Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add active filter for enrollment key queries. #2044

Merged
merged 6 commits into from
Nov 1, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
- Use seperate rate limiters for internal and external API listeners. {issue}1859[1859] {pull}1904[1904]
- Fix fleet.migration.total log key overlap {pull}1951[1951]
- Remove POLICY_CHANGE actions from list retrieved from actions index before sending actions to agent on Checkin. {issue}1773[1773] {pull}1963[1963]
- Add "active: true" filter to enrollemnent key queries. {issue}2029[2029] {pull}2044[2044]

==== New Features

Expand All @@ -27,4 +28,4 @@
- Fleet Server now allows setting transaction sample rate on APM instrumentation {pull}1681[1681]
- Log redacted config when config updates. {issue}1626[1626] {pull}1668[1668]
- Storing checkin message in last_checkin_message {pull}1932[1932]
- Allow upgrade actions to signal that they will be retried. {pull}1887[1887]
- Allow upgrade actions to signal that they will be retried. {pull}1887[1887]
16 changes: 10 additions & 6 deletions internal/pkg/dl/enrollment_api_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,29 @@ const (
)

var (
QueryEnrollmentAPIKeyByID = prepareFindEnrollmentAPIKeyByID()
QueryEnrollmentAPIKeyByPolicyID = prepareFindEnrollmentAPIKeyByPolicyID()
QueryEnrollmentAPIKeyByID = prepareFindActiveEnrollmentAPIKeyByID()
QueryEnrollmentAPIKeyByPolicyID = prepareFindActiveEnrollmentAPIKeyByPolicyID()
)

func prepareFindEnrollmentAPIKeyByID() *dsl.Tmpl {
func prepareFindActiveEnrollmentAPIKeyByID() *dsl.Tmpl {
tmpl := dsl.NewTmpl()

root := dsl.NewRoot()
root.Query().Bool().Filter().Term(FieldAPIKeyID, tmpl.Bind(FieldAPIKeyID), nil)
filter := root.Query().Bool().Filter()
filter.Term(FieldAPIKeyID, tmpl.Bind(FieldAPIKeyID), nil)
filter.Term(FieldActive, true, nil)

tmpl.MustResolve(root)
return tmpl
}

func prepareFindEnrollmentAPIKeyByPolicyID() *dsl.Tmpl {
func prepareFindActiveEnrollmentAPIKeyByPolicyID() *dsl.Tmpl {
tmpl := dsl.NewTmpl()

root := dsl.NewRoot()
root.Query().Bool().Filter().Term(FieldPolicyID, tmpl.Bind(FieldPolicyID), nil)
filter := root.Query().Bool().Filter()
filter.Term(FieldPolicyID, tmpl.Bind(FieldPolicyID), nil)
filter.Term(FieldActive, true, nil)

tmpl.MustResolve(root)
return tmpl
Expand Down
45 changes: 37 additions & 8 deletions internal/pkg/dl/enrollment_api_key_integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,13 @@ import (
ftesting "github.com/elastic/fleet-server/v7/internal/pkg/testing"
)

func createRandomEnrollmentAPIKey(policyID string) model.EnrollmentAPIKey {
func createRandomEnrollmentAPIKey(policyID string, active bool) model.EnrollmentAPIKey {
now := time.Now().UTC()
return model.EnrollmentAPIKey{
ESDocument: model.ESDocument{
Id: xid.New().String(),
},
Active: true,
Active: active,
APIKey: "d2JndlFIWUJJUVVxWDVia2NJTV86X0d6ZmljZGNTc1d4R1otbklrZFFRZw==",
APIKeyID: xid.New().String(),
CreatedAt: now.Format(time.RFC3339),
Expand All @@ -38,8 +38,8 @@ func createRandomEnrollmentAPIKey(policyID string) model.EnrollmentAPIKey {

}

func storeRandomEnrollmentAPIKey(ctx context.Context, bulker bulk.Bulk, index string, policyID string) (rec model.EnrollmentAPIKey, err error) {
rec = createRandomEnrollmentAPIKey(policyID)
func storeRandomEnrollmentAPIKey(ctx context.Context, bulker bulk.Bulk, index string, policyID string, active bool) (rec model.EnrollmentAPIKey, err error) {
rec = createRandomEnrollmentAPIKey(policyID, active)

body, err := json.Marshal(rec)
if err != nil {
Expand All @@ -58,7 +58,7 @@ func TestSearchEnrollmentAPIKeyByID(t *testing.T) {

index, bulker := ftesting.SetupCleanIndex(ctx, t, FleetEnrollmentAPIKeys)

rec, err := storeRandomEnrollmentAPIKey(ctx, bulker, index, uuid.Must(uuid.NewV4()).String())
rec, err := storeRandomEnrollmentAPIKey(ctx, bulker, index, uuid.Must(uuid.NewV4()).String(), true)
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -91,15 +91,15 @@ func TestSearchEnrollmentAPIKeyByPolicyID(t *testing.T) {
index, bulker := ftesting.SetupCleanIndex(ctx, t, FleetEnrollmentAPIKeys)

