diff --git a/x-pack/plugins/fleet/server/routes/agent/request_diagnostics_handler.ts b/x-pack/plugins/fleet/server/routes/agent/request_diagnostics_handler.ts index a87b21ab89352..b59d38d947860 100644 --- a/x-pack/plugins/fleet/server/routes/agent/request_diagnostics_handler.ts +++ b/x-pack/plugins/fleet/server/routes/agent/request_diagnostics_handler.ts @@ -40,6 +40,7 @@ export const requestDiagnosticsHandler: RequestHandler< const result = await AgentService.requestDiagnostics( esClient, + soClient, request.params.agentId, request.body?.additional_metrics ); diff --git a/x-pack/plugins/fleet/server/services/agents/actions.ts b/x-pack/plugins/fleet/server/services/agents/actions.ts index 11c7174e09312..f0dcd9a1ac62d 100644 --- a/x-pack/plugins/fleet/server/services/agents/actions.ts +++ b/x-pack/plugins/fleet/server/services/agents/actions.ts @@ -313,7 +313,7 @@ export async function cancelAgentAction( soClient: SavedObjectsClientContract, actionId: string ) { - const currentNameSpace = getCurrentNamespace(soClient); + const currentSpaceId = getCurrentNamespace(soClient); const getUpgradeActions = async () => { const query = { @@ -329,7 +329,7 @@ export async function cancelAgentAction( }; const res = await esClient.search({ index: AGENT_ACTIONS_INDEX, - query: await addNamespaceFilteringToQuery(query, currentNameSpace), + query: await addNamespaceFilteringToQuery(query, currentSpaceId), size: SO_SEARCH_LIMIT, }); @@ -358,12 +358,10 @@ export async function cancelAgentAction( const cancelledActions: Array<{ agents: string[] }> = []; const createAction = async (action: FleetServerAgentAction) => { - const namespaces = currentNameSpace ? { namespaces: [currentNameSpace] } : {}; - await createAgentAction(esClient, { id: cancelActionId, type: 'CANCEL', - ...namespaces, + namespaces: [currentSpaceId], agents: action.agents!, data: { target_id: action.action_id, diff --git a/x-pack/plugins/fleet/server/services/agents/crud.ts b/x-pack/plugins/fleet/server/services/agents/crud.ts index 847d0dd8335c6..541829f32deb2 100644 --- a/x-pack/plugins/fleet/server/services/agents/crud.ts +++ b/x-pack/plugins/fleet/server/services/agents/crud.ts @@ -433,7 +433,7 @@ async function _filterAgents( }> { const { page = 1, perPage = 20, sortField = 'enrolled_at', sortOrder = 'desc' } = options; const runtimeFields = await buildAgentStatusRuntimeField(soClient); - const currentNameSpace = getCurrentNamespace(soClient); + const currentSpaceId = getCurrentNamespace(soClient); let res; try { @@ -445,7 +445,7 @@ async function _filterAgents( runtime_mappings: runtimeFields, fields: Object.keys(runtimeFields), sort: [{ [sortField]: { order: sortOrder } }], - query: await addNamespaceFilteringToQuery({ bool: { filter: [query] } }, currentNameSpace), + query: await addNamespaceFilteringToQuery({ bool: { filter: [query] } }, currentSpaceId), index: AGENTS_INDEX, ignore_unavailable: true, }); diff --git a/x-pack/plugins/fleet/server/services/agents/reassign.ts b/x-pack/plugins/fleet/server/services/agents/reassign.ts index d5a4d2ab67525..89222f4773f90 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign.ts @@ -78,8 +78,7 @@ export async function reassignAgent( policy_revision: null, }); - const currentNameSpace = getCurrentNamespace(soClient); - const namespaces = currentNameSpace ? { namespaces: [currentNameSpace] } : {}; + const currentSpaceId = getCurrentNamespace(soClient); await createAgentAction(esClient, { agents: [agentId], @@ -88,7 +87,7 @@ export async function reassignAgent( data: { policy_id: newAgentPolicyId, }, - ...namespaces, + namespaces: [currentSpaceId], }); } @@ -103,7 +102,7 @@ export async function reassignAgents( ): Promise<{ actionId: string }> { await verifyNewAgentPolicy(soClient, newAgentPolicyId); - const currentNameSpace = getCurrentNamespace(soClient); + const currentSpaceId = getCurrentNamespace(soClient); const outgoingErrors: Record = {}; let givenAgents: Agent[] = []; if ('agents' in options) { @@ -121,7 +120,7 @@ export async function reassignAgents( } } else if ('kuery' in options) { const batchSize = options.batchSize ?? SO_SEARCH_LIMIT; - const namespaceFilter = await agentsKueryNamespaceFilter(currentNameSpace); + const namespaceFilter = await agentsKueryNamespaceFilter(currentSpaceId); const kuery = namespaceFilter ? `${namespaceFilter} AND ${options.kuery}` : options.kuery; const res = await getAgentsByKuery(esClient, soClient, { kuery, @@ -138,7 +137,7 @@ export async function reassignAgents( soClient, { ...options, - spaceId: currentNameSpace, + spaceId: currentSpaceId, batchSize, total: res.total, newAgentPolicyId, @@ -150,7 +149,7 @@ export async function reassignAgents( return await reassignBatch( esClient, - { newAgentPolicyId, spaceId: currentNameSpace }, + { newAgentPolicyId, spaceId: currentSpaceId }, givenAgents, outgoingErrors ); diff --git a/x-pack/plugins/fleet/server/services/agents/reassign_action_runner.ts b/x-pack/plugins/fleet/server/services/agents/reassign_action_runner.ts index cd9183b0771bc..364a6a5433af2 100644 --- a/x-pack/plugins/fleet/server/services/agents/reassign_action_runner.ts +++ b/x-pack/plugins/fleet/server/services/agents/reassign_action_runner.ts @@ -89,7 +89,7 @@ export async function reassignBatch( const actionId = options.actionId ?? uuidv4(); const total = options.total ?? givenAgents.length; const now = new Date().toISOString(); - const namespaces = spaceId ? { namespaces: [spaceId] } : {}; + const namespaces = spaceId ? [spaceId] : []; await createAgentAction(esClient, { id: actionId, @@ -100,7 +100,7 @@ export async function reassignBatch( data: { policy_id: options.newAgentPolicyId, }, - ...namespaces, + namespaces, }); await createErrorActionResults( diff --git a/x-pack/plugins/fleet/server/services/agents/request_diagnostics.test.ts b/x-pack/plugins/fleet/server/services/agents/request_diagnostics.test.ts index 7010b1f2c3b1e..7f6af525695cd 100644 --- a/x-pack/plugins/fleet/server/services/agents/request_diagnostics.test.ts +++ b/x-pack/plugins/fleet/server/services/agents/request_diagnostics.test.ts @@ -28,8 +28,8 @@ describe('requestDiagnostics', () => { describe('requestDiagnostics (singular)', () => { it('can request diagnostics for single agent', async () => { - const { esClient, agentInRegularDoc } = createClientMock(); - await requestDiagnostics(esClient, agentInRegularDoc._id); + const { soClient, esClient, agentInRegularDoc } = createClientMock(); + await requestDiagnostics(esClient, soClient, agentInRegularDoc._id); expect(esClient.create).toHaveBeenCalledWith( expect.objectContaining({ diff --git a/x-pack/plugins/fleet/server/services/agents/request_diagnostics.ts b/x-pack/plugins/fleet/server/services/agents/request_diagnostics.ts index 323af2ad29314..c4f0e1f0591ad 100644 --- a/x-pack/plugins/fleet/server/services/agents/request_diagnostics.ts +++ b/x-pack/plugins/fleet/server/services/agents/request_diagnostics.ts @@ -11,6 +11,10 @@ import type { RequestDiagnosticsAdditionalMetrics } from '../../../common/types' import { SO_SEARCH_LIMIT, REQUEST_DIAGNOSTICS_TIMEOUT_MS } from '../../constants'; +import { getCurrentNamespace } from '../spaces/get_current_namespace'; + +import { agentsKueryNamespaceFilter } from '../spaces/agent_namespaces'; + import type { GetAgentsOptions } from '.'; import { getAgents, getAgentsByKuery } from './crud'; import { createAgentAction } from './actions'; @@ -22,9 +26,12 @@ import { export async function requestDiagnostics( esClient: ElasticsearchClient, + soClient: SavedObjectsClientContract, agentId: string, additionalMetrics?: RequestDiagnosticsAdditionalMetrics[] ): Promise<{ actionId: string }> { + const currentSpaceId = getCurrentNamespace(soClient); + const response = await createAgentAction(esClient, { agents: [agentId], created_at: new Date().toISOString(), @@ -33,6 +40,7 @@ export async function requestDiagnostics( data: { additional_metrics: additionalMetrics, }, + namespaces: [currentSpaceId], }); return { actionId: response.id }; } @@ -45,24 +53,29 @@ export async function bulkRequestDiagnostics( additionalMetrics?: RequestDiagnosticsAdditionalMetrics[]; } ): Promise<{ actionId: string }> { + const currentSpaceId = getCurrentNamespace(soClient); + if ('agentIds' in options) { const givenAgents = await getAgents(esClient, soClient, options); return await requestDiagnosticsBatch(esClient, givenAgents, { additionalMetrics: options.additionalMetrics, + spaceId: currentSpaceId, }); } const batchSize = options.batchSize ?? SO_SEARCH_LIMIT; + const namespaceFilter = await agentsKueryNamespaceFilter(currentSpaceId); + const kuery = namespaceFilter ? `${namespaceFilter} AND ${options.kuery}` : options.kuery; const res = await getAgentsByKuery(esClient, soClient, { - kuery: options.kuery, + kuery, showInactive: false, page: 1, perPage: batchSize, }); if (res.total <= batchSize) { - const givenAgents = await getAgents(esClient, soClient, options); - return await requestDiagnosticsBatch(esClient, givenAgents, { + return await requestDiagnosticsBatch(esClient, res.agents, { additionalMetrics: options.additionalMetrics, + spaceId: currentSpaceId, }); } else { return await new RequestDiagnosticsActionRunner( @@ -72,6 +85,7 @@ export async function bulkRequestDiagnostics( ...options, batchSize, total: res.total, + spaceId: currentSpaceId, }, { pitId: await openPointInTime(esClient) } ).runActionAsyncWithRetry(); diff --git a/x-pack/plugins/fleet/server/services/agents/request_diagnostics_action_runner.ts b/x-pack/plugins/fleet/server/services/agents/request_diagnostics_action_runner.ts index 073297fabe8fa..ecdcc8a59688c 100644 --- a/x-pack/plugins/fleet/server/services/agents/request_diagnostics_action_runner.ts +++ b/x-pack/plugins/fleet/server/services/agents/request_diagnostics_action_runner.ts @@ -39,6 +39,7 @@ export async function requestDiagnosticsBatch( actionId?: string; total?: number; additionalMetrics?: RequestDiagnosticsAdditionalMetrics[]; + spaceId?: string; } ): Promise<{ actionId: string }> { const errors: Record = {}; @@ -56,6 +57,8 @@ export async function requestDiagnosticsBatch( }); const agentIds = givenAgents.map((agent) => agent.id); + const spaceId = options.spaceId; + const namespaces = spaceId ? [spaceId] : []; await createAgentAction(esClient, { id: actionId, @@ -67,6 +70,7 @@ export async function requestDiagnosticsBatch( data: { additional_metrics: options.additionalMetrics, }, + namespaces, }); await createErrorActionResults( diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll.ts b/x-pack/plugins/fleet/server/services/agents/unenroll.ts index e2c2a17c4d2ad..01b26d1f40fcd 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll.ts @@ -12,6 +12,8 @@ import { v4 as uuidv4 } from 'uuid'; import type { Agent } from '../../types'; import { HostedAgentPolicyRestrictionRelatedError } from '../../errors'; import { SO_SEARCH_LIMIT } from '../../constants'; +import { getCurrentNamespace } from '../spaces/get_current_namespace'; +import { agentsKueryNamespaceFilter } from '../spaces/agent_namespaces'; import { createAgentAction } from './actions'; import type { GetAgentsOptions } from './crud'; @@ -49,6 +51,7 @@ export async function unenrollAgent( revoke?: boolean; } ) { + await getAgentById(esClient, soClient, agentId); // throw 404 if agent not in namespace if (!options?.force) { await unenrollAgentIsAllowed(soClient, esClient, agentId); } @@ -56,10 +59,12 @@ export async function unenrollAgent( return forceUnenrollAgent(esClient, soClient, agentId); } const now = new Date().toISOString(); + const currentSpaceId = getCurrentNamespace(soClient); await createAgentAction(esClient, { agents: [agentId], created_at: now, type: 'UNENROLL', + namespaces: [currentSpaceId], }); await updateAgent(esClient, agentId, { unenrollment_started_at: now, @@ -76,27 +81,37 @@ export async function unenrollAgents( showInactive?: boolean; } ): Promise<{ actionId: string }> { + const spaceId = getCurrentNamespace(soClient); + if ('agentIds' in options) { const givenAgents = await getAgents(esClient, soClient, options); - return await unenrollBatch(soClient, esClient, givenAgents, options); + return await unenrollBatch(soClient, esClient, givenAgents, { + ...options, + spaceId, + }); } const batchSize = options.batchSize ?? SO_SEARCH_LIMIT; + const namespaceFilter = await agentsKueryNamespaceFilter(spaceId); + const kuery = namespaceFilter ? `${namespaceFilter} AND ${options.kuery}` : options.kuery; const res = await getAgentsByKuery(esClient, soClient, { - kuery: options.kuery, + kuery, showInactive: options.showInactive ?? false, page: 1, perPage: batchSize, }); if (res.total <= batchSize) { - const givenAgents = await getAgents(esClient, soClient, options); - return await unenrollBatch(soClient, esClient, givenAgents, options); + return await unenrollBatch(soClient, esClient, res.agents, { + ...options, + spaceId, + }); } else { return await new UnenrollActionRunner( esClient, soClient, { ...options, + spaceId, batchSize, total: res.total, }, @@ -120,5 +135,5 @@ export async function forceUnenrollAgent( active: false, unenrolled_at: new Date().toISOString(), }); - await updateActionsForForceUnenroll(esClient, [agent.id], uuidv4(), 1); + await updateActionsForForceUnenroll(esClient, soClient, [agent.id], uuidv4(), 1); } diff --git a/x-pack/plugins/fleet/server/services/agents/unenroll_action_runner.ts b/x-pack/plugins/fleet/server/services/agents/unenroll_action_runner.ts index 8aae49b754ef7..d4e9d25942385 100644 --- a/x-pack/plugins/fleet/server/services/agents/unenroll_action_runner.ts +++ b/x-pack/plugins/fleet/server/services/agents/unenroll_action_runner.ts @@ -19,6 +19,8 @@ import { invalidateAPIKeys } from '../api_keys'; import { appContextService } from '../app_context'; +import { getCurrentNamespace } from '../spaces/get_current_namespace'; + import { ActionRunner } from './action_runner'; import { bulkUpdateAgents } from './crud'; @@ -61,6 +63,7 @@ export async function unenrollBatch( revoke?: boolean; actionId?: string; total?: number; + spaceId?: string; } ): Promise<{ actionId: string }> { const hostedPolicies = await