[Fleet] Add fleetServerEnabled config setting and use it in SO migration for Endpoint Policies (#95204)

* Add `agents.fleetServerEnabled` to plugin configuration * Use feature flag in Endpoint package policy SO migration
2021-03-23 15:24:24 -04:00 · 2021-03-23 15:24:24 -04:00 · 8933037bd0
parent 3998a83871
commit 8933037bd0
8 changed files with 56 additions and 16 deletions
--- a/x-pack/plugins/fleet/common/types/index.ts
+++ b/x-pack/plugins/fleet/common/types/index.ts
@ -14,6 +14,7 @@ export interface FleetConfigType {
  registryProxyUrl?: string;
  agents: {
    enabled: boolean;
+    fleetServerEnabled: boolean;
    tlsCheckDisabled: boolean;
    pollingRequestTimeout: number;
    maxConcurrentConnections: number;
--- a/x-pack/plugins/fleet/public/applications/fleet/mock/plugin_configuration.ts
+++ b/x-pack/plugins/fleet/public/applications/fleet/mock/plugin_configuration.ts
@ -14,6 +14,7 @@ export const createConfigurationMock = (): FleetConfigType => {
    registryProxyUrl: '',
    agents: {
      enabled: true,
+      fleetServerEnabled: false,
      tlsCheckDisabled: true,
      pollingRequestTimeout: 1000,
      maxConcurrentConnections: 100,
--- a/x-pack/plugins/fleet/server/index.ts
+++ b/x-pack/plugins/fleet/server/index.ts
@ -38,7 +38,6 @@ export const config: PluginConfigDescriptor = {
  deprecations: ({ renameFromRoot, unused }) => [
    renameFromRoot('xpack.ingestManager', 'xpack.fleet'),
    renameFromRoot('xpack.fleet.fleet', 'xpack.fleet.agents'),
-    unused('agents.fleetServerEnabled'),
  ],
  schema: schema.object({
    enabled: schema.boolean({ defaultValue: true }),
@ -46,6 +45,7 @@ export const config: PluginConfigDescriptor = {
    registryProxyUrl: schema.maybe(schema.uri({ scheme: ['http', 'https'] })),
    agents: schema.object({
      enabled: schema.boolean({ defaultValue: true }),
+      fleetServerEnabled: schema.boolean({ defaultValue: false }),
      tlsCheckDisabled: schema.boolean({ defaultValue: false }),
      pollingRequestTimeout: schema.number({
        defaultValue: AGENT_POLLING_REQUEST_TIMEOUT_MS,
--- a/x-pack/plugins/fleet/server/plugin.ts
+++ b/x-pack/plugins/fleet/server/plugin.ts
@ -209,6 +209,10 @@ export class FleetPlugin
    this.encryptedSavedObjectsSetup = deps.encryptedSavedObjects;
    this.cloud = deps.cloud;

+    const config = await this.config$.pipe(first()).toPromise();
+
+    appContextService.fleetServerEnabled = config.agents.fleetServerEnabled;
+
    registerSavedObjects(core.savedObjects, deps.encryptedSavedObjects);
    registerEncryptedSavedObjects(deps.encryptedSavedObjects);

@ -248,8 +252,6 @@ export class FleetPlugin

    const router = core.http.createRouter();

-    const config = await this.config$.pipe(first()).toPromise();
-
    // Register usage collection
    registerFleetUsageCollector(core, config, deps.usageCollection);

--- a/x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_13_0.test.ts
+++ b/x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_13_0.test.ts
@ -12,6 +12,8 @@ import type { PackagePolicy } from '../../../../common';

 import { migrationMocks } from '../../../../../../../src/core/server/mocks';

+import { appContextService } from '../../../services';
+
 import { migrateEndpointPackagePolicyToV7130 } from './to_v7_13_0';

 describe('7.13.0 Endpoint Package Policy migration', () => {
@ -126,6 +128,16 @@ describe('7.13.0 Endpoint Package Policy migration', () => {

  const migrationContext = migrationMocks.createContext();