policyID := uuid.Must(uuid.NewV4()).String()
rec1, err := storeRandomEnrollmentAPIKey(ctx, bulker, index, policyID)
rec1, err := storeRandomEnrollmentAPIKey(ctx, bulker, index, policyID, true)
if err != nil {
t.Fatal(err)
}
rec2, err := storeRandomEnrollmentAPIKey(ctx, bulker, index, policyID)
rec2, err := storeRandomEnrollmentAPIKey(ctx, bulker, index, policyID, true)
if err != nil {
t.Fatal(err)
}
_, err = storeRandomEnrollmentAPIKey(ctx, bulker, index, uuid.Must(uuid.NewV4()).String())
_, err = storeRandomEnrollmentAPIKey(ctx, bulker, index, uuid.Must(uuid.NewV4()).String(), true)
if err != nil {
t.Fatal(err)
}
Expand All @@ -114,3 +114,32 @@ func TestSearchEnrollmentAPIKeyByPolicyID(t *testing.T) {
t.Fatal(diff)
}
}

func TestSearchEnrollmentAPIKeyByPolicyIDWithInactiveIDs(t *testing.T) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous test is deemed flakey (#1289), however it may be because that validates multiple returns; this test only does one so it should be OK.

ctx, cn := context.WithCancel(context.Background())
defer cn()

index, bulker := ftesting.SetupCleanIndex(ctx, t, FleetEnrollmentAPIKeys)

policyID := uuid.Must(uuid.NewV4()).String()
rec, err := storeRandomEnrollmentAPIKey(ctx, bulker, index, policyID, true)
if err != nil {
t.Fatalf("unable to store enrollment key: %v", err)
}
for i := 0; i < 10; i++ {
_, err = storeRandomEnrollmentAPIKey(ctx, bulker, index, uuid.Must(uuid.NewV4()).String(), false)
if err != nil {
t.Fatalf("unable to store enrollment key: %v", err)
}
}

foundRecs, err := findEnrollmentAPIKeys(ctx, bulker, index, QueryEnrollmentAPIKeyByPolicyID, FieldPolicyID, policyID)
if err != nil {
t.Fatalf("unable to find enrollment key: %v", err)
}

diff := cmp.Diff([]model.EnrollmentAPIKey{rec}, foundRecs)
if diff != "" {
t.Fatalf("expected content does not match: %v", diff)
}
}
11 changes: 0 additions & 11 deletions internal/pkg/policy/self.go
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,6 @@ func (m *selfMonitorT) updateStatus(ctx context.Context) (proto.StateObserved_St
if err != nil {
return proto.StateObserved_FAILED, err
}
tokens = filterActiveTokens(tokens)
if len(tokens) == 0 {
// no tokens created for the policy, still starting
if m.policyID == "" {
Expand Down Expand Up @@ -271,13 +270,3 @@ func (d *policyData) HasType(val string) bool {
func findEnrollmentAPIKeys(ctx context.Context, bulker bulk.Bulk, policyID string) ([]model.EnrollmentAPIKey, error) {
return dl.FindEnrollmentAPIKeys(ctx, bulker, dl.QueryEnrollmentAPIKeyByPolicyID, dl.FieldPolicyID, policyID)
}

func filterActiveTokens(tokens []model.EnrollmentAPIKey) []model.EnrollmentAPIKey {
active := make([]model.EnrollmentAPIKey, 0, len(tokens))
for _, t := range tokens {
if t.Active {
active = append(active, t)
}
}
return active
}
30 changes: 0 additions & 30 deletions internal/pkg/policy/self_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -262,21 +262,6 @@ func TestSelfMonitor_DefaultPolicy_Degraded(t *testing.T) {
t.Fatal(err)
}

// add inactive token that should be filtered out
inactiveToken := model.EnrollmentAPIKey{
ESDocument: model.ESDocument{
Id: xid.New().String(),
},
Active: false,
APIKey: "d2JndlFIWUJJUVVxWDVia2NJTV86X0d6ZmljZGNTc1d4R1otbklrZFFRZw==",
APIKeyID: xid.New().String(),
Name: "Inactive",
PolicyID: policyID,
}
tokenLock.Lock()
tokenResult = append(tokenResult, inactiveToken)
tokenLock.Unlock()

go func() {
chHitT <- []es.HitT{{
ID: rId,
Expand Down Expand Up @@ -578,21 +563,6 @@ func TestSelfMonitor_SpecificPolicy_Degraded(t *testing.T) {
t.Fatal(err)
}

// add inactive token that should be filtered out
inactiveToken := model.EnrollmentAPIKey{
ESDocument: model.ESDocument{
Id: xid.New().String(),
},
Active: false,
APIKey: "d2JndlFIWUJJUVVxWDVia2NJTV86X0d6ZmljZGNTc1d4R1otbklrZFFRZw==",
APIKeyID: xid.New().String(),
Name: "Inactive",
PolicyID: policyID,
}
tokenLock.Lock()
tokenResult = append(tokenResult, inactiveToken)
tokenLock.Unlock()

go func() {
chHitT <- []es.HitT{{
ID: rId,
Expand Down