diff --git a/x-pack/plugins/fleet/server/services/fleet_server/index.test.ts b/x-pack/plugins/fleet/server/services/fleet_server/index.test.ts index f00d78cd59ad9..7faea8c526819 100644 --- a/x-pack/plugins/fleet/server/services/fleet_server/index.test.ts +++ b/x-pack/plugins/fleet/server/services/fleet_server/index.test.ts @@ -115,6 +115,13 @@ describe('checkFleetServerVersionsForSecretsStorage', () => { version ); expect(result).toBe(true); + expect(mockedGetAgentsByKuery).toHaveBeenCalledWith( + esClientMock, + soClientMock, + expect.objectContaining({ + kuery: 'policy_id:("1" or "2")', + }) + ); }); }); diff --git a/x-pack/plugins/fleet/server/services/fleet_server/index.ts b/x-pack/plugins/fleet/server/services/fleet_server/index.ts index 004a0deeea7b7..a0d508f0929e9 100644 --- a/x-pack/plugins/fleet/server/services/fleet_server/index.ts +++ b/x-pack/plugins/fleet/server/services/fleet_server/index.ts @@ -128,11 +128,19 @@ export async function checkFleetServerVersionsForSecretsStorage( hasMore = false; } } + if (policyIds.size === 0) { + return false; + } + + const kuery = `policy_id:(${Array.from(policyIds) + .map((id) => `"${id}"`) + .join(' or ')})`; const managedAgentPolicies = await agentPolicyService.getAllManagedAgentPolicies(soClient); const fleetServerAgents = await getAgentsByKuery(esClient, soClient, { showInactive: true, perPage: SO_SEARCH_LIMIT, + kuery, }); if (fleetServerAgents.agents.length === 0) { diff --git a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts index 226c22d6ca924..d8e641b7af0a5 100644 --- a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts +++ b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts @@ -847,6 +847,8 @@ export default function (providerContext: FtrProviderContext) { it('should not store secrets if fleet server does not meet minimum version', async () => { const { fleetServerAgentPolicy } = await createFleetServerAgentPolicy(); await createFleetServerAgent(fleetServerAgentPolicy.id, 'server_1', '7.0.0'); + const { fleetServerAgentPolicy: fleetServerPolicy2 } = await createFleetServerAgentPolicy(); // extra policy to verify `or` condition + await createFleetServerAgent(fleetServerPolicy2.id, 'server_1', '8.12.0'); await callFleetSetup(); @@ -865,7 +867,10 @@ export default function (providerContext: FtrProviderContext) { }); it('should not store secrets if there are no fleet servers', async () => { + await createFleetServerAgentPolicy(); const agentPolicy = await createAgentPolicy(); + // agent with new version shouldn't make storage secrets enabled + await createFleetServerAgent(agentPolicy.id, 'server_2', '8.12.0'); const packagePolicyWithSecrets = await createPackagePolicyWithSecrets(agentPolicy.id); // secret should be in plain text i.e not a secret refrerence