterpriseSearch 14 16 +2
securitySolution 494 498 +4
total +6

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @gergoabraham

@gergoabraham gergoabraham merged commit 66e87e6 into elastic:main Jun 20, 2023
@gergoabraham gergoabraham mentioned this pull request Jun 20, 2023
Merged
1 task
@gergoabraham gergoabraham deleted the task/fleet-agent-tampering-remove-unused-field-from-unreleased-saved-object-mapping branch June 21, 2023 07:24
gergoabraham added a commit that referenced this pull request Jun 30, 2023
@gergoabraham @kibanamachine
[Fleet][Agent tamper protection ] Split GET /uninstall_tokens API (#…
c9b6054 
…159944)

## Summary

> **Note**
> For testing: enable the `agentTamperProtectionEnabled` feature flag.

This PR modifies the quite new `GET /api/fleet/uninstall_tokens` API:
- `GET /api/fleet/uninstall_tokens`, returns token 'metadata' (i.e.
**uninstall token id**, policy ID and creation date) for the latest
token for every policy, without the token itself.
  - it is paginated (query params `page`, `perPage`),
  - and can be searched by partial policy ID (query param `policyId`).
  - this route is not used at the moment, will be used very soon
- `GET /api/fleet/uninstall_tokens/{id}` returns one decrypted token
identified by its ID
- ~`GET /api/fleet/agent_policies/{policyId}/uninstall_tokens`, returns
the decrypted token history for one policy~
  - ~this route is used by the `UninstallCommandFlyout`~
- this was added and then removed, because not a necessity at the
moment, and let's keep open all doors for agent tampering v2

### Todo - done ✅ 
`created_at` field was removed from the uninstall token saved object
mapping (21855ce), because it was
unused and messed up ordering by the saved object's own `created_at`
field.

This removal is not allowed, though, so this issue needs to be fixed.

**Update:** after a discussion with Kibana Core team, the `created_at`
field was removed in a separate PR which is merged in v8.9.0. Reason:
it's okay to use the SO's internal `created_at` field for sorting. Also,
the mapping will be released in v8.9.0 first, so it's okay to modify it
this time. The PR: #159985

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@gergoabraham gergoabraham mentioned this pull request Mar 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rudolf rudolf rudolf approved these changes

@juliaElastic juliaElastic juliaElastic approved these changes

@dasansol92 dasansol92 Awaiting requested review from dasansol92

Assignees

@gergoabraham gergoabraham

Labels
backport:skip This commit does not require backporting OLM Sprint release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team:Fleet Team label for Observability Data Collection Fleet team v8.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@gergoabraham @elasticmachine @kibana-ci @rudolf @juliaElastic @kibanamachine