Endpoint package policy advanced options for v8.16.0 #195797
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gergoabraham
added
release_note:skip
|
🤖 Jobs for this PR can be triggered through checkboxes. 🚧
ℹ️ To trigger the CI, please tick the checkbox below 👇
|
gergoabraham
force-pushed
the
endpoint-package-policy-advanced-options-8-16
branch
from
7a9b10a to
6408492
Compare
...ck/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
Outdated
Show resolved
Hide resolved
nicholasberlin
requested changes
Oct 11, 2024
...ck/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
Outdated
Show resolved
Hide resolved
...ck/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
Outdated
Show resolved
Hide resolved
...ck/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts
Outdated
Show resolved
Hide resolved
gergoabraham
commented
Oct 11, 2024
Comment on lines
+105
to
+106
| it.each(getParentObjectKeyPaths(path))( | ||
| 'should backfill without modifying other options in parent object `%s`', |
There was a problem hiding this comment.
the point here to catch all shenanigans when backfilling fields in the prod code using spread operators, so every parent object is checked for additional fields, and this also checks what happens if the objects below don't exist (in other words, if you missed an optional chaining in prod code)
the test cases will look like this
Defend integration advanced policy fields v8.16.0
when updating to model version 15
backfilling `aggregate_process` with `false`
✓ should backfill when there are no advanced options yet (20 ms)
✓ should backfill without modifying other options in parent object `advanced` (3 ms)
✓ should backfill without modifying other options in parent object `advanced.events` (2 ms)
✓ should not backfill if field is already present (2 ms)
backfilling `set_extended_host_information` with `true`
✓ should backfill when there are no advanced options yet (1 ms)
✓ should backfill without modifying other options in parent object `advanced` (2 ms)
✓ should not backfill if field is already present (1 ms)
backfilling `alerts.hash.md5` with `true`
✓ should backfill when there are no advanced options yet (3 ms)
✓ should backfill without modifying other options in parent object `advanced` (2 ms)
✓ should backfill without modifying other options in parent object `advanced.alerts` (2 ms)
✓ should backfill without modifying other options in parent object `advanced.alerts.hash` (1 ms)
✓ should not backfill if field is already present
backfilling `alerts.hash.sha1` with `true`
✓ should backfill when there are no advanced options yet
✓ should backfill without modifying other options in parent object `advanced` (1 ms)
✓ should backfill without modifying other options in parent object `advanced.alerts` (1 ms)
✓ should backfill without modifying other options in parent object `advanced.alerts.hash` (5 ms)
✓ should not backfill if field is already present (1 ms)
backfilling `events.hash.md5` with `true`
✓ should backfill when there are no advanced options yet
✓ should backfill without modifying other options in parent object `advanced` (1 ms)
✓ should backfill without modifying other options in parent object `advanced.events` (1 ms)
✓ should backfill without modifying other options in parent object `advanced.events.hash` (1 ms)
✓ should not backfill if field is already present (1 ms)
backfilling `events.hash.sha1` with `true`
✓ should backfill when there are no advanced options yet (1 ms)
✓ should backfill without modifying other options in parent object `advanced`
✓ should backfill without modifying other options in parent object `advanced.events` (1 ms)
✓ should backfill without modifying other options in parent object `advanced.events.hash` (2 ms)
✓ should not backfill if field is already present (1 ms)
botelastic
bot
added
the
Team:Fleet
nicholasberlin
approved these changes
Oct 11, 2024
pzl
approved these changes
Oct 11, 2024
|
@elasticmachine merge upstream |
… src/core/server/integration_tests/ci_checks'
elastic-vault-github-plugin-prod
bot
requested a review
from a team
as a code owner
azasypkin
approved these changes
Oct 14, 2024
💔 Build Failed
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History |
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11329507245 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 14, 2024
## Summary Adds advanced options to Endpoint package policy, that are introduced to Endpoint v8.16. See elastic/security-team#10461 (comment) for details. closes elastic/security-team#10461 closes elastic/security-team#10489 > [!note] > ~One question still needs confirmation, whether we need backfill for `dev_drives.harden`, but that should be like 5 lines of change in case it's needed, so the PR is ready for review, to make sure it's merged until FF.~ -> all good, no need to backfill for `dev_drives.harden` ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit e89c9d5)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 14, 2024
…196151) # Backport This will backport the following commits from `main` to `8.x`: - [Endpoint package policy advanced options for v8.16.0 (#195797)](#195797) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Gergő Ábrahám","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-14T14:22:38Z","message":"Endpoint package policy advanced options for v8.16.0 (#195797)\n\n## Summary\r\n\r\nAdds advanced options to Endpoint package policy, that are introduced to\r\nEndpoint v8.16.