Skip to content

Commit

Permalink
[UII] Add warning about unprivileged agents next to agent count (#183946
Browse files Browse the repository at this point in the history 
)

## Summary

Resolves elastic/ingest-dev#3352.

If there are unprivileged agents enrolled in an agent policy that
requires root privileges, this PR adds a warning icon and a tooltip next
to the agent count for that policy:

<img width="1198" alt="image"
src="https://github.com/elastic/kibana/assets/1965714/76fc9c7b-4c46-4f1d-ba2f-d4c9af14884b">

<img width="1403" alt="image"
src="https://github.com/elastic/kibana/assets/1965714/5d1f0831-7e66-47ff-8bec-4dbdb13b90ab">

### Testing
1. enroll an agent with docker (it has unprivileged: true)
2. try to add an integration that requires root e.g. `auditd_manager` to
its agent policy
3. verify that the warning icon and tooltip is visible for that policy
in the list and detail views
  • Loading branch information
@jen-huang
jen-huang authored May 22, 2024
1 parent e76ee75 commit b8777aa
Show file tree
Hide file tree
Showing 2 changed files with 88 additions and 44 deletions.
77 changes: 49 additions & 28 deletions ...applications/fleet/sections/agent_policy/details_page/components/header/right_content.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,15 @@ import {
EuiDescriptionListDescription,
EuiLink,
EuiToolTip,
EuiIconTip,
} from '@elastic/eui';

import { useAuthz, useLink } from '../../../../../hooks';
import type { AgentPolicy } from '../../../../../types';
import { AgentPolicyActionMenu, LinkedAgentCount } from '../../../components';
import { AddAgentHelpPopover } from '../../../../../components';
import { FLEET_SERVER_PACKAGE } from '../../../../../../../../common/constants';
import { getRootIntegrations } from '../../../../../../../../common/services';

export interface HeaderRightContentProps {
isLoading: boolean;
Expand Down Expand Up @@ -130,36 +132,55 @@ export const HeaderRightContent: React.FunctionComponent<HeaderRightContentProps
}}
/>
) : (
<EuiToolTip
content={
<EuiFlexGroup direction="column" gutterSize="xs">
<EuiFlexItem>
<FormattedMessage
id="xpack.fleet.policyDetails.summary.usedByUnprivilegedTooltip"
defaultMessage="{count, plural, one {# unprivileged agent} other {# unprivileged agents}}"
values={{ count: agentPolicy.unprivileged_agents || 0 }}
<EuiFlexGroup direction="row" gutterSize="xs" alignItems="center">
<EuiFlexItem grow={false}>
<EuiToolTip
content={
<EuiFlexGroup direction="column" gutterSize="xs">
<EuiFlexItem>
<FormattedMessage
id="xpack.fleet.policyDetails.summary.usedByUnprivilegedTooltip"
defaultMessage="{count, plural, one {# unprivileged agent} other {# unprivileged agents}}"
values={{ count: agentPolicy.unprivileged_agents || 0 }}
/>
</EuiFlexItem>
<EuiFlexItem>
<FormattedMessage
id="xpack.fleet.policyDetails.summary.usedByPrivilegedTooltip"
defaultMessage="{count, plural, one {# privileged agent} other {# privileged agents}}"
values={{
count:
(agentPolicy.agents || 0) -
(agentPolicy.unprivileged_agents || 0),
}}
/>
</EuiFlexItem>
</EuiFlexGroup>
}
>
<LinkedAgentCount
count={agentPolicy.agents || 0}
agentPolicyId={agentPolicy.id}
showAgentText={true}
/>
</EuiToolTip>
</EuiFlexItem>
{getRootIntegrations(agentPolicy.package_policies || []).length > 0 &&
(agentPolicy.unprivileged_agents || 0) > 0 && (
<EuiFlexItem grow={false}>
<EuiIconTip
type="warning"
color="warning"
content={
<FormattedMessage
id="xpack.fleet.policyDetails.summary.containsUnprivilegedAgentsWarning"
defaultMessage="This agent policy contains integrations that require Elastic Agents to have root privileges. Some enrolled agents are running in unprivileged mode."
/>
}
/>
</EuiFlexItem>
<EuiFlexItem>
<FormattedMessage
id="xpack.fleet.policyDetails.summary.usedByPrivilegedTooltip"
defaultMessage="{count, plural, one {# privileged agent} other {# privileged agents}}"
values={{
count:
(agentPolicy.agents || 0) -
(agentPolicy.unprivileged_agents || 0),
}}
/>
</EuiFlexItem>
</EuiFlexGroup>
}
>
<LinkedAgentCount
count={agentPolicy.agents || 0}
agentPolicyId={agentPolicy.id}
showAgentText={true}
/>
</EuiToolTip>
)}
</EuiFlexGroup>
),
},
{ isDivider: true },
Expand Down
55 changes: 39 additions & 16 deletions x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/list_page/index.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,15 @@ import {
EuiBasicTable,
EuiLink,
EuiToolTip,
EuiIconTip,
} from '@elastic/eui';
import type { CriteriaWithPagination } from '@elastic/eui/src/components/basic_table/basic_table';
import { i18n } from '@kbn/i18n';
import { FormattedMessage, FormattedDate } from '@kbn/i18n-react';
import { useHistory } from 'react-router-dom';

import type { AgentPolicy } from '../../../types';
import { getRootIntegrations } from '../../../../../../common/services';
import { AGENT_POLICY_SAVED_OBJECT_TYPE } from '../../../constants';
import {
useAuthz,
Expand Down Expand Up @@ -164,24 +166,45 @@ export const AgentPolicyListPage: React.FunctionComponent<{}> = () => {
</EuiFlexItem>
<EuiFlexItem grow={false}>
<span>
{'('}
<EuiToolTip
content={
<FormattedMessage
id="xpack.fleet.agentPolicyList.agentsColumn.totalAgentsTooltip"
defaultMessage="Total agents"
/>
}
>
<LinkedAgentCount
count={agents}
agentPolicyId={agentPolicy.id}
showAgentText={false}
/>
</EuiToolTip>
{')'}
<FormattedMessage
id="xpack.fleet.agentPolicyList.agentsColumn.totalAgentsTooltipWrapper"
defaultMessage="({message})"
values={{
message: (
<EuiToolTip
content={
<FormattedMessage
id="xpack.fleet.agentPolicyList.agentsColumn.totalAgentsTooltip"
defaultMessage="Total agents"
/>
}
>
<LinkedAgentCount
count={agents}
agentPolicyId={agentPolicy.id}
showAgentText={false}
/>
</EuiToolTip>
),
}}
/>
</span>
</EuiFlexItem>
{getRootIntegrations(agentPolicy.package_policies || []).length > 0 &&
(agentPolicy.unprivileged_agents || 0) > 0 && (
<EuiFlexItem grow={false}>
<EuiIconTip
type="warning"
color="warning"
content={
<FormattedMessage
id="xpack.fleet.agentPolicyList.agentsColumn.containsUnprivilegedAgentsWarning"
defaultMessage="This agent policy contains integrations that require Elastic Agents to have root privileges. Some enrolled agents are running in unprivileged mode."
/>
}
/>
</EuiFlexItem>
)}
</EuiFlexGroup>
),
},
Expand Down

0 comments on commit b8777aa

Please sign in to comment.