github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Fleet][Tests] Package install signature verification API tests (#136947)

Browse source 
* add valid signature test package

* add test signatures and readme for signature generation

* mount zip packages as part of tests

* amend README

* Verified package test working

* Rename valid to verified

* Add test for unverified content

* add test for package verified with wrong key

* Check error types in 400 response

* Check saved object keys as part of tests

* Remove wrong_ keys

* use release docker image

* update package path for v2 registry

* force install endpoint package

* fix package policy upgrade on setup test

* formatting

* move back to production registry

* Update all registry configs to use new package directory

* use specific docker image not tag

* fix agent policy tests

* Get latest experimental endpoint version

* skip impossible fleet test

* update synthetics to use same registry image as fleet

* fix telemetry tests

* remove experimental flag from test config

* add force install confirm to synthetics tests

* add origin to expected policy data

* add test subj to force install modal

* Install latest fleet_server package not fixed version

* install latest system pkg

* fix types

* fix deprecated API calls
This commit is contained in:
Mark Hopkin 2022-08-03 18:34:32 +01:00 committed by GitHub
parent 4c43e9bf3d
commit 9f8a2c603d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
49 changed files with 1246 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

4
x-pack/plugins/apm/ftr_e2e/apis/fixtures/package_registry_config.yml
View file

@ -1,4 +1,2 @@
package_paths:
- /packages/production
- /packages/snapshot
- /packages/test-packages
- /packages/package-storage

1
x-pack/plugins/fleet/public/components/confirm_force_install_modal.tsx
View file

@ -57,6 +57,7 @@ export const ConfirmForceInstallModal: React.FC<{
/>
}
buttonColor="danger"
data-test-subj="confirmForceInstallModal"
>
<EuiCallOut
title={title}

52
x-pack/test/fleet_api_integration/apis/agent_policy/agent_policy.ts
View file

@ -16,17 +16,20 @@ export default function (providerContext: FtrProviderContext) {
const supertest = getService('supertest');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
describe('fleet_agent_policies', () => {
skipIfNoDockerRegistry(providerContext);
describe('POST /api/fleet/agent_policies', () => {
let systemPkgVersion: string;
before(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
await esArchiver.load('x-pack/test/functional/es_archives/empty_kibana');
});
setupFleetAndAgents(providerContext);
const packagePoliciesToDeleteIds: string[] = [];
let packagePoliciesToDeleteIds: string[] = [];
after(async () => {
if (systemPkgVersion) {
await supertest.delete(`/api/fleet/epm/packages/system-${systemPkgVersion}`);
}
if (packagePoliciesToDeleteIds.length > 0) {
await kibanaServer.savedObjects.bulkDelete({
objects: packagePoliciesToDeleteIds.map((id) => ({
@ -173,20 +176,36 @@ export default function (providerContext: FtrProviderContext) {
it('should allow to create policy with the system integration policy and increment correctly the name if there is more than 10 package policy', async () => {
// load a bunch of fake system integration policy
for (let i = 0; i < 10; i++) {
await kibanaServer.savedObjects.create({
id: `package-policy-test-${i}`,
type: PACKAGE_POLICY_SAVED_OBJECT_TYPE,
overwrite: true,
attributes: {
name: `system-${i + 1}`,
package: {
name: 'system',
const policyIds = new Array(10).fill(null).map((_, i) => `package-policy-test-${i}`);
packagePoliciesToDeleteIds = packagePoliciesToDeleteIds.concat(policyIds);
const getPkRes = await supertest
.get(`/api/fleet/epm/packages/system`)
.set('kbn-xsrf', 'xxxx')
.expect(200);
systemPkgVersion = getPkRes.body.item.version;
// we must first force install the system package to override package verification error on policy create
const installPromise = supertest
.post(`/api/fleet/epm/packages/system-${systemPkgVersion}`)
.set('kbn-xsrf', 'xxxx')
.send({ force: true })
.expect(200);
await Promise.all([
installPromise,
...policyIds.map((policyId, i) =>
kibanaServer.savedObjects.create({
id: policyId,
type: PACKAGE_POLICY_SAVED_OBJECT_TYPE,
overwrite: true,
attributes: {
name: `system-${i + 1}`,
package: {
name: 'system',
},
},
},
});
packagePoliciesToDeleteIds.push(`package-policy-test-${i}`);
}
})
),
]);
// first one succeeds
const res = await supertest
@ -575,7 +594,8 @@ export default function (providerContext: FtrProviderContext) {
);
});
it('should return a 200 if updating monitoring_enabled on a policy', async () => {
// Skipped as cannot force install the system and agent integrations as part of policy creation https://github.com/elastic/kibana/issues/137450
it.skip('should return a 200 if updating monitoring_enabled on a policy', async () => {
const fetchPackageList = async () => {
const response = await supertest
.get('/api/fleet/epm/packages')