\r\nSee\r\nhttps://github.com/elastic/security-team/issues/10461#issuecomment-2405496316\r\nfor details.\r\n\r\ncloses https://github.com/elastic/security-team/issues/10461\r\ncloses https://github.com/elastic/security-team/issues/10489\r\n\r\n> [!note]\r\n> ~One question still needs confirmation, whether we need backfill for\r\n`dev_drives.harden`, but that should be like 5 lines of change in case\r\nit's needed, so the PR is ready for review, to make sure it's merged\r\nuntil FF.~ -> all good, no need to backfill for `dev_drives.harden`\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"e89c9d566127696c75a0aaca53c1396e7a398c51","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","Team:Defend Workflows","v8.16.0","backport:version"],"title":"Endpoint package policy advanced options for v8.16.0","number":195797,"url":"https://github.com/elastic/kibana/pull/195797","mergeCommit":{"message":"Endpoint package policy advanced options for v8.16.0 (#195797)\n\n## Summary\r\n\r\nAdds advanced options to Endpoint package policy, that are introduced to\r\nEndpoint v8.16.\r\nSee\r\nhttps://github.com/elastic/security-team/issues/10461#issuecomment-2405496316\r\nfor details.\r\n\r\ncloses https://github.com/elastic/security-team/issues/10461\r\ncloses https://github.com/elastic/security-team/issues/10489\r\n\r\n> [!note]\r\n> ~One question still needs confirmation, whether we need backfill for\r\n`dev_drives.harden`, but that should be like 5 lines of change in case\r\nit's needed, so the PR is ready for review, to make sure it's merged\r\nuntil FF.~ -> all good, no need to backfill for `dev_drives.harden`\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"e89c9d566127696c75a0aaca53c1396e7a398c51"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195797","number":195797,"mergeCommit":{"message":"Endpoint package policy advanced options for v8.16.0 (#195797)\n\n## Summary\r\n\r\nAdds advanced options to Endpoint package policy, that are introduced to\r\nEndpoint v8.16.\r\nSee\r\nhttps://github.com/elastic/security-team/issues/10461#issuecomment-2405496316\r\nfor details.\r\n\r\ncloses https://github.com/elastic/security-team/issues/10461\r\ncloses https://github.com/elastic/security-team/issues/10489\r\n\r\n> [!note]\r\n> ~One question still needs confirmation, whether we need backfill for\r\n`dev_drives.harden`, but that should be like 5 lines of change in case\r\nit's needed, so the PR is ready for review, to make sure it's merged\r\nuntil FF.~ -> all good, no need to backfill for `dev_drives.harden`\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"e89c9d566127696c75a0aaca53c1396e7a398c51"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Gergő Ábrahám <[email protected]>
gergoabraham
deleted the
endpoint-package-policy-advanced-options-8-16
branch
1 task
gergoabraham
added a commit
that referenced
this pull request
Oct 18, 2024
…eployment issue mitigation (#196708) ## Summary closes elastic/security-team#10851 > [!note] >⚠️ needs to be included in v8.16 >⚠️ needs to be merged this week to avoid releasing #195797 on Serverless As backfilled package policies are not automatically redeployed (see #193352), this PR's goal is to provide quick mitigation in the following matters: - update default values in the descriptions of advanced options added in #195797, to harmonize with latest Endpoint changes (elastic/endpoint-dev#15109) - remove backfill/migration of those default values: - we should be _able_ to safely remove the backfills, as they have not yet been released to serverless. and, - we _should_ remove them to make sure that when we update the defaults in the future and apply the backfill, there will be a data change that could trigger policy re-deployment, in case data change is what the trigger will be in #193352. - example scenario of what could go wrong: - if we'd apply backfill now, the package won't be redeployed. - if the user does not touch it until the next release - no redeploy. - if #193352 is implemented and uses data comparison when running migrations - again, no redeploy because we already backfilled the data months before. - cc @ferullo @nfritts - hide banner describing event volume reduction (added in #195177, already released to serverless, but it is what it is) ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 18, 2024
