Skip to content

Commit 4820204

Browse files
nchauletkibanamachine
nchaulet
and
kibanamachine
authored
[8.18] [Fleet] Update frozen variables for preconfigured managed policies (#235306) (#236244)
# Backport This will backport the following commits from `main` to `8.18`: - [[Fleet] Update frozen variables for preconfigured managed policies (#235306)](#235306) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nicolas Chaulet","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-09-18T07:42:10Z","message":"[Fleet] Update frozen variables for preconfigured managed policies (#235306)","sha":"2738a40a6ec1dc07db5864bf309a54b430f2b57a","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","backport:version","v9.2.0","v8.18.8","v8.19.5","v9.0.8","v9.1.5"],"title":"[Fleet] Update frozen variables for preconfigured managed policies","number":235306,"url":"https://github.com/elastic/kibana/pull/235306","mergeCommit":{"message":"[Fleet] Update frozen variables for preconfigured managed policies (#235306)","sha":"2738a40a6ec1dc07db5864bf309a54b430f2b57a"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.19","9.0","9.1"],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/235306","number":235306,"mergeCommit":{"message":"[Fleet] Update frozen variables for preconfigured managed policies (#235306)","sha":"2738a40a6ec1dc07db5864bf309a54b430f2b57a"}},{"branch":"8.18","label":"v8.18.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.8","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.1","label":"v9.1.5","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]>
1 parent c32deae commit 4820204

File tree

7 files changed

+431
-44
lines changed

7 files changed

+431
-44
lines changed

x-pack/platform/plugins/shared/fleet/common/types/models/preconfiguration.ts

Lines changed: 25 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import type {
1111
PackagePolicyPackage,
1212
NewPackagePolicy,
1313
NewPackagePolicyInput,
14+
PackagePolicyConfigRecordEntry,
1415
} from './package_policy';
1516
import type { NewAgentPolicy } from './agent_policy';
1617
import type { Output } from './output';
@@ -22,22 +23,34 @@ export type InputsOverride = Partial<NewPackagePolicyInput> & {
2223
vars?: Array<NewPackagePolicyInput['vars'] & { name: string }>;
2324
};
2425

26+
export type PreconfiguredVar = PackagePolicyConfigRecordEntry & { name: string };
27+
28+
export type PreconfiguredInputs = Omit<NewPackagePolicy['inputs'][0], 'vars' | 'streams'> & {
29+
vars?: PreconfiguredVar[];
30+
streams?: Array<
31+
Omit<NewPackagePolicy['inputs'][0]['streams'][0], 'vars'> & {
32+
vars?: PreconfiguredVar[];
33+
}
34+
>;
35+
};
36+
37+
export type PreconfiguredPackagePolicy =
38+
| (Partial<Omit<NewPackagePolicy, 'inputs' | 'package'>> & {
39+
id?: string | number;
40+
name: string;
41+
package: Partial<PackagePolicyPackage> & { name: string };
42+
inputs?: PreconfiguredInputs[];
43+
})
44+
| (Omit<SimplifiedPackagePolicy, 'policy_id'> & {
45+
id: string;
46+
package: { name: string };
47+
});
48+
2549
export interface PreconfiguredAgentPolicy extends Omit<NewAgentPolicy, 'namespace' | 'id'> {
2650
id: string | number;
2751
space_id?: string;
2852
namespace?: string;
29-
package_policies: Array<
30-
| (Partial<Omit<NewPackagePolicy, 'inputs' | 'package'>> & {
31-
id?: string | number;
32-
name: string;
33-
package: Partial<PackagePolicyPackage> & { name: string };
34-
inputs?: InputsOverride[];
35-
})
36-
| (Omit<SimplifiedPackagePolicy, 'policy_id'> & {
37-
id: string;
38-
package: { name: string };
39-
})
40-
>;
53+
package_policies: PreconfiguredPackagePolicy[];
4154
}
4255

4356
export interface PreconfiguredPackage extends Omit<PackagePolicyPackage, 'title'> {

x-pack/platform/plugins/shared/fleet/server/services/package_policy.test.ts

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ import type {
5050
NewPackagePolicyInput,
5151
PackagePolicyPackage,
5252
DeletePackagePoliciesResponse,
53+
PreconfiguredInputs,
5354
} from '../../common/types';
5455
import { packageToPackagePolicy } from '../../common/services';
5556

