Skip to content

Commit

Permalink
[Fleet] Prevent duplication of managed policy !! (elastic#197575)
Browse files Browse the repository at this point in the history
## Summary

Fixes elastic#194149

Prevent duplication of managed policy !!

<img width="1594" alt="image"
src="https://github.com/user-attachments/assets/f386a287-4f9e-4307-ba84-98f3ea807ef9">

(cherry picked from commit 81856bc)
  • Loading branch information
shahzad31 committed Oct 29, 2024
1 parent 4a27b85 commit e423709
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -137,13 +137,22 @@ export const AgentPolicyActionMenu = memo<{
const copyPolicyItem = (
<EuiContextMenuItem
data-test-subj="agentPolicyActionMenuCopyButton"
disabled={!authz.integrations.writeIntegrationPolicies}
disabled={!authz.integrations.writeIntegrationPolicies || hasManagedPackagePolicy}
icon="copy"
onClick={() => {
setIsContextMenuOpen(false);
copyAgentPolicyPrompt(agentPolicy, onCopySuccess);
}}
key="copyPolicy"
toolTipContent={
hasManagedPackagePolicy ? (
<FormattedMessage
id="xpack.fleet.policyForm.copyPolicyActionText.disabled"
defaultMessage="Agent policy with managed package policies cannot be copied."
data-test-subj="agentPolicyActionMenuCopyButtonDisabledTooltip"
/>
) : undefined
}
>
<FormattedMessage
id="xpack.fleet.agentPolicyActionMenu.copyPolicyActionText"
Expand Down
30 changes: 30 additions & 0 deletions x-pack/plugins/fleet/server/services/agent_policy.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1319,6 +1319,36 @@ describe('Agent policy', () => {
});
});

describe('copy', () => {
let soClient: ReturnType<typeof savedObjectsClientMock.create>;
let esClient: ReturnType<typeof elasticsearchServiceMock.createClusterClient>['asInternalUser'];

beforeEach(() => {
soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] });
esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
});

it('should throw error for agent policy which has managed package policy', async () => {
mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([
{
id: 'package-1',
is_managed: true,
},
] as any);
try {
await agentPolicyService.copy(soClient, esClient, 'mocked', {
name: 'copy mocked',
});
} catch (e) {
expect(e.message).toEqual(
new PackagePolicyRestrictionRelatedError(
`Cannot copy an agent policy mocked that contains managed package policies`
).message
);
}
});
});

describe('deployPolicy', () => {
beforeEach(() => {
mockedGetFullAgentPolicy.mockReset();
Expand Down
11 changes: 11 additions & 0 deletions x-pack/plugins/fleet/server/services/agent_policy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -768,6 +768,17 @@ class AgentPolicyService {
if (!baseAgentPolicy) {
throw new AgentPolicyNotFoundError('Agent policy not found');
}
if (baseAgentPolicy.package_policies?.length) {
const hasManagedPackagePolicies = baseAgentPolicy.package_policies.some(
(packagePolicy) => packagePolicy.is_managed
);
if (hasManagedPackagePolicies) {
throw new PackagePolicyRestrictionRelatedError(
`Cannot copy an agent policy ${id} that contains managed package policies`
);
}
}

const newAgentPolicy = await this.create(
soClient,
esClient,
Expand Down

0 comments on commit e423709

Please sign in to comment.