diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java index cc589b53eaa1a..97e438df1ef99 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java @@ -189,6 +189,11 @@ static RoleDescriptor kibanaSystem(String name) { .privileges("all") .allowRestrictedIndices(true) .build(), + RoleDescriptor.IndicesPrivileges.builder() + .indices(".fleet-agent-policies-metadata*") + .privileges("all") + .allowRestrictedIndices(true) + .build(), RoleDescriptor.IndicesPrivileges.builder() .indices(".fleet-policies-leader*") .privileges("all") diff --git a/x-pack/plugin/core/template-resources/src/main/resources/fleet-agent-policies-metadata.json b/x-pack/plugin/core/template-resources/src/main/resources/fleet-agent-policies-metadata.json new file mode 100644 index 0000000000000..85800709218ae --- /dev/null +++ b/x-pack/plugin/core/template-resources/src/main/resources/fleet-agent-policies-metadata.json @@ -0,0 +1,23 @@ +{ + "settings": { + "auto_expand_replicas": "0-1" + }, + "mappings": { + "_doc" : { + "dynamic": false, + "_meta": { + "version": "${fleet.version}", + "managed_index_mappings_version": ${fleet.managed.index.version} + }, + "properties": { + "policy_id": { + "type": "keyword" + }, + "agent_policy": { + "type": "object", + "enabled": false + } + } + } + } +} diff --git a/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents.json b/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents.json index 8b1c13f3152e8..9c877d04fa622 100644 --- a/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents.json +++ b/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents.json @@ -1,6 +1,9 @@ { "settings": { - "auto_expand_replicas": "0-1" + "auto_expand_replicas": "0-1", + "index": { + "default_pipeline": "fleet-agents@default-pipeline" + } }, "mappings": { "_doc": { @@ -30,6 +33,48 @@ } } }, + "agent_policy": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "text" + }, + "namespace": { + "type": "keyword" + }, + "is_managed": { + "type": "boolean" + }, + "inactivity_timeout": { + "type": "integer" + }, + "package_policies": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "text" + }, + "namespace": { + "type": "keyword" + }, + "package": { + "properties": { + "name": { + "type": "keyword" + }, + "version": { + "type": "keyword" + } + } + } + } + } + } + }, "default_api_key": { "type": "keyword" }, diff --git a/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents@default-pipeline.json b/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents@default-pipeline.json new file mode 100644 index 0000000000000..3e40f6133c64c --- /dev/null +++ b/x-pack/plugin/core/template-resources/src/main/resources/fleet-agents@default-pipeline.json @@ -0,0 +1,14 @@ +{ + "processors": [ + { + "pipeline": { + "name": "fleet-agents@enrich-agent-policies-pipeline", + "ignore_missing_pipeline": true + } + } + ], + "_meta": { + "description": "TODO", + "managed": true + } +} diff --git a/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/Fleet.java b/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/Fleet.java index 138a07833e584..6a8bd6212dcc3 100644 --- a/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/Fleet.java +++ b/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/Fleet.java @@ -84,6 +84,7 @@ public class Fleet extends Plugin implements SystemIndexPlugin { private static final int FLEET_ENROLLMENT_API_KEYS_MAPPINGS_VERSION = 1; private static final int FLEET_SECRETS_MAPPINGS_VERSION = 1; private static final int FLEET_POLICIES_MAPPINGS_VERSION = 1; + private static final int FLEET_POLICIES_METADATA_MAPPINGS_VERSION = 1; private static final int FLEET_POLICIES_LEADER_MAPPINGS_VERSION = 1; private static final int FLEET_SERVERS_MAPPINGS_VERSION = 1; private static final int FLEET_ARTIFACTS_MAPPINGS_VERSION = 1; @@ -110,6 +111,7 @@ public Collection getSystemIndexDescriptors(Settings sett fleetEnrollmentApiKeysSystemIndexDescriptor(), fleetSecretsSystemIndexDescriptor(), fleetPoliciesSystemIndexDescriptor(), + fleetPoliciesMetadataSystemIndexDescriptor(), fleetPoliciesLeaderSystemIndexDescriptor(), fleetServersSystemIndexDescriptors(), fleetArtifactsSystemIndexDescriptors() @@ -217,6 +219,23 @@ private static SystemIndexDescriptor fleetPoliciesSystemIndexDescriptor() { .build(); } + private static SystemIndexDescriptor fleetPoliciesMetadataSystemIndexDescriptor() { + PutIndexTemplateRequest request = new PutIndexTemplateRequest(); + request.source(loadTemplateSource("/fleet-agent-policies-metadata.json", FLEET_POLICIES_METADATA_MAPPINGS_VERSION), XContentType.JSON); + + return SystemIndexDescriptor.builder() + .setType(Type.EXTERNAL_MANAGED) + .setAllowedElasticProductOrigins(ALLOWED_PRODUCTS) + .setOrigin(FLEET_ORIGIN) + .setMappings(request.mappings()) + .setSettings(request.settings()) + .setPrimaryIndex(".fleet-agent-policies-metadata-" + CURRENT_INDEX_VERSION) + .setIndexPattern(".fleet-agent-policies-metadata-[0-9]+*") + .setAliasName(".fleet-agent-policies-metadata") + .setDescription("Fleet Policies metadata for agent enrichment") + .build(); + } + private static SystemIndexDescriptor fleetPoliciesLeaderSystemIndexDescriptor() { PutIndexTemplateRequest request = new PutIndexTemplateRequest(); request.source(loadTemplateSource("/fleet-policies-leader.json", FLEET_POLICIES_LEADER_MAPPINGS_VERSION), XContentType.JSON); diff --git a/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/FleetTemplateRegistry.java b/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/FleetTemplateRegistry.java index 6585553a1bd9d..8e038c678fb64 100644 --- a/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/FleetTemplateRegistry.java +++ b/x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/FleetTemplateRegistry.java @@ -17,13 +17,15 @@ import org.elasticsearch.xpack.core.template.IndexTemplateConfig; import org.elasticsearch.xpack.core.template.IndexTemplateRegistry; import org.elasticsearch.xpack.core.template.LifecyclePolicyConfig; +import org.elasticsearch.xpack.core.template.IngestPipelineConfig; +import org.elasticsearch.xpack.core.template.JsonIngestPipelineConfig; import java.util.List; import java.util.Map; public class FleetTemplateRegistry extends IndexTemplateRegistry { - public static final int INDEX_TEMPLATE_VERSION = 1; + public static final int INDEX_TEMPLATE_VERSION = 2; public static final String TEMPLATE_VERSION_VARIABLE = "xpack.fleet.template.version"; @@ -86,4 +88,18 @@ protected List getLifecycleConfigs() { protected Map getComposableTemplateConfigs() { return COMPOSABLE_INDEX_TEMPLATE_CONFIGS; } + + @Override + protected List getIngestPipelines() { + return INGEST_PIPELINE_CONFIGS; + } + + private static final List INGEST_PIPELINE_CONFIGS = List.of( + new JsonIngestPipelineConfig( + "fleet-agents@default-pipeline", + "/fleet-agents@default-pipeline.json", + INDEX_TEMPLATE_VERSION, + TEMPLATE_VERSION_VARIABLE + ) + ); }