forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Fleet] Add warning if need root integrations trying to be used with …
…unprivileged agents (elastic#183283) ## Summary Closes elastic/ingest-dev#3252 ## Add integration Added warning to Add integration when the integration requires root privilege and the selected existing agent policy has unprivileged agents enrolled. To verify: - enroll an agent with docker (it has unprivileged: true) - try to add an integration that requires root e.g. auditd_manager - verify that when trying to save the integration, the warning callout is part of the confirm deploy modal <img width="807" alt="image" src="https://github.com/elastic/kibana/assets/90178898/420da729-a4f4-4861-9767-001699629397"> ## Add agent flyout Added warning to Add agent flyout when an unprivileged agent is detected in combination with an agent policy that has integrations requiring root To verify: - add an integration to an agent policy that requires root e.g. auditd_manager - open Add agent flyout, verify that the warning callout is visible <img width="1273" alt="image" src="https://github.com/elastic/kibana/assets/90178898/e4ae1d73-358b-4d3c-9ca0-27e88bc734a6"> ### Open question: - Do we want to show the warning on `Add agent flyout` only for newly enrolled agents (in the last 10 mins like we query enrolled agents), or any unprivileged agents that are enrolled to this policy? - Decision: No longer applicable as we decided to not show a count here ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
- Loading branch information
1 parent
130bf7b
commit ad03dfb
Showing
38 changed files
with
738 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7446,6 +7446,9 @@ | |
}, | ||
"title": { | ||
"type": "string" | ||
}, | ||
"requires_root": { | ||
"type": "boolean" | ||
} | ||
}, | ||
"required": [ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
81 changes: 81 additions & 0 deletions
81
...eet/sections/agent_policy/create_package_policy_page/single_page_layout/confirm_modal.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import React from 'react'; | ||
import { EuiCallOut, EuiConfirmModal } from '@elastic/eui'; | ||
import { FormattedMessage } from '@kbn/i18n-react'; | ||
import { i18n } from '@kbn/i18n'; | ||
|
||
export interface UnprivilegedConfirmModalProps { | ||
onConfirm: () => void; | ||
onCancel: () => void; | ||
agentPolicyName: string; | ||
unprivilegedAgentsCount: number; | ||
} | ||
|
||
export const UnprivilegedConfirmModal: React.FC<UnprivilegedConfirmModalProps> = ({ | ||
onConfirm, | ||
onCancel, | ||
agentPolicyName, | ||
unprivilegedAgentsCount, | ||
}: UnprivilegedConfirmModalProps) => { | ||
return ( | ||
<EuiConfirmModal | ||
title={ | ||
<FormattedMessage | ||
id="xpack.fleet.addIntegration.confirmModalTitle" | ||
defaultMessage="Confirm add integration" | ||
/> | ||
} | ||
onCancel={onCancel} | ||
onConfirm={onConfirm} | ||
cancelButtonText={ | ||
<FormattedMessage | ||
id="xpack.fleet.addIntegration.confirmModal.cancelButtonLabel" | ||
defaultMessage="Cancel" | ||
/> | ||
} | ||
confirmButtonText={ | ||
<FormattedMessage | ||
id="xpack.fleet.addIntegration.confirmModal.confirmButtonLabel" | ||
defaultMessage="Add integration" | ||
/> | ||
} | ||
buttonColor="warning" | ||
> | ||
<UnprivilegedAgentsCallout | ||
unprivilegedAgentsCount={unprivilegedAgentsCount} | ||
agentPolicyName={agentPolicyName} | ||
/> | ||
</EuiConfirmModal> | ||
); | ||
}; | ||
|
||
export const UnprivilegedAgentsCallout: React.FC<{ | ||
agentPolicyName: string; | ||
unprivilegedAgentsCount: number; | ||
}> = ({ agentPolicyName, unprivilegedAgentsCount }) => { | ||
return ( | ||
<EuiCallOut | ||
color="warning" | ||
iconType="warning" | ||
title={i18n.translate('xpack.fleet.addIntegration.confirmModal.unprivilegedAgentsTitle', { | ||
defaultMessage: 'Unprivileged agents enrolled to the selected policy', | ||
})} | ||
data-test-subj="unprivilegedAgentsCallout" | ||
> | ||
<FormattedMessage | ||
id="xpack.fleet.addIntegration.confirmModal.unprivilegedAgentsMessage" | ||
defaultMessage="This integration requires Elastic Agents to have root privileges. There {unprivilegedAgentsCount, plural, one {is # agent} other {are # agents}} running in an unprivileged mode using {agentPolicyName}. To ensure that all data required by the integration can be collected, re-enroll the {unprivilegedAgentsCount, plural, one {agent} other {agents}} using an account with root privileges." | ||
values={{ | ||
unprivilegedAgentsCount, | ||
agentPolicyName, | ||
}} | ||
/> | ||
</EuiCallOut> | ||
); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.