getHostedPolicies(soClient, givenAgents); @@ -100,11 +103,14 @@ export async function unenrollBatch( const agentIds = agentsToUpdate.map((agent) => agent.id); + const spaceId = options.spaceId; + const namespaces = spaceId ? [spaceId] : []; + if (options.revoke) { // Get all API keys that need to be invalidated await invalidateAPIKeysForAgents(agentsToUpdate); - await updateActionsForForceUnenroll(esClient, agentIds, actionId, total); + await updateActionsForForceUnenroll(esClient, soClient, agentIds, actionId, total); } else { // Create unenroll action for each agent await createAgentAction(esClient, { @@ -113,6 +119,7 @@ export async function unenrollBatch( created_at: now, type: 'UNENROLL', total, + namespaces, }); } @@ -130,17 +137,20 @@ export async function unenrollBatch( export async function updateActionsForForceUnenroll( esClient: ElasticsearchClient, + soClient: SavedObjectsClientContract, agentIds: string[], actionId: string, total: number ) { // creating an action doc so that force unenroll shows up in activity + const currentSpaceId = getCurrentNamespace(soClient); await createAgentAction(esClient, { id: actionId, agents: agentIds, created_at: new Date().toISOString(), type: 'FORCE_UNENROLL', total, + namespaces: [currentSpaceId], }); await bulkCreateAgentActionResults( esClient, diff --git a/x-pack/plugins/fleet/server/services/agents/update_agent_tags.ts b/x-pack/plugins/fleet/server/services/agents/update_agent_tags.ts index 4e42ac121ccca..2293130ed5148 100644 --- a/x-pack/plugins/fleet/server/services/agents/update_agent_tags.ts +++ b/x-pack/plugins/fleet/server/services/agents/update_agent_tags.ts @@ -12,7 +12,7 @@ import { AgentReassignmentError } from '../../errors'; import { SO_SEARCH_LIMIT } from '../../constants'; -import { agentsKueryNamespaceFilter, isAgentInNamespace } from '../spaces/agent_namespaces'; +import { agentsKueryNamespaceFilter } from '../spaces/agent_namespaces'; import { getCurrentNamespace } from '../spaces/get_current_namespace'; @@ -27,7 +27,7 @@ export async function updateAgentTags( tagsToAdd: string[], tagsToRemove: string[] ): Promise<{ actionId: string }> { - const currentNameSpace = getCurrentNamespace(soClient); + const currentSpaceId = getCurrentNamespace(soClient); const outgoingErrors: Record = {}; const givenAgents: Agent[] = []; @@ -38,17 +38,13 @@ export async function updateAgentTags( outgoingErrors[maybeAgent.id] = new AgentReassignmentError( `Cannot find agent ${maybeAgent.id}` ); - } else if ((await isAgentInNamespace(maybeAgent, currentNameSpace)) !== true) { - outgoingErrors[maybeAgent.id] = new AgentReassignmentError( - `Agent ${maybeAgent.id} is not in the current space` - ); } else { givenAgents.push(maybeAgent); } } } else if ('kuery' in options) { const batchSize = options.batchSize ?? SO_SEARCH_LIMIT; - const namespaceFilter = await agentsKueryNamespaceFilter(currentNameSpace); + const namespaceFilter = await agentsKueryNamespaceFilter(currentSpaceId); const filters = namespaceFilter ? [namespaceFilter] : []; if (options.kuery !== '') { @@ -76,6 +72,7 @@ export async function updateAgentTags( soClient, { ...options, + spaceId: currentSpaceId, kuery, tagsToAdd, tagsToRemove, @@ -86,15 +83,9 @@ export async function updateAgentTags( ).runActionAsyncWithRetry(); } - return await updateTagsBatch( - soClient, - esClient, - givenAgents, - outgoingErrors, - { - tagsToAdd, - tagsToRemove, - }, - currentNameSpace - ); + return await updateTagsBatch(soClient, esClient, givenAgents, outgoingErrors, { + tagsToAdd, + tagsToRemove, + spaceId: currentSpaceId, + }); } diff --git a/x-pack/plugins/fleet/server/services/agents/update_agent_tags_action_runner.ts b/x-pack/plugins/fleet/server/services/agents/update_agent_tags_action_runner.ts index bb3b5f71cb222..309aa80f4d8c2 100644 --- a/x-pack/plugins/fleet/server/services/agents/update_agent_tags_action_runner.ts +++ b/x-pack/plugins/fleet/server/services/agents/update_agent_tags_action_runner.ts @@ -36,6 +36,7 @@ export class UpdateAgentTagsActionRunner extends ActionRunner { tagsToRemove: this.actionParams?.tagsToRemove, actionId: this.actionParams.actionId, total: this.actionParams.total, + spaceId: this.actionParams.spaceId, } ); } @@ -61,8 +62,8 @@ export async function updateTagsBatch( total?: number; kuery?: string; retryCount?: number; - }, - spaceId?: string + spaceId?: string; + } ): Promise<{ actionId: string; updated?: number; took?: number }> { const errors: Record = { ...outgoingErrors }; const hostedAgentError = `Cannot modify tags on a hosted agent`; @@ -150,7 +151,8 @@ export async function updateTagsBatch( const versionConflictCount = res.version_conflicts ?? 0; const versionConflictIds = isLastRetry ? getUuidArray(versionConflictCount) : []; - const namespaces = spaceId ? { namespaces: [spaceId] } : {}; + const spaceId = options.spaceId; + const namespaces = spaceId ? [spaceId] : []; // creating an action doc so that update tags shows up in activity // the logic only saves agent count in the action that updated, failed or in case of last retry, conflicted @@ -160,7 +162,7 @@ export async function updateTagsBatch( agents: updatedIds .concat(failures.map((failure) => failure.id)) .concat(isLastRetry ? versionConflictIds : []), - ...namespaces, + namespaces, created_at: new Date().toISOString(), type: 'UPDATE_TAGS', total: options.total ?? res.total, @@ -180,7 +182,7 @@ export async function updateTagsBatch( updatedIds.map((id) => ({ agentId: id, actionId, - ...namespaces, + namespaces, })) ); appContextService.getLogger().debug(`action updated result wrote on ${updatedCount} agents`); diff --git a/x-pack/plugins/fleet/server/services/agents/upgrade.ts b/x-pack/plugins/fleet/server/services/agents/upgrade.ts index 40d676a68e24d..c5e4fdc1134f0 100644 --- a/x-pack/plugins/fleet/server/services/agents/upgrade.ts +++ b/x-pack/plugins/fleet/server/services/agents/upgrade.ts @@ -46,8 +46,7 @@ export async function sendUpgradeAgentAction({ ); } - const currentNameSpace = getCurrentNamespace(soClient); - const namespaces = currentNameSpace ? { namespaces: [currentNameSpace] } : {}; + const currentSpaceId = getCurrentNamespace(soClient); await createAgentAction(esClient, { agents: [agentId], @@ -55,7 +54,7 @@ export async function sendUpgradeAgentAction({ data, ack_data: data, type: 'UPGRADE', - ...namespaces, + namespaces: [currentSpaceId], }); await updateAgent(esClient, agentId, { upgraded_at: null, @@ -76,7 +75,7 @@ export async function sendUpgradeAgentsActions( batchSize?: number; } ): Promise<{ actionId: string }> { - const currentNameSpace = getCurrentNamespace(soClient); + const currentSpaceId = getCurrentNamespace(soClient); // Full set of agents const outgoingErrors: Record = {}; let givenAgents: Agent[] = []; @@ -96,7 +95,7 @@ export async function sendUpgradeAgentsActions( } } else if ('kuery' in options) { const batchSize = options.batchSize ?? SO_SEARCH_LIMIT; - const namespaceFilter = await agentsKueryNamespaceFilter(currentNameSpace); + const namespaceFilter = await agentsKueryNamespaceFilter(currentSpaceId); const