@@ -3776,7 +3777,7 @@ describe('Package policy service', () => {
37763777
packageInfo,
37773778
// TODO: Update this type assertion when the `InputsOverride` type is updated such
37783779
// that it no longer causes unresolvable type errors when used directly
3779-
inputsOverride as InputsOverride[]
3780+
inputsOverride as PreconfiguredInputs[]
37803781
);
37813782
expect(result.inputs[0]?.vars?.path.value).toEqual('/var/log/new-logfile.log');
37823783
});
@@ -3873,7 +3874,7 @@ describe('Package policy service', () => {
38733874
packageInfo,
38743875
// TODO: Update this type assertion when the `InputsOverride` type is updated such
38753876
// that it no longer causes unresolvable type errors when used directly
3876-
inputsOverride as InputsOverride[]
3877+
inputsOverride as PreconfiguredInputs[]
38773878
);
38783879

38793880
expect(result.inputs[0]?.vars?.path_2.value).toEqual('/var/log/custom.log');
@@ -3971,7 +3972,7 @@ describe('Package policy service', () => {
39713972
packageInfo,
39723973
// TODO: Update this type assertion when the `InputsOverride` type is updated such
39733974
// that it no longer causes unresolvable type errors when used directly
3974-
inputsOverride as InputsOverride[]
3975+
inputsOverride as PreconfiguredInputs[]
39753976
);
39763977

39773978
expect(result.inputs[0]?.vars?.path_2.value).toEqual('/var/log/custom.log');
@@ -4123,7 +4124,7 @@ describe('Package policy service', () => {
41234124
packageInfo,
41244125
// TODO: Update this type assertion when the `InputsOverride` type is updated such
41254126
// that it no longer causes unresolvable type errors when used directly
4126-
inputsOverride as InputsOverride[]
4127+
inputsOverride as PreconfiguredInputs[]
41274128
);
41284129

41294130
expect(result.inputs).toHaveLength(2);
@@ -4343,7 +4344,7 @@ describe('Package policy service', () => {
43434344
packageInfo,
43444345
// TODO: Update this type assertion when the `InputsOverride` type is updated such
43454346
// that it no longer causes unresolvable type errors when used directly
4346-
inputsOverride as InputsOverride[]
4347+
inputsOverride as PreconfiguredInputs[]
43474348
);
43484349

43494350
const template1Inputs = result.inputs.filter(
@@ -4455,7 +4456,7 @@ describe('Package policy service', () => {
44554456
packageInfo,
44564457
// TODO: Update this type assertion when the `InputsOverride` type is updated such
44574458
// that it no longer causes unresolvable type errors when used directly
4458-
inputsOverride as InputsOverride[]
4459+
inputsOverride as PreconfiguredInputs[]
44594460
);
44604461
expect(result.inputs[0]?.vars?.path.value).toEqual('/var/log/new-logfile.log');
44614462
});

x-pack/platform/plugins/shared/fleet/server/services/package_policy.ts

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ import type {
7272
PolicySecretReference,
7373
AssetsMap,
7474
AgentPolicy,
75+
PreconfiguredInputs,
7576
} from '../../common/types';
7677
import {
7778
FleetError,
@@ -925,7 +926,12 @@ class PackagePolicyClientImpl implements PackagePolicyClient {
925926
esClient: ElasticsearchClient,
926927
id: string,
927928
packagePolicyUpdate: UpdatePackagePolicy,
928-
options?: { user?: AuthenticatedUser; force?: boolean; skipUniqueNameVerification?: boolean }
929+
options?: {
930+
user?: AuthenticatedUser;
931+
force?: boolean;
932+
skipUniqueNameVerification?: boolean;
933+
bumpRevision?: boolean;
934+
}
929935
): Promise<PackagePolicy> {
930936
const savedObjectType = await getPackagePolicySavedObjectType();
931937
auditLoggingService.writeCustomSoAuditLog({
@@ -1126,12 +1132,14 @@ class PackagePolicyClientImpl implements PackagePolicyClient {
11261132
((assignedInOldPolicy && !assignedInNewPolicy) ||
11271133
(!assignedInOldPolicy && assignedInNewPolicy));
11281134

