From 15aaea8d02b9c6f214b426f23dfd2f7ab415af5a Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 30 Oct 2024 08:42:16 +1100 Subject: [PATCH] [8.x] [Fleet] Prevent duplication of managed policy !! (#197575) (#198201) # Backport This will backport the following commits from `main` to `8.x`: - [[Fleet] Prevent duplication of managed policy !! (#197575)](https://github.com/elastic/kibana/pull/197575) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Shahzad --- .../agent_policy/components/actions_menu.tsx | 11 ++++++- .../server/services/agent_policy.test.ts | 30 +++++++++++++++++++ .../fleet/server/services/agent_policy.ts | 11 +++++++ 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx index f4f519b0a9c95..88dd00546e51f 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx @@ -137,13 +137,22 @@ export const AgentPolicyActionMenu = memo<{ const copyPolicyItem = ( { setIsContextMenuOpen(false); copyAgentPolicyPrompt(agentPolicy, onCopySuccess); }} key="copyPolicy" + toolTipContent={ + hasManagedPackagePolicy ? ( + + ) : undefined + } > { }); }); + describe('copy', () => { + let soClient: ReturnType; + let esClient: ReturnType['asInternalUser']; + + beforeEach(() => { + soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] }); + esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + }); + + it('should throw error for agent policy which has managed package policy', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + is_managed: true, + }, + ] as any); + try { + await agentPolicyService.copy(soClient, esClient, 'mocked', { + name: 'copy mocked', + }); + } catch (e) { + expect(e.message).toEqual( + new PackagePolicyRestrictionRelatedError( + `Cannot copy an agent policy mocked that contains managed package policies` + ).message + ); + } + }); + }); + describe('deployPolicy', () => { beforeEach(() => { mockedGetFullAgentPolicy.mockReset(); diff --git a/x-pack/plugins/fleet/server/services/agent_policy.ts b/x-pack/plugins/fleet/server/services/agent_policy.ts index 1493f55cf6909..672b623afb030 100644 --- a/x-pack/plugins/fleet/server/services/agent_policy.ts +++ b/x-pack/plugins/fleet/server/services/agent_policy.ts @@ -768,6 +768,17 @@ class AgentPolicyService { if (!baseAgentPolicy) { throw new AgentPolicyNotFoundError('Agent policy not found'); } + if (baseAgentPolicy.package_policies?.length) { + const hasManagedPackagePolicies = baseAgentPolicy.package_policies.some( + (packagePolicy) => packagePolicy.is_managed + ); + if (hasManagedPackagePolicies) { + throw new PackagePolicyRestrictionRelatedError( + `Cannot copy an agent policy ${id} that contains managed package policies` + ); + } + } + const newAgentPolicy = await this.create( soClient, esClient,