kuery = namespaceFilter ? `${namespaceFilter} AND ${options.kuery}` : options.kuery; const res = await getAgentsByKuery(esClient, soClient, { @@ -116,12 +115,12 @@ export async function sendUpgradeAgentsActions( ...options, batchSize, total: res.total, - spaceId: currentNameSpace, + spaceId: currentSpaceId, }, { pitId: await openPointInTime(esClient) } ).runActionAsyncWithRetry(); } } - return await upgradeBatch(esClient, givenAgents, outgoingErrors, options, currentNameSpace); + return await upgradeBatch(esClient, givenAgents, outgoingErrors, options, currentSpaceId); } diff --git a/x-pack/plugins/fleet/server/services/agents/upgrade_action_runner.ts b/x-pack/plugins/fleet/server/services/agents/upgrade_action_runner.ts index a11b43a5b3ee2..b4c2d600062df 100644 --- a/x-pack/plugins/fleet/server/services/agents/upgrade_action_runner.ts +++ b/x-pack/plugins/fleet/server/services/agents/upgrade_action_runner.ts @@ -174,7 +174,7 @@ export async function upgradeBatch( const actionId = options.actionId ?? uuidv4(); const total = options.total ?? givenAgents.length; - const namespaces = spaceId ? { namespaces: [spaceId] } : {}; + const namespaces = spaceId ? [spaceId] : []; await createAgentAction(esClient, { id: actionId, @@ -185,7 +185,7 @@ export async function upgradeBatch( total, agents: agentsToUpdate.map((agent) => agent.id), ...rollingUpgradeOptions, - ...namespaces, + namespaces, }); await createErrorActionResults( diff --git a/x-pack/plugins/fleet/server/services/spaces/get_current_namespace.ts b/x-pack/plugins/fleet/server/services/spaces/get_current_namespace.ts index 534e21ad44ae8..e6ffc40264fee 100644 --- a/x-pack/plugins/fleet/server/services/spaces/get_current_namespace.ts +++ b/x-pack/plugins/fleet/server/services/spaces/get_current_namespace.ts @@ -11,6 +11,7 @@ import type { SavedObjectsClientContract } from '@kbn/core/server'; /* * soClient.getCurrentNamespace() returns undefined in the default space. * This helper returns the name of the current space and 'default' in the default space. + * Note: this refers to the current Kibana space, not to be confused with datastream namespaces. */ export function getCurrentNamespace(soClient: SavedObjectsClientContract) { return soClient.getCurrentNamespace() ?? DEFAULT_NAMESPACE_STRING; diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/actions.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/actions.ts index 14c3dff338955..59fb305387506 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/actions.ts +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/actions.ts @@ -10,7 +10,12 @@ import { AGENT_POLICY_INDEX, CreateAgentPolicyResponse } from '@kbn/fleet-plugin import { FtrProviderContext } from '../../../api_integration/ftr_provider_context'; import { skipIfNoDockerRegistry } from '../../helpers'; import { SpaceTestApiClient } from './api_helper'; -import { cleanFleetActionIndices, cleanFleetIndices, createFleetAgent } from './helpers'; +import { + cleanFleetActionIndices, + cleanFleetAgentPolicies, + cleanFleetIndices, + createFleetAgent, +} from './helpers'; import { setupTestSpaces, TEST_SPACE_1 } from './space_helpers'; export default function (providerContext: FtrProviderContext) { @@ -33,6 +38,7 @@ export default function (providerContext: FtrProviderContext) { beforeEach(async () => { await cleanFleetActionIndices(esClient); + await cleanFleetAgentPolicies(esClient); }); after(async () => { @@ -100,6 +106,7 @@ export default function (providerContext: FtrProviderContext) { ); expect(actionStatusInDefaultSpace.items[0].type).to.eql('UPDATE_TAGS'); expect(actionStatusInDefaultSpace.items[0].nbAgentsActioned).to.eql(2); + expect(actionStatusInDefaultSpace.items[0].nbAgentsActionCreated).to.eql(2); expect(actionStatusInDefaultSpace.items[0].status).to.eql('COMPLETE'); const actionStatusInCustomSpace = await apiClient.getActionStatus(TEST_SPACE_1); @@ -132,6 +139,7 @@ export default function (providerContext: FtrProviderContext) { ); expect(actionStatusInCustomSpace.items[0].type).to.eql('UPDATE_TAGS'); expect(actionStatusInCustomSpace.items[0].nbAgentsActioned).to.eql(2); + expect(actionStatusInCustomSpace.items[0].nbAgentsActionCreated).to.eql(2); expect(actionStatusInCustomSpace.items[0].status).to.eql('COMPLETE'); }); @@ -174,6 +182,7 @@ export default function (providerContext: FtrProviderContext) { 'nbAgentsFailed' ); expect(actionStatusInDefaultSpace.items[0].type).to.eql('POLICY_CHANGE'); + expect(actionStatusInDefaultSpace.items[0].nbAgentsActionCreated).to.eql(2); expect(actionStatusInDefaultSpace.items[0].nbAgentsActioned).to.eql(2); const actionStatusInCustomSpace = await apiClient.getActionStatus(TEST_SPACE_1); @@ -209,6 +218,7 @@ export default function (providerContext: FtrProviderContext) { 'nbAgentsFailed' ); expect(actionStatusInCustomSpace.items[0].type).to.eql('POLICY_CHANGE'); + expect(actionStatusInCustomSpace.items[0].nbAgentsActionCreated).to.eql(2); expect(actionStatusInCustomSpace.items[0].nbAgentsActioned).to.eql(2); }); }); @@ -251,7 +261,7 @@ export default function (providerContext: FtrProviderContext) { }); }); - describe('post /agents/actions/{actionId}/cancel', () => { + describe('POST /agents/actions/{actionId}/cancel', () => { it('should return 200 and a CANCEL action if the action is in the same space', async () => { // Create UPDATE_TAGS action for agents in custom space await apiClient.bulkUpdateAgentTags( diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/agents.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/agents.ts index f41f83f71ccb7..851e8f44c0654 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/agents.ts +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/agents.ts @@ -6,11 +6,16 @@ */ import expect from '@kbn/expect'; -import { CreateAgentPolicyResponse, GetAgentsResponse } from '@kbn/fleet-plugin/common'; +import { + AGENTS_INDEX, + CreateAgentPolicyResponse, + GetAgentsResponse, +} from '@kbn/fleet-plugin/common'; import { FtrProviderContext } from '../../../api_integration/ftr_provider_context'; import { skipIfNoDockerRegistry } from '../../helpers'; import { SpaceTestApiClient } from './api_helper'; import { + cleanFleetActionIndices, cleanFleetAgents, cleanFleetIndices, createFleetAgent, @@ -45,6 +50,7 @@ export default function (providerContext: FtrProviderContext) { }); setupTestSpaces(providerContext); + let defaultSpacePolicy1: CreateAgentPolicyResponse; let defaultSpacePolicy2: CreateAgentPolicyResponse; let spaceTest1Policy1: CreateAgentPolicyResponse; @@ -79,6 +85,7 @@ export default function (providerContext: FtrProviderContext) { before(async () => { await apiClient.postEnableSpaceAwareness(); + const [_defaultSpacePolicy1, _defaultSpacePolicy2, _spaceTest1Policy1, _spaceTest1Policy2] = await Promise.all([ apiClient.createAgentPolicy(), @@ -94,7 +101,16 @@ export default function (providerContext: FtrProviderContext) { await createAgents(); }); - describe('GET /agent', () => { + beforeEach(async () => { + await cleanFleetActionIndices(esClient); + }); + + async