Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Re-enable and fix Fleet policy secret integration tests #163428

Merged
merged 5 commits into from
Aug 10, 2023
Merged

[Fleet] Re-enable and fix Fleet policy secret integration tests #163428

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2402654
fix policy secret tests
hop-dev Aug 8, 2023
7d65880
[CI] Auto-commit changed files from 'node scripts/precommit_hook.js -…
kibanamachine Aug 8, 2023
e1dde30
remove test index from config
hop-dev Aug 8, 2023
96fbdb2
remove test code
hop-dev Aug 8, 2023
8763166
Merge branch 'main' into 162732-secrets-tests
hop-dev Aug 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 0 additions & 1 deletion x-pack/plugins/fleet/server/config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ export const config: PluginConfigDescriptor = {
disableRegistryVersionCheck: schema.boolean({ defaultValue: false }),
allowAgentUpgradeSourceUri: schema.boolean({ defaultValue: false }),
bundledPackageLocation: schema.string({ defaultValue: DEFAULT_BUNDLED_PACKAGE_LOCATION }),
testSecretsIndex: schema.maybe(schema.string()),
}),
packageVerification: schema.object({
gpgKeyPath: schema.string({ defaultValue: DEFAULT_GPG_KEY_PATH }),
Expand Down
17 changes: 4 additions & 13 deletions x-pack/plugins/fleet/server/services/secrets.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,6 @@ interface SecretPath {
value: PackagePolicyConfigRecordEntry;
}

// This will be removed once the secrets index PR is merged into elasticsearch
function getSecretsIndex() {
const testIndex = appContextService.getConfig()?.developer?.testSecretsIndex;
if (testIndex) {
return testIndex;
}
return SECRETS_INDEX;
}

export async function createSecrets(opts: {
esClient: ElasticsearchClient;
values: string[];
Expand All @@ -66,7 +57,7 @@ export async function createSecrets(opts: {
const logger = appContextService.getLogger();
const body = values.flatMap((value) => [
{
create: { _index: getSecretsIndex() },
create: { _index: SECRETS_INDEX },
hop-dev marked this conversation as resolved.
Show resolved Hide resolved
},
{ value },
]);
Expand Down Expand Up @@ -99,7 +90,7 @@ export async function createSecrets(opts: {
value: values[i],
}));
} catch (e) {
const msg = `Error creating secrets in ${getSecretsIndex()} index: ${e}`;
const msg = `Error creating secrets in ${SECRETS_INDEX} index: ${e}`;
logger.error(msg);
throw new FleetError(msg);
}
Expand Down Expand Up @@ -192,7 +183,7 @@ export async function _deleteSecrets(opts: {
const logger = appContextService.getLogger();
const body = ids.flatMap((id) => [
{
delete: { _index: getSecretsIndex(), _id: id },
delete: { _index: SECRETS_INDEX, _id: id },
},
]);

Expand Down Expand Up @@ -221,7 +212,7 @@ export async function _deleteSecrets(opts: {
throw new Error(JSON.stringify(errorItems));
}
} catch (e) {
const msg = `Error deleting secrets from ${getSecretsIndex()} index: ${e}`;
const msg = `Error deleting secrets from ${SECRETS_INDEX} index: ${e}`;
logger.error(msg);
throw new FleetError(msg);
}
Expand Down
122 changes: 43 additions & 79 deletions x-pack/test/fleet_api_integration/apis/policy_secrets.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,37 +41,43 @@ function createdPolicyToUpdatePolicy(policy: any) {
return updatedPolicy;
}

const SECRETS_INDEX_NAME = '.fleet-secrets';
export default function (providerContext: FtrProviderContext) {
// FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/162732
describe.skip('fleet policy secrets', () => {
describe('fleet policy secrets', () => {
const { getService } = providerContext;

const es: Client = getService('es');
const supertest = getService('supertest');
const kibanaServer = getService('kibanaServer');

const getPackagePolicyById = async (id: string) => {
const { body } = await supertest.get(`/api/fleet/package_policies/${id}`);
return body.item;
const getSecrets = async (ids?: string[]) => {
const query = ids ? { terms: { _id: ids } } : { match_all: {} };
return es.search({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think you can search the index directly, does this test work locally?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I will double check locally, but the build was green even after cristinas PR was merged I believe 🤔

