From 6a600dc4908a65e647641bd95254e8df334f115e Mon Sep 17 00:00:00 2001 From: eyalkraft <63912106+eyalkraft@users.noreply.github.com> Date: Tue, 5 Apr 2022 18:34:54 +0300 Subject: [PATCH] Enable the Cloud Security Posture Kibana plugin (#767) * add to kibana.yml * remove newline * add 80 config file * fix license * use symlinks * Revert "use symlinks" This reverts commit 1faa0bd6554e38e65f3330abf601c810bc39235a. * virtual files * use semver * fix static * retrigger stuck CI * add configuration variant map * use old semver * fix static check --- internal/profile/_static/kibana_config_80.yml | 46 ++++++++++++++++ internal/profile/_static/kibana_config_8x.yml | 2 + internal/profile/profile.go | 3 ++ internal/profile/static.go | 38 +++++++++++++ internal/stack/variants.go | 30 +++++++++-- internal/stack/variants_test.go | 53 +++++++++++++++++++ 6 files changed, 167 insertions(+), 5 deletions(-) create mode 100644 internal/profile/_static/kibana_config_80.yml create mode 100644 internal/stack/variants_test.go diff --git a/internal/profile/_static/kibana_config_80.yml b/internal/profile/_static/kibana_config_80.yml new file mode 100644 index 000000000..db754f4ed --- /dev/null +++ b/internal/profile/_static/kibana_config_80.yml @@ -0,0 +1,46 @@ +server.name: kibana +server.host: "0.0.0.0" + +elasticsearch.hosts: [ "http://elasticsearch:9200" ] +elasticsearch.serviceAccountToken: "AAEAAWVsYXN0aWMva2liYW5hL2VsYXN0aWMtcGFja2FnZS1raWJhbmEtdG9rZW46b2x4b051SWNRa0tYMHdXazdLWmFBdw" + +monitoring.ui.container.elasticsearch.enabled: true + +xpack.fleet.registryUrl: "http://package-registry:8080" +xpack.fleet.agents.enabled: true +xpack.fleet.agents.elasticsearch.hosts: ["http://elasticsearch:9200"] +xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"] + +xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012" + +xpack.fleet.packages: + - name: system + version: latest + - name: elastic_agent + version: latest + - name: fleet_server + version: latest +xpack.fleet.agentPolicies: + - name: Elastic-Agent (elastic-package) + id: elastic-agent-managed-ep + is_default: true + is_managed: false + namespace: default + monitoring_enabled: + - logs + - metrics + package_policies: + - name: system-1 + id: default-system + package: + name: system + - name: Fleet Server (elastic-package) + id: fleet-server-policy + is_default_fleet_server: true + is_managed: false + namespace: default + package_policies: + - name: fleet_server-1 + id: default-fleet-server + package: + name: fleet_server \ No newline at end of file diff --git a/internal/profile/_static/kibana_config_8x.yml b/internal/profile/_static/kibana_config_8x.yml index db754f4ed..44fbb7929 100644 --- a/internal/profile/_static/kibana_config_8x.yml +++ b/internal/profile/_static/kibana_config_8x.yml @@ -13,6 +13,8 @@ xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"] xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012" +xpack.cloudSecurityPosture.enabled: true + xpack.fleet.packages: - name: system version: latest diff --git a/internal/profile/profile.go b/internal/profile/profile.go index 1c5262ff7..82efb775c 100644 --- a/internal/profile/profile.go +++ b/internal/profile/profile.go @@ -38,10 +38,13 @@ type configFile string var managedProfileFiles = map[configFile]NewConfig{ ElasticAgentDefaultEnvFile: newElasticAgentDefaultEnv, ElasticAgent8xEnvFile: newElasticAgent8xEnv, + ElasticAgent80EnvFile: newElasticAgent80Env, ElasticsearchConfigDefaultFile: newElasticsearchConfigDefault, ElasticsearchConfig8xFile: newElasticsearchConfig8x, + ElasticsearchConfig80File: newElasticsearchConfig80, KibanaConfigDefaultFile: newKibanaConfigDefault, KibanaConfig8xFile: newKibanaConfig8x, + KibanaConfig80File: newKibanaConfig80, PackageRegistryDockerfileFile: newPackageRegistryDockerfile, PackageRegistryConfigFile: newPackageRegistryConfig, SnapshotFile: newSnapshotFile, diff --git a/internal/profile/static.go b/internal/profile/static.go index ff2ed10d6..7a96499e6 100644 --- a/internal/profile/static.go +++ b/internal/profile/static.go @@ -53,6 +53,20 @@ func newKibanaConfig8x(_ string, profilePath string) (*simpleFile, error) { }, nil } +// KibanaConfig80File is the Kibana config file for 8.0 stack family (8.0 to 8.1) +const KibanaConfig80File configFile = "kibana.config.80.yml" + +//go:embed _static/kibana_config_80.yml +var kibanaConfig80Yml string + +func newKibanaConfig80(_ string, profilePath string) (*simpleFile, error) { + return &simpleFile{ + name: string(KibanaConfig80File), + path: filepath.Join(profilePath, profileStackPath, string(KibanaConfig80File)), + body: kibanaConfig80Yml, + }, nil +} + // ElasticsearchConfigDefaultFile is the default Elasticsearch config file const ElasticsearchConfigDefaultFile configFile = "elasticsearch.config.default.yml" @@ -81,6 +95,18 @@ func newElasticsearchConfig8x(_ string, profilePath string) (*simpleFile, error) }, nil } +// ElasticsearchConfig80File is the Elasticsearch virtual config file name for 8.0 stack family (8.0 to 8.1) +// This file does not exist in the source code, since it's identical to the 8x config file. +const ElasticsearchConfig80File configFile = "elasticsearch.config.80.yml" + +func newElasticsearchConfig80(_ string, profilePath string) (*simpleFile, error) { + return &simpleFile{ + name: string(ElasticsearchConfig80File), + path: filepath.Join(profilePath, profileStackPath, string(ElasticsearchConfig80File)), + body: elasticsearchConfig8xYml, + }, nil +} + // PackageRegistryConfigFile is the config file for the Elastic Package registry const PackageRegistryConfigFile configFile = "package-registry.config.yml" @@ -117,6 +143,18 @@ func newPackageRegistryDockerfile(_ string, profilePath string) (*simpleFile, er }, nil } +// ElasticAgent80EnvFile is the .env for the 8.0 stack. +// This file does not exist in the source code, since it's identical to the 8x env file. +const ElasticAgent80EnvFile configFile = "elastic-agent.80.env" + +func newElasticAgent80Env(_ string, profilePath string) (*simpleFile, error) { + return &simpleFile{ + name: string(ElasticAgent80EnvFile), + path: filepath.Join(profilePath, profileStackPath, string(ElasticAgent80EnvFile)), + body: elasticAgent8xEnv, + }, nil +} + // ElasticAgent8xEnvFile is the .env for the 8x stack. const ElasticAgent8xEnvFile configFile = "elastic-agent.8x.env" diff --git a/internal/stack/variants.go b/internal/stack/variants.go index a069b3053..2bde87992 100644 --- a/internal/stack/variants.go +++ b/internal/stack/variants.go @@ -6,20 +6,40 @@ package stack import ( "fmt" - "strings" + + "github.com/Masterminds/semver" ) +// configurationVariantMap is a map of version constraints and their matching configuration variant. +// This map is used to deploy different versions of the Elastic stack with matching configurations. +var configurationVariantMap = map[string]string{ + "8.0-0 - 8.1.x-x": "80", + "^8.2-0": "8x", +} + // stackVariantAsEnv function returns a stack variant based on the given stack version. -// We identified two variants: +// We identified three variants: // * default, covers all of 7.x branches -// * 8x, supports different configuration options in Kibana +// * 80, covers stack versions 8.0.0 to 8.1.x +// * 8x, supports different configuration options in Kibana, covers stack versions 8.2.0+ func stackVariantAsEnv(version string) string { return fmt.Sprintf("STACK_VERSION_VARIANT=%s", selectStackVersion(version)) } func selectStackVersion(version string) string { - if strings.HasPrefix(version, "8.") { - return "8x" + if v, err := semver.NewVersion(version); err == nil { + for constraint, variant := range configurationVariantMap { + if checkVersion(v, constraint) { + return variant + } + } } return "default" } + +func checkVersion(v *semver.Version, constraint string) bool { + if constraint, err := semver.NewConstraint(constraint); err == nil { + return constraint.Check(v) + } + return false +} diff --git a/internal/stack/variants_test.go b/internal/stack/variants_test.go new file mode 100644 index 000000000..5b5e5a6aa --- /dev/null +++ b/internal/stack/variants_test.go @@ -0,0 +1,53 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package stack + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +var tests = []struct { + version string + variant string +}{ + {"", "default"}, + {"7", "default"}, + {"7.0.0", "default"}, + {"7.14.99-SNAPSHOT", "default"}, + {"8", "80"}, + {"8-0", "80"}, + {"8.0.0-alpha", "80"}, + {"8.0.0", "80"}, + {"8.0.33", "80"}, + {"8.0.33-beta", "80"}, + {"8.1-0", "80"}, + {"8.1", "80"}, + {"8.1-alpha", "80"}, + {"8.1.0-alpha", "80"}, + {"8.1.0", "80"}, + {"8.1.58", "80"}, + {"8.1.99-beta", "80"}, + {"8.1.999-SNAPSHOT", "80"}, + {"8.2-0", "8x"}, + {"8.2", "8x"}, + {"8.2.0-alpha", "8x"}, + {"8.2.0", "8x"}, + {"8.2.58", "8x"}, + {"8.2.99-gamma", "8x"}, + {"8.2.777-SNAPSHOT+arm64", "8x"}, + {"8.5", "8x"}, + {"9", "default"}, +} + +func TestSelectStackVersion(t *testing.T) { + for _, tt := range tests { + t.Run(tt.version, func(t *testing.T) { + selected := selectStackVersion(tt.version) + assert.Equal(t, tt.variant, selected) + }) + } +}