Skip to content

Commit ebe1039

Browse files
patrykkopycinskikibanamachine
patrykkopycinski
authored and
kibanamachine
committed
[Osquery] Return proper indices permissions for osquery_manager package (#103363)
1 parent bfb66d0 commit ebe1039

2 files changed

Lines changed: 111 additions & 0 deletions

File tree

x-pack/plugins/fleet/server/services/package_policies_to_agent_permissions.test.ts

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -274,6 +274,110 @@ describe('storedPackagePoliciesToAgentPermissions()', () => {
274274
},
275275
});
276276
});
277+
278+
it('Returns the dataset for osquery_manager package', async () => {
279+
getPackageInfoMock.mockResolvedValueOnce({
280+
format_version: '1.0.0',
281+
name: 'osquery_manager',
282+
title: 'Osquery Manager',
283+
version: '0.3.0',
284+
license: 'basic',
285+
description:
286+
'Centrally manage osquery deployments, run live queries, and schedule recurring queries',
287+
type: 'integration',
288+
release: 'beta',
289+
categories: ['security', 'os_system', 'config_management'],
290+
icons: [
291+
{
292+
src: '/img/logo_osquery.svg',
293+
title: 'logo osquery',
294+
size: '32x32',
295+
type: 'image/svg+xml',
296+
},
297+
],
298+
owner: { github: 'elastic/integrations' },
299+
readme: '/package/osquery_manager/0.3.0/docs/README.md',
300+
data_streams: [
301+
{
302+
dataset: 'osquery_manager.result',
303+
package: 'osquery_manager',
304+
ingest_pipeline: 'default',
305+
path: 'result',
306+
streams: [],
307+
title: 'Osquery Manager queries',
308+
type: 'logs',
309+
release: 'experimental',
310+
},
311+
],
312+
latestVersion: '0.3.0',
313+
removable: true,
314+
notice: undefined,
315+
status: 'not_installed',
316+
assets: {
317+
kibana: {
318+
dashboard: [],
319+
visualization: [],
320+
search: [],
321+
index_pattern: [],
322+
map: [],
323+
lens: [],
324+
security_rule: [],
325+
ml_module: [],
326+
},
327+
elasticsearch: {
328+
component_template: [],
329+
ingest_pipeline: [],
330+
ilm_policy: [],
331+
transform: [],
332+
index_template: [],
333+
data_stream_ilm_policy: [],
334+
},
335+
},
336+
});
337+
338+
const packagePolicies: PackagePolicy[] = [
339+
{
340+
id: '12345',
341+
name: 'test-policy',
342+
namespace: 'test',
343+
enabled: true,
344+
package: { name: 'osquery_manager', version: '0.0.0', title: 'Test Package' },
345+
inputs: [
346+
{
347+
type: 'osquery_manager',
348+
enabled: true,
349+
streams: [
350+
{
351+
id: 'test-logs',
352+
enabled: true,
353+
data_stream: { type: 'logs', dataset: 'some-logs' },
354+
compiled_stream: { data_stream: { dataset: 'compiled' } },
355+
},
356+
],
357+
},
358+
],
359+
created_at: '',
360+
updated_at: '',
361+
created_by: '',
362+
updated_by: '',
363+
revision: 1,
364+
policy_id: '',
365+
output_id: '',
366+
},
367+
];
368+
369+
const permissions = await storedPackagePoliciesToAgentPermissions(soClient, packagePolicies);
370+
expect(permissions).toMatchObject({
371+
'test-policy': {
372+
indices: [
373+
{
374+
names: ['logs-osquery_manager.result-test'],
375+
privileges: ['auto_configure', 'create_doc'],
376+
},
377+
],
378+
},
379+
});
380+
});
277381
});
278382

279383
describe('getDataStreamPermissions()', () => {

x-pack/plugins/fleet/server/services/package_policies_to_agent_permissions.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,13 @@ export async function storedPackagePoliciesToAgentPermissions(
7373
dataStreamsForPermissions = pkg.data_streams;
7474
break;
7575

76+
case 'osquery_manager':
77+
// - Osquery manager doesn't store the `data_stream` metadata in
78+
// `packagePolicy.inputs`, so we will use _all_ data_streams from
79+
// the package.
80+
dataStreamsForPermissions = pkg.data_streams;
81+
break;
82+
7683
default:
7784
// - Normal packages store some of the `data_stream` metadata in
7885
// `packagePolicy.inputs[].streams[].data_stream`

0 commit comments

Comments
 (0)