Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY_SOLUTION][ENDPOINT] Create artifact manifests with new relative URL (if fleet-server is enabled) #94499

Merged
merged 7 commits into from
Mar 15, 2021
Merged

[SECURITY_SOLUTION][ENDPOINT] Create artifact manifests with new relative URL (if fleet-server is enabled) #94499

merged 7 commits into from
Mar 15, 2021

Conversation

paul-tavares
Copy link
Contributor

@paul-tavares paul-tavares commented Mar 11, 2021
edited
Loading

Summary

  1. When xpack.securitySolution.fleetServerEnabled is true, then Endpoint artifact manifest will use a fleet-server relative url for the artifacts generated (note: this flag is temporary until we ship v7.13)
  2. Refactors the security solution fleet integration extension point callbacks so that some action handlers can be executed in parallel (the creation of detection engine prepackaged rules can sometime take some time to complete)

Example of Manifest Policy data when Fleet Server is enabled:

{
  "endpoint-exceptionlist-macos-v1": {
    "encryption_algorithm": "none",
    "decoded_sha256": "d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
    "decoded_size": 14,
    "encoded_sha256": "f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
    "encoded_size": 22,
-   "relative_url": "/api/endpoint/artifacts/download/endpoint-exceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
+   "relative_url": "/api/fleet/artifacts/endpoint-exceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
    "compression_algorithm": "zlib"
  },
  //...
}

Checklist

  • Unit or functional tests were updated or added to match the most common scenarios
  • If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list

@paul-tavares paul-tavares added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.13.0 labels Mar 11, 2021
@paul-tavares paul-tavares self-assigned this Mar 11, 2021
@paul-tavares paul-tavares mentioned this pull request Mar 11, 2021
Closed
9 tasks
@paul-tavares paul-tavares marked this pull request as ready for review March 15, 2021 16:44
@paul-tavares paul-tavares requested review from a team as code owners March 15, 2021 16:44
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

paul-tavares
paul-tavares commented Mar 15, 2021
View reviewed changes
x-pack/plugins/security_solution/server/fleet_integration/fleet_integration.ts
@@ -0,0 +1,121 @@
/*
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was both a rename (used to be called ingest_integration as well as a refactor. Prior version had all logic for the action that are taken in this module. Those have now been split up into separate modules (under ./handler/**)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are the handlers largely the same after the refactor?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - I just moved the code over. tests - which use the fleet_integration module - were unchanged.

@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Mar 15, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

jfsiii
jfsiii approved these changes Mar 15, 2021
View reviewed changes
Copy link
Contributor

@jfsiii jfsiii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻 for the export { relativeDownloadUrlFromArtifact } from './services/artifacts/mappings'; changes in fleet

nchaulet
nchaulet approved these changes Mar 15, 2021
View reviewed changes
Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would be nice to add this to the list of things to remove when we delete agents route (one day) #94303

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @paul-tavares

@paul-tavares paul-tavares mentioned this pull request Mar 15, 2021
Closed
11 tasks
@paul-tavares
Copy link
Contributor Author

Good point @nchaulet . I added a reference to this PR in the item already listed there

@paul-tavares paul-tavares merged commit 8390629 into elastic:master Mar 15, 2021
@paul-tavares paul-tavares deleted the task/olm-80513-manifest-url-feature-flag branch March 15, 2021 20:49
@paul-tavares paul-tavares mentioned this pull request Mar 15, 2021
Merged
paul-tavares added a commit that referenced this pull request Mar 15, 2021
@paul-tavares
[SECURITY_SOLUTION][ENDPOINT] Create artifact manifests with new rela…
5f6fa3a 
…tive URL (if fleet-server is enabled) (#94499) (#94637)

* When xpack.securitySolution.fleetServerEnabled is true, then Endpoint artifact manifest will use a fleet-server relative url for the artifacts generated (note: this flag is temporary until we ship v7.13)
* Refactors the security solution fleet integration extension point callbacks so that some action handlers can be executed in parallel (the creation of detection engine prepackaged rules can sometime take some time to complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jfsiii jfsiii jfsiii approved these changes

@nchaulet nchaulet nchaulet approved these changes

@kevinlog kevinlog kevinlog approved these changes

Assignees

@paul-tavares paul-tavares

Labels
release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team:Fleet Team label for Observability Data Collection Fleet team v7.13.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@paul-tavares @elasticmachine @kibanamachine @jfsiii @nchaulet @kevinlog