forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Observability] Use Fleet's default data output when onboarding integ…
…rations using auto-detect flow (elastic#201158) Resolves elastic#199751 ## Summary Use Fleet's default data output when onboarding integrations using auto-detect flow. ## Screenshot ### Fleet output settings <img width="1411" alt="Screenshot 2024-11-21 at 15 10 24" src="https://github.com/user-attachments/assets/ac193552-7f18-4566-a84b-061df45c13f3"> ### Generated Agent config ``` $ cat /Library/Elastic/Agent/elastic-agent.yml outputs: default: type: elasticsearch hosts: - https://192.168.1.73:9200 ssl.ca_trusted_fingerprint: c48c98cdf7f85d7cc29f834704011c1002b5251d594fc0bb08e6177544fe304a api_key: b1BkR1Q1TUIyOUpfMWhaS2NCUXA6SS1Jb3dncGVReVNpcEdzOGpSVmlzQQ== preset: balanced ``` ## Testing 1. Go to Fleet > Settings > Outputs 2. Edit the default output and enter dummy data into the "Elasticsearch CA trusted fingerprint" field 3. Go through the auto-detect onboarding flow 4. Inspect the `elastic-agent.yml` file written to disk. It should contain the default output configured in Fleet including `ca_trusted_fingerprint` setting
- Loading branch information
1 parent
27224f1
commit 845aa8c
Showing
6 changed files
with
161 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
x-pack/plugins/fleet/server/services/output_client.mock.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { OutputClientInterface } from './output_client'; | ||
|
||
export const createOutputClientMock = (): jest.Mocked<OutputClientInterface> => { | ||
return { | ||
getDefaultDataOutputId: jest.fn(), | ||
get: jest.fn(), | ||
}; | ||
}; |
71 changes: 71 additions & 0 deletions
71
x-pack/plugins/fleet/server/services/output_client.test.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { savedObjectsClientMock } from '@kbn/core/server/mocks'; | ||
|
||
import { createFleetAuthzMock } from '../../common/mocks'; | ||
|
||
import { OutputClient } from './output_client'; | ||
import { outputService } from './output'; | ||
|
||
jest.mock('./output'); | ||
|
||
const mockedOutputService = outputService as jest.Mocked<typeof outputService>; | ||
|
||
describe('OutputClient', () => { | ||
afterEach(() => { | ||
jest.clearAllMocks(); | ||
}); | ||
|
||
describe('getDefaultDataOutputId()', () => { | ||
it('should call output service `getDefaultDataOutputId()` method', async () => { | ||
const soClient = savedObjectsClientMock.create(); | ||
const authz = createFleetAuthzMock(); | ||
const outputClient = new OutputClient(soClient, authz); | ||
await outputClient.getDefaultDataOutputId(); | ||
|
||
expect(mockedOutputService.getDefaultDataOutputId).toHaveBeenCalledWith(soClient); | ||
}); | ||
|
||
it('should throw error when no `fleet.readSettings` and no `fleet.readAgentPolicies` privileges', async () => { | ||
const soClient = savedObjectsClientMock.create(); | ||
const authz = createFleetAuthzMock(); | ||
authz.fleet.readSettings = false; | ||
authz.fleet.readAgentPolicies = false; | ||
const outputClient = new OutputClient(soClient, authz); | ||
|
||
await expect(outputClient.getDefaultDataOutputId()).rejects.toMatchInlineSnapshot( | ||
`[OutputUnauthorizedError]` | ||
); | ||
expect(mockedOutputService.getDefaultDataOutputId).not.toHaveBeenCalled(); | ||
}); | ||
}); | ||
|
||
describe('get()', () => { | ||
it('should call output service `get()` method', async () => { | ||
const soClient = savedObjectsClientMock.create(); | ||
const authz = createFleetAuthzMock(); | ||
const outputClient = new OutputClient(soClient, authz); | ||
await outputClient.get('default'); | ||
|
||
expect(mockedOutputService.get).toHaveBeenCalledWith(soClient, 'default'); | ||
}); | ||
|
||
it('should throw error when no `fleet.readSettings` and no `fleet.readAgentPolicies` privileges', async () => { | ||
const soClient = savedObjectsClientMock.create(); | ||
const authz = createFleetAuthzMock(); | ||
authz.fleet.readSettings = false; | ||
authz.fleet.readAgentPolicies = false; | ||
const outputClient = new OutputClient(soClient, authz); | ||
|
||
await expect(outputClient.get('default')).rejects.toMatchInlineSnapshot( | ||
`[OutputUnauthorizedError]` | ||
); | ||
expect(mockedOutputService.get).not.toHaveBeenCalled(); | ||
}); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { SavedObjectsClientContract } from '@kbn/core/server'; | ||
|
||
import type { FleetAuthz } from '../../common'; | ||
|
||
import { OutputUnauthorizedError } from '../errors'; | ||
import type { Output } from '../types'; | ||
|
||
import { outputService } from './output'; | ||
|
||
export { transformOutputToFullPolicyOutput } from './agent_policies/full_agent_policy'; | ||
|
||
export interface OutputClientInterface { | ||
getDefaultDataOutputId(): Promise<string | null>; | ||
get(outputId: string): Promise<Output>; | ||
} | ||
|
||
export class OutputClient implements OutputClientInterface { | ||
constructor(private soClient: SavedObjectsClientContract, private authz: FleetAuthz) {} | ||
|
||
async getDefaultDataOutputId() { | ||
if (!this.authz.fleet.readSettings && !this.authz.fleet.readAgentPolicies) { | ||
throw new OutputUnauthorizedError(); | ||
} | ||
return outputService.getDefaultDataOutputId(this.soClient); | ||
} | ||
|
||
async get(outputId: string) { | ||
if (!this.authz.fleet.readSettings && !this.authz.fleet.readAgentPolicies) { | ||
throw new OutputUnauthorizedError(); | ||
} | ||
return outputService.get(this.soClient, outputId); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters