Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security solution] [Endpoint] Remove linked policy from trusted apps when removing endpoint integration #108347

Merged
merged 30 commits into from
Aug 19, 2021
Merged

[Security solution] [Endpoint] Remove linked policy from trusted apps when removing endpoint integration #108347

merged 30 commits into from
Aug 19, 2021

Conversation

dasansol92
Copy link
Contributor

@dasansol92 dasansol92 commented Aug 12, 2021
edited
Loading

Summary

  • Adds a delete callback for policies that retrieves all trusted apps with that policy assigned and remove it from those.
  • It also works when removing the whole policy (not just the endpoint integration)
  • This needs trustedAppsByPolicyEnabled feature flag enabled

@dasansol92 dasansol92 added release_note:enhancement v8.0.0 Team:Defend Workflows “EDR Workflows” sub-team of Security Solution auto-backport Deprecated - use backport:version if exact versions are needed v7.15.0 labels Aug 12, 2021
@dasansol92
Copy link
Contributor Author

@elasticmachine merge upstream

kibanamachine and others added 3 commits August 12, 2021 10:23
@kibanamachine
Merge branch 'master' into feat/olm-any_policy_specific_trusted_apps_…
5e7b936 
…should_no_longer_reference_the_policy_when_removed-767
@dasansol92
Merge branch 'master' into feat/olm-any_policy_specific_trusted_apps_…
74e89b4 
…should_no_longer_reference_the_policy_when_removed-767
@dasansol92
Fixes type check error
b0ba9c8
@dasansol92 dasansol92 marked this pull request as ready for review August 13, 2021 09:24
@dasansol92 dasansol92 requested review from a team as code owners August 13, 2021 09:24
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Aug 13, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@paul-tavares
Fix mock
faa0e24
@paul-tavares
Merge remote-tracking branch 'upstream/master' into pr/david/olm-any_…
d76e230 
…policy_specific_trusted_apps_should_no_longer_reference_the_policy_when_removed-767
@paul-tavares paul-tavares self-assigned this Aug 18, 2021
@mistic mistic added v7.16.0 and removed v7.15.0 labels Aug 18, 2021
@dasansol92 dasansol92 requested a review from a team as a code owner August 18, 2021 18:30
@botelastic botelastic bot added the Team:APM - DEPRECATED Use Team:obs-ux-infra_services. label Aug 18, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/apm-ui (Team:apm)

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

API count

id before after diff
fleet 1168 1166 -2

API count missing comments

id before after diff
fleet 1067 1065 -2

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @paul-tavares

ashokaditya
ashokaditya approved these changes Aug 19, 2021
View reviewed changes
Copy link
Member

@ashokaditya ashokaditya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 Just have a question.

nchaulet
nchaulet approved these changes Aug 19, 2021
View reviewed changes
Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fleet changes 🚀

smith
smith approved these changes Aug 19, 2021
View reviewed changes
Copy link
Contributor

@smith smith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

APM changes look good

@paul-tavares paul-tavares merged commit 79e63cc into elastic:master Aug 19, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Aug 19, 2021
@dasansol92 @kibanamachine
[Security solution] [Endpoint] Remove linked policy from trusted apps…
806b856 
… when removing endpoint integration (elastic#108347)

* Remove policy from trusted app when this is removed from fleet
* Fleet: run package delete external callbacks when the Agent Policy is deleted
@kibanamachine kibanamachine mentioned this pull request Aug 19, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Aug 20, 2021
@kibanamachine @dasansol92
[Security solution] [Endpoint] Remove linked policy from trusted apps…
d913682 
… when removing endpoint integration (#108347) (#109296)

* Remove policy from trusted app when this is removed from fleet
* Fleet: run package delete external callbacks when the Agent Policy is deleted

Co-authored-by: David Sánchez <[email protected]>
dasansol92
dasansol92 commented Sep 1, 2021
View reviewed changes
x-pack/plugins/fleet/server/services/package_policy.ts
const errorsThrown: Error[] = [];

if (externalCallbacks && externalCallbacks.size > 0) {
for (const callback of externalCallbacks) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paul-tavares paul-tavares paul-tavares approved these changes

@smith smith smith approved these changes

@nchaulet nchaulet nchaulet approved these changes

@ashokaditya ashokaditya ashokaditya approved these changes

Assignees

@paul-tavares paul-tavares

Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:enhancement Team:APM - DEPRECATED Use Team:obs-ux-infra_services. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team:Fleet Team label for Observability Data Collection Fleet team v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@dasansol92 @elasticmachine @kibanamachine @smith @nchaulet @ashokaditya @paul-tavares @mistic