…eployment issue mitigation (elastic#196708) ## Summary closes elastic/security-team#10851 > [!note] >⚠️ needs to be included in v8.16 >⚠️ needs to be merged this week to avoid releasing elastic#195797 on Serverless As backfilled package policies are not automatically redeployed (see elastic#193352), this PR's goal is to provide quick mitigation in the following matters: - update default values in the descriptions of advanced options added in elastic#195797, to harmonize with latest Endpoint changes (elastic/endpoint-dev#15109) - remove backfill/migration of those default values: - we should be _able_ to safely remove the backfills, as they have not yet been released to serverless. and, - we _should_ remove them to make sure that when we update the defaults in the future and apply the backfill, there will be a data change that could trigger policy re-deployment, in case data change is what the trigger will be in elastic#193352. - example scenario of what could go wrong: - if we'd apply backfill now, the package won't be redeployed. - if the user does not touch it until the next release - no redeploy. - if elastic#193352 is implemented and uses data comparison when running migrations - again, no redeploy because we already backfilled the data months before. - cc @ferullo @nfritts - hide banner describing event volume reduction (added in elastic#195177, already released to serverless, but it is what it is) ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 1429979)
gergoabraham
added a commit
to gergoabraham/kibana
that referenced
this pull request
Oct 18, 2024
…eployment issue mitigation (elastic#196708) ## Summary closes elastic/security-team#10851 > [!note] >⚠️ needs to be included in v8.16 >⚠️ needs to be merged this week to avoid releasing elastic#195797 on Serverless As backfilled package policies are not automatically redeployed (see elastic#193352), this PR's goal is to provide quick mitigation in the following matters: - update default values in the descriptions of advanced options added in elastic#195797, to harmonize with latest Endpoint changes (elastic/endpoint-dev#15109) - remove backfill/migration of those default values: - we should be _able_ to safely remove the backfills, as they have not yet been released to serverless. and, - we _should_ remove them to make sure that when we update the defaults in the future and apply the backfill, there will be a data change that could trigger policy re-deployment, in case data change is what the trigger will be in elastic#193352. - example scenario of what could go wrong: - if we'd apply backfill now, the package won't be redeployed. - if the user does not touch it until the next release - no redeploy. - if elastic#193352 is implemented and uses data comparison when running migrations - again, no redeploy because we already backfilled the data months before. - cc @ferullo @nfritts - hide banner describing event volume reduction (added in elastic#195177, already released to serverless, but it is what it is) ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 1429979)
kibanamachine
added a commit
that referenced
this pull request
Oct 18, 2024
…cy re-deployment issue mitigation (#196708) (#196835) # Backport This will backport the following commits from `main` to `8.16`: - [[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)](#196708) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Gergő Ábrahám","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-18T10:15:00Z","message":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)\n\n## Summary\r\n\r\ncloses https://github.com/elastic/security-team/issues/10851\r\n\r\n> [!note]\r\n>⚠️ needs to be included in v8.16\r\n>⚠️ needs to be merged this week to avoid releasing\r\nhttps://github.com//pull/195797 on Serverless\r\n\r\nAs backfilled package policies are not automatically redeployed (see\r\nhttps://github.com//issues/193352), this PR's goal is to\r\nprovide quick mitigation in the following matters:\r\n- update default values in the descriptions of advanced options added in\r\nhttps://github.com//pull/195797, to harmonize with latest\r\nEndpoint changes (https://github.com/elastic/endpoint-dev/issues/15109)\r\n- remove backfill/migration of those default values:\r\n- we should be _able_ to safely remove the backfills, as they have not\r\nyet been released to serverless. and,\r\n- we _should_ remove them to make sure that when we update the defaults\r\nin the future and apply the backfill, there will be a data change that\r\ncould trigger policy re-deployment, in case data change is what the\r\ntrigger will be in #193352.\r\n - example scenario of what could go wrong:\r\n - if we'd apply backfill now, the package won't be redeployed.\r\n- if the user does not touch it until the next release - no redeploy.\r\n- if #193352 is implemented and uses data comparison when running\r\nmigrations - again, no redeploy because we already backfilled the data\r\nmonths before.\r\n - cc @ferullo @nfritts \r\n- hide banner describing event volume reduction (added in\r\nhttps://github.com//pull/195177, already released to\r\nserverless, but it is what it is)\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"142997925e5aafac306056b00be1789271aa5dd0","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","Team:Defend Workflows","v8.16.0","backport:version"],"title":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation","number":196708,"url":"https://github.com/elastic/kibana/pull/196708","mergeCommit":{"message":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)\n\n## Summary\r\n\r\ncloses https://github.com/elastic/security-team/issues/10851\r\n\r\n> [!note]\r\n>⚠️ needs to be included in v8.16\r\n>⚠️ needs to be merged this week to avoid