Use FLEET_TOKEN_POLICY_NAME to select policy (#697)

* Use FLEET_TOKEN_POLICY_NAME

* Use separate env file for Elastic Agent

* Fix: missing envs

* Fix

* Fix: Kubernetes agent token

* Fix: comment

Author: mtojek

internal/profile/_static/docker-compose-stack.yml

@@ -103,10 +103,7 @@ services:
       retries: 180
       interval: 1s
     hostname: docker-fleet-agent
-    environment:
-    - "FLEET_ENROLL=1"
-    - "FLEET_INSECURE=1"
-    - "FLEET_URL=http://fleet-server:8220"
+    env_file: "./elastic-agent.${STACK_VERSION_VARIANT}.env"
     volumes:
     - type: bind
       source: ../../../tmp/service_logs/

internal/profile/_static/elastic-agent_8x.env

@@ -0,0 +1,4 @@
+FLEET_ENROLL=1
+FLEET_INSECURE=1
+FLEET_URL=http://fleet-server:8220
+FLEET_TOKEN_POLICY_NAME=Elastic-Agent (elastic-package)

internal/profile/_static/elastic-agent_default.env

@@ -0,0 +1,3 @@
+FLEET_ENROLL=1
+FLEET_INSECURE=1
+FLEET_URL=http://fleet-server:8220

internal/profile/profile.go

@@ -36,6 +36,8 @@ type configFile string
 // managedProfileFiles is the list of all files managed in a profile
 // If you create a new file that's managed by a profile, it needs to go in this list
 var managedProfileFiles = map[configFile]NewConfig{
+	ElasticAgentDefaultEnvFile:     newElasticAgentDefaultEnv,
+	ElasticAgent8xEnvFile:          newElasticAgent8xEnv,
 	ElasticsearchConfigDefaultFile: newElasticsearchConfigDefault,
 	ElasticsearchConfig8xFile:      newElasticsearchConfig8x,
 	KibanaConfigDefaultFile:        newKibanaConfigDefault,

internal/profile/static.go

@@ -115,5 +115,32 @@ func newPackageRegistryDockerfile(_ string, profilePath string) (*simpleFile, er
 		path: filepath.Join(profilePath, profileStackPath, string(PackageRegistryDockerfileFile)),
 		body: packageRegistryDockerfile,
 	}, nil
+}
+
+// ElasticAgent8xEnvFile is the .env for the 8x stack.
+const ElasticAgent8xEnvFile configFile = "elastic-agent.8x.env"
+
+//go:embed _static/elastic-agent_8x.env
+var elasticAgent8xEnv string
 
+func newElasticAgent8xEnv(_ string, profilePath string) (*simpleFile, error) {
+	return &simpleFile{
+		name: string(ElasticAgent8xEnvFile),
+		path: filepath.Join(profilePath, profileStackPath, string(ElasticAgent8xEnvFile)),
+		body: elasticAgent8xEnv,
+	}, nil
+}
+
+// ElasticAgentDefaultEnvFile is the default .env file.
+const ElasticAgentDefaultEnvFile configFile = "elastic-agent.default.env"
+
+//go:embed _static/elastic-agent_default.env
+var elasticAgentDefaultEnv string
+
+func newElasticAgentDefaultEnv(_ string, profilePath string) (*simpleFile, error) {
+	return &simpleFile{
+		name: string(ElasticAgentDefaultEnvFile),
+		path: filepath.Join(profilePath, profileStackPath, string(ElasticAgentDefaultEnvFile)),
+		body: elasticAgentDefaultEnv,
+	}, nil
 }

internal/stack/logs.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/elastic/elastic-package/internal/compose"
 	"github.com/elastic/elastic-package/internal/docker"
+	"github.com/elastic/elastic-package/internal/install"
 )
 
 func dockerComposeLogs(serviceName string, snapshotFile string) ([]byte, error) {
@@ -20,6 +21,9 @@ func dockerComposeLogs(serviceName string, snapshotFile string) ([]byte, error)
 	}
 
 	opts := compose.CommandOptions{
+		Env: newEnvBuilder().
+			withEnv(stackVariantAsEnv(install.DefaultStackVersion)).
+			build(),
 		Services: []string{serviceName},
 	}
 

internal/stack/shellinit.go

@@ -63,7 +63,11 @@ func ShellInit(elasticStackProfile *profile.Profile) (string, error) {
 	}
 
 	serviceComposeConfig, err := p.Config(compose.CommandOptions{
-		Env: append(appConfig.StackImageRefs(install.DefaultStackVersion).AsEnv(), elasticStackProfile.ComposeEnvVars()...),
+		Env: newEnvBuilder().
+			withEnvs(appConfig.StackImageRefs(install.DefaultStackVersion).AsEnv()).
+			withEnvs(elasticStackProfile.ComposeEnvVars()).
+			withEnv(stackVariantAsEnv(install.DefaultStackVersion)).
+			build(),
 	})
 	if err != nil {
 		return "", errors.Wrap(err, "could not get Docker Compose configuration for service")

internal/testrunner/runners/system/servicedeployer/elastic-agent-managed.yaml.tmpl

@@ -35,6 +35,8 @@ spec:
               # If left empty KIBANA_HOST, KIBANA_FLEET_USERNAME, KIBANA_FLEET_PASSWORD are needed
             - name: FLEET_ENROLLMENT_TOKEN
               value: ""
+            - name: FLEET_TOKEN_POLICY_NAME
+              value: "{{ .elasticAgentTokenPolicyName }}"
             - name: KIBANA_HOST
               value: "http://kibana:5601"
             - name: KIBANA_FLEET_USERNAME

internal/testrunner/runners/system/servicedeployer/kubernetes.go

@@ -8,6 +8,7 @@ import (
 	"bytes"
 	_ "embed"
 	"path/filepath"
+	"strings"
 	"text/template"
 
 	"github.com/pkg/errors"
@@ -179,12 +180,22 @@ func getElasticAgentYAML(stackVersion string) ([]byte, error) {
 
 	var elasticAgentYaml bytes.Buffer
 	err = tmpl.Execute(&elasticAgentYaml, map[string]string{
-		"fleetURL":          "http://fleet-server:8220",
-		"elasticAgentImage": appConfig.StackImageRefs(stackVersion).ElasticAgent,
+		"fleetURL":                    "http://fleet-server:8220",
+		"elasticAgentImage":           appConfig.StackImageRefs(stackVersion).ElasticAgent,
+		"elasticAgentTokenPolicyName": getTokenPolicyName(stackVersion),
 	})
 	if err != nil {
 		return nil, errors.Wrap(err, "can't generate elastic agent manifest")
 	}
 
 	return elasticAgentYaml.Bytes(), nil
 }
+
+// getTokenPolicyName function returns the policy name for the 8.x Elastic stack. The agent's policy
+// is predefined in the Kibana configuration file. The logic is not present in older stacks.
+func getTokenPolicyName(stackVersion string) string {
+	if strings.HasPrefix(stackVersion, "8.") {
+		return "Elastic-Agent (elastic-package)"
+	}
+	return ""
+}

test/packages/with-kind/kubernetes/manifest.yml

@@ -10,7 +10,7 @@ categories:
   - kubernetes
 release: ga
 conditions:
-  kibana.version: "^7.16.0 || ^8.0.0"
+  kibana.version: "^8.0.0"
 screenshots:
   - src: /img/metricbeat_kubernetes_overview.png
     title: Metricbeat Kubernetes Overview