diff --git a/x-pack/plugins/fleet/common/types/models/agent_policy.ts b/x-pack/plugins/fleet/common/types/models/agent_policy.ts index ac69f0c673289..e639b364343d9 100644 --- a/x-pack/plugins/fleet/common/types/models/agent_policy.ts +++ b/x-pack/plugins/fleet/common/types/models/agent_policy.ts @@ -118,6 +118,7 @@ export interface FullAgentPolicyMonitoring { enabled: boolean; metrics: boolean; logs: boolean; + traces: boolean; } export interface FullAgentPolicy { diff --git a/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts b/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts index 72335f2c94f31..5ffe6b643f77d 100644 --- a/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts +++ b/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts @@ -172,6 +172,7 @@ describe('Fleet cloud preconfiguration', () => { enabled: false, logs: false, metrics: false, + traces: false, }, protection: { enabled: false, diff --git a/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/full_agent_policy.test.ts.snap b/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/full_agent_policy.test.ts.snap index 8518e43fdaf0d..d5ae12c00a9ff 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/full_agent_policy.test.ts.snap +++ b/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/full_agent_policy.test.ts.snap @@ -11,6 +11,7 @@ Object { "enabled": false, "logs": false, "metrics": false, + "traces": false, }, "protection": Object { "enabled": false, @@ -180,6 +181,7 @@ Object { "logs": false, "metrics": true, "namespace": "default", + "traces": false, "use_output": "default", }, "protection": Object { @@ -258,6 +260,7 @@ Object { "logs": false, "metrics": true, "namespace": "default", + "traces": false, "use_output": "monitoring-output-id", }, "protection": Object { @@ -336,6 +339,7 @@ Object { "logs": false, "metrics": true, "namespace": "default", + "traces": false, "use_output": "monitoring-output-id", }, "protection": Object { diff --git a/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/monitoring_permissions.test.ts.snap b/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/monitoring_permissions.test.ts.snap index fc854fd3b774f..91234c443ab76 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/monitoring_permissions.test.ts.snap +++ b/x-pack/plugins/fleet/server/services/agent_policies/__snapshots__/monitoring_permissions.test.ts.snap @@ -1,6 +1,6 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`getMonitoringPermissions With elastic agent package installed should return default logs and metrics permissions if both are enabled 1`] = ` +exports[`getMonitoringPermissions With elastic agent package installed should return default logs permissions if only logs are enabled 1`] = ` Object { "_elastic_agent_monitoring": Object { "indices": Array [ @@ -15,16 +15,25 @@ Object { }, Object { "names": Array [ - "metrics-elastic_agent.metricbeat-testnamespace123", + "logs-elastic_agent.filebeat-testnamespace123", ], "privileges": Array [ "auto_configure", "create_doc", ], }, + ], + }, +} +`; + +exports[`getMonitoringPermissions With elastic agent package installed should return default logs, metrics, traces permissions if all are enabled 1`] = ` +Object { + "_elastic_agent_monitoring": Object { + "indices": Array [ Object { "names": Array [ - "logs-elastic_agent.filebeat-testnamespace123", + "logs-elastic_agent.metricbeat-testnamespace123", ], "privileges": Array [ "auto_configure", @@ -33,25 +42,16 @@ Object { }, Object { "names": Array [ - "metrics-elastic_agent.filebeat-testnamespace123", + "metrics-elastic_agent.metricbeat-testnamespace123", ], "privileges": Array [ "auto_configure", "create_doc", ], }, - ], - }, -} -`; - -exports[`getMonitoringPermissions With elastic agent package installed should return default logs permissions if only logs are enabled 1`] = ` -Object { - "_elastic_agent_monitoring": Object { - "indices": Array [ Object { "names": Array [ - "logs-elastic_agent.metricbeat-testnamespace123", + "logs-elastic_agent.filebeat-testnamespace123", ], "privileges": Array [ "auto_configure", @@ -60,7 +60,7 @@ Object { }, Object { "names": Array [ - "logs-elastic_agent.filebeat-testnamespace123", + "metrics-elastic_agent.filebeat-testnamespace123", ], "privileges": Array [ "auto_configure", @@ -99,7 +99,15 @@ Object { } `; -exports[`getMonitoringPermissions Without elastic agent package installed should return default logs and metrics permissions if both are enabled 1`] = ` +exports[`getMonitoringPermissions With elastic agent package installed should return default traces permissions if only traces are enabled 1`] = ` +Object { + "_elastic_agent_monitoring": Object { + "indices": Array [], + }, +} +`; + +exports[`getMonitoringPermissions Without elastic agent package installed should return default logs permissions if only logs are enabled 1`] = ` Object { "_elastic_agent_monitoring": Object { "indices": Array [ @@ -122,23 +130,6 @@ Object { "logs-elastic_agent.pf_host_agent-testnamespace123", "logs-elastic_agent.pf_elastic_collector-testnamespace123", "logs-elastic_agent.pf_elastic_symbolizer-testnamespace123", - "metrics-elastic_agent-testnamespace123", - "metrics-elastic_agent.elastic_agent-testnamespace123", - "metrics-elastic_agent.apm_server-testnamespace123", - "metrics-elastic_agent.filebeat-testnamespace123", - "metrics-elastic_agent.filebeat_input-testnamespace123", - "metrics-elastic_agent.fleet_server-testnamespace123", - "metrics-elastic_agent.metricbeat-testnamespace123", - "metrics-elastic_agent.osquerybeat-testnamespace123", - "metrics-elastic_agent.packetbeat-testnamespace123", - "metrics-elastic_agent.endpoint_security-testnamespace123", - "metrics-elastic_agent.auditbeat-testnamespace123", - "metrics-elastic_agent.heartbeat-testnamespace123", - "metrics-elastic_agent.cloudbeat-testnamespace123", - "metrics-elastic_agent.cloud_defend-testnamespace123", - "metrics-elastic_agent.pf_host_agent-testnamespace123", - "metrics-elastic_agent.pf_elastic_collector-testnamespace123", - "metrics-elastic_agent.pf_elastic_symbolizer-testnamespace123", ], "privileges": Array [ "auto_configure", @@ -150,7 +141,7 @@ Object { } `; -exports[`getMonitoringPermissions Without elastic agent package installed should return default logs permissions if only logs are enabled 1`] = ` +exports[`getMonitoringPermissions Without elastic agent package installed should return default logs, metrics, traces permissions if all are enabled 1`] = ` Object { "_elastic_agent_monitoring": Object { "indices": Array [ @@ -173,6 +164,40 @@ Object { "logs-elastic_agent.pf_host_agent-testnamespace123", "logs-elastic_agent.pf_elastic_collector-testnamespace123", "logs-elastic_agent.pf_elastic_symbolizer-testnamespace123", + "metrics-elastic_agent-testnamespace123", + "metrics-elastic_agent.elastic_agent-testnamespace123", + "metrics-elastic_agent.apm_server-testnamespace123", + "metrics-elastic_agent.filebeat-testnamespace123", + "metrics-elastic_agent.filebeat_input-testnamespace123", + "metrics-elastic_agent.fleet_server-testnamespace123", + "metrics-elastic_agent.metricbeat-testnamespace123", + "metrics-elastic_agent.osquerybeat-testnamespace123", + "metrics-elastic_agent.packetbeat-testnamespace123", + "metrics-elastic_agent.endpoint_security-testnamespace123", + "metrics-elastic_agent.auditbeat-testnamespace123", + "metrics-elastic_agent.heartbeat-testnamespace123", + "metrics-elastic_agent.cloudbeat-testnamespace123", + "metrics-elastic_agent.cloud_defend-testnamespace123", + "metrics-elastic_agent.pf_host_agent-testnamespace123", + "metrics-elastic_agent.pf_elastic_collector-testnamespace123", + "metrics-elastic_agent.pf_elastic_symbolizer-testnamespace123", + "traces-elastic_agent-testnamespace123", + "traces-elastic_agent.elastic_agent-testnamespace123", + "traces-elastic_agent.apm_server-testnamespace123", + "traces-elastic_agent.filebeat-testnamespace123", + "traces-elastic_agent.filebeat_input-testnamespace123", + "traces-elastic_agent.fleet_server-testnamespace123", + "traces-elastic