function verifyNoAgentActions(spaceId?: string) { + const actionStatus = await apiClient.getActionStatus(spaceId); + expect(actionStatus.items.length).to.eql(0); + } + + describe('GET /agents', () => { it('should return agents in a specific space', async () => { const agents = await apiClient.getAgents(TEST_SPACE_1); expect(agents.total).to.eql(3); @@ -133,7 +149,11 @@ export default function (providerContext: FtrProviderContext) { describe('PUT /agents/{agentId}', () => { it('should allow updating an agent in the same space', async () => { await apiClient.updateAgent(testSpaceAgent1, { tags: ['foo'] }, TEST_SPACE_1); + let agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); + expect(agent.item.tags).to.eql(['foo']); await apiClient.updateAgent(testSpaceAgent1, { tags: ['tag1'] }, TEST_SPACE_1); + agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); + expect(agent.item.tags).to.eql(['tag1']); }); it('should not allow updating an agent from a different space', async () => { @@ -150,13 +170,18 @@ export default function (providerContext: FtrProviderContext) { }); describe('DELETE /agents/{id}', () => { - it('should allow to delete an agent in the same space', async () => { + it('should allow deleting an agent in the same space', async () => { const testSpaceDeleteAgent = await createFleetAgent( esClient, spaceTest1Policy2.item.id, TEST_SPACE_1 ); await apiClient.deleteAgent(testSpaceDeleteAgent, TEST_SPACE_1); + await esClient.delete({ + index: AGENTS_INDEX, + id: testSpaceDeleteAgent, + refresh: 'wait_for', + }); }); it('should not allow deleting an agent from a different space', async () => { @@ -180,11 +205,28 @@ export default function (providerContext: FtrProviderContext) { }, {} as any); } + async function verifyAgentsTags(expected: any, spaceId?: string) { + const agents = await apiClient.getAgents(spaceId); + const agentTags = getAgentTags(agents); + expect(agentTags).to.eql(expected); + } + it('should only update tags of agents in the same space when passing a list of agent ids', async () => { - let agents = await apiClient.getAgents(TEST_SPACE_1); - let agentTags = getAgentTags(agents); - expect(agentTags[testSpaceAgent1]).to.eql(['tag1']); - expect(agentTags[testSpaceAgent2]).to.eql(['tag1']); + await verifyAgentsTags({ + [defaultSpaceAgent1]: ['tag1'], + [defaultSpaceAgent2]: ['tag1'], + }); + await verifyAgentsTags( + { + [testSpaceAgent1]: ['tag1'], + [testSpaceAgent2]: ['tag1'], + [testSpaceAgent3]: ['tag1'], + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + // Add tag await apiClient.bulkUpdateAgentTags( { @@ -193,11 +235,24 @@ export default function (providerContext: FtrProviderContext) { }, TEST_SPACE_1 ); - agents = await apiClient.getAgents(TEST_SPACE_1); - agentTags = getAgentTags(agents); - expect(agentTags[testSpaceAgent1]).to.eql(['tag1', 'space1']); - expect(agentTags[testSpaceAgent2]).to.eql(['tag1']); - // Reset tags + + await verifyAgentsTags({ + [defaultSpaceAgent1]: ['tag1'], + [defaultSpaceAgent2]: ['tag1'], + }); + await verifyAgentsTags( + { + [testSpaceAgent1]: ['tag1', 'space1'], + [testSpaceAgent2]: ['tag1'], + [testSpaceAgent3]: ['tag1'], + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + let actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + + // Remove tag await apiClient.bulkUpdateAgentTags( { agents: [testSpaceAgent1], @@ -205,37 +260,71 @@ export default function (providerContext: FtrProviderContext) { }, TEST_SPACE_1 ); - agents = await apiClient.getAgents(TEST_SPACE_1); - agentTags = getAgentTags(agents); - expect(agentTags[testSpaceAgent1]).to.eql(['tag1']); + + await verifyAgentsTags({ + [defaultSpaceAgent1]: ['tag1'], + [defaultSpaceAgent2]: ['tag1'], + }); + await verifyAgentsTags( + { + [testSpaceAgent1]: ['tag1'], + [testSpaceAgent2]: ['tag1'], + [testSpaceAgent3]: ['tag1'], + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(2); + actionStatus.items.forEach((item) => { + expect(item.nbAgentsActioned).to.eql(1); + expect(item.nbAgentsActionCreated).to.eql(1); + expect(item.type).to.eql('UPDATE_TAGS'); + }); }); it('should only update tags of agents in the same space when passing a kuery', async () => { - let agentsInDefaultSpace = await apiClient.getAgents(); - let agentInDefaultSpaceTags = getAgentTags(agentsInDefaultSpace); - let agentsInTestSpace = await apiClient.getAgents(TEST_SPACE_1); - let agentInTestSpaceTags = getAgentTags(agentsInTestSpace); - expect(agentInDefaultSpaceTags[defaultSpaceAgent1]).to.eql(['tag1']); - expect(agentInDefaultSpaceTags[defaultSpaceAgent2]).to.eql(['tag1']); - expect(agentInTestSpaceTags[testSpaceAgent1]).to.eql(['tag1']); - expect(agentInTestSpaceTags[testSpaceAgent2]).to.eql(['tag1']); + await verifyAgentsTags({ + [defaultSpaceAgent1]: ['tag1'], + [defaultSpaceAgent2]: ['tag1'], + }); + await verifyAgentsTags( + { + [testSpaceAgent1]: ['tag1'], + [testSpaceAgent2]: ['tag1'], + [testSpaceAgent3]: ['tag1'], + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + // Add tag await apiClient.bulkUpdateAgentTags( { - agents: '', + agents: '*', tagsToAdd: ['space1'], }, TEST_SPACE_1 ); - agentsInDefaultSpace = await apiClient.getAgents(); - agentInDefaultSpaceTags = getAgentTags(agentsInDefaultSpace); - agentsInTestSpace = await apiClient.getAgents(TEST_SPACE_1); - agentInTestSpaceTags = getAgentTags(agentsInTestSpace); - expect(agentInDefaultSpaceTags[defaultSpaceAgent1]).to.eql(['tag1']); - expect(agentInDefaultSpaceTags[defaultSpaceAgent2]).to.eql(['tag1']); - expect(agentInTestSpaceTags[testSpaceAgent1]).to.eql(['tag1', 'space1']); - expect(agentInTestSpaceTags[testSpaceAgent2]).to.eql(['tag1', 'space1']); - // Reset tags + + await verifyAgentsTags({ + [defaultSpaceAgent1]: ['tag1'], + [defaultSpaceAgent2]: ['tag1'], + }); + await verifyAgentsTags( + { + [testSpaceAgent1]: ['tag1', 'space1'], + [testSpaceAgent2]: ['tag1', 'space1'], + [testSpaceAgent3]: ['tag1', 'space1'], + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + let actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + + // Remove tag await apiClient.bulkUpdateAgentTags( { agents: '', @@ -243,10 +332,27 @@ export default function (providerContext: FtrProviderContext) { }, TEST_SPACE_1 ); - agentsInTestSpace = await apiClient.getAgents(TEST_SPACE_1); - agentInTestSpaceTags = getAgentTags(agentsInTestSpace); - expect(agentInTestSpaceTags[testSpaceAgent1]).to.eql(['tag1']); - expect(agentInTestSpaceTags[testSpaceAgent2]).to.eql(['tag1']); + + await verifyAgentsTags({ + [defaultSpaceAgent1]: ['tag1'], + [defaultSpaceAgent2]: ['tag1'], + }); + await verifyAgentsTags( + { + [testSpaceAgent1]: ['tag1'], + [testSpaceAgent2]: ['tag1'], + [testSpaceAgent3]: ['tag1'], + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(2); + actionStatus.items.forEach((item) => { + expect(item.nbAgentsActioned).to.eql(3); + expect(item.nbAgentsActionCreated).to.eql(3); + expect(item.type).to.eql('UPDATE_TAGS'); + }); }); }); @@ -258,7 +364,18 @@ export default function (providerContext: FtrProviderContext) { it('should allow upgrading an agent in the same