1129-
bumpPromises.push(
1130-
agentPolicyService.bumpRevision(soClient, esClient, policyId, {
1131-
user: options?.user,
1132-
removeProtection,
1133-
})
1134-
);
1135+
if (options?.bumpRevision !== false) {
1136+
bumpPromises.push(
1137+
agentPolicyService.bumpRevision(soClient, esClient, policyId, {
1138+
user: options?.user,
1139+
removeProtection,
1140+
})
1141+
);
1142+
}
11351143
}
11361144

11371145
const assetRemovePromise = removeOldAssets({
@@ -2961,7 +2969,7 @@ export function updatePackageInputs(
29612969
export function preconfigurePackageInputs(
29622970
basePackagePolicy: NewPackagePolicy,
29632971
packageInfo: PackageInfo,
2964-
preconfiguredInputs?: InputsOverride[]
2972+
preconfiguredInputs?: PreconfiguredInputs[]
29652973
): NewPackagePolicy {
29662974
if (!preconfiguredInputs) return basePackagePolicy;
29672975

x-pack/platform/plugins/shared/fleet/server/services/package_policy_service.ts

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,12 @@ export interface PackagePolicyClient {
154154
esClient: ElasticsearchClient,
155155
id: string,
156156
packagePolicyUpdate: UpdatePackagePolicy,
157-
options?: { user?: AuthenticatedUser; force?: boolean; skipUniqueNameVerification?: boolean },
157+
options?: {
158+
user?: AuthenticatedUser;
159+
force?: boolean;
160+
skipUniqueNameVerification?: boolean;
161+
bumpRevision?: boolean;
162+
},
158163
currentVersion?: string
159164
): Promise<PackagePolicy>;
160165

x-pack/platform/plugins/shared/fleet/server/services/preconfiguration.ts

Lines changed: 95 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ import { DEFAULT_NAMESPACE_STRING } from '@kbn/core-saved-objects-utils-server';
1313
import apm from 'elastic-apm-node';
1414

1515
import type {
16-
NewPackagePolicy,
1716
AgentPolicy,
1817
Installation,
1918
Output,
@@ -22,6 +21,8 @@ import type {
2221
PreconfiguredPackage,
2322
PackagePolicy,
2423
PackageInfo,
24+
PreconfiguredPackagePolicy,
25+
PreconfiguredInputs,
2526
} from '../../common/types';
2627
import type { PreconfigurationError } from '../../common/constants';
2728
import { PRECONFIGURATION_LATEST_KEYWORD } from '../../common/constants';
@@ -39,10 +40,14 @@ import { getInstallation, getPackageInfo } from './epm/packages';
3940
import { ensurePackagesCompletedInstall } from './epm/packages/install';
4041
import { bulkInstallPackages } from './epm/packages/bulk_install_packages';
4142
import { agentPolicyService, addPackageToAgentPolicy } from './agent_policy';
42-
import { type InputsOverride, packagePolicyService } from './package_policy';
43+
import { packagePolicyService } from './package_policy';
4344
import { preconfigurePackageInputs } from './package_policy';
4445
import { appContextService } from './app_context';
4546
import type { UpgradeManagedPackagePoliciesResult } from './setup/managed_package_policies';
47+
import {
48+
packagePolicyHasFrozenVariablesUpdate,
49+
updateFrozenInputs,
50+
} from './preconfiguration/package_policy_frozen_variables';
4651

4752
interface PreconfigurationResult {
4853
policies: Array<{ id: string; updated_at: string }>;
@@ -273,14 +278,62 @@ export async function ensurePreconfiguredPackagesAndPolicies(
273278
})
274279
);
275280

