Skip to content

Commit

Permalink
[Cloud Security] Remove the pre-configuration check for supports_agen…
Browse files Browse the repository at this point in the history
…tless (#196566)

(cherry picked from commit 888b904)
  • Loading branch information
seanrathier committed Oct 16, 2024
1 parent 04f21d7 commit 80c1c26
Show file tree
Hide file tree
Showing 5 changed files with 0 additions and 126 deletions.
110 changes: 0 additions & 110 deletions x-pack/plugins/fleet/server/services/preconfiguration.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -902,116 +902,6 @@ describe('policy preconfiguration', () => {
);
});

it('should return a non fatal error if support_agentless is defined in stateful', async () => {
const soClient = getPutPreconfiguredPackagesMock();
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
jest.mocked(appContextService).getInternalUserSOClientForSpaceId.mockReturnValue(soClient);
jest.mocked(appContextService.getExperimentalFeatures).mockReturnValue({
agentless: true,
} as any);

jest
.spyOn(appContextService, 'getCloud')
.mockReturnValue({ isServerlessEnabled: false } as any);

const policies: PreconfiguredAgentPolicy[] = [
{
name: 'Test policy',
namespace: 'default',
id: 'test-id',
supports_agentless: true,
package_policies: [],
},
];

const { nonFatalErrors } = await ensurePreconfiguredPackagesAndPolicies(
soClient,
esClient,
policies,
[{ name: 'CANNOT_MATCH', version: 'x.y.z' }],
mockDefaultOutput,
mockDefaultDownloadService,
DEFAULT_SPACE_ID
);
// @ts-ignore-next-line
expect(nonFatalErrors[0].error.toString()).toEqual(
'FleetError: `supports_agentless` is only allowed in serverless environments that support the agentless feature'
);
});

it('should not return an error if support_agentless is defined in serverless and agentless is enabled', async () => {
const soClient = getPutPreconfiguredPackagesMock();
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
jest.mocked(appContextService).getInternalUserSOClientForSpaceId.mockReturnValue(soClient);
jest.mocked(appContextService.getExperimentalFeatures).mockReturnValue({
agentless: true,
} as any);

jest
.spyOn(appContextService, 'getCloud')
.mockReturnValue({ isServerlessEnabled: true } as any);

const policies: PreconfiguredAgentPolicy[] = [
{
name: 'Test policy',
namespace: 'default',
id: 'test-id',
supports_agentless: true,
package_policies: [],
},
];

const { policies: resPolicies, nonFatalErrors } =
await ensurePreconfiguredPackagesAndPolicies(
soClient,
esClient,
policies,
[{ name: 'CANNOT_MATCH', version: 'x.y.z' }],
mockDefaultOutput,
mockDefaultDownloadService,
DEFAULT_SPACE_ID
);
expect(nonFatalErrors.length).toBe(0);
expect(resPolicies[0].id).toEqual('test-id');
});

it('should return an error if agentless feature flag is disabled on serverless', async () => {
const soClient = getPutPreconfiguredPackagesMock();
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
jest.mocked(appContextService).getInternalUserSOClientForSpaceId.mockReturnValue(soClient);
jest.mocked(appContextService.getExperimentalFeatures).mockReturnValue({
agentless: false,
} as any);

jest
.spyOn(appContextService, 'getCloud')
.mockReturnValue({ isServerlessEnabled: true } as any);

const policies: PreconfiguredAgentPolicy[] = [
{
name: 'Test policy',
namespace: 'default',
id: 'test-id',
supports_agentless: true,
package_policies: [],
},
];

const { nonFatalErrors } = await ensurePreconfiguredPackagesAndPolicies(
soClient,
esClient,
policies,
[{ name: 'CANNOT_MATCH', version: 'x.y.z' }],
mockDefaultOutput,
mockDefaultDownloadService,
DEFAULT_SPACE_ID
);
// @ts-ignore-next-line
expect(nonFatalErrors[0].error.toString()).toEqual(
'FleetError: `supports_agentless` is only allowed in serverless environments that support the agentless feature'
);
});

it('should not attempt to recreate or modify an agent policy if its ID is unchanged', async () => {
const soClient = getPutPreconfiguredPackagesMock();
const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
Expand Down
13 changes: 0 additions & 13 deletions x-pack/plugins/fleet/server/services/preconfiguration.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,6 @@ import { type InputsOverride, packagePolicyService } from './package_policy';
import { preconfigurePackageInputs } from './package_policy';
import { appContextService } from './app_context';
import type { UpgradeManagedPackagePoliciesResult } from './setup/managed_package_policies';
import { isDefaultAgentlessPolicyEnabled } from './utils/agentless';

interface PreconfigurationResult {
policies: Array<{ id: string; updated_at: string }>;
Expand Down Expand Up @@ -163,18 +162,6 @@ export async function ensurePreconfiguredPackagesAndPolicies(
);
}

