[Cloud Security] Remove check for latest agent available version in AgentlessDeploymentUpgrade task (#215248)

2025-04-24 09:48:58 -04:00 · 2025-04-02 13:00:09 -04:00 · 2025-04-02 13:00:09 -04:00 · 2b987bea61
commit 2b987bea61
parent e8f2a7f78e
4 changed files with 16 additions and 107 deletions
--- a/x-pack/platform/plugins/shared/fleet/server/services/agents/agentless_agent.test.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/services/agents/agentless_agent.test.ts
@ -531,12 +531,10 @@ describe('Agentless Agent service', () => {
        },
      },
    } as any);
+    jest.spyOn(appContextService, 'getKibanaVersion').mockReturnValue('8.18.0');
    jest.spyOn(appContextService, 'getCloud').mockReturnValue({ isCloudEnabled: true } as any);

-    await agentlessAgentService.upgradeAgentlessDeployment(
-      'mocked-agentless-agent-policy-id',
-      '8.17.0'
-    );
+    await agentlessAgentService.upgradeAgentlessDeployment('mocked-agentless-agent-policy-id');

    expect(axios).toHaveBeenCalledTimes(1);

@ -546,7 +544,7 @@ describe('Agentless Agent service', () => {
        httpsAgent: expect.anything(),
        method: 'PUT',
        data: {
-          stack_version: '8.17.0',
+          stack_version: '8.18.0',
        },
        url: 'http://api.agentless.com/api/v1/ess/deployments/mocked-agentless-agent-policy-id',
      })
--- a/x-pack/platform/plugins/shared/fleet/server/services/agents/agentless_agent.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/services/agents/agentless_agent.ts
@ -211,10 +211,11 @@ class AgentlessAgentService {
    return response;
  }

-  public async upgradeAgentlessDeployment(policyId: string, version: string) {
+  public async upgradeAgentlessDeployment(policyId: string) {
    const logger = appContextService.getLogger();
    const traceId = apm.currentTransaction?.traceparent;
    const agentlessConfig = appContextService.getConfig()?.agentless;
+    const kibanaVersion = appContextService.getKibanaVersion();
    const tlsConfig = this.createTlsConfig(agentlessConfig);
    const urlEndpoint = prependAgentlessApiBasePathToEndpoint(
      agentlessConfig,
@ -227,7 +228,7 @@ class AgentlessAgentService {
      url: prependAgentlessApiBasePathToEndpoint(agentlessConfig, `/deployments/${policyId}`),
      method: 'PUT',
      data: {
-        stack_version: version,
+        stack_version: kibanaVersion,
      },
      ...this.getHeaders(tlsConfig, traceId),
    };
--- a/x-pack/platform/plugins/shared/fleet/server/tasks/upgrade_agentless_deployment.test.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/tasks/upgrade_agentless_deployment.test.ts
@ -18,7 +18,7 @@ import type { AgentPolicy } from '../types';

 import { agentlessAgentService } from '../services/agents/agentless_agent';

-import { getAgentsByKuery, getLatestAvailableAgentVersion } from '../services/agents';
+import { getAgentsByKuery } from '../services/agents';

 import {
  UPGRADE_AGENT_DEPLOYMENTS_TASK_VERSION,
@ -170,7 +170,6 @@ describe('Upgrade Agentless Deployments', () => {
      },
    ];
    const mockedGetAgentsByKuery = getAgentsByKuery as jest.Mock;
-    const mockedGetLatestAvailableAgentVersion = getLatestAvailableAgentVersion as jest.Mock;

    beforeEach(() => {
      mockAgentPolicyService.fetchAllAgentPolicies = getMockAgentPolicyFetchAllAgentPolicies([
@ -184,8 +183,6 @@ describe('Upgrade Agentless Deployments', () => {
        agents,
      });

-      mockedGetLatestAvailableAgentVersion.mockResolvedValue('8.17.0');
-
      jest
        .spyOn(agentlessAgentService, 'upgradeAgentlessDeployment')
        .mockResolvedValueOnce(undefined);
@ -202,27 +199,7 @@ describe('Upgrade Agentless Deployments', () => {
      expect(agentlessAgentService.upgradeAgentlessDeployment).toHaveBeenCalled();
    });