+  beforeEach(() => {
+    // set `fleetServerEnabled` flag to true
+    appContextService.fleetServerEnabled = true;
+  });
+
+  afterEach(() => {
+    // set `fleetServerEnabled` flag back to false
+    appContextService.fleetServerEnabled = false;
+  });
+
  it('should adjust the relative url for all artifact manifests', () => {
    expect(
      migrateEndpointPackagePolicyToV7130(createOldPackagePolicySO(), migrationContext)
@ -142,4 +154,15 @@ describe('7.13.0 Endpoint Package Policy migration', () => {
      unchangedPackagePolicySo
    );
  });
+
+  it('should NOT migrate artifact relative_url if fleetServerEnabled is false', () => {
+    const packagePolicySo = createOldPackagePolicySO();
+    const unchangedPackagePolicySo = cloneDeep(packagePolicySo);
+
+    appContextService.fleetServerEnabled = false;
+
+    expect(migrateEndpointPackagePolicyToV7130(packagePolicySo, migrationContext)).toEqual(
+      unchangedPackagePolicySo
+    );
+  });
 });
--- a/x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_13_0.ts
+++ b/x-pack/plugins/fleet/server/saved_objects/migrations/security_solution/to_v7_13_0.ts
@ -10,6 +10,7 @@ import type { SavedObjectMigrationFn } from 'kibana/server';
 import type { PackagePolicy } from '../../../../common';
 import { relativeDownloadUrlFromArtifact } from '../../../services/artifacts/mappings';
 import type { ArtifactElasticsearchProperties } from '../../../services';
+import { appContextService } from '../../../services';

 type ArtifactManifestList = Record<
  string,
@ -21,16 +22,19 @@ export const migrateEndpointPackagePolicyToV7130: SavedObjectMigrationFn<
  PackagePolicy
 > = (packagePolicyDoc) => {
  if (packagePolicyDoc.attributes.package?.name === 'endpoint') {
-    // Adjust all artifact URLs so that they point at fleet-server
-    const artifactList: ArtifactManifestList =
-      packagePolicyDoc.attributes?.inputs[0]?.config?.artifact_manifest.value.artifacts;
+    // Feature condition check here is temporary until v7.13 ships
+    if (appContextService.fleetServerEnabled) {
+      // Adjust all artifact URLs so that they point at fleet-server
+      const artifactList: ArtifactManifestList =
+        packagePolicyDoc.attributes?.inputs[0]?.config?.artifact_manifest.value.artifacts;

-    if (artifactList) {
-      for (const [identifier, artifactManifest] of Object.entries(artifactList)) {
-        artifactManifest.relative_url = relativeDownloadUrlFromArtifact({
-          identifier,
-          decodedSha256: artifactManifest.decoded_sha256,
-        });
+      if (artifactList) {
+        for (const [identifier, artifactManifest] of Object.entries(artifactList)) {
+          artifactManifest.relative_url = relativeDownloadUrlFromArtifact({
+            identifier,
+            decodedSha256: artifactManifest.decoded_sha256,
+          });
+        }
      }
    }
  }
--- a/x-pack/plugins/fleet/server/saved_objects/migrations/to_v7_13_0.ts
+++ b/x-pack/plugins/fleet/server/saved_objects/migrations/to_v7_13_0.ts
@ -32,11 +32,15 @@ export const migratePackagePolicyToV7130: SavedObjectMigrationFn<PackagePolicy,
  packagePolicyDoc,
  migrationContext
 ) => {
+  let updatedPackagePolicyDoc = packagePolicyDoc;
+
  // Endpoint specific migrations
-  // FIXME:PT remove `-OFF` from below once ready to be released
-  if (packagePolicyDoc.attributes.package?.name === 'endpoint-OFF') {
-    return migrateEndpointPackagePolicyToV7130(packagePolicyDoc, migrationContext);
+  if (packagePolicyDoc.attributes.package?.name === 'endpoint') {
+    updatedPackagePolicyDoc = migrateEndpointPackagePolicyToV7130(
+      packagePolicyDoc,
+      migrationContext
+    );
  }

-  return packagePolicyDoc;
+  return updatedPackagePolicyDoc;
 };
--- a/x-pack/plugins/fleet/server/services/app_context.ts
+++ b/x-pack/plugins/fleet/server/services/app_context.ts
@ -44,6 +44,11 @@ class AppContextService {
  private httpSetup?: HttpServiceSetup;
  private externalCallbacks: ExternalCallbacksStorage = new Map();

+  /**
+   * Temporary flag until v7.13 ships
+   */
+  public fleetServerEnabled: boolean = false;
+
  public async start(appContext: FleetAppContext) {
    this.data = appContext.data;
    this.esClient = appContext.elasticsearch.client.asInternalUser;