From 24026548085cecd5dc7dddb64a497cba0877df9a Mon Sep 17 00:00:00 2001
From: Mark Hopkin <mark.hopkin@elastic.co>
Date: Tue, 8 Aug 2023 17:01:16 +0100
Subject: [PATCH 1/4] fix policy secret tests

---
 .../apis/policy_secrets.ts                    | 124 +++++++-----------
 1 file changed, 44 insertions(+), 80 deletions(-)

diff --git a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
index 34f20e88b0a810..8c2195d7cb4887 100644
--- a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
+++ b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
@@ -10,7 +10,7 @@
 // So start investigating from earliest test failure in the file.
 
 import type { Client } from '@elastic/elasticsearch';
-import expect from '@kbn/expect';
+import expect from '@kbn/expect/expect';
 import { FullAgentPolicy } from '@kbn/fleet-plugin/common';
 import { v4 as uuidv4 } from 'uuid';
 import { FtrProviderContext } from '../../api_integration/ftr_provider_context';
@@ -41,37 +41,43 @@ function createdPolicyToUpdatePolicy(policy: any) {
   return updatedPolicy;
 }
 
+const SECRETS_INDEX_NAME = '.fleet-secrets';
 export default function (providerContext: FtrProviderContext) {
-  // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/162732
-  describe.skip('fleet policy secrets', () => {
+  describe('fleet policy secrets', () => {
     const { getService } = providerContext;
 
     const es: Client = getService('es');
     const supertest = getService('supertest');
     const kibanaServer = getService('kibanaServer');
 
-    const getPackagePolicyById = async (id: string) => {
-      const { body } = await supertest.get(`/api/fleet/package_policies/${id}`);
-      return body.item;
+    const getSecrets = async (ids?: string[]) => {
+      const query = ids ? { terms: { _id: ids } } : { match_all: {} };
+      return es.search({
+        index: SECRETS_INDEX_NAME,
+        body: {
+          query,
+        },
+      });
     };
 
-    const maybeCreateSecretsIndex = async () => {
-      // create mock .secrets index for testing
-      if (await es.indices.exists({ index: '.fleet-test-secrets' })) {
-        await es.indices.delete({ index: '.fleet-test-secrets' });
-      }
-      await es.indices.create({
-        index: '.fleet-test-secrets',
-        body: {
-          mappings: {
-            properties: {
-              value: {
-                type: 'keyword',
-              },
+    const deleteAllSecrets = async () => {
+      try {
+        await es.deleteByQuery({
+          index: SECRETS_INDEX_NAME,
+          body: {
+            query: {
+              match_all: {},
             },
           },
-        },
-      });
+        });
+      } catch (err) {
+        // index doesnt exis
+      }
+    };
+
+    const getPackagePolicyById = async (id: string) => {
+      const { body } = await supertest.get(`/api/fleet/package_policies/${id}`);
+      return body.item;
     };
 
     const getFullAgentPolicyById = async (id: string) => {
@@ -137,10 +143,8 @@ export default function (providerContext: FtrProviderContext) {
     let agentPolicyId: string;
     before(async () => {
       await kibanaServer.savedObjects.cleanStandardList();
-      await getService('esArchiver').load(
-        'x-pack/test/functional/es_archives/fleet/empty_fleet_server'
-      );
-      await maybeCreateSecretsIndex();
+
+      await deleteAllSecrets();
     });
 
     setupFleetAndAgents(providerContext);
@@ -261,16 +265,7 @@ export default function (providerContext: FtrProviderContext) {
     });
 
     it('should have correctly created the secrets', async () => {
-      const searchRes = await es.search({
-        index: '.fleet-test-secrets',
-        body: {
-          query: {
-            ids: {
-              values: [packageVarId, inputVarId, streamVarId],
-            },
-          },
-        },
-      });
+      const searchRes = await getSecrets([packageVarId, inputVarId, streamVarId]);
 
       expect(searchRes.hits.hits.length).to.eql(3);
 
