Add extra protection against accessing null fields to 8.5 migration (#…

…1921)
elastic · Sep 29, 2022 · 445168e · 445168e
1 parent 129ea1c
commit 445168e
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/cmd/fleet/main.go b/cmd/fleet/main.go
@@ -106,7 +106,7 @@ func initLogger(cfg *config.Config, version, commit string) (*logger.Logger, err
 		Str("exe", os.Args[0]).
 		Strs("args", os.Args[1:]).
 		Msg("Boot fleet-server")
-	log.Debug().Strs("env", os.Environ()).Msg("environment")
+	log.Debug().Strs("env", os.Environ()).Msg("environment variables")
 
 	return l, err
 }
@@ -832,7 +832,7 @@ func (f *FleetServer) runSubsystems(ctx context.Context, cfg *config.Config, g *
 		return dl.Migrate(ctx, bulker)
 	})
 	if err = loggedMigration(); err != nil {
-		return fmt.Errorf("failed to run subsystems: %w", err)
+		return fmt.Errorf("failed to run migrations: %w", err)
 	}
 
 	// Run scheduler for periodic GC/cleanup

diff --git a/internal/pkg/dl/migration.go b/internal/pkg/dl/migration.go
@@ -61,11 +61,16 @@ func migrate(ctx context.Context, bulker bulk.Bulk, fn migrationBodyFn) (int, er
 	for {
 		name, index, body, err := fn()
 		if err != nil {
-			return updatedDocs, fmt.Errorf(": %w", err)
+			return updatedDocs,
+				fmt.Errorf("failed to prepare request for migration %s: %w",
+					name, err)
 		}
 
 		resp, err := applyMigration(ctx, name, index, bulker, body)
 		if err != nil {
+			log.Err(err).
+				Bytes("http.request.body.content", body).
+				Msgf("migration %s failed: %w", err)
 			return updatedDocs, fmt.Errorf("failed to apply migration %q: %w",
 				name, err)
 		}
@@ -239,7 +244,9 @@ map.put("id", ctx._source.default_api_key_id);
 
 // Make current API key empty, so fleet-server will generate a new one
 // Add current API jey to be retired
-ctx._source['` + fieldOutputs + `']['default'].to_retire_api_key_ids.add(map);
+if (ctx._source['` + fieldOutputs + `']['default'].to_retire_api_key_ids != null) {
+	ctx._source['` + fieldOutputs + `']['default'].to_retire_api_key_ids.add(map);
+}
 ctx._source['` + fieldOutputs + `']['default'].api_key="";
 ctx._source['` + fieldOutputs + `']['default'].api_key_id="";
 ctx._source['` + fieldOutputs + `']['default'].permissions_hash=ctx._source.policy_output_permissions_hash;
@@ -273,10 +280,13 @@ func migratePolicyCoordinatorIdx() (string, string, []byte, error) {
 
 	query := dsl.NewRoot()
 	query.Query().MatchAll()
-	query.Param("script", `ctx._source.coordinator_idx++;`)
+	painless := `ctx._source.coordinator_idx++;`
+	query.Param("script", painless)
 
 	body, err := query.MarshalJSON()
 	if err != nil {
+		log.Debug().Str("painlessScript", painless).
+			Msgf("%s: failed painless script", migrationName)
 		return migrationName, FleetPolicies, nil, fmt.Errorf("could not marshal ES query: %w", err)
 	}