[Ingest Manager] Install uploaded package #77986
Conversation
skh
force-pushed
the
70582-direct-package-upload-part-2
branch
2 times, most recently
from
9cbeddf
to
0557804
Compare
skh
force-pushed
the
70582-direct-package-upload-part-2
branch
3 times, most recently
from
e0baec6
to
f841ea8
Compare
There was a problem hiding this comment.
I had a look at the PR and left a few comments. Overall I think this is heading in the right direction. It would be nice in some cases to directly build the struct for the manifest so it can be reused in multiple places.
I also want to take this as an opportunity to share a bit on how I think the end result could look like.
There are different sources from where to install a package. In the end, in all cases it is a .zip file. The fetcher for the specific sources knows how to get this zip file from the source. From there, installation is always the same. It goes through the validator and caches / stores the package locally. As soon as a package is installed, all data should be always fetched from this cache / store.
The only source where packages can be browsed without being installed is the package registry. This is our special case. The package list package + package details page for uninstalled packages comes directly from the registry. All the installed package details are served locally.
My hope is that the only place where we need to use the json from the registry is in the uninstalled package list and the details page for uninstalled package.
x-pack/plugins/ingest_manager/server/saved_objects/migrations/to_v7_10_0.ts
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
skh
force-pushed
the
70582-direct-package-upload-part-2
branch
3 times, most recently
from
1771d65
to
ff01e6e
Compare
|
Pinging @elastic/ingest-management (Team:Ingest Management) |
skh
added
release_note:skip
skh
force-pushed
the
70582-direct-package-upload-part-2
branch
from
7746bd2
to
d182c7d
Compare
x-pack/plugins/ingest_manager/server/services/epm/packages/assets.test.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
👏 Great stuff! I've read this through a few times but haven't had a chance to run it.
I am still processing a few of the flow changes (basically around new cache/stores) but everything reads well and seems isolated enough (and with tests) that it'd be easy to change later if we needed to.
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
x-pack/test/ingest_manager_api_integration/apis/epm/install_by_upload.ts
Outdated
Show resolved
Hide resolved
x-pack/test/ingest_manager_api_integration/apis/epm/install_by_upload.ts
Show resolved
Hide resolved
x-pack/plugins/ingest_manager/server/services/epm/packages/assets.ts
Outdated
Show resolved
Hide resolved
skh
force-pushed
the
70582-direct-package-upload-part-2
branch
from
d182c7d
to
523d8dc
Compare
|
@jen-huang @jonathan-buttner @jfsiii thanks for your comments! I have either answered, or made amends in the code, or both. This is ready for another look. |
skh
force-pushed
the
70582-direct-package-upload-part-2
branch
from
0881314
to
df23d82
Compare
x-pack/plugins/ingest_manager/server/services/epm/archive/index.ts
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,332 @@ | |||
| /* | |||
There was a problem hiding this comment.
👍 I like all the verify methods in this file
x-pack/plugins/ingest_manager/server/services/epm/elasticsearch/template/install.ts
Outdated
Show resolved
Hide resolved
| const supertest = getService('supertest'); | ||
| const dockerServers = getService('dockerServers'); | ||
| const log = getService('log'); | ||
|
|
||
| const testPkgArchiveTgz = path.join( |
There was a problem hiding this comment.
I imagine this is already done if the tests pass, but do these new fixtures have the new package changes? (I recall having to adjust apache_0.1.4.tar.gz during my PR)
There was a problem hiding this comment.
I need to update all package fixtures. Right now I adjusted the tests to the fact that the datasets (and assets related to them) are not found in the uploaded packages.
There was a problem hiding this comment.
I wonder if it is worth tracking the unpacked version of the fixtures. binary diffs are not super useful 😅
There was a problem hiding this comment.
The downside of unpackaged packages is that they may contain a lot of files, which clutter PRs -- I accidentally opened one with so many files that the github review interface became unusable. I consider these fixtures like the packages contained in the dockerized registry -- unfortunately a bit difficult to handle, but they shouldn't change that often.
Also, I think I can reduce the number of these packages and move some of the validation tests to unit tests.