releasing\r\nhttps://github.com//pull/195797 on Serverless\r\n\r\nAs backfilled package policies are not automatically redeployed (see\r\nhttps://github.com//issues/193352), this PR's goal is to\r\nprovide quick mitigation in the following matters:\r\n- update default values in the descriptions of advanced options added in\r\nhttps://github.com//pull/195797, to harmonize with latest\r\nEndpoint changes (https://github.com/elastic/endpoint-dev/issues/15109)\r\n- remove backfill/migration of those default values:\r\n- we should be _able_ to safely remove the backfills, as they have not\r\nyet been released to serverless. and,\r\n- we _should_ remove them to make sure that when we update the defaults\r\nin the future and apply the backfill, there will be a data change that\r\ncould trigger policy re-deployment, in case data change is what the\r\ntrigger will be in #193352.\r\n - example scenario of what could go wrong:\r\n - if we'd apply backfill now, the package won't be redeployed.\r\n- if the user does not touch it until the next release - no redeploy.\r\n- if #193352 is implemented and uses data comparison when running\r\nmigrations - again, no redeploy because we already backfilled the data\r\nmonths before.\r\n - cc @ferullo @nfritts \r\n- hide banner describing event volume reduction (added in\r\nhttps://github.com//pull/195177, already released to\r\nserverless, but it is what it is)\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"142997925e5aafac306056b00be1789271aa5dd0"}},"sourceBranch":"main","suggestedTargetBranches":["8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196708","number":196708,"mergeCommit":{"message":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)\n\n## Summary\r\n\r\ncloses https://github.com/elastic/security-team/issues/10851\r\n\r\n> [!note]\r\n>⚠️ needs to be included in v8.16\r\n>⚠️ needs to be merged this week to avoid releasing\r\nhttps://github.com//pull/195797 on Serverless\r\n\r\nAs backfilled package policies are not automatically redeployed (see\r\nhttps://github.com//issues/193352), this PR's goal is to\r\nprovide quick mitigation in the following matters:\r\n- update default values in the descriptions of advanced options added in\r\nhttps://github.com//pull/195797, to harmonize with latest\r\nEndpoint changes (https://github.com/elastic/endpoint-dev/issues/15109)\r\n- remove backfill/migration of those default values:\r\n- we should be _able_ to safely remove the backfills, as they have not\r\nyet been released to serverless. and,\r\n- we _should_ remove them to make sure that when we update the defaults\r\nin the future and apply the backfill, there will be a data change that\r\ncould trigger policy re-deployment, in case data change is what the\r\ntrigger will be in #193352.\r\n - example scenario of what could go wrong:\r\n - if we'd apply backfill now, the package won't be redeployed.\r\n- if the user does not touch it until the next release - no redeploy.\r\n- if #193352 is implemented and uses data comparison when running\r\nmigrations - again, no redeploy because we already backfilled the data\r\nmonths before.\r\n - cc @ferullo @nfritts \r\n- hide banner describing event volume reduction (added in\r\nhttps://github.com//pull/195177, already released to\r\nserverless, but it is what it is)\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"142997925e5aafac306056b00be1789271aa5dd0"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Gergő Ábrahám <[email protected]>
gergoabraham
added a commit
that referenced
this pull request
Oct 18, 2024
…y re-deployment issue mitigation (#196708) (#196843) # Backport This will backport the following commits from `main` to `8.x`: - [[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)](#196708) <!--- Backport version: 9.6.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Gergő Ábrahám","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-18T10:15:00Z","message":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)\n\n## Summary\r\n\r\ncloses https://github.com/elastic/security-team/issues/10851\r\n\r\n> [!note]\r\n>⚠️ needs to be included in v8.16\r\n>⚠️ needs to be merged this week to avoid releasing\r\nhttps://github.com//pull/195797 on Serverless\r\n\r\nAs backfilled package policies are not automatically redeployed (see\r\nhttps://github.com//issues/193352), this PR's goal is to\r\nprovide quick mitigation in the following matters:\r\n- update default values in the descriptions of advanced options added in\r\nhttps://github.com//pull/195797, to harmonize with latest\r\nEndpoint changes (https://github.com/elastic/endpoint-dev/issues/15109)\r\n- remove backfill/migration of those default values:\r\n- we should be _able_ to safely remove the backfills, as they have not\r\nyet been released to serverless. and,\r\n- we _should_ remove them to make sure that when we update the defaults\r\nin the future and apply the backfill, there will be a data change that\r\ncould trigger policy re-deployment, in case data change is what the\r\ntrigger will be in #193352.\r\n - example scenario of what could go wrong:\r\n - if we'd apply backfill now, the package won't be redeployed.