@@ -337,14 +332,7 @@ export default function (providerContext: FtrProviderContext) {
     });
 
     it('should have correctly deleted unused secrets after update', async () => {
-      const searchRes = await es.search({
-        index: '.fleet-test-secrets',
-        body: {
-          query: {
-            match_all: {},
-          },
-        },
-      });
+      const searchRes = await getSecrets();
 
       expect(searchRes.hits.hits.length).to.eql(3); // should have created 1 and deleted 1 doc
 
@@ -374,14 +362,7 @@ export default function (providerContext: FtrProviderContext) {
 
       expectCompiledPolicyVars(policyDoc, updatedPackageVarId);
 
-      const searchRes = await es.search({
-        index: '.fleet-test-secrets',
-        body: {
-          query: {
-            match_all: {},
-          },
-        },
-      });
+      const searchRes = await getSecrets();
 
       expect(searchRes.hits.hits.length).to.eql(3);
 
@@ -413,53 +394,36 @@ export default function (providerContext: FtrProviderContext) {
         updatedPackagePolicy.vars.package_var_secret.value.id,
         updatedPackageVarId,
       ];
-
-      const searchRes = await es.search({
-        index: '.fleet-test-secrets',
-        body: {
-          query: {
-            terms: {
-              _id: packageVarSecretIds,
-            },
-          },
-        },
-      });
+      const searchRes = await getSecrets(packageVarSecretIds);
 
       expect(searchRes.hits.hits.length).to.eql(2);
     });
 
     it('should not delete used secrets on package policy delete', async () => {
-      return supertest
+      await supertest
         .delete(`/api/fleet/package_policies/${duplicatedPackagePolicyId}`)
         .set('kbn-xsrf', 'xxxx')
         .expect(200);
 
-      const searchRes = await es.search({
-        index: '.fleet-test-secrets',
-        body: {
-          query: {
-            match_all: {},
-          },
-        },
-      });
+      // sleep to allow for secrets to be deleted
+      await new Promise((resolve) => setTimeout(resolve, 1000));
+
+      const searchRes = await getSecrets();
 
+      // should have deleted new_package_secret_val_2
       expect(searchRes.hits.hits.length).to.eql(3);
     });
 
     it('should delete all secrets on package policy delete', async () => {
-      return supertest
+      await supertest
         .delete(`/api/fleet/package_policies/${createdPackagePolicyId}`)
         .set('kbn-xsrf', 'xxxx')
         .expect(200);
 
-      const searchRes = await es.search({
-        index: '.fleet-test-secrets',
-        body: {
-          query: {
-            match_all: {},
-          },
-        },
-      });
+      // sleep to allow for secrets to be deleted
+      await new Promise((resolve) => setTimeout(resolve, 1000));
+
+      const searchRes = await getSecrets();
 
       expect(searchRes.hits.hits.length).to.eql(0);
     });

From 7d6588038d93096cc7bb26904e62819072abd900 Mon Sep 17 00:00:00 2001
From: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Date: Tue, 8 Aug 2023 16:14:04 +0000
Subject: [PATCH 2/4] [CI] Auto-commit changed files from 'node
 scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'

---
 x-pack/test/fleet_api_integration/apis/policy_secrets.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
index 8c2195d7cb4887..52b614f389ba95 100644
--- a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
+++ b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts
@@ -10,7 +10,7 @@
 // So start investigating from earliest test failure in the file.
 
 import type { Client } from '@elastic/elasticsearch';
-import expect from '@kbn/expect/expect';
+import expect from '@kbn/expect';
 import { FullAgentPolicy } from '@kbn/fleet-plugin/common';
 import { v4 as uuidv4 } from 'uuid';
 import { FtrProviderContext } from '../../api_integration/ftr_provider_context';

From e1dde30bcd62e5eaa2abc2211ccf0f945c24ee43 Mon Sep 17 00:00:00 2001
From: Mark Hopkin <mark.hopkin@elastic.co>
Date: Tue, 8 Aug 2023 20:17:45 +0100
Subject: [PATCH 3/4] remove test index from config

