From 24026548085cecd5dc7dddb64a497cba0877df9a Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Tue, 8 Aug 2023 17:01:16 +0100 Subject: [PATCH 1/4] fix policy secret tests --- .../apis/policy_secrets.ts | 124 +++++++----------- 1 file changed, 44 insertions(+), 80 deletions(-) diff --git a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts index 34f20e88b0a81..8c2195d7cb488 100644 --- a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts +++ b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts @@ -10,7 +10,7 @@ // So start investigating from earliest test failure in the file. import type { Client } from '@elastic/elasticsearch'; -import expect from '@kbn/expect'; +import expect from '@kbn/expect/expect'; import { FullAgentPolicy } from '@kbn/fleet-plugin/common'; import { v4 as uuidv4 } from 'uuid'; import { FtrProviderContext } from '../../api_integration/ftr_provider_context'; @@ -41,37 +41,43 @@ function createdPolicyToUpdatePolicy(policy: any) { return updatedPolicy; } +const SECRETS_INDEX_NAME = '.fleet-secrets'; export default function (providerContext: FtrProviderContext) { - // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/162732 - describe.skip('fleet policy secrets', () => { + describe('fleet policy secrets', () => { const { getService } = providerContext; const es: Client = getService('es'); const supertest = getService('supertest'); const kibanaServer = getService('kibanaServer'); - const getPackagePolicyById = async (id: string) => { - const { body } = await supertest.get(`/api/fleet/package_policies/${id}`); - return body.item; + const getSecrets = async (ids?: string[]) => { + const query = ids ? { terms: { _id: ids } } : { match_all: {} }; + return es.search({ + index: SECRETS_INDEX_NAME, + body: { + query, + }, + }); }; - const maybeCreateSecretsIndex = async () => { - // create mock .secrets index for testing - if (await es.indices.exists({ index: '.fleet-test-secrets' })) { - await es.indices.delete({ index: '.fleet-test-secrets' }); - } - await es.indices.create({ - index: '.fleet-test-secrets', - body: { - mappings: { - properties: { - value: { - type: 'keyword', - }, + const deleteAllSecrets = async () => { + try { + await es.deleteByQuery({ + index: SECRETS_INDEX_NAME, + body: { + query: { + match_all: {}, }, }, - }, - }); + }); + } catch (err) { + // index doesnt exis + } + }; + + const getPackagePolicyById = async (id: string) => { + const { body } = await supertest.get(`/api/fleet/package_policies/${id}`); + return body.item; }; const getFullAgentPolicyById = async (id: string) => { @@ -137,10 +143,8 @@ export default function (providerContext: FtrProviderContext) { let agentPolicyId: string; before(async () => { await kibanaServer.savedObjects.cleanStandardList(); - await getService('esArchiver').load( - 'x-pack/test/functional/es_archives/fleet/empty_fleet_server' - ); - await maybeCreateSecretsIndex(); + + await deleteAllSecrets(); }); setupFleetAndAgents(providerContext); @@ -261,16 +265,7 @@ export default function (providerContext: FtrProviderContext) { }); it('should have correctly created the secrets', async () => { - const searchRes = await es.search({ - index: '.fleet-test-secrets', - body: { - query: { - ids: { - values: [packageVarId, inputVarId, streamVarId], - }, - }, - }, - }); + const searchRes = await getSecrets([packageVarId, inputVarId, streamVarId]); expect(searchRes.hits.hits.length).to.eql(3); @@ -337,14 +332,7 @@ export default function (providerContext: FtrProviderContext) { }); it('should have correctly deleted unused secrets after update', async () => { - const searchRes = await es.search({ - index: '.fleet-test-secrets', - body: { - query: { - match_all: {}, - }, - }, - }); + const searchRes = await getSecrets(); expect(searchRes.hits.hits.length).to.eql(3); // should have created 1 and deleted 1 doc @@ -374,14 +362,7 @@ export default function (providerContext: FtrProviderContext) { expectCompiledPolicyVars(policyDoc, updatedPackageVarId); - const searchRes = await es.search({ - index: '.fleet-test-secrets', - body: { - query: { - match_all: {}, - }, - }, - }); + const searchRes = await getSecrets(); expect(searchRes.hits.hits.length).to.eql(3); @@ -413,53 +394,36 @@ export default function (providerContext: FtrProviderContext) { updatedPackagePolicy.vars.package_var_secret.value.id, updatedPackageVarId, ]; - - const searchRes = await es.search({ - index: '.fleet-test-secrets', - body: { - query: { - terms: { - _id: packageVarSecretIds, - }, - }, - }, - }); + const searchRes = await getSecrets(packageVarSecretIds); expect(searchRes.hits.hits.length).to.eql(2); }); it('should not delete used secrets on package policy delete', async () => { - return supertest + await supertest .delete(`/api/fleet/package_policies/${duplicatedPackagePolicyId}`) .set('kbn-xsrf', 'xxxx') .expect(200); - const searchRes = await es.search({ - index: '.fleet-test-secrets', - body: { - query: { - match_all: {}, - }, - }, - }); + // sleep to allow for secrets to be deleted + await new Promise((resolve) => setTimeout(resolve, 1000)); + + const searchRes = await getSecrets(); + // should have deleted