space', async () => { await makeAgentsUpgradeable(esClient, [testSpaceAgent1], '8.14.0'); + + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + await apiClient.upgradeAgent(testSpaceAgent1, { version: '8.15.0' }, TEST_SPACE_1); + + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('UPGRADE'); }); it('should forbid upgrading an agent from a different space', async () => { @@ -276,6 +393,17 @@ export default function (providerContext: FtrProviderContext) { beforeEach(async () => { await cleanFleetAgents(esClient); await createAgents(); + await makeAgentsUpgradeable( + esClient, + [ + defaultSpaceAgent1, + defaultSpaceAgent2, + testSpaceAgent1, + testSpaceAgent2, + testSpaceAgent3, + ], + '8.14.0' + ); }); function getAgentStatus(agents: GetAgentsResponse) { @@ -285,27 +413,27 @@ export default function (providerContext: FtrProviderContext) { }, {} as any); } - it('should only upgrade agents in the same space when passing a list of agent ids', async () => { - await makeAgentsUpgradeable( - esClient, - [defaultSpaceAgent1, defaultSpaceAgent2, testSpaceAgent1, testSpaceAgent2], - '8.14.0' - ); + async function verifyAgentsStatus(expected: any, spaceId?: string) { + const agents = await apiClient.getAgents(spaceId); + const agentStatus = getAgentStatus(agents); + expect(agentStatus).to.eql(expected); + } - let agents = await apiClient.getAgents(); - let agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ + it('should only upgrade agents in the same space when passing a list of agent ids', async () => { + await verifyAgentsStatus({ [defaultSpaceAgent1]: 'online', [defaultSpaceAgent2]: 'online', }); - - agents = await apiClient.getAgents(TEST_SPACE_1); - agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ - [testSpaceAgent1]: 'online', - [testSpaceAgent2]: 'online', - [testSpaceAgent3]: 'online', - }); + await verifyAgentsStatus( + { + [testSpaceAgent1]: 'online', + [testSpaceAgent2]: 'online', + [testSpaceAgent3]: 'online', + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); await apiClient.bulkUpgradeAgents( { @@ -316,43 +444,41 @@ export default function (providerContext: FtrProviderContext) { TEST_SPACE_1 ); - agents = await apiClient.getAgents(); - agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ + await verifyAgentsStatus({ [defaultSpaceAgent1]: 'online', [defaultSpaceAgent2]: 'online', }); - - agents = await apiClient.getAgents(TEST_SPACE_1); - agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ - [testSpaceAgent1]: 'updating', - [testSpaceAgent2]: 'online', - [testSpaceAgent3]: 'online', - }); + await verifyAgentsStatus( + { + [testSpaceAgent1]: 'updating', + [testSpaceAgent2]: 'online', + [testSpaceAgent3]: 'online', + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('UPGRADE'); }); it('should only upgrade agents in the same space when passing a kuery', async () => { - await makeAgentsUpgradeable( - esClient, - [defaultSpaceAgent1, defaultSpaceAgent2, testSpaceAgent1, testSpaceAgent2], - '8.14.0' - ); - - let agents = await apiClient.getAgents(); - let agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ + await verifyAgentsStatus({ [defaultSpaceAgent1]: 'online', [defaultSpaceAgent2]: 'online', }); - - agents = await apiClient.getAgents(TEST_SPACE_1); - agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ - [testSpaceAgent1]: 'online', - [testSpaceAgent2]: 'online', - [testSpaceAgent3]: 'online', - }); + await verifyAgentsStatus( + { + [testSpaceAgent1]: 'online', + [testSpaceAgent2]: 'online', + [testSpaceAgent3]: 'online', + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); await apiClient.bulkUpgradeAgents( { @@ -363,40 +489,58 @@ export default function (providerContext: FtrProviderContext) { TEST_SPACE_1 ); - agents = await apiClient.getAgents(); - agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ + await verifyAgentsStatus({ [defaultSpaceAgent1]: 'online', [defaultSpaceAgent2]: 'online', }); - - agents = await apiClient.getAgents(TEST_SPACE_1); - agentStatus = getAgentStatus(agents); - expect(agentStatus).to.eql({ - [testSpaceAgent1]: 'updating', - [testSpaceAgent2]: 'updating', - [testSpaceAgent3]: 'updating', - }); + await verifyAgentsStatus( + { + [testSpaceAgent1]: 'updating', + [testSpaceAgent2]: 'updating', + [testSpaceAgent3]: 'updating', + }, + TEST_SPACE_1 + ); + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(3); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(3); + expect(actionStatus.items[0].type).to.eql('UPGRADE'); }); }); describe('POST /agents/{agentId}/reassign', () => { - beforeEach(async () => { - await cleanFleetAgents(esClient); - await createAgents(); - }); it('should allow reassigning an agent in the current space to a policy in the current space', async () => { + // Default space let agent = await apiClient.getAgent(defaultSpaceAgent1); expect(agent.item.policy_id).to.eql(defaultSpacePolicy1.item.id); + await verifyNoAgentActions(); + await apiClient.reassignAgent(defaultSpaceAgent1, defaultSpacePolicy2.item.id); + agent = await apiClient.getAgent(defaultSpaceAgent1); expect(agent.item.policy_id).to.eql(defaultSpacePolicy2.item.id); + let actionStatus = await apiClient.getActionStatus(); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('POLICY_REASSIGN'); + // Test space agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); expect(agent.item.policy_id).to.eql(spaceTest1Policy1.item.id); + await verifyNoAgentActions(TEST_SPACE_1); + await apiClient.reassignAgent(testSpaceAgent1, spaceTest1Policy2.item.id, TEST_SPACE_1); + agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); expect(agent.item.policy_id).to.eql(spaceTest1Policy2.item.id); + actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('POLICY_REASSIGN'); await apiClient.reassignAgent(defaultSpaceAgent1, defaultSpacePolicy1.item.id); await apiClient.reassignAgent(testSpaceAgent1, spaceTest1Policy1.item.id, TEST_SPACE_1); @@ -428,10 +572,6 @@ export default function (providerContext: FtrProviderContext) { }); describe('POST /agents/bulk_reassign', () => { - beforeEach(async () => { - await cleanFleetAgents(esClient); - await createAgents(); - }); function getAgentPolicyIds(agents: GetAgentsResponse) { return agents.items?.reduce((acc, item) => { acc[item.id] = item.policy_id; @@ -460,6 +600,9 @@ export default function (providerContext: FtrProviderContext) { agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); expect(agent.item.policy_id).to.eql(spaceTest1Policy1.item.id); + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + await apiClient.bulkReassignAgents( { agents: [defaultSpaceAgent1, testSpaceAgent1], @@ -473,23 +616,38 @@ export default function (providerContext: FtrProviderContext) { agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); expect(agent.item.policy_id).to.eql(spaceTest1Policy2.item.id); + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('POLICY_REASSIGN'); + await apiClient.reassignAgent(testSpaceAgent1, spaceTest1Policy1.item.id, TEST_SPACE_1); }); it('should only reassign agents in the same space when passing a kuery', async () => { - let agents = await apiClient.getAgents(); - let agentPolicyIds = getAgentPolicyIds(agents); - expect(agentPolicyIds).to.eql({ + async function verifyAgentsPolicies(expected: any, spaceId?: string) { + const agents = await apiClient.getAgents(spaceId); + const agentPolicyIds = getAgentPolicyIds(agents); + expect(agentPolicyIds).to.eql(expected); + } + + await verifyAgentsPolicies({ [defaultSpaceAgent1]: defaultSpacePolicy1.item.id, [defaultSpaceAgent2]: defaultSpacePolicy2.item.id, }); - agents = await apiClient.getAgents(TEST_SPACE_1); - agentPolicyIds = getAgentPolicyIds(agents); - expect(agentPolicyIds).to.eql({ - [testSpaceAgent1]: spaceTest1Policy1.item.id, - [testSpaceAgent2]: spaceTest1Policy2.item.id, - [testSpaceAgent3]: spaceTest1Policy1.item.id, - }); + await verifyAgentsPolicies( + { + [testSpaceAgent1]: spaceTest1Policy1.item.id, + [testSpaceAgent2]: spaceTest1Policy2.item.id, + [testSpaceAgent3]: spaceTest1Policy1.item.id, + }, + TEST_SPACE_1 + ); + + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); await apiClient.bulkReassignAgents( { @@ -499,82 +657,219 @@ export default function (providerContext: FtrProviderContext) { TEST_SPACE_1 ); - agents = await apiClient.getAgents(); - agentPolicyIds = getAgentPolicyIds(agents); - expect(agentPolicyIds).to.eql({ + await verifyAgentsPolicies({ [defaultSpaceAgent1]: defaultSpacePolicy1.item.id, [defaultSpaceAgent2]: defaultSpacePolicy2.item.id, }); - agents = await apiClient.getAgents(TEST_SPACE_1); - agentPolicyIds = getAgentPolicyIds(agents); - expect(agentPolicyIds).to.eql({ - [testSpaceAgent1]: spaceTest1Policy2.item.id, - [testSpaceAgent2]: spaceTest1Policy2.item.id, - [testSpaceAgent3]: spaceTest1Policy2.item.id, - }); + await verifyAgentsPolicies( + { + [testSpaceAgent1]: spaceTest1Policy2.item.id, + [testSpaceAgent2]: spaceTest1Policy2.item.id, + [testSpaceAgent3]: spaceTest1Policy2.item.id, + }, + TEST_SPACE_1 + ); + + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(3); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(2); + expect(actionStatus.items[0].type).to.eql('POLICY_REASSIGN'); await apiClient.reassignAgent(testSpaceAgent1, spaceTest1Policy1.item.id, TEST_SPACE_1); - await apiClient.reassignAgent(testSpaceAgent2, spaceTest1Policy1.item.id, TEST_SPACE_1); + await apiClient.reassignAgent(testSpaceAgent3, spaceTest1Policy1.item.id, TEST_SPACE_1); }); + }); - it('should reassign agents in the same space by kuery in batches', async () => { - let agents = await apiClient.getAgents(); - let agentPolicyIds = getAgentPolicyIds(agents); - expect(agentPolicyIds).to.eql({ - [defaultSpaceAgent1]: defaultSpacePolicy1.item.id, - [defaultSpaceAgent2]: defaultSpacePolicy2.item.id, - }); - agents = await apiClient.getAgents(TEST_SPACE_1); - agentPolicyIds = getAgentPolicyIds(agents); - expect(agentPolicyIds).to.eql({ - [testSpaceAgent1]: spaceTest1Policy1.item.id, - [testSpaceAgent2]: spaceTest1Policy2.item.id, - [testSpaceAgent3]: spaceTest1Policy1.item.id, - }); + describe('POST /agents/{agentId}/request_diagnostics', () => { + it('should allow requesting diagnostics for an agent in the current space', async () => { + // Default space + await verifyNoAgentActions(); + await apiClient.requestAgentDiagnostics(defaultSpaceAgent1); + let actionStatus = await apiClient.getActionStatus(); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('REQUEST_DIAGNOSTICS'); + + // Test space + await verifyNoAgentActions(TEST_SPACE_1); + await apiClient.requestAgentDiagnostics(testSpaceAgent1, TEST_SPACE_1); + actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('REQUEST_DIAGNOSTICS'); + }); - const res = await apiClient.bulkReassignAgents( + it('should forbid requesting diagnostics for an agent a different space', async () => { + let err: Error | undefined; + try { + await apiClient.requestAgentDiagnostics(testSpaceAgent1); + } catch (_err) { + err = _err; + } + + expect(err).to.be.an(Error); + expect(err?.message).to.match(/404 "Not Found"/); + }); + }); + + describe('POST /agents/bulk_request_diagnostics', () => { + it('should only request diagnostics for agents in the current space when passing a list of agent ids', async () => { + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + + await apiClient.bulkRequestDiagnostics( { - agents: `not fleet-agents.policy_id:"${spaceTest1Policy2.item.id}"`, - policy_id: spaceTest1Policy2.item.id, - batchSize: 1, + agents: [defaultSpaceAgent1, testSpaceAgent1], + }, + TEST_SPACE_1 + ); + + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('REQUEST_DIAGNOSTICS'); + }); + + it('should only request diagnostics for agents in the current space when passing a kuery', async () => { + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + + await apiClient.bulkRequestDiagnostics( + { + agents: '*', }, TEST_SPACE_1 ); - const verifyActionResult = async () => { - const { body: result } = await supertest - .get(`/s/${TEST_SPACE_1}/api/fleet/agents`) - .set('kbn-xsrf', 'xxx'); - expect(result.total).to.eql(3); - result.items.forEach((agent: any) => { - expect(agent.policy_id).to.eql(spaceTest1Policy2.item.id); + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(3); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(3); + expect(actionStatus.items[0].type).to.eql('REQUEST_DIAGNOSTICS'); + }); + }); + + describe('POST /agents/{agentId}/unenroll', () => { + beforeEach(async () => { + await cleanFleetAgents(esClient); + await createAgents(); + }); + + it('should allow unenrolling an agent in the current space', async () => { + // Default space + let agent = await apiClient.getAgent(defaultSpaceAgent1); + expect(typeof agent.item.unenrollment_started_at).to.be('undefined'); + await verifyNoAgentActions(); + + await apiClient.unenrollAgent(defaultSpaceAgent1); + + agent = await apiClient.getAgent(defaultSpaceAgent1); + expect(typeof agent.item.unenrollment_started_at).to.eql('string'); + let actionStatus = await apiClient.getActionStatus(); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('UNENROLL'); + + // Test space + agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); + expect(typeof agent.item.unenrollment_started_at).to.be('undefined'); + await verifyNoAgentActions(TEST_SPACE_1); + + await apiClient.unenrollAgent(testSpaceAgent1, TEST_SPACE_1); + + agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); + expect(typeof agent.item.unenrollment_started_at).to.eql('string'); + actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('UNENROLL'); + }); + + it('should forbid unenrolling an agent in a different space', async () => { + let err: Error | undefined; + try { + await apiClient.unenrollAgent(testSpaceAgent1); + } catch (_err) { + err = _err; + } + + expect(err).to.be.an(Error); + expect(err?.message).to.match(/404 "Not Found"/); + }); + }); + + describe('POST /agents/bulk_unenroll', () => { + beforeEach(async () => { + await cleanFleetAgents(esClient); + await createAgents(); + }); + + it('should only unenroll agents in the current space when passing a list of agent ids', async () => { + let agent = await apiClient.getAgent(defaultSpaceAgent1); + expect(typeof agent.item.unenrollment_started_at).to.be('undefined'); + agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); + expect(typeof agent.item.unenrollment_started_at).to.be('undefined'); + + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + + await apiClient.bulkUnenrollAgents( + { + agents: [defaultSpaceAgent1, testSpaceAgent1], + }, + TEST_SPACE_1 + ); + + agent = await apiClient.getAgent(defaultSpaceAgent1); + expect(typeof agent.item.unenrollment_started_at).to.be('undefined'); + agent = await apiClient.getAgent(testSpaceAgent1, TEST_SPACE_1); + expect(typeof agent.item.unenrollment_started_at).to.be('string'); + + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(1); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(1); + expect(actionStatus.items[0].type).to.eql('UNENROLL'); + }); + + it('should only unenroll agents in the current space when passing a kuery', async () => { + async function verifyAgentsUnenrollment(type: string, spaceId?: string) { + const agents = await apiClient.getAgents(spaceId); + agents.items.forEach((agent) => { + expect(typeof agent.unenrollment_started_at).to.be(type); }); - }; - - await new Promise((resolve, reject) => { - let attempts = 0; - const intervalId = setInterval(async () => { - if (attempts > 20) { - clearInterval(intervalId); - reject(new Error('action timed out')); - } - ++attempts; - const { - body: { items: actionStatuses }, - } = await supertest - .get(`/s/${TEST_SPACE_1}/api/fleet/agents/action_status`) - .set('kbn-xsrf', 'xxx'); - - const action = actionStatuses.find((a: any) => a.actionId === res.actionId); - if (action && action.nbAgentsActioned === action.nbAgentsActionCreated) { - clearInterval(intervalId); - await verifyActionResult(); - resolve({}); - } - }, 1000); - }).catch((e) => { - throw e; - }); + } + + await verifyAgentsUnenrollment('undefined'); + await verifyAgentsUnenrollment('undefined', TEST_SPACE_1); + await verifyNoAgentActions(); + await verifyNoAgentActions(TEST_SPACE_1); + + await apiClient.bulkUnenrollAgents( + { + agents: '*', + }, + TEST_SPACE_1 + ); + + await verifyAgentsUnenrollment('undefined'); + await verifyAgentsUnenrollment('string', TEST_SPACE_1); + await verifyNoAgentActions(); + const actionStatus = await apiClient.getActionStatus(TEST_SPACE_1); + expect(actionStatus.items.length).to.eql(1); + expect(actionStatus.items[0].nbAgentsActioned).to.eql(3); + expect(actionStatus.items[0].nbAgentsActionCreated).to.eql(3); + expect(actionStatus.items[0].type).to.eql('UNENROLL'); }); }); }); diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts index 9b6a76c3ff6bc..e7863e7c46d2c 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts @@ -59,7 +59,6 @@ export class SpaceTestApiClient { return res; } - // Agent policies async createAgentPolicy( spaceId?: string, @@ -92,7 +91,6 @@ export class SpaceTestApiClient { return res; } - async getPackagePolicy( packagePolicyId: string, spaceId?: string @@ -103,7 +101,6 @@ export class SpaceTestApiClient { return res; } - async getPackagePolicies(spaceId?: string): Promise { const { body: res } = await this.supertest .get(`${this.getBaseUrl(spaceId)}/api/fleet/package_policies`) @@ -111,7 +108,6 @@ export class SpaceTestApiClient { return res; } - async createFleetServerPolicy(spaceId?: string): Promise { const { body: res } = await this.supertest .post(`${this.getBaseUrl(spaceId)}/api/fleet/agent_policies`) @@ -263,13 +259,15 @@ export class SpaceTestApiClient { return res; } async reassignAgent(agentId: string, policyId: string, spaceId?: string) { - await this.supertest + const { body: res } = await this.supertest .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/${agentId}/reassign`) .set('kbn-xsrf', 'xxx') .send({ policy_id: policyId, }) .expect(200); + + return res; } async bulkReassignAgents(data: any, spaceId?: string) { const { body: res } = await this.supertest @@ -281,18 +279,56 @@ export class SpaceTestApiClient { return res; } async upgradeAgent(agentId: string, data: any, spaceId?: string) { - await this.supertest + const { body: res } = await this.supertest .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/${agentId}/upgrade`) .set('kbn-xsrf', 'xxxx') .send(data) .expect(200); + + return res; } async bulkUpgradeAgents(data: any, spaceId?: string) { - await this.supertest + const { body: res } = await this.supertest .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/bulk_upgrade`) .set('kbn-xsrf', 'xxxx') .send(data) .expect(200); + + return res; + } + async requestAgentDiagnostics(agentId: string, spaceId?: string) { + const { body: res } = await this.supertest + .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/${agentId}/request_diagnostics`) + .set('kbn-xsrf', 'xxxx') + .expect(200); + + return res; + } + async bulkRequestDiagnostics(data: any, spaceId?: string) { + const { body: res } = await this.supertest + .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/bulk_request_diagnostics`) + .set('kbn-xsrf', 'xxxx') + .send(data) + .expect(200); + + return res; + } + async unenrollAgent(agentId: string, spaceId?: string) { + const { body: res } = await this.supertest + .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/${agentId}/unenroll`) + .set('kbn-xsrf', 'xxxx') + .expect(200); + + return res; + } + async bulkUnenrollAgents(data: any, spaceId?: string) { + const { body: res } = await this.supertest + .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/bulk_unenroll`) + .set('kbn-xsrf', 'xxxx') + .send(data) + .expect(200); + + return res; } async bulkUpdateAgentTags(data: any, spaceId?: string) { const { body: res } = await this.supertest @@ -429,7 +465,6 @@ export class SpaceTestApiClient { return res; } - async cancelAction(actionId: string, spaceId?: string): Promise { const { body: res } = await this.supertest .post(`${this.getBaseUrl(spaceId)}/api/fleet/agents/actions/${actionId}/cancel`) diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/helpers.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/helpers.ts index a82bf55c352a0..a757bdfdeae65 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/helpers.ts +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/helpers.ts @@ -11,8 +11,8 @@ import expect from '@kbn/expect'; import { AGENT_ACTIONS_INDEX, AGENT_ACTIONS_RESULTS_INDEX, - AGENTS_INDEX, AGENT_POLICY_INDEX, + AGENTS_INDEX, } from '@kbn/fleet-plugin/common'; import { ENROLLMENT_API_KEYS_INDEX } from '@kbn/fleet-plugin/common/constants'; import { asyncForEach } from '@kbn/std'; @@ -60,14 +60,17 @@ export async function cleanFleetAgents(esClient: Client) { }); } +export async function cleanFleetAgentPolicies(esClient: Client) { + await esClient.deleteByQuery({ + index: AGENT_POLICY_INDEX, + q: '*', + refresh: true, + }); +} + export async function cleanFleetActionIndices(esClient: Client) { try { await Promise.all([ - esClient.deleteByQuery({ - index: AGENT_POLICY_INDEX, - q: '*', - refresh: true, - }), esClient.deleteByQuery({ index: AGENT_ACTIONS_INDEX, q: '*',