\r\n- if the user does not touch it until the next release - no redeploy.\r\n- if #193352 is implemented and uses data comparison when running\r\nmigrations - again, no redeploy because we already backfilled the data\r\nmonths before.\r\n - cc @ferullo @nfritts \r\n- hide banner describing event volume reduction (added in\r\nhttps://github.com//pull/195177, already released to\r\nserverless, but it is what it is)\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"142997925e5aafac306056b00be1789271aa5dd0","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","Team:Defend Workflows","v8.16.0","backport:version","v8.17.0"],"title":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation","number":196708,"url":"https://github.com/elastic/kibana/pull/196708","mergeCommit":{"message":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)\n\n## Summary\r\n\r\ncloses https://github.com/elastic/security-team/issues/10851\r\n\r\n> [!note]\r\n>⚠️ needs to be included in v8.16\r\n>⚠️ needs to be merged this week to avoid releasing\r\nhttps://github.com//pull/195797 on Serverless\r\n\r\nAs backfilled package policies are not automatically redeployed (see\r\nhttps://github.com//issues/193352), this PR's goal is to\r\nprovide quick mitigation in the following matters:\r\n- update default values in the descriptions of advanced options added in\r\nhttps://github.com//pull/195797, to harmonize with latest\r\nEndpoint changes (https://github.com/elastic/endpoint-dev/issues/15109)\r\n- remove backfill/migration of those default values:\r\n- we should be _able_ to safely remove the backfills, as they have not\r\nyet been released to serverless. and,\r\n- we _should_ remove them to make sure that when we update the defaults\r\nin the future and apply the backfill, there will be a data change that\r\ncould trigger policy re-deployment, in case data change is what the\r\ntrigger will be in #193352.\r\n - example scenario of what could go wrong:\r\n - if we'd apply backfill now, the package won't be redeployed.\r\n- if the user does not touch it until the next release - no redeploy.\r\n- if #193352 is implemented and uses data comparison when running\r\nmigrations - again, no redeploy because we already backfilled the data\r\nmonths before.\r\n - cc @ferullo @nfritts \r\n- hide banner describing event volume reduction (added in\r\nhttps://github.com//pull/195177, already released to\r\nserverless, but it is what it is)\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"142997925e5aafac306056b00be1789271aa5dd0"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196708","number":196708,"mergeCommit":{"message":"[Defend Workflows] Endpoint advanced options migration vs policy re-deployment issue mitigation (#196708)\n\n## Summary\r\n\r\ncloses https://github.com/elastic/security-team/issues/10851\r\n\r\n> [!note]\r\n>⚠️ needs to be included in v8.16\r\n>⚠️ needs to be merged this week to avoid releasing\r\nhttps://github.com//pull/195797 on Serverless\r\n\r\nAs backfilled package policies are not automatically redeployed (see\r\nhttps://github.com//issues/193352), this PR's goal is to\r\nprovide quick mitigation in the following matters:\r\n- update default values in the descriptions of advanced options added in\r\nhttps://github.com//pull/195797, to harmonize with latest\r\nEndpoint changes (https://github.com/elastic/endpoint-dev/issues/15109)\r\n- remove backfill/migration of those default values:\r\n- we should be _able_ to safely remove the backfills, as they have not\r\nyet been released to serverless. and,\r\n- we _should_ remove them to make sure that when we update the defaults\r\nin the future and apply the backfill, there will be a data change that\r\ncould trigger policy re-deployment, in case data change is what the\r\ntrigger will be in #193352.\r\n - example scenario of what could go wrong:\r\n - if we'd apply backfill now, the package won't be redeployed.\r\n- if the user does not touch it until the next release - no redeploy.\r\n- if #193352 is implemented and uses data comparison when running\r\nmigrations - again, no redeploy because we already backfilled the data\r\nmonths before.\r\n - cc @ferullo @nfritts \r\n- hide banner describing event volume reduction (added in\r\nhttps://github.com//pull/195177, already released to\r\nserverless, but it is what it is)\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"142997925e5aafac306056b00be1789271aa5dd0"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/196835","number":196835,"state":"OPEN"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds advanced options to Endpoint package policy, that are introduced to Endpoint v8.16.
See https://github.com/elastic/security-team/issues/10461#issuecomment-2405496316 for details.
closes https://github.com/elastic/security-team/issues/10461
closes https://github.com/elastic/security-team/issues/10489
Note
One question still needs confirmation, whether we need backfill for-> all good, no need to backfill fordev_drives.harden, but that should be like 5 lines of change in case it's needed, so the PR is ready for review, to make sure it's merged until FF.dev_drives.hardenChecklist
Delete any items that are not applicable to this PR.