index: SECRETS_INDEX_NAME,
body: {
query,
},
});
};

const maybeCreateSecretsIndex = async () => {
// create mock .secrets index for testing
if (await es.indices.exists({ index: '.fleet-test-secrets' })) {
await es.indices.delete({ index: '.fleet-test-secrets' });
}
await es.indices.create({
index: '.fleet-test-secrets',
body: {
mappings: {
properties: {
value: {
type: 'keyword',
},
const deleteAllSecrets = async () => {
try {
await es.deleteByQuery({
index: SECRETS_INDEX_NAME,
body: {
query: {
match_all: {},
},
},
},
});
});
} catch (err) {
// index doesnt exis
}
};

const getPackagePolicyById = async (id: string) => {
const { body } = await supertest.get(`/api/fleet/package_policies/${id}`);
return body.item;
};

const getFullAgentPolicyById = async (id: string) => {
Expand Down Expand Up @@ -137,10 +143,8 @@ export default function (providerContext: FtrProviderContext) {
let agentPolicyId: string;
before(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await getService('esArchiver').load(
'x-pack/test/functional/es_archives/fleet/empty_fleet_server'
);
await maybeCreateSecretsIndex();

await deleteAllSecrets();
});

setupFleetAndAgents(providerContext);
Expand Down Expand Up @@ -261,16 +265,7 @@ export default function (providerContext: FtrProviderContext) {
});

it('should have correctly created the secrets', async () => {
const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
ids: {
values: [packageVarId, inputVarId, streamVarId],
},
},
},
});
const searchRes = await getSecrets([packageVarId, inputVarId, streamVarId]);

expect(searchRes.hits.hits.length).to.eql(3);

Expand Down Expand Up @@ -337,14 +332,7 @@ export default function (providerContext: FtrProviderContext) {
});

it('should have correctly deleted unused secrets after update', async () => {
const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
const searchRes = await getSecrets();

expect(searchRes.hits.hits.length).to.eql(3); // should have created 1 and deleted 1 doc

Expand Down Expand Up @@ -374,14 +362,7 @@ export default function (providerContext: FtrProviderContext) {

expectCompiledPolicyVars(policyDoc, updatedPackageVarId);

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
const searchRes = await getSecrets();

expect(searchRes.hits.hits.length).to.eql(3);

Expand Down Expand Up @@ -413,53 +394,36 @@ export default function (providerContext: FtrProviderContext) {
updatedPackagePolicy.vars.package_var_secret.value.id,
updatedPackageVarId,
];

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
terms: {
_id: packageVarSecretIds,
},
},
},
});
const searchRes = await getSecrets(packageVarSecretIds);

expect(searchRes.hits.hits.length).to.eql(2);
});

it('should not delete used secrets on package policy delete', async () => {
return supertest
await supertest
.delete(`/api/fleet/package_policies/${duplicatedPackagePolicyId}`)
.set('kbn-xsrf', 'xxxx')
.expect(200);

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
// sleep to allow for secrets to be deleted
await new Promise((resolve) => setTimeout(resolve, 1000));

const searchRes = await getSecrets();

// should have deleted new_package_secret_val_2
expect(searchRes.hits.hits.length).to.eql(3);
});

it('should delete all secrets on package policy delete', async () => {
return supertest
await supertest
.delete(`/api/fleet/package_policies/${createdPackagePolicyId}`)
.set('kbn-xsrf', 'xxxx')
.expect(200);

const searchRes = await es.search({
index: '.fleet-test-secrets',
body: {
query: {
match_all: {},
},
},
});
// sleep to allow for secrets to be deleted
await new Promise((resolve) => setTimeout(resolve, 1000));

const searchRes = await getSecrets();

expect(searchRes.hits.hits.length).to.eql(0);
});
Expand Down
1 change: 0 additions & 1 deletion x-pack/test/fleet_api_integration/config.base.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
'secretsStorage',
'agentTamperProtectionEnabled',
])}`,
`--xpack.fleet.developer.testSecretsIndex=.fleet-test-secrets`,
`--logging.loggers=${JSON.stringify([
...getKibanaCliLoggers(xPackAPITestsConfig.get('kbnTestServer.serverArgs')),

Expand Down