276-
const packagePoliciesToAdd = installedPackagePolicies.filter((installablePackagePolicy) => {
277-
return !(agentPolicyWithPackagePolicies?.package_policies as PackagePolicy[]).some(
278-
(packagePolicy) =>
279-
(packagePolicy.id !== undefined &&
280-
packagePolicy.id === installablePackagePolicy.packagePolicy.id) ||
281-
packagePolicy.name === installablePackagePolicy.packagePolicy.name
282-
);
283-
});
281+
const [packagePoliciesToAdd, packagePoliciesUpdates] = installedPackagePolicies.reduce(
282+
(acc, installablePackagePolicy) => {
283+
const isAdd = !(agentPolicyWithPackagePolicies?.package_policies as PackagePolicy[]).some(
284+
(packagePolicy) =>
285+
(packagePolicy.id !== undefined &&
286+
packagePolicy.id === installablePackagePolicy.packagePolicy.id) ||
287+
packagePolicy.name === installablePackagePolicy.packagePolicy.name
288+
);
289+
290+
if (isAdd) {
291+
acc[0].push(installablePackagePolicy);
292+
return acc;
293+
}
294+
295+
if (!agentPolicyWithPackagePolicies) {
296+
return acc;
297+
}
298+
299+
const existingPackagePolicy = agentPolicyWithPackagePolicies.package_policies?.find(
300+
(packagePolicy) =>
301+
packagePolicy.id === installablePackagePolicy.packagePolicy.id ||
302+
packagePolicy.name === installablePackagePolicy.packagePolicy.name
303+
);
304+
305+
if (!existingPackagePolicy) {
306+
return acc;
307+
}
308+
309+
const updatePackagePolicy = { ...existingPackagePolicy };
310+
if (Array.isArray(installablePackagePolicy.packagePolicy.inputs)) {
311+
if (
312+
packagePolicyHasFrozenVariablesUpdate(
313+
updatePackagePolicy,
314+
installablePackagePolicy.packagePolicy.inputs
315+
)
316+
) {
317+
acc[1].push({
318+
namespacedSoClient: installablePackagePolicy.namespacedSoClient,
319+
packagePolicy: updatePackagePolicy,
320+
inputs: installablePackagePolicy.packagePolicy.inputs,
321+
});
322+
}
323+
}
324+
325+
return acc;
326+
},
327+
[
328+
[] as Array<(typeof installedPackagePolicies)[0]>,
329+
[] as Array<{
330+
namespacedSoClient: SavedObjectsClientContract;
331+
packagePolicy: PackagePolicy;
332+
inputs: PreconfiguredInputs[];
333+
}>,
334+
]
335+
);
336+
284337
logger.debug(
285338
() =>
286339
`Adding preconfigured package policies ${JSON.stringify(
@@ -300,6 +353,33 @@ export async function ensurePreconfiguredPackagesAndPolicies(
300353
);
301354
s?.end();
302355

356+
logger.debug(
357+
() =>
358+
`Updating preconfigured package policies ${JSON.stringify(
359+
packagePoliciesUpdates.map((pol) => ({
360+
name: pol.packagePolicy.name,
361+
package: pol.packagePolicy.package?.name,
362+
}))
363+
)}`
364+
);
365+
const s2 = apm.startSpan('Update preconfigured package policies', 'preconfiguration');
366+
for (const packagePolicyUpdate of packagePoliciesUpdates!) {
367+
try {
368+
await updateFrozenInputs(
369+
esClient,
370+
packagePolicyUpdate.namespacedSoClient,
371+
packagePolicyUpdate.packagePolicy,
372+
packagePolicyUpdate.inputs
373+
);
374+
} catch (error) {
375+
logger.error(
376+
`Error updating preconfigured variables for package policy ${packagePolicyUpdate.packagePolicy.name}: ${error.message}`,
377+
{ error }
378+
);
379+
}
380+
}
381+
s2?.end();
382+
303383
// Add the is_managed flag after configuring package policies to avoid errors
304384
if (shouldAddIsManagedFlag) {
305385
await agentPolicyService.update(
@@ -312,6 +392,10 @@ export async function ensurePreconfiguredPackagesAndPolicies(
312392
}
313393
);
314394
}
395+
396+
if (packagePoliciesUpdates.length > 0) {
397+
await agentPolicyService.bumpRevision(namespacedSoClient, esClient, policy!.id);
398+
}
315399
}
316400
}
317401

@@ -363,13 +447,7 @@ async function addPreconfiguredPolicyPackages(
363447
installedPackagePolicies: Array<{
364448
installedPackage: Installation;
365449
namespacedSoClient: SavedObjectsClientContract;
366-
packagePolicy:
367-
| (Partial<Omit<NewPackagePolicy, 'inputs'>> & {
368-
id?: string | number;
369-
name: string;
370-
inputs?: InputsOverride[];
371-
})
372-
| (Omit<SimplifiedPackagePolicy, 'package' | 'policy_id'> & { id: string });
450+
packagePolicy: Omit<PreconfiguredPackagePolicy, 'package'>;
373451
}>,
374452
defaultOutput: Output,
375453
bumpAgentPolicyRevison = false

0 commit comments

Comments
 (0)