if (
!isDefaultAgentlessPolicyEnabled() &&
preconfiguredAgentPolicy?.supports_agentless !== undefined
) {
throw new FleetError(
i18n.translate('xpack.fleet.preconfiguration.support_agentless', {
defaultMessage:
'`supports_agentless` is only allowed in serverless environments that support the agentless feature',
})
);
}

const namespacedSoClient = preconfiguredAgentPolicy.space_id
? appContextService.getInternalUserSOClientForSpaceId(preconfiguredAgentPolicy.space_id)
: appContextService.getInternalUserSOClientForSpaceId(DEFAULT_NAMESPACE_STRING);
Expand Down
1 change: 0 additions & 1 deletion x-pack/plugins/translations/translations/fr-FR.json
Original file line number Diff line number Diff line change
Expand Up @@ -20332,7 +20332,6 @@
"xpack.fleet.preconfiguration.packageMissingError": "Impossible d'ajouter [{agentPolicyName}]. [{pkgName}] n'est pas installé. Veuillez ajouter [{pkgName}] à [{packagesConfigValue}] ou le retirer de [{packagePolicyName}].",
"xpack.fleet.preconfiguration.packageRejectedError": "Impossible d'ajouter [{agentPolicyName}]. [{pkgName}] n'a pas pu être installé en raison d’une erreur : [{errorMessage}].",
"xpack.fleet.preconfiguration.policyDeleted": "La politique préconfigurée {id} a été supprimée ; ignorer la création",
"xpack.fleet.preconfiguration.support_agentless": "`supports_agentless` n'est autorisé que dans les environnements sans serveur prenant en charge la fonctionnalité sans agent",
"xpack.fleet.renameAgentTags.errorNotificationTitle": "La balise n’a pas pu être renommée",
"xpack.fleet.renameAgentTags.successNotificationTitle": "Balise renommée",
"xpack.fleet.requestDiagnostics.calloutText": "Les fichiers de diagnostics sont stockés dans Elasticsearch, et ils peuvent donc engendrer des coûts de stockage. Par défaut, les fichiers sont périodiquement supprimés via une stratégie ILM.",
Expand Down
1 change: 0 additions & 1 deletion x-pack/plugins/translations/translations/ja-JP.json
Original file line number Diff line number Diff line change
Expand Up @@ -20082,7 +20082,6 @@
"xpack.fleet.preconfiguration.packageMissingError": "[{agentPolicyName}]を追加できませんでした。[{pkgName}]がインストールされていません。[{pkgName}]を[{packagesConfigValue}]に追加するか、[{packagePolicyName}]から削除してください。",
"xpack.fleet.preconfiguration.packageRejectedError": "[{agentPolicyName}]を追加できませんでした。エラーのため、[{pkgName}]をインストールできませんでした:[{errorMessage}]",
"xpack.fleet.preconfiguration.policyDeleted": "構成済みのポリシー{id}が削除されました。作成をスキップしています",
"xpack.fleet.preconfiguration.support_agentless": "supports_agentlessは、エージェントレス機能をサポートするサーバーレス環境でのみ許可されます",
"xpack.fleet.renameAgentTags.errorNotificationTitle": "タグ名の変更が失敗しました",
"xpack.fleet.renameAgentTags.successNotificationTitle": "タグ名が変更されました",
"xpack.fleet.requestDiagnostics.calloutText": "診断ファイルはElasticsearchに保存されるため、ストレージコストが発生する可能性があります。デフォルトでは、ILMポリシーによって、ファイルが定期的に削除されます。",
Expand Down
1 change: 0 additions & 1 deletion x-pack/plugins/translations/translations/zh-CN.json
Original file line number Diff line number Diff line change
Expand Up @@ -20112,7 +20112,6 @@
"xpack.fleet.preconfiguration.packageMissingError": "无法添加 [{agentPolicyName}]。[{pkgName}] 未安装,请将 [{pkgName}] 添加到 [{packagesConfigValue}] 或将其从 [{packagePolicyName}] 中移除。",
"xpack.fleet.preconfiguration.packageRejectedError": "无法添加 [{agentPolicyName}]。无法安装 [{pkgName}],因为出现错误:[{errorMessage}]",
"xpack.fleet.preconfiguration.policyDeleted": "预配置的策略 {id} 已删除;将跳过创建",
"xpack.fleet.preconfiguration.support_agentless": "只有支持无代理功能的无服务器环境才允许使用 `supports_agentless`",
"xpack.fleet.renameAgentTags.errorNotificationTitle": "标签重命名失败",
"xpack.fleet.renameAgentTags.successNotificationTitle": "标签已重命名",
"xpack.fleet.requestDiagnostics.calloutText": "诊断文件存储在 Elasticsearch 中,因此可能产生存储成本。默认情况下,会通过 ILM 策略定期删除文件。",
Expand Down

0 comments on commit 80c1c26

Please sign in to comment.