99
x-pack/test/fleet_api_integration/apis/epm/install_with_signature_verification.ts Normal file
View file

@ -0,0 +1,99 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { Client } from '@elastic/elasticsearch';
import expect from '@kbn/expect';
import { Installation } from '@kbn/fleet-plugin/server/types';
import { FtrProviderContext } from '../../../api_integration/ftr_provider_context';
import { skipIfNoDockerRegistry } from '../../helpers';
import { setupFleetAndAgents } from '../agents/services';
const TEST_KEY_ID = 'd2a182a7b0e00c14';
export default function (providerContext: FtrProviderContext) {
const { getService } = providerContext;
const es: Client = getService('es');
const supertest = getService('supertest');
const dockerServers = getService('dockerServers');
const server = dockerServers.get('registry');
const uninstallPackage = async (pkg: string, version: string) => {
await supertest.delete(`/api/fleet/epm/packages/${pkg}/${version}`).set('kbn-xsrf', 'xxxx');
};
const installPackage = (pkg: string, version: string, opts?: { force?: boolean }) => {
return supertest
.post(`/api/fleet/epm/packages/${pkg}/${version}`)
.set('kbn-xsrf', 'xxxx')
.send({ force: !!opts?.force });
};
const getInstallationSavedObject = async (pkg: string): Promise<Installation | undefined> => {
const res: { _source?: { 'epm-packages': Installation } } = await es.transport.request({
method: 'GET',
path: `/.kibana/_doc/epm-packages:${pkg}`,
});
return res?._source?.['epm-packages'] as Installation;
};
describe('Installs verified and unverified packages', async () => {
skipIfNoDockerRegistry(providerContext);
setupFleetAndAgents(providerContext);
describe('verified package', async () => {
after(async () => {
if (!server.enabled) return;
await uninstallPackage('verified', '1.0.0');
});
it('should install a package with a valid signature', async () => {
await installPackage('verified', '1.0.0').expect(200);
const installationSO = await getInstallationSavedObject('verified');
expect(installationSO?.verification_status).equal('verified');
expect(installationSO?.verification_key_id).equal(TEST_KEY_ID);
});
});
describe('unverified packages', async () => {
describe('unverified package content', async () => {
after(async () => {
if (!server.enabled) return;
await uninstallPackage('unverified_content', '1.0.0');
});
it('should return 400 for valid signature but incorrect content', async () => {
const res = await installPackage('unverified_content', '1.0.0');
expect(res.status).equal(400);
expect(res.body.attributes).eql({
type: 'verification_failed',
});
});
it('should return 200 for valid signature but incorrect content force install', async () => {
await installPackage('unverified_content', '1.0.0', { force: true }).expect(200);
const installationSO = await getInstallationSavedObject('unverified_content');
expect(installationSO?.verification_status).equal('unverified');
expect(installationSO?.verification_key_id).equal(TEST_KEY_ID);
});
});
describe('package verified with wrong key', async () => {
after(async () => {
if (!server.enabled) return;
await uninstallPackage('wrong_key', '1.0.0');
});
it('should return 400 for valid signature but incorrect key', async () => {
const res = await installPackage('wrong_key', '1.0.0');
expect(res.status).equal(400);
expect(res.body.attributes).eql({
type: 'verification_failed',
});
});
it('should return 200 for valid signature but incorrect key force install', async () => {
await installPackage('wrong_key', '1.0.0', { force: true }).expect(200);
const installationSO = await getInstallationSavedObject('wrong_key');
expect(installationSO?.verification_status).equal('unverified');
expect(installationSO?.verification_key_id).equal(TEST_KEY_ID);
});
});
});
});
}

