-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] support force flag to add/remove package_policies #96713
[Fleet] support force flag to add/remove package_policies #96713
Conversation
@@ -79,18 +79,20 @@ export const createPackagePolicyHandler: RequestHandler< | |||
> = async (context, request, response) => { | |||
const soClient = context.core.savedObjects.client; | |||
const esClient = context.core.elasticsearch.client.asCurrentUser; | |||
const user = (await appContextService.getSecurity()?.authc.getCurrentUser(request)) || undefined; | |||
const user = appContextService.getSecurity()?.authc.getCurrentUser(request) || undefined; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything I found also indicates getCurrentUser
is sync
getCurrentUser: (request: KibanaRequest) => AuthenticatedUser | null; |
kibana/x-pack/plugins/security/server/authentication/authentication_service.ts
Lines 161 to 162 in 6ecffcc
const getCurrentUser = (request: KibanaRequest) => | |
http.auth.get<AuthenticatedUser>(request).state ?? null; |
version: '0.13.0', | ||
}, | ||
}) | ||
.expect(400); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
now expects 400
vs 500
version: '0.1.0', | ||
}, | ||
}) | ||
.expect(400); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
now expects 400
vs 500
} else { | ||
warnAndSkipTest(this, log); | ||
} | ||
it('should return a 400 if there is another package policy with the same name', async function () { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
now expects 400
vs 500
namespace: 'default', | ||
is_managed: true, | ||
}); | ||
it('can only add to managed agent policies using the force parameter', async function () { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test the new behavior (force bypasses hosted policy restriction)
@@ -47,230 +46,229 @@ export default function ({ getService }: FtrProviderContext) { | |||
.send({ agentPolicyId }); | |||
}); | |||
|
|||
it('should fail for managed agent policies', async function () { | |||
if (server.enabled) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most of the changes here are whitespace only from replacing the if (server.enabled) { ... } else { ... }
pattern with skipIfNoDockerRegistry
.
Pinging @elastic/fleet (Team:Fleet) |
@elasticmachine merge upstream |
cc @simitt this means the "make it unmanaged first" workaround from #90675 (comment) is no longer required |
/run-fleet-e2e-tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did not run it locally but code looks good and if the api integration test works 🚀
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: cc @jfsiii |
) ## Summary Can now pass a `force=true` parameter to add & remove integrations on hosted policies as originally intended [1] & [2] * Add `force` param for `POST` `/api/fleet/package_policies` & `/api/fleet/package_policies/delete` to a policy. Update tests to confirm * Not strictly required, but "while I was in there" * Updated a few places to throw `IngestManagerError` vs `Error` for `400` response vs `500`. Updated tests. * removed a few unnecessary `await`s of sync function [1] elastic#92426 (comment) [2] elastic#90445 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
…96868) ## Summary Can now pass a `force=true` parameter to add & remove integrations on hosted policies as originally intended [1] & [2] * Add `force` param for `POST` `/api/fleet/package_policies` & `/api/fleet/package_policies/delete` to a policy. Update tests to confirm * Not strictly required, but "while I was in there" * Updated a few places to throw `IngestManagerError` vs `Error` for `400` response vs `500`. Updated tests. * removed a few unnecessary `await`s of sync function [1] #92426 (comment) [2] #90445 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: John Schulz <john.schulz@elastic.co>
Summary
Can now pass a
force=true
parameter to add & remove integrations on hosted policies as originally intended [1] & [2]force
param forPOST
/api/fleet/package_policies
&/api/fleet/package_policies/delete
to a policy. Update tests to confirmIngestManagerError
vsError
for400
response vs500
. Updated tests.await
s of sync function[1] #92426 (comment)
[2] #90445
Checklist