Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Give notice when endpoint policy is out of date #83469

Merged
merged 14 commits into from
Nov 20, 2020
Prev Previous commit
Next Next commit
compare (endpoint) package policy and applied version
  • Loading branch information
pzl committed Nov 19, 2020
commit f016b604c810fe34ebf345411e007ac61658313b
Original file line number Diff line number Diff line change
Expand Up @@ -565,6 +565,7 @@ export type HostMetadata = Immutable<{
id: string;
status: HostPolicyResponseActionStatus;
name: string;
endpoint_policy_version: number;
pzl marked this conversation as resolved.
Show resolved Hide resolved
version: number;
};
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -364,16 +364,14 @@ export const EndpointList = () => {
dataTestSubj="policyStatusCellLink"
/>
</EuiHealth>
{(item.metadata.Endpoint.policy.applied.version <
item.policy_versions.agent.applied ||
item.metadata.Endpoint.policy.applied.version <
item.policy_versions.agent.configured ||
item.metadata.Endpoint.policy.applied.version < item.policy_versions.endpoint) && (
{(policy.version < item.policy_versions.agent.applied ||
policy.version < item.policy_versions.agent.configured ||
policy.endpoint_policy_version < item.policy_versions.endpoint) && (
<EuiFlexItem grow={false}>
<EuiText color="subdued" size="xs" className="eui-textNoWrap">
<EuiIcon size="m" type="alert" color="warning" />
<FormattedMessage
id="xpack.fleet.securitySolution.endpoint.list.outOfDateLabel"
id="xpack.securitySolution.endpoint.list.outOfDateLabel"
defaultMessage="Out-of-date"
/>
</EuiText>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,12 @@ import {
SavedObjectsClientContract,
} from 'src/core/server';
import { SecurityPluginSetup } from '../../../security/server';
import { AgentService, FleetStartContract, PackageService } from '../../../fleet/server';
import {
AgentService,
FleetStartContract,
PackageService,
PackagePolicyServiceInterface,
} from '../../../fleet/server';
import { PluginStartContract as AlertsPluginStartContract } from '../../../alerts/server';
import { getPackagePolicyCreateCallback } from './ingest_integration';
import { ManifestManager } from './services/artifacts';
Expand Down Expand Up @@ -66,7 +71,7 @@ export const createMetadataService = (packageService: PackageService): MetadataS
};

export type EndpointAppContextServiceStartContract = Partial<
Pick<FleetStartContract, 'agentService' | 'packageService'>
Pick<FleetStartContract, 'agentService' | 'packageService' | 'packagePolicyService'>
> & {
logger: Logger;
manifestManager?: ManifestManager;
Expand All @@ -85,11 +90,13 @@ export type EndpointAppContextServiceStartContract = Partial<
export class EndpointAppContextService {
private agentService: AgentService | undefined;
private manifestManager: ManifestManager | undefined;
private packagePolicyService: PackagePolicyServiceInterface | undefined;
private savedObjectsStart: SavedObjectsServiceStart | undefined;
private metadataService: MetadataService | undefined;

public start(dependencies: EndpointAppContextServiceStartContract) {
this.agentService = dependencies.agentService;
this.packagePolicyService = dependencies.packagePolicyService;
this.manifestManager = dependencies.manifestManager;
this.savedObjectsStart = dependencies.savedObjectsStart;
this.metadataService = createMetadataService(dependencies.packageService!);
Expand All @@ -115,6 +122,10 @@ export class EndpointAppContextService {
return this.agentService;
}

public getPackagePolicyService(): PackagePolicyServiceInterface | undefined {
return this.packagePolicyService;
}

public getMetadataService(): MetadataService | undefined {
return this.metadataService;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -291,12 +291,18 @@ async function enrichHostMetadata(
metadataRequestContext.requestHandlerContext.core.savedObjects.client,
elasticAgentId
);
const endpointPolicy = await metadataRequestContext.endpointAppContextService
.getPackagePolicyService()
?.get(
metadataRequestContext.requestHandlerContext.core.savedObjects.client,
hostMetadata.Endpoint.policy.applied.id
);
policyVersions = {
agent: {
applied: agent?.policy_revision!,
applied: agent?.policy_revision || 0,
configured: 0,
},
endpoint: 0,
endpoint: endpointPolicy?.revision || 0,
};
} catch (e) {
log.error(e);
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/security_solution/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,7 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
this.endpointAppContextService.start({
agentService: plugins.fleet?.agentService,
packageService: plugins.fleet?.packageService,
packagePolicyService: plugins.fleet?.packagePolicyService,
appClientFactory: this.appClientFactory,
security: this.setupPlugins!.security!,
alerts: plugins.alerts,
Expand Down