new_package_secret_val_2 expect(searchRes.hits.hits.length).to.eql(3); }); it('should delete all secrets on package policy delete', async () => { - return supertest + await supertest .delete(`/api/fleet/package_policies/${createdPackagePolicyId}`) .set('kbn-xsrf', 'xxxx') .expect(200); - const searchRes = await es.search({ - index: '.fleet-test-secrets', - body: { - query: { - match_all: {}, - }, - }, - }); + // sleep to allow for secrets to be deleted + await new Promise((resolve) => setTimeout(resolve, 1000)); + + const searchRes = await getSecrets(); expect(searchRes.hits.hits.length).to.eql(0); }); From 7d6588038d93096cc7bb26904e62819072abd900 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 8 Aug 2023 16:14:04 +0000 Subject: [PATCH 2/4] [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' --- x-pack/test/fleet_api_integration/apis/policy_secrets.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts index 8c2195d7cb488..52b614f389ba9 100644 --- a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts +++ b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts @@ -10,7 +10,7 @@ // So start investigating from earliest test failure in the file. import type { Client } from '@elastic/elasticsearch'; -import expect from '@kbn/expect/expect'; +import expect from '@kbn/expect'; import { FullAgentPolicy } from '@kbn/fleet-plugin/common'; import { v4 as uuidv4 } from 'uuid'; import { FtrProviderContext } from '../../api_integration/ftr_provider_context'; From e1dde30bcd62e5eaa2abc2211ccf0f945c24ee43 Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Tue, 8 Aug 2023 20:17:45 +0100 Subject: [PATCH 3/4] remove test index from config --- x-pack/test/fleet_api_integration/config.base.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/test/fleet_api_integration/config.base.ts b/x-pack/test/fleet_api_integration/config.base.ts index e5746278a26f9..3e4b35988efba 100644 --- a/x-pack/test/fleet_api_integration/config.base.ts +++ b/x-pack/test/fleet_api_integration/config.base.ts @@ -74,7 +74,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { 'secretsStorage', 'agentTamperProtectionEnabled', ])}`, - `--xpack.fleet.developer.testSecretsIndex=.fleet-test-secrets`, `--logging.loggers=${JSON.stringify([ ...getKibanaCliLoggers(xPackAPITestsConfig.get('kbnTestServer.serverArgs')), From 96fbdb2a18d1522ed2d2f142ad0080b8e43de8cd Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Tue, 8 Aug 2023 20:19:44 +0100 Subject: [PATCH 4/4] remove test code --- x-pack/plugins/fleet/server/config.ts | 1 - x-pack/plugins/fleet/server/services/secrets.ts | 17 ++++------------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/x-pack/plugins/fleet/server/config.ts b/x-pack/plugins/fleet/server/config.ts index 14e5a86aa73ad..9726837375eed 100644 --- a/x-pack/plugins/fleet/server/config.ts +++ b/x-pack/plugins/fleet/server/config.ts @@ -139,7 +139,6 @@ export const config: PluginConfigDescriptor = { disableRegistryVersionCheck: schema.boolean({ defaultValue: false }), allowAgentUpgradeSourceUri: schema.boolean({ defaultValue: false }), bundledPackageLocation: schema.string({ defaultValue: DEFAULT_BUNDLED_PACKAGE_LOCATION }), - testSecretsIndex: schema.maybe(schema.string()), }), packageVerification: schema.object({ gpgKeyPath: schema.string({ defaultValue: DEFAULT_GPG_KEY_PATH }), diff --git a/x-pack/plugins/fleet/server/services/secrets.ts b/x-pack/plugins/fleet/server/services/secrets.ts index bd70e8435b02a..c6f14f38a54d7 100644 --- a/x-pack/plugins/fleet/server/services/secrets.ts +++ b/x-pack/plugins/fleet/server/services/secrets.ts @@ -49,15 +49,6 @@ interface SecretPath { value: PackagePolicyConfigRecordEntry; } -// This will be removed once the secrets index PR is merged into elasticsearch -function getSecretsIndex() { - const testIndex = appContextService.getConfig()?.developer?.testSecretsIndex; - if (testIndex) { - return testIndex; - } - return SECRETS_INDEX; -} - export async function createSecrets(opts: { esClient: ElasticsearchClient; values: string[]; @@ -66,7 +57,7 @@ export async function createSecrets(opts: { const logger = appContextService.getLogger(); const body = values.flatMap((value) => [ { - create: { _index: getSecretsIndex() }, + create: { _index: SECRETS_INDEX }, }, { value }, ]); @@ -99,7 +90,7 @@ export async function createSecrets(opts: { value: values[i], })); } catch (e) { - const msg = `Error creating secrets in ${getSecretsIndex()} index: ${e}`; + const msg = `Error creating secrets in ${SECRETS_INDEX} index: ${e}`; logger.error(msg); throw new FleetError(msg); } @@ -192,7 +183,7 @@ export async function _deleteSecrets(opts: { const logger = appContextService.getLogger(); const body = ids.flatMap((id) => [ { - delete: { _index: getSecretsIndex(), _id: id }, + delete: { _index: SECRETS_INDEX, _id: id }, }, ]); @@ -221,7 +212,7 @@ export async function _deleteSecrets(opts: { throw new Error(JSON.stringify(errorItems)); } } catch (e) { - const msg = `Error deleting secrets from ${getSecretsIndex()} index: ${e}`; + const msg = `Error deleting secrets from ${SECRETS_INDEX} index: ${e}`; logger.error(msg); throw new FleetError(msg); }