-    it('should not upgrade agentless deployments when the latest version is up to date', async () => {
-      mockedGetAgentsByKuery.mockResolvedValue({
-        agents: [
-          {
-            id: 'agent-1',
-            policy_id: '93c46720-c217-11ea-9906-b5b8a21b268e',
-            status: 'online',
-            agent: {
-              version: '8.17.0',
-            },
-          },
-        ],
-      });
-      await runTask();
-
-      expect(mockAgentPolicyService.fetchAllAgentPolicies).toHaveBeenCalled();
-      expect(agentlessAgentService.upgradeAgentlessDeployment).not.toHaveBeenCalled();
-    });
-
    it('should not upgrade agentless deployments when agent status is updating', async () => {
-      mockedGetLatestAvailableAgentVersion.mockResolvedValue('8.17.1');
      mockedGetAgentsByKuery.mockResolvedValue({
        agents: [
          {
@ -242,7 +219,6 @@ describe('Upgrade Agentless Deployments', () => {
    });

    it('should not upgrade agentless deployments when agent status is unhealthy', async () => {
-      mockedGetLatestAvailableAgentVersion.mockResolvedValue('8.17.1');
      mockedGetAgentsByKuery.mockResolvedValue({
        agents: [
          {
@ -262,7 +238,6 @@ describe('Upgrade Agentless Deployments', () => {
    });

    it('should upgrade agentless deployments when agent status is online', async () => {
-      mockedGetLatestAvailableAgentVersion.mockResolvedValue('8.17.1');
      mockedGetAgentsByKuery.mockResolvedValue({
        agents: [
          {
@ -282,7 +257,6 @@ describe('Upgrade Agentless Deployments', () => {
    });

    it('should not upgrade agentless deployments when agent status is unenroll', async () => {
-      mockedGetLatestAvailableAgentVersion.mockResolvedValue('8.17.1');
      mockedGetAgentsByKuery.mockResolvedValue({
        agents: [
          {
@ -301,46 +275,6 @@ describe('Upgrade Agentless Deployments', () => {
      expect(agentlessAgentService.upgradeAgentlessDeployment).not.toHaveBeenCalled();
    });

-    it('should upgrade agentless deployments when agent for target bg task release', async () => {
-      mockedGetLatestAvailableAgentVersion.mockResolvedValue('8.18.1');
-      mockedGetAgentsByKuery.mockResolvedValue({
-        agents: [
-          {
-            id: 'agent-1',
-            policy_id: '93c46720-c217-11ea-9906-b5b8a21b268e',
-            status: 'online',
-            agent: {
-              version: '8.18.0',
-            },
-          },
-        ],
-      });
-      await runTask();
-
-      expect(mockAgentPolicyService.fetchAllAgentPolicies).toHaveBeenCalled();
-      expect(agentlessAgentService.upgradeAgentlessDeployment).toHaveBeenCalled();
-    });
-
-    it('should upgrade agentless deployments when agent version is up to date', async () => {
-      mockedGetLatestAvailableAgentVersion.mockResolvedValue('8.17.1');
-      mockedGetAgentsByKuery.mockResolvedValue({
-        agents: [
-          {
-            id: 'agent-1',
-            policy_id: '93c46720-c217-11ea-9906-b5b8a21b268e',
-            status: 'online',
-            agent: {
-              version: '8.17.0',
-            },
-          },
-        ],
-      });
-      await runTask();
-
-      expect(mockAgentPolicyService.fetchAllAgentPolicies).toHaveBeenCalled();
-      expect(agentlessAgentService.upgradeAgentlessDeployment).toHaveBeenCalled();
-    });
-
    it('should not call upgrade agentless api to upgrade when 0 agents', async () => {
      mockedGetAgentsByKuery.mockResolvedValue({
        agents: [],
@ -363,7 +297,7 @@ describe('Upgrade Agentless Deployments', () => {
      expect(mockTask.abortController.signal.throwIfAborted).toHaveBeenCalled();
    });

