From 43ab583c90601fe893b08a1408649d4092de96b6 Mon Sep 17 00:00:00 2001 From: seanrathier Date: Wed, 16 Oct 2024 14:59:02 -0400 Subject: [PATCH] [Cloud Security] Remove the pre-configuration check for supports_agentless (#196566) --- .../server/services/preconfiguration.test.ts | 110 ------------------ .../fleet/server/services/preconfiguration.ts | 13 --- .../translations/translations/fr-FR.json | 1 - .../translations/translations/ja-JP.json | 1 - .../translations/translations/zh-CN.json | 1 - 5 files changed, 126 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/preconfiguration.test.ts b/x-pack/plugins/fleet/server/services/preconfiguration.test.ts index 36b6d4fdbeb17..fb2153ff903f0 100644 --- a/x-pack/plugins/fleet/server/services/preconfiguration.test.ts +++ b/x-pack/plugins/fleet/server/services/preconfiguration.test.ts @@ -902,116 +902,6 @@ describe('policy preconfiguration', () => { ); }); - it('should return a non fatal error if support_agentless is defined in stateful', async () => { - const soClient = getPutPreconfiguredPackagesMock(); - const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; - jest.mocked(appContextService).getInternalUserSOClientForSpaceId.mockReturnValue(soClient); - jest.mocked(appContextService.getExperimentalFeatures).mockReturnValue({ - agentless: true, - } as any); - - jest - .spyOn(appContextService, 'getCloud') - .mockReturnValue({ isServerlessEnabled: false } as any); - - const policies: PreconfiguredAgentPolicy[] = [ - { - name: 'Test policy', - namespace: 'default', - id: 'test-id', - supports_agentless: true, - package_policies: [], - }, - ]; - - const { nonFatalErrors } = await ensurePreconfiguredPackagesAndPolicies( - soClient, - esClient, - policies, - [{ name: 'CANNOT_MATCH', version: 'x.y.z' }], - mockDefaultOutput, - mockDefaultDownloadService, - DEFAULT_SPACE_ID - ); - // @ts-ignore-next-line - expect(nonFatalErrors[0].error.toString()).toEqual( - 'FleetError: `supports_agentless` is only allowed in serverless environments that support the agentless feature' - ); - }); - - it('should not return an error if support_agentless is defined in serverless and agentless is enabled', async () => { - const soClient = getPutPreconfiguredPackagesMock(); - const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; - jest.mocked(appContextService).getInternalUserSOClientForSpaceId.mockReturnValue(soClient); - jest.mocked(appContextService.getExperimentalFeatures).mockReturnValue({ - agentless: true, - } as any); - - jest - .spyOn(appContextService, 'getCloud') - .mockReturnValue({ isServerlessEnabled: true } as any); - - const policies: PreconfiguredAgentPolicy[] = [ - { - name: 'Test policy', - namespace: 'default', - id: 'test-id', - supports_agentless: true, - package_policies: [], - }, - ]; - - const { policies: resPolicies, nonFatalErrors } = - await ensurePreconfiguredPackagesAndPolicies( - soClient, - esClient, - policies, - [{ name: 'CANNOT_MATCH', version: 'x.y.z' }], - mockDefaultOutput, - mockDefaultDownloadService, - DEFAULT_SPACE_ID - ); - expect(nonFatalErrors.length).toBe(0); - expect(resPolicies[0].id).toEqual('test-id'); - }); - - it('should return an error if agentless feature flag is disabled on serverless', async () => { - const soClient = getPutPreconfiguredPackagesMock(); - const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; - jest.mocked(appContextService).getInternalUserSOClientForSpaceId.mockReturnValue(soClient); - jest.mocked(appContextService.getExperimentalFeatures).mockReturnValue({ - agentless: false, - } as any); - - jest - .spyOn(appContextService, 'getCloud') - .mockReturnValue({ isServerlessEnabled: true } as any); - - const policies: PreconfiguredAgentPolicy[] = [ - { - name: 'Test policy', - namespace: 'default', - id: 'test-id', - supports_agentless: true, - package_policies: [], - }, - ]; - - const { nonFatalErrors } = await ensurePreconfiguredPackagesAndPolicies( - soClient, - esClient, - policies, - [{ name: 'CANNOT_MATCH', version: 'x.y.z' }], - mockDefaultOutput, - mockDefaultDownloadService, - DEFAULT_SPACE_ID - ); - // @ts-ignore-next-line - expect(nonFatalErrors[0].error.toString()).toEqual( - 'FleetError: `supports_agentless` is only allowed in serverless environments that support the agentless feature' - ); - }); - it('should not attempt to recreate or modify an agent policy if its ID is unchanged', async () => { const soClient = getPutPreconfiguredPackagesMock(); const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; diff --git a/x-pack/plugins/fleet/server/services/preconfiguration.ts b/x-pack/plugins/fleet/server/services/preconfiguration.ts index 18726cdab4452..cf0ee7e70ca15 100644 --- a/x-pack/plugins/fleet/server/services/preconfiguration.ts +++ b/x-pack/plugins/fleet/server/services/preconfiguration.ts @@ -43,7 +43,6 @@ import { type InputsOverride, packagePolicyService } from './package_policy'; import { preconfigurePackageInputs } from './package_policy'; import { appContextService } from './app_context'; import type { UpgradeManagedPackagePoliciesResult } from './setup/managed_package_policies'; -import { isDefaultAgentlessPolicyEnabled } from './utils/agentless'; interface PreconfigurationResult { policies: Array<{ id: string; updated_at: string }>; @@ -163,18 +162,6 @@ export async function ensurePreconfiguredPackagesAndPolicies( ); } - if ( - !isDefaultAgentlessPolicyEnabled() && - preconfiguredAgentPolicy?.supports_agentless !== undefined - ) { - throw new FleetError( - i18n.translate('xpack.fleet.preconfiguration.support_agentless', { - defaultMessage: - '`supports_agentless` is only allowed in serverless environments that support the agentless feature', - }) - ); - } - const namespacedSoClient = preconfiguredAgentPolicy.space_id ? appContextService.getInternalUserSOClientForSpaceId(preconfiguredAgentPolicy.space_id) : appContextService.getInternalUserSOClientForSpaceId(DEFAULT_NAMESPACE_STRING); diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index d2c35721fdddb..6d57eec4f3b99 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -20332,7 +20332,6 @@ "xpack.fleet.preconfiguration.packageMissingError": "Impossible d'ajouter [{agentPolicyName}]. [{pkgName}] n'est pas installé. Veuillez ajouter [{pkgName}] à [{packagesConfigValue}] ou le retirer de [{packagePolicyName}].", "xpack.fleet.preconfiguration.packageRejectedError": "Impossible d'ajouter [{agentPolicyName}]. [{pkgName}] n'a pas pu être installé en raison d’une erreur : [{errorMessage}].", "xpack.fleet.preconfiguration.policyDeleted": "La politique préconfigurée {id} a été supprimée ; ignorer la création", - "xpack.fleet.preconfiguration.support_agentless": "`supports_agentless` n'est autorisé que dans les environnements sans serveur prenant en charge la fonctionnalité sans agent", "xpack.fleet.renameAgentTags.errorNotificationTitle": "La balise n’a pas pu être renommée", "xpack.fleet.renameAgentTags.successNotificationTitle": "Balise renommée", "xpack.fleet.requestDiagnostics.calloutText": "Les fichiers de diagnostics sont stockés dans Elasticsearch, et ils peuvent donc engendrer des coûts de stockage. Par défaut, les fichiers sont périodiquement supprimés via une stratégie ILM.", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index bc4f0b3f6cf1a..97e97f1e97c51 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -20082,7 +20082,6 @@ "xpack.fleet.preconfiguration.packageMissingError": "[{agentPolicyName}]を追加できませんでした。[{pkgName}]がインストールされていません。[{pkgName}]を[{packagesConfigValue}]に追加するか、[{packagePolicyName}]から削除してください。", "xpack.fleet.preconfiguration.packageRejectedError": "[{agentPolicyName}]を追加できませんでした。エラーのため、[{pkgName}]をインストールできませんでした:[{errorMessage}]", "xpack.fleet.preconfiguration.policyDeleted": "構成済みのポリシー{id}が削除されました。作成をスキップしています", - "xpack.fleet.preconfiguration.support_agentless": "supports_agentlessは、エージェントレス機能をサポートするサーバーレス環境でのみ許可されます", "xpack.fleet.renameAgentTags.errorNotificationTitle": "タグ名の変更が失敗しました", "xpack.fleet.renameAgentTags.successNotificationTitle": "タグ名が変更されました", "xpack.fleet.requestDiagnostics.calloutText": "診断ファイルはElasticsearchに保存されるため、ストレージコストが発生する可能性があります。デフォルトでは、ILMポリシーによって、ファイルが定期的に削除されます。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index e018909babf64..7194f977d4787 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -20112,7 +20112,6 @@ "xpack.fleet.preconfiguration.packageMissingError": "无法添加 [{agentPolicyName}]。[{pkgName}] 未安装,请将 [{pkgName}] 添加到 [{packagesConfigValue}] 或将其从 [{packagePolicyName}] 中移除。", "xpack.fleet.preconfiguration.packageRejectedError": "无法添加 [{agentPolicyName}]。无法安装 [{pkgName}],因为出现错误:[{errorMessage}]", "xpack.fleet.preconfiguration.policyDeleted": "预配置的策略 {id} 已删除;将跳过创建", - "xpack.fleet.preconfiguration.support_agentless": "只有支持无代理功能的无服务器环境才允许使用 `supports_agentless`", "xpack.fleet.renameAgentTags.errorNotificationTitle": "标签重命名失败", "xpack.fleet.renameAgentTags.successNotificationTitle": "标签已重命名", "xpack.fleet.requestDiagnostics.calloutText": "诊断文件存储在 Elasticsearch 中,因此可能产生存储成本。默认情况下,会通过 ILM 策略定期删除文件。",