_agent.metricbeat-testnamespace123", + "traces-elastic_agent.osquerybeat-testnamespace123", + "traces-elastic_agent.packetbeat-testnamespace123", + "traces-elastic_agent.endpoint_security-testnamespace123", + "traces-elastic_agent.auditbeat-testnamespace123", + "traces-elastic_agent.heartbeat-testnamespace123", + "traces-elastic_agent.cloudbeat-testnamespace123", + "traces-elastic_agent.cloud_defend-testnamespace123", + "traces-elastic_agent.pf_host_agent-testnamespace123", + "traces-elastic_agent.pf_elastic_collector-testnamespace123", + "traces-elastic_agent.pf_elastic_symbolizer-testnamespace123", ], "privileges": Array [ "auto_configure", @@ -217,3 +242,37 @@ Object { }, } `; + +exports[`getMonitoringPermissions Without elastic agent package installed should return default traces permissions if only traces are enabled 1`] = ` +Object { + "_elastic_agent_monitoring": Object { + "indices": Array [ + Object { + "names": Array [ + "traces-elastic_agent-testnamespace123", + "traces-elastic_agent.elastic_agent-testnamespace123", + "traces-elastic_agent.apm_server-testnamespace123", + "traces-elastic_agent.filebeat-testnamespace123", + "traces-elastic_agent.filebeat_input-testnamespace123", + "traces-elastic_agent.fleet_server-testnamespace123", + "traces-elastic_agent.metricbeat-testnamespace123", + "traces-elastic_agent.osquerybeat-testnamespace123", + "traces-elastic_agent.packetbeat-testnamespace123", + "traces-elastic_agent.endpoint_security-testnamespace123", + "traces-elastic_agent.auditbeat-testnamespace123", + "traces-elastic_agent.heartbeat-testnamespace123", + "traces-elastic_agent.cloudbeat-testnamespace123", + "traces-elastic_agent.cloud_defend-testnamespace123", + "traces-elastic_agent.pf_host_agent-testnamespace123", + "traces-elastic_agent.pf_elastic_collector-testnamespace123", + "traces-elastic_agent.pf_elastic_symbolizer-testnamespace123", + ], + "privileges": Array [ + "auto_configure", + "create_doc", + ], + }, + ], + }, +} +`; diff --git a/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.test.ts b/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.test.ts index 6a084b5dde586..d2ff49b04e340 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.test.ts +++ b/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.test.ts @@ -221,6 +221,7 @@ describe('getFullAgentPolicy', () => { enabled: false, logs: false, metrics: false, + traces: false, }, }, }); @@ -257,6 +258,7 @@ describe('getFullAgentPolicy', () => { enabled: true, logs: true, metrics: false, + traces: false, }, }, }); @@ -293,12 +295,50 @@ describe('getFullAgentPolicy', () => { enabled: true, logs: false, metrics: true, + traces: false, }, }, }); }); - it('should return a policy with monitoring enabled but no logs/metrics if keep_monitoring_alive is true', async () => { + it('should return a policy with monitoring if monitoring is enabled for traces', async () => { + mockAgentPolicy({ + namespace: 'default', + revision: 1, + monitoring_enabled: ['traces'], + }); + const agentPolicy = await getFullAgentPolicy(savedObjectsClientMock.create(), 'agent-policy'); + + expect(agentPolicy).toMatchObject({ + id: 'agent-policy', + outputs: { + default: { + type: 'elasticsearch', + hosts: ['http://127.0.0.1:9201'], + }, + }, + inputs: [], + revision: 1, + fleet: { + hosts: ['http://fleetserver:8220'], + }, + agent: { + download: { + sourceURI: 'http://default-registry.co', + }, + monitoring: { + namespace: 'default', + use_output: 'default', + enabled: true, + logs: false, + metrics: false, + traces: true, + }, + }, + }); + }); + + it('should return a policy with monitoring enabled but no logs/metrics/traces if keep_monitoring_alive is true', async () => { mockAgentPolicy({ keep_monitoring_alive: true, }); @@ -309,6 +349,7 @@ describe('getFullAgentPolicy', () => { enabled: true, logs: false, metrics: false, + traces: false, }); }); @@ -325,6 +366,7 @@ describe('getFullAgentPolicy', () => { { logs: false, metrics: true, + traces: false, }, 'testnamespace' ); @@ -553,6 +595,7 @@ describe('getFullAgentPolicy', () => { enabled: true, logs: false, metrics: true, + traces: false, }, }, }); @@ -590,6 +633,7 @@ describe('getFullAgentPolicy', () => { enabled: true, logs: false, metrics: true, + traces: false, }, features: { fqdn: { @@ -743,6 +787,7 @@ describe('getFullAgentPolicy', () => { enabled: false, logs: false, metrics: false, + traces: false, }, }, fleet: { diff --git a/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.ts b/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.ts index a65b4ce8dc9fd..d00721f08a3d9 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.ts +++ b/x-pack/plugins/fleet/server/services/agent_policies/full_agent_policy.ts @@ -140,12 +140,13 @@ export async function getFullAgentPolicy( enabled: false, logs: false, metrics: false, + traces: false, }; let monitoring: FullAgentPolicyMonitoring = { ...defaultMonitoringConfig }; - // If the agent policy has monitoring enabled for at least one of "logs" or "metrics", generate - // a monitoring config for the resulting compiled agent policy + // If the agent policy has monitoring enabled for at least one of "logs", "metrics", or "traces" + // generate a monitoring config for the resulting compiled agent policy if (agentPolicy.monitoring_enabled && agentPolicy.monitoring_enabled.length > 0) { monitoring = { namespace: agentPolicy.namespace, @@ -153,6 +154,7 @@ export async function getFullAgentPolicy( enabled: true, logs: agentPolicy.monitoring_enabled.includes(dataTypes.Logs), metrics: agentPolicy.monitoring_enabled.includes(dataTypes.Metrics), + traces: agentPolicy.monitoring_enabled.includes(dataTypes.Traces), }; // If the `keep_monitoring_alive` flag is set, enable monitoring but don't enable logs or metrics. // This allows cloud or other environments to keep the monitoring server alive without tearing it down. @@ -161,6 +163,7 @@ export async function getFullAgentPolicy( enabled: true, logs: false, metrics: false, + traces: false, }; } @@ -249,6 +252,7 @@ export async function getFullAgentPolicy( { logs: agentPolicy.monitoring_enabled?.includes(dataTypes.Logs) ?? false, metrics: agentPolicy.monitoring_enabled?.includes(dataTypes.Metrics) ?? false, + traces: agentPolicy.monitoring_enabled?.includes(dataTypes.Traces) ?? false, }, agentPolicy.namespace ); diff --git a/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.test.ts b/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.test.ts index f336fd093c3af..0f72997cc3f2c 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.test.ts +++ b/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.test.ts @@ -19,10 +19,10 @@ const mockedGetPackageInfo = getPackageInfo as jest.Mock { describe('Without elastic agent package installed', () => { - it('should return default logs and metrics permissions if both are enabled', async () => { + it('should return default logs, metrics, traces permissions if all are enabled', async () => { const permissions = await getMonitoringPermissions( savedObjectsClientMock.create(), - { logs: true, metrics: true }, + { logs: true, metrics: true, traces: true }, 'testnamespace123' ); expect(permissions).toMatchSnapshot(); @@ -30,7 +30,7 @@ describe('getMonitoringPermissions', () => { it('should return default logs permissions if only logs are enabled', async () => { const permissions = await getMonitoringPermissions( savedObjectsClientMock.create(), - { logs: true, metrics: false }, + { logs: true, metrics: false, traces: false }, 'testnamespace123' ); expect(permissions).toMatchSnapshot(); @@ -38,16 +38,24 @@ describe('getMonitoringPermissions', () => { it('should return default metrics permissions if only metrics are enabled', async () => { const permissions = await getMonitoringPermissions( savedObjectsClientMock.create(), - { logs: false, metrics: true }, + { logs: false, metrics: true, traces: false }, + 'testnamespace123' + ); + expect(permissions).toMatchSnapshot(); + }); + it('should return default traces permissions if only traces are enabled', async () => { + const permissions = await getMonitoringPermissions( + savedObjectsClientMock.create(), + { logs: false, metrics: false, traces: true }, 'testnamespace123' ); expect(permissions).toMatchSnapshot(); }); - it('should an empty valid permission entry if neither metrics and logs are enabled', async () => { + it('should an empty valid permission entry if neither metrics, logs, nor traces are enabled', async () => { const permissions = await getMonitoringPermissions( savedObjectsClientMock.create(), - { logs: false, metrics: false }, + { logs: false, metrics: false, traces: false }, 'testnamespace123' ); expect(permissions).toEqual({ _elastic_agent_monitoring: { indices: [] } }); @@ -82,10 +90,10 @@ describe('getMonitoringPermissions', () => { ], } as PackageInfo); }); - it('should return default logs and metrics permissions if both are enabled', async () => { + it('should return default logs, metrics, traces permissions if all are enabled', async () => { const permissions = await getMonitoringPermissions( savedObjectsClientMock.create(), - { logs: true, metrics: true }, + { logs: true, metrics: true, traces: true }, 'testnamespace123' ); expect(permissions).toMatchSnapshot(); @@ -93,7 +101,7 @@ describe('getMonitoringPermissions', () => { it('should return default logs permissions if only logs are enabled', async () => { const permissions = await getMonitoringPermissions( savedObjectsClientMock.create(), - { logs: true, metrics: false }, + { logs: true, metrics: false, traces: false }, 'testnamespace123' ); expect(permissions).toMatchSnapshot(); @@ -101,7 +109,15 @@ describe('getMonitoringPermissions', () => { it('should return default metrics permissions if only metrics are enabled', async () => { const permissions = await getMonitoringPermissions( savedObjectsClientMock.create(), - { logs: false, metrics: true }, + { logs: false, metrics: true, traces: false }, + 'testnamespace123' + ); + expect(permissions).toMatchSnapshot(); + }); + it('should return default traces permissions if only traces are enabled', async () => { + const permissions = await getMonitoringPermissions( + savedObjectsClientMock.create(), + { logs: false, metrics: false, traces: true }, 'testnamespace123' ); expect(permissions).toMatchSnapshot(); diff --git a/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.ts b/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.ts index 0729367c2b65b..e03a8e19eb120 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.ts +++ b/x-pack/plugins/fleet/server/services/agent_policies/monitoring_permissions.ts @@ -18,7 +18,10 @@ import { dataTypes } from '../../../common/constants'; import { getDataStreamPrivileges } from './package_policies_to_agent_permissions'; -function buildDefault(enabled: { logs: boolean; metrics: boolean }, namespace: string) { +function buildDefault( + enabled: { logs: boolean; metrics: boolean; traces: boolean }, + namespace: string +) { let names: string[] = []; if (enabled.logs) { names = names.concat( @@ -30,6 +33,11 @@ function buildDefault(enabled: { logs: boolean; metrics: boolean }, namespace: s AGENT_POLICY_DEFAULT_MONITORING_DATASETS.map((dataset) => `metrics-${dataset}-${namespace}`) ); } + if (enabled.traces) { + names = names.concat( + AGENT_POLICY_DEFAULT_MONITORING_DATASETS.map((dataset) => `traces-${dataset}-${namespace}`) + ); + } if (names.length === 0) { return { @@ -53,7 +61,7 @@ function buildDefault(enabled: { logs: boolean; metrics: boolean }, namespace: s export async function getMonitoringPermissions( soClient: SavedObjectsClientContract, - enabled: { logs: boolean; metrics: boolean }, + enabled: { logs: boolean; metrics: boolean; traces: boolean }, namespace: string ): Promise { const installation = await getInstallation({ @@ -85,6 +93,9 @@ export async function getMonitoringPermissions( if (ds.type === dataTypes.Metrics && !enabled.metrics) { return; } + if (ds.type === dataTypes.Traces && !enabled.traces) { + return; + } return getDataStreamPrivileges(ds, namespace); }) .filter(