41
x-pack/test/fleet_api_integration/apis/epm/setup.ts
View file

@ -74,49 +74,52 @@ export default function (providerContext: FtrProviderContext) {
});
it('should upgrade package policy on setup if keep policies up to date set to true', async () => {
const oldVersion = '1.11.0';
const oldVersion = '0.1.0';
const latestVersion = '0.3.0';
const policyName = 'policy-1';
// first install old version of package
await supertest
.post(`/api/fleet/epm/packages/system/${oldVersion}`)
.post(`/api/fleet/epm/packages/multiple_versions/${oldVersion}`)
.set('kbn-xsrf', 'xxxx')
.send({ force: true })
.expect(200);
// now set the package to keep policies up to date
await supertest
.put(`/api/fleet/epm/packages/system/${oldVersion}`)
.put(`/api/fleet/epm/packages/multiple_versions/${oldVersion}`)
.set('kbn-xsrf', 'xxxx')
.send({ keepPoliciesUpToDate: true })
.expect(200);
// create a package policy with the old package version
await supertest
.post('/api/fleet/package_policies')
.set('kbn-xsrf', 'xxxx')
.send({
name: 'system-1',
name: policyName,
namespace: 'default',
policy_id: agentPolicyId,
package: { name: 'system', version: oldVersion },
package: { name: 'multiple_versions', version: oldVersion },
inputs: [],
force: true,
})
.expect(200);
let { body } = await supertest
.get(`/api/fleet/epm/packages/system/${oldVersion}`)
.expect(200);
const latestVersion = body.item.latestVersion;
log.info(`System package latest version: ${latestVersion}`);
// make sure we're actually doing an upgrade
expect(latestVersion).not.eql(oldVersion);
({ body } = await supertest
.post(`/api/fleet/epm/packages/system/${latestVersion}`)
// install the most recent version of the package
await supertest
.post(`/api/fleet/epm/packages/multiple_versions/${latestVersion}`)
.set('kbn-xsrf', 'xxxx')
.expect(200));
.expect(200);
await supertest.post(`/api/fleet/setup`).set('kbn-xsrf', 'xxxx').expect(200);
({ body } = await supertest
// now check the package policy has been upgraded to the latest version
const { body } = await supertest
.get('/api/fleet/package_policies')
.set('kbn-xsrf', 'xxxx')
.expect(200));
expect(body.items.find((pkg: any) => pkg.name === 'system-1').package.version).to.equal(
.expect(200);
expect(body.items.find((pkg: any) => pkg.name === policyName).package.version).to.equal(
latestVersion
);
});

5
x-pack/test/fleet_api_integration/apis/fixtures/package_registry_config.yml
View file

@ -1,5 +1,4 @@
package_paths:
- /packages/production
# TODO remove temp
- /packages/snapshot
- /packages/package-storage
- /packages/test-packages
- /packages/signed-test-packages

65
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/README.md Normal file
View file

@ -0,0 +1,65 @@
# Package verification fixtures
## Signatures folder
This directory contains a public private key pair to be used for testing package verification. These keys are purely for testing and do not contain or sign any sensitive information. Here is the key information:
```
pub rsa3072 2022-07-21 [SC]
EA69DC1F612FABF267850741D2A182A7B0E00C14
uid [ultimate] Fleet Test (Fleet Integration Test Key) <fleet@elastic.co>
```
The passphrase of the private key is 'test'
### How were the keys generated?
*Note: the key ID will be different.*
```
gpg --full-generate-key
# Kind: RSA
# Keysize: 3072
# Valid for: 0 (does not expire)
# Real name: Fleet Test
# Email address: fleet@elastic.co
# Comment: Fleet Integration Test Key
# Passphrase: test
gpg --armor --export EA69DC1F612FABF267850741D2A182A7B0E00C14 > fleet_test_key_public.asc
gpg --armor --export-secret-keys EA69DC1F612FABF267850741D2A182A7B0E00C14 > fleet_test_key_private.asc
```
After generating the keys, you may want to delete them from your local keystore:
```
gpg --delete-secret-keys EA69DC1F612FABF267850741D2A182A7B0E00C14
gpg --delete-keys EA69DC1F612FABF267850741D2A182A7B0E00C14
```
## Packages folder
## How were the packages generated?
### verified-1.0.0
The valid package was generated with the following commands:
```
export ELASTIC_PACKAGE_SIGNER_PRIVATE_KEYFILE=../../../signatures/fleet_test_key_private.asc
export ELASTIC_PACKAGE_SIGNER_PASSPHRASE=test
cd packages/src/verified-1.0.0
elastic-package build --zip --sign -v
# if successful then the last log line will contain:
# Signature file written: /<path to you kibana>/kibana/build/packages/verified-1.0.0.zip.sig
# Package built: /<path to you kibana>/kibana/build/packages/verified-1.0.0.zip
cp /<path to you kibana>/kibana/build/packages/verified-1.0.0.zip ../../zips/
cp /<path to you kibana>/kibana/build/packages/verified-1.0.0.zip.sig ../../zips/
```
### unverified_content-1.0.0
This package has a valid signature but for different content. Same process as verified-1.0.0, however it has the incorrect signature, in this case I use the verified signature:
```
# Same buld steps as above
cp /<path to you kibana>/kibana/build/packages/unverified_content-1.0.0.zip ../../zips/
# now copy the incorrect signature
cp ../../zips/verified-1.0.0.zip.sig ../../zips/unverified_content-1.0.0.zip.sig
```
### wrong_key-1.0.0
This package is signed correctly but not using the key that kibana uses. Same process as verified-1.0.0, however I generated a different key pair (See 'How were the keys generated?'), and specified it for the ELASTIC_PACKAGE_SIGNER_PRIVATE_KEYFILE 'elastic-package' argument

5
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/changelog.yml vendored Normal file
View file

