-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Endpoint] User Manifest Cleanup + Artifact Compression #70759
Merged
peluja1012
merged 53 commits into
elastic:master
from
madirey:user-allowlist-artifacts-pt3
Jul 9, 2020
Merged
Changes from all commits
Commits
Show all changes
53 commits
Select commit
Hold shift + click to select a range
133ea27
Stateless exception list translation with improved runtime checks
madirey 9e43633
use flatMap and reduce to simplify logic
madirey e9f74b4
Update to new manifest format
madirey 2a266b3
Merge branch 'master' of github.com:elastic/kibana into user-allowlis…
madirey ceca5fa
Fix test fixture SO data type
madirey 49d22d2
Fix another test fixture data type
madirey 9428ca5
Fix sha256 reference in artifact_client
madirey c376638
Refactor to remove usages of 'then' and tidy up a bit
madirey 617d5f1
sync master
madirey 13d9ec8
Zlib compression
4718110
prefer byteLength to length
feb1202
Make ingestManager optional for security-solution startup
madirey 4ce792b
Merge branch 'user-allowlist-artifacts-pt3' of github.com:madirey/kib…
madirey aecf718
Fix download functionality
madirey 56886ad
Use eql for deep equality check
madirey 03e75c9
Fix base64 download bug
madirey 8620510
Add test for artifact download
madirey a8216e1
Merge branch 'master' of github.com:elastic/kibana into fix-download
madirey 1456697
Add more tests to ensure cached versions of artifacts are correct
madirey eae1b89
Convert to new format
madirey ec60546
Deflate
a32f960
Merge branch 'user-allowlist-artifacts-pt3' of github.com:madirey/kib…
339c887
missed some refs
madirey 61b2ca8
Merge branch 'master' of github.com:elastic/kibana into user-allowlis…
aca7b8c
partial fix to wrapper format
madirey 04d5701
update fixtures and integration test
madirey ed87ad2
Fixing unit tests
f2c5ba1
Merge branch 'fix-download' of github.com:madirey/kibana into fix-dow…
70ce85a
Merge branch 'master' of github.com:elastic/kibana into fix-download
madirey 9d331d2
Merge branch 'master' of github.com:elastic/kibana into user-allowlis…
madirey ead9ae8
sync with fix-download branch
madirey 5095d85
merge master, fix tests
madirey 094c358
small bug fixes
madirey d6aefee
artifact and manifest versioning changes
madirey be42e8d
Merge branch 'master' of github.com:elastic/kibana into user-allowlis…
madirey 7e48f52
Merge branch 'user-allowlist-artifacts-pt3' of github.com:madirey/kib…
0bd3530
Merge branch 'user-allowlist-artifacts-pt3' of github.com:madirey/kib…
206f222
Merge branch 'master' of github.com:elastic/kibana into user-allowlis…
madirey ae856b5
Remove access tag from download endpoint
madirey ced63a9
Merge branch 'user-allowlist-artifacts-pt3' of github.com:madirey/kib…
69f59fd
Adding decompression to integration test
4795132
Removing tag from route
c18948b
add try/catch in ingest callback handler
madirey 8bef643
Fixing
a2b3a1b
Merging
a24acc8
Removing last expect from unit test for tag
04dbbcf
type fixes
madirey 0809b77
Merge branch 'user-allowlist-artifacts-pt3' of github.com:madirey/kib…
madirey 2bf4acb
Add compression type to manifest
madirey 50b49a5
Merge branch 'master' into user-allowlist-artifacts-pt3
elasticmachine 046f271
Merge branch 'master' into user-allowlist-artifacts-pt3
elasticmachine a4414f9
Merge branch 'master' into user-allowlist-artifacts-pt3
elasticmachine 899a673
Reverting ingestManager back to being required for now
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,7 @@ | |
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { Logger } from '../../../../../src/core/server'; | ||
import { NewPackageConfig } from '../../../ingest_manager/common/types/models'; | ||
import { factory as policyConfigFactory } from '../../common/endpoint/models/policy_config'; | ||
import { NewPolicyData } from '../../common/endpoint/types'; | ||
|
@@ -13,6 +14,7 @@ import { ManifestManager } from './services/artifacts'; | |
* Callback to handle creation of PackageConfigs in Ingest Manager | ||
*/ | ||
export const getPackageConfigCreateCallback = ( | ||
logger: Logger, | ||
manifestManager: ManifestManager | ||
): ((newPackageConfig: NewPackageConfig) => Promise<NewPackageConfig>) => { | ||
const handlePackageConfigCreate = async ( | ||
|
@@ -27,8 +29,19 @@ export const getPackageConfigCreateCallback = ( | |
// follow the types/schema expected | ||
let updatedPackageConfig = newPackageConfig as NewPolicyData; | ||
|
||
const wrappedManifest = await manifestManager.refresh({ initialize: true }); | ||
if (wrappedManifest !== null) { | ||
// get snapshot based on exception-list-agnostic SOs | ||
// with diffs from last dispatched manifest, if it exists | ||
const snapshot = await manifestManager.getSnapshot({ initialize: true }); | ||
|
||
if (snapshot === null) { | ||
logger.warn('No manifest snapshot available.'); | ||
return updatedPackageConfig; | ||
} | ||
|
||
if (snapshot.diffs.length > 0) { | ||
// create new artifacts | ||
await manifestManager.syncArtifacts(snapshot, 'add'); | ||
|
||
// Until we get the Default Policy Configuration in the Endpoint package, | ||
// we will add it here manually at creation time. | ||
// @ts-ignore | ||
|
@@ -42,7 +55,7 @@ export const getPackageConfigCreateCallback = ( | |
streams: [], | ||
config: { | ||
artifact_manifest: { | ||
value: wrappedManifest.manifest.toEndpointFormat(), | ||
value: snapshot.manifest.toEndpointFormat(), | ||
}, | ||
policy: { | ||
value: policyConfigFactory(), | ||
|
@@ -57,9 +70,18 @@ export const getPackageConfigCreateCallback = ( | |
try { | ||
return updatedPackageConfig; | ||
} finally { | ||
// TODO: confirm creation of package config | ||
// then commit. | ||
await manifestManager.commit(wrappedManifest); | ||
if (snapshot.diffs.length > 0) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit -> I think it will be nice to have try/catch here to avoid bubble up error and have a better way to handle it |
||
// TODO: let's revisit the way this callback happens... use promises? | ||
// only commit when we know the package config was created | ||
try { | ||
await manifestManager.commit(snapshot.manifest); | ||
|
||
// clean up old artifacts | ||
await manifestManager.syncArtifacts(snapshot, 'delete'); | ||
} catch (err) { | ||
logger.error(err); | ||
} | ||
} | ||
} | ||
}; | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit -> We might think about sending a promise instead of counting on finally. I think that will be more readable too