|
Oops, meant to leave a comment with that review ^: A few minor comments but LGTM!! |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]distributable file count
Saved Objects .kibana field count
History
To update your PR or re-run it, just comment with: |
* Refactor: installPackage -> installPackageFromRegistry * Refactor: factor out source-agnostic installation steps * Unpack and cache uploaded zip and tgz files. * Add basic archive verification and parse manifest. * Catch error when zip archive is uploaded as gzip. * Add API integration tests. * Remove unnecessary use of "package key" concept. * Add 'install_source' property to saved object epm-packages. * Adjust tests. * Add API integration test for manifest missing fields. * Refactor loadArchive -> loadArchivePackage. * Refactor caching of package archive content * Get datasets and config templates from manifest files. * Use file paths from archive instead of asset paths from registry. * Correctly load registry packages into cache * Use InstallablePackage instead of RegistryPackage where possible. * Actually install uploaded package. * Add missing field to saved objects in tests. * Adjust unit test to pick buffer extractor. * Adjust unit test. * Fix and re-enable getAsset() test. * Adjust integration tests. * Make error message match test. * Pick data_stream.dataset from manifest if set. * dataset -> data_stream also in comments * Remove unused variable. * Use pkgToPkgKey() where appropriate. * More dataset -> data stream renaming. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Refactor: installPackage -> installPackageFromRegistry * Refactor: factor out source-agnostic installation steps * Unpack and cache uploaded zip and tgz files. * Add basic archive verification and parse manifest. * Catch error when zip archive is uploaded as gzip. * Add API integration tests. * Remove unnecessary use of "package key" concept. * Add 'install_source' property to saved object epm-packages. * Adjust tests. * Add API integration test for manifest missing fields. * Refactor loadArchive -> loadArchivePackage. * Refactor caching of package archive content * Get datasets and config templates from manifest files. * Use file paths from archive instead of asset paths from registry. * Correctly load registry packages into cache * Use InstallablePackage instead of RegistryPackage where possible. * Actually install uploaded package. * Add missing field to saved objects in tests. * Adjust unit test to pick buffer extractor. * Adjust unit test. * Fix and re-enable getAsset() test. * Adjust integration tests. * Make error message match test. * Pick data_stream.dataset from manifest if set. * dataset -> data_stream also in comments * Remove unused variable. * Use pkgToPkgKey() where appropriate. * More dataset -> data stream renaming. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
Partially implements #70582
This adds the functionality to actually install a package from an uploaded zip or tar.gz archive. A package uploaded this way can be deleted by the existing
DELETE /api/ingest_manager/epm/packages/PKGKEYendpoint.IMPORTANT: The installed package cannot yet be added to a policy and used by enrolled agents. This functionality will be added in a follow-up PR. This PR is opened for review now to keep the amount of code to be reviewed manageable (it is on the large side already).
The API endpoint to upload packages is undocumented and should not be used. Therefore, this PR does not contain documentation or changes to the OpenAPI spec.
In detail, the changes include:
Refactoring EPM to allow installation from different sources (upload and registry). This includes types, method names, and control flow.
Adding error classes for specific errors related to package upload, add tests for those which don't return
400Changing the saved object
epm-packagesto include the installation source of a package (registryorupload).Performing some basic verification on the uploaded archive, and use the top-level
manifest.ymlto extract the information we need for package installation.Picking all information about config templates and datasets from the
manifest.xmlfiles in the package.Refactoring the in-memory cache for package data: Add a cache
package key->package file listand remove the cachepackage key->archive location. The existing file cachefile path->file bufferis unchanged. This is necessary because the cache now contains package contents that do not come from the registry, and thus don't have an archive location.How to test this
Try to break it
This change contains a fair amount of refactoring of existing functionality. Ideally, the behavior when installing and using packages from the registry should not have changed. Please review with a focus on the changed code paths, and try to break them in manual testing. The existing integration tests were a great help, but we don't have full test coverage over all areas of the code.
Upload and uninstall packages
Integration tests have been added. The package archives used in these tests can also be used for manual testing. First, export a variable with the path to your kibana project directory:
export KIBANA_HOME=./path/to/srcdir/of/kibanaThen, copy & paste the following
curlcommands to see the behavior of the API endpoint on the command line. (Assuming a locally running dev environment,--no-base-pathand port 5601).Happy path:
curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_0.1.4.zip -H 'kbn-xsrf: xyz' -H 'Content-Type: application/zip'curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_0.1.4.tar.gz -H 'kbn-xsrf: xyz' -H 'Content-Type: application/gzip'Uploaded packages can be deleted as expected:
curl -X DELETE -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages/apache-0.1.4 -H 'kbn-xsrf: xxx'Wrong content type:
curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_0.1.4.tar.gz -H 'kbn-xsrf: xyz' -H 'Content-Type: application/zip'curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_0.1.4.zip -H 'kbn-xsrf: xyz' -H 'Content-Type: application/gzip'Invalid packages
curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_invalid_two_toplevels_0.1.4.zip -H 'kbn-xsrf: xyz' -H 'Content-Type: application/zip'curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_invalid_no_manifest_0.1.4.zip -H 'kbn-xsrf: xyz' -H 'Content-Type: application/zip'curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_invalid_manifest_invalid_yaml_0.1.4.zip -H 'kbn-xsrf: xyz' -H 'Content-Type: application/zip'curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_invalid_manifest_missing_field_0.1.4.zip -H 'kbn-xsrf: xyz' -H 'Content-Type: application/zip'nameandversionfrom manifest:curl -X POST -u elastic:changeme http://localhost:5601/api/ingest_manager/epm/packages --data-binary @$KIBANA_HOME/x-pack/test/ingest_manager_api_integration/apis/fixtures/direct_upload_packages/apache_invalid_toplevel_mismatch_0.1.4.zip -H 'kbn-xsrf: xyz' -H 'Content-Type: application/zip'NOTE: When not copy-pasting, be sure to use
--data-binary, not--dataor the upload is corrupted.