---
 x-pack/test/fleet_api_integration/config.base.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/x-pack/test/fleet_api_integration/config.base.ts b/x-pack/test/fleet_api_integration/config.base.ts
index e5746278a26f90..3e4b35988efba5 100644
--- a/x-pack/test/fleet_api_integration/config.base.ts
+++ b/x-pack/test/fleet_api_integration/config.base.ts
@@ -74,7 +74,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
           'secretsStorage',
           'agentTamperProtectionEnabled',
         ])}`,
-        `--xpack.fleet.developer.testSecretsIndex=.fleet-test-secrets`,
         `--logging.loggers=${JSON.stringify([
           ...getKibanaCliLoggers(xPackAPITestsConfig.get('kbnTestServer.serverArgs')),
 

From 96fbdb2a18d1522ed2d2f142ad0080b8e43de8cd Mon Sep 17 00:00:00 2001
From: Mark Hopkin <mark.hopkin@elastic.co>
Date: Tue, 8 Aug 2023 20:19:44 +0100
Subject: [PATCH 4/4] remove test code

---
 x-pack/plugins/fleet/server/config.ts           |  1 -
 x-pack/plugins/fleet/server/services/secrets.ts | 17 ++++-------------
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/x-pack/plugins/fleet/server/config.ts b/x-pack/plugins/fleet/server/config.ts
index 14e5a86aa73ade..9726837375eed0 100644
--- a/x-pack/plugins/fleet/server/config.ts
+++ b/x-pack/plugins/fleet/server/config.ts
@@ -139,7 +139,6 @@ export const config: PluginConfigDescriptor = {
       disableRegistryVersionCheck: schema.boolean({ defaultValue: false }),
       allowAgentUpgradeSourceUri: schema.boolean({ defaultValue: false }),
       bundledPackageLocation: schema.string({ defaultValue: DEFAULT_BUNDLED_PACKAGE_LOCATION }),
-      testSecretsIndex: schema.maybe(schema.string()),
     }),
     packageVerification: schema.object({
       gpgKeyPath: schema.string({ defaultValue: DEFAULT_GPG_KEY_PATH }),
diff --git a/x-pack/plugins/fleet/server/services/secrets.ts b/x-pack/plugins/fleet/server/services/secrets.ts
index bd70e8435b02ac..c6f14f38a54d78 100644
--- a/x-pack/plugins/fleet/server/services/secrets.ts
+++ b/x-pack/plugins/fleet/server/services/secrets.ts
@@ -49,15 +49,6 @@ interface SecretPath {
   value: PackagePolicyConfigRecordEntry;
 }
 
-// This will be removed once the secrets index PR is merged into elasticsearch
-function getSecretsIndex() {
-  const testIndex = appContextService.getConfig()?.developer?.testSecretsIndex;
-  if (testIndex) {
-    return testIndex;
-  }
-  return SECRETS_INDEX;
-}
-
 export async function createSecrets(opts: {
   esClient: ElasticsearchClient;
   values: string[];
@@ -66,7 +57,7 @@ export async function createSecrets(opts: {
   const logger = appContextService.getLogger();
   const body = values.flatMap((value) => [
     {
-      create: { _index: getSecretsIndex() },
+      create: { _index: SECRETS_INDEX },
     },
     { value },
   ]);
@@ -99,7 +90,7 @@ export async function createSecrets(opts: {
       value: values[i],
     }));
   } catch (e) {
-    const msg = `Error creating secrets in ${getSecretsIndex()} index: ${e}`;
+    const msg = `Error creating secrets in ${SECRETS_INDEX} index: ${e}`;
     logger.error(msg);
     throw new FleetError(msg);
   }
@@ -192,7 +183,7 @@ export async function _deleteSecrets(opts: {
   const logger = appContextService.getLogger();
   const body = ids.flatMap((id) => [
     {
-      delete: { _index: getSecretsIndex(), _id: id },
+      delete: { _index: SECRETS_INDEX, _id: id },
     },
   ]);
 
@@ -221,7 +212,7 @@ export async function _deleteSecrets(opts: {
       throw new Error(JSON.stringify(errorItems));
     }
   } catch (e) {
-    const msg = `Error deleting secrets from ${getSecretsIndex()} index: ${e}`;
+    const msg = `Error deleting secrets from ${SECRETS_INDEX} index: ${e}`;
     logger.error(msg);
     throw new FleetError(msg);
   }