-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Missing policy filter in Fleet Server check to enable secrets #187935
[Fleet] Missing policy filter in Fleet Server check to enable secrets #187935
Conversation
Pinging @elastic/fleet (Team:Fleet) |
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
@juliaElastic - I think this also fixes #186845? |
Yeah it looks the same root cause. We should verify the scenarios Luca detailed there as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code LGTM
💚 Build Succeeded
Metrics [docs]
History
|
…elastic#187935) ## Summary Closes elastic#187933 Closes elastic#186845 Fixed missing policy filter when checking if Fleet Servers met minimum version to enable secrets storage. The integration tests cover now a case where there are no fleet servers but there are agents with minimum version, to verify that the query filters them out. Manual verification is hard because you can't enroll an agent without enrolling FS with at least the same version. It could be done by manually creating docs in `.fleet-agents`. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 5761a38)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…secrets (#187935) (#188089) # Backport This will backport the following commits from `main` to `8.15`: - [[Fleet] Missing policy filter in Fleet Server check to enable secrets (#187935)](#187935) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Julia Bardi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-07-11T10:57:01Z","message":"[Fleet] Missing policy filter in Fleet Server check to enable secrets (#187935)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/187933\r\nCloses https://github.com/elastic/kibana/issues/186845\r\n\r\nFixed missing policy filter when checking if Fleet Servers met minimum\r\nversion to enable secrets storage.\r\nThe integration tests cover now a case where there are no fleet servers\r\nbut there are agents with minimum version, to verify that the query\r\nfilters them out.\r\n\r\nManual verification is hard because you can't enroll an agent without\r\nenrolling FS with at least the same version.\r\nIt could be done by manually creating docs in `.fleet-agents`.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"5761a382e144799b09e45fe5cd59e0c1a012c81e","branchLabelMapping":{"^v8.16.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Fleet","backport:prev-minor","v8.16.0"],"title":"[Fleet] Missing policy filter in Fleet Server check to enable secrets","number":187935,"url":"https://github.com/elastic/kibana/pull/187935","mergeCommit":{"message":"[Fleet] Missing policy filter in Fleet Server check to enable secrets (#187935)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/187933\r\nCloses https://github.com/elastic/kibana/issues/186845\r\n\r\nFixed missing policy filter when checking if Fleet Servers met minimum\r\nversion to enable secrets storage.\r\nThe integration tests cover now a case where there are no fleet servers\r\nbut there are agents with minimum version, to verify that the query\r\nfilters them out.\r\n\r\nManual verification is hard because you can't enroll an agent without\r\nenrolling FS with at least the same version.\r\nIt could be done by manually creating docs in `.fleet-agents`.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"5761a382e144799b09e45fe5cd59e0c1a012c81e"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/187935","number":187935,"mergeCommit":{"message":"[Fleet] Missing policy filter in Fleet Server check to enable secrets (#187935)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/187933\r\nCloses https://github.com/elastic/kibana/issues/186845\r\n\r\nFixed missing policy filter when checking if Fleet Servers met minimum\r\nversion to enable secrets storage.\r\nThe integration tests cover now a case where there are no fleet servers\r\nbut there are agents with minimum version, to verify that the query\r\nfilters them out.\r\n\r\nManual verification is hard because you can't enroll an agent without\r\nenrolling FS with at least the same version.\r\nIt could be done by manually creating docs in `.fleet-agents`.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"5761a382e144799b09e45fe5cd59e0c1a012c81e"}}]}] BACKPORT--> Co-authored-by: Julia Bardi <[email protected]>
Summary
Closes #187933
Closes #186845
Fixed missing policy filter when checking if Fleet Servers met minimum version to enable secrets storage.
The integration tests cover now a case where there are no fleet servers but there are agents with minimum version, to verify that the query filters them out.
Manual verification is hard because you can't enroll an agent without enrolling FS with at least the same version.
It could be done by manually creating docs in
.fleet-agents
.Checklist