@ -0,0 +1,5 @@
- version: "1.0.0"
changes:
- description: This is a test
type: enhancement
link: fakelink

9
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/data_stream/log/agent/stream/stream.yml.hbs vendored Normal file
View file

@ -0,0 +1,9 @@
paths:
{{#each paths}}
- {{this}}
{{/each}}
data_stream:
dataset: {{data_stream.dataset}}
{{custom}}

198
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/data_stream/log/fields/agent.yml vendored Normal file
View file

@ -0,0 +1,198 @@
- name: cloud
title: Cloud
group: 2
description: Fields related to the cloud or infrastructure the events are coming from.
footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
type: group
fields:
- name: account.id
level: extended
type: keyword
ignore_above: 1024
description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
example: 666777888999
- name: availability_zone
level: extended
type: keyword
ignore_above: 1024
description: Availability zone in which this host is running.
example: us-east-1c
- name: instance.id
level: extended
type: keyword
ignore_above: 1024
description: Instance ID of the host machine.
example: i-1234567890abcdef0
- name: instance.name
level: extended
type: keyword
ignore_above: 1024
description: Instance name of the host machine.
- name: machine.type
level: extended
type: keyword
ignore_above: 1024
description: Machine type of the host machine.
example: t2.medium
- name: provider
level: extended
type: keyword
ignore_above: 1024
description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
example: aws
- name: region
level: extended
type: keyword
ignore_above: 1024
description: Region in which this host is running.
example: us-east-1
- name: project.id
type: keyword
description: Name of the project in Google Cloud.
- name: image.id
type: keyword
description: Image ID for the cloud instance.
- name: container
title: Container
group: 2
description: 'Container fields are used for meta information about the specific container that is the source of information.
These fields help correlate data based containers from any runtime.'
type: group
fields:
- name: id
level: core
type: keyword
ignore_above: 1024
description: Unique container id.
- name: image.name
level: extended
type: keyword
ignore_above: 1024
description: Name of the image the container was built on.
- name: labels
level: extended
type: object
object_type: keyword
description: Image labels.
- name: name
level: extended
type: keyword
ignore_above: 1024
description: Container name.
- name: host
title: Host
group: 2
description: 'A host is defined as a general computing instance.
ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
type: group
fields:
- name: architecture
level: core
type: keyword
ignore_above: 1024
description: Operating system architecture.
example: x86_64
- name: domain
level: extended
type: keyword
ignore_above: 1024
description: 'Name of the domain of which the host is a member.
For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
example: CONTOSO
default_field: false
- name: hostname
level: core
type: keyword
ignore_above: 1024
description: 'Hostname of the host.
It normally contains what the `hostname` command returns on the host machine.'
- name: id
level: core
type: keyword
ignore_above: 1024
description: 'Unique host id.
As hostname is not always unique, use values that are meaningful in your environment.
Example: The current usage of `beat.name`.'
- name: ip
level: core
type: ip
description: Host ip addresses.
- name: mac
level: core
type: keyword
ignore_above: 1024
description: Host mac addresses.
- name: name
level: core
type: keyword
ignore_above: 1024
description: 'Name of the host.
It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.'
- name: os.family
level: extended
type: keyword
ignore_above: 1024
description: OS family (such as redhat, debian, freebsd, windows).
example: debian
- name: os.kernel
level: extended
type: keyword
ignore_above: 1024
description: Operating system kernel version as a raw string.
example: 4.4.0-112-generic
- name: os.name
level: extended
type: keyword
ignore_above: 1024
multi_fields:
- name: text
type: text
norms: false
default_field: false
description: Operating system name, without the version.
example: Mac OS X
- name: os.platform
level: extended
type: keyword
ignore_above: 1024
description: Operating system platform (such centos, ubuntu, windows).
example: darwin
- name: os.version
level: extended
type: keyword
ignore_above: 1024
description: Operating system version as a raw string.
example: 10.14.1
- name: type
level: core
type: keyword
ignore_above: 1024
description: 'Type of host.
For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.'
- name: containerized
type: boolean
description: >
If the host is a container.
- name: os.build
type: keyword
example: "18D109"
description: >
OS build information.
- name: os.codename
type: keyword
example: "stretch"
description: >
OS codename, if any.

12
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/data_stream/log/fields/base-fields.yml vendored Normal file
View file

@ -0,0 +1,12 @@
- name: data_stream.type
type: constant_keyword
description: Data stream type.
- name: data_stream.dataset
type: constant_keyword
description: Data stream dataset.
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: '@timestamp'
type: date
description: Event timestamp.

28
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/data_stream/log/manifest.yml vendored Normal file
View file

@ -0,0 +1,28 @@
title: Log Dataset
type: logs
streams:
- input: logfile
description: Collect your custom log files.
title: Collect log files
vars:
- name: paths
required: true
title: Log file path
description