From a5745393ccfea6acdf895eba3f4d3b810551dfbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= <patryk.kopycinski@elastic.co>
Date: Mon, 10 May 2021 23:06:57 +0200
Subject: [PATCH] [Osquery] Fix Osquery plugin initialization (#99591) (#99676)

---
 x-pack/plugins/osquery/public/plugin.ts       | 33 ++++++++++++-------
 .../scheduled_query_groups/form/index.tsx     |  5 +++
 .../factory/results/query.all_results.dsl.ts  |  2 +-
 3 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/x-pack/plugins/osquery/public/plugin.ts b/x-pack/plugins/osquery/public/plugin.ts
index c0a097cb3ba28..d1e7154fb0dc0 100644
--- a/x-pack/plugins/osquery/public/plugin.ts
+++ b/x-pack/plugins/osquery/public/plugin.ts
@@ -38,6 +38,14 @@ export function toggleOsqueryPlugin(
   http: CoreStart['http'],
   registerExtension?: StartPlugins['fleet']['registerExtension']
 ) {
+  if (http.anonymousPaths.isAnonymous(window.location.pathname)) {
+    updater$.next(() => ({
+      status: AppStatus.inaccessible,
+      navLinkStatus: AppNavLinkStatus.hidden,
+    }));
+    return;
+  }
+
   http
     .fetch<GetPackagesResponse>(epmRouteService.getListPath(), { query: { experimental: true } })
     .then(({ response }) => {
@@ -134,22 +142,23 @@ export class OsqueryPlugin implements Plugin<OsqueryPluginSetup, OsqueryPluginSt
 
       if (config.enabled) {
         toggleOsqueryPlugin(this.appUpdater$, core.http, registerExtension);
-      }
 
-      registerExtension({
-        package: OSQUERY_INTEGRATION_NAME,
-        view: 'package-policy-create',
-        component: LazyOsqueryManagedPolicyCreateImportExtension,
-      });
-
-      registerExtension({
-        package: OSQUERY_INTEGRATION_NAME,
-        view: 'package-policy-edit',
-        component: LazyOsqueryManagedPolicyEditExtension,
-      });
+        registerExtension({
+          package: OSQUERY_INTEGRATION_NAME,
+          view: 'package-policy-create',
+          component: LazyOsqueryManagedPolicyCreateImportExtension,
+        });
+
+        registerExtension({
+          package: OSQUERY_INTEGRATION_NAME,
+          view: 'package-policy-edit',
+          component: LazyOsqueryManagedPolicyEditExtension,
+        });
+      }
     } else {
       this.appUpdater$.next(() => ({
         status: AppStatus.inaccessible,
+        navLinkStatus: AppNavLinkStatus.hidden,
       }));
     }
 
diff --git a/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx b/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx
index 68652e13bed07..8924a61d181b6 100644
--- a/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx
+++ b/x-pack/plugins/osquery/public/scheduled_query_groups/form/index.tsx
@@ -151,6 +151,11 @@ const ScheduledQueryGroupFormComponent: React.FC<ScheduledQueryGroupFormProps> =
         // @ts-expect-error update types
         draft.inputs[0].streams.forEach((stream) => {
           delete stream.compiled_stream;
+
+          // we don't want to send id as null when creating the policy
+          if (stream.id == null) {
+            delete stream.id;
+          }
         });
         return draft;
       });
diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/query.all_results.dsl.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/query.all_results.dsl.ts
index 6ef00b0ea3058..b560fd3c364e9 100644
--- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/query.all_results.dsl.ts
+++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/results/query.all_results.dsl.ts
@@ -43,7 +43,7 @@ export const buildResultsQuery = ({
       aggs: {
         count_by_agent_id: {
           terms: {
-            field: 'agent.id',
+            field: 'elastic_agent.id',
             size: 10000,
           },
         },