-    it('should not called upgrade agentless api to upgrade when agent policy is not found', async () => {
+    it('should not call upgrade agentless api to upgrade when agent policy is not found', async () => {
      jest
        .spyOn(appContextService, 'getExperimentalFeatures')
        .mockReturnValue({ enabledUpgradeAgentlessDeploymentsTask: false } as any);
--- a/x-pack/platform/plugins/shared/fleet/server/tasks/upgrade_agentless_deployment.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/tasks/upgrade_agentless_deployment.ts
@ -15,14 +15,12 @@ import {
 } from '@kbn/task-manager-plugin/server';
 import { getDeleteTaskRunResult } from '@kbn/task-manager-plugin/server/task';

-import { isAgentVersionLessThanLatest } from '../../common/services';
-
 import { agentPolicyService, appContextService } from '../services';

 import type { Agent, AgentPolicy } from '../types';

 import { AGENTS_PREFIX } from '../constants';
-import { getAgentsByKuery, getLatestAvailableAgentVersion } from '../services/agents';
+import { getAgentsByKuery } from '../services/agents';
 import { agentlessAgentService } from '../services/agents/agentless_agent';

 export const UPGRADE_AGENTLESS_DEPLOYMENTS_TASK_TYPE = 'fleet:upgrade-agentless-deployments-task';
@ -213,50 +211,28 @@ export class UpgradeAgentlessDeploymentsTask {
  };

  private upgradeAgentlessDeployments = async (agentPolicy: AgentPolicy, agent: Agent) => {
-    this.logger.info(`${agentPolicy.id} agentless policy id`);
-
-    let latestAgentVersion;
-    const currentAgentVersion = agent.agent?.version;
-    // Get latest available agent version
-    try {
-      this.logger.info(`${LOGGER_SUBJECT} getting latest available agent version in ess`);
-      latestAgentVersion = await getLatestAvailableAgentVersion();
-      this.logger.info(
-        `${LOGGER_SUBJECT} latest version ${latestAgentVersion} and current agent version ${currentAgentVersion}`
-      );
-    } catch (e) {
-      this.logger.error(`${LOGGER_SUBJECT} Failed to get latest version error: ${e}`);
-      throw e;
-    }
+    this.logger.info(`Validating if agentless policy ${agentPolicy.id} needs to be upgraded`);

    // Compare the current agent version with the latest agent version And upgrade if necessary
-    if (
-      agent.status === 'online' &&
-      latestAgentVersion &&
-      currentAgentVersion &&
-      isAgentVersionLessThanLatest(currentAgentVersion, latestAgentVersion)
-    ) {
-      this.logger.info(
-        `${LOGGER_SUBJECT} Upgrade Available to ${latestAgentVersion} for agentless policy ${agentPolicy.id} current version ${currentAgentVersion}`
-      );
+    if (agent.status === 'online') {
      try {
        this.logger.info(
-          `${LOGGER_SUBJECT} upgrading agentless policy ${agentPolicy.id} current agent version ${currentAgentVersion} to version ${latestAgentVersion}`
+          `${LOGGER_SUBJECT} Requesting to check version and update agentless deployment for policy ${agentPolicy.id}`
        );
-        await agentlessAgentService.upgradeAgentlessDeployment(agentPolicy.id, latestAgentVersion);
+        await agentlessAgentService.upgradeAgentlessDeployment(agentPolicy.id);

        this.logger.info(
-          `${LOGGER_SUBJECT} Successfully upgraded agentless deployment to ${latestAgentVersion} for ${agentPolicy.id}`
+          `${LOGGER_SUBJECT} Successfully sent the upgrade deployment request for ${agentPolicy.id}`
        );
      } catch (e) {
        this.logger.error(
-          `${LOGGER_SUBJECT} Failed to upgrade agentless deployment to ${latestAgentVersion} for ${agentPolicy.id} error: ${e}`
+          `${LOGGER_SUBJECT} Failed to request an agentless deployment upgrade for ${agentPolicy.id} error: ${e}`
        );
        throw e;
      }
    } else {
      this.logger.info(
-        `${LOGGER_SUBJECT} No upgrade available for agentless policy ${agentPolicy.id} current agent version ${currentAgentVersion} and latest version ${latestAgentVersion}`
+        `${LOGGER_SUBJECT} No upgrade request sent for agentless policy ${agentPolicy.id} because the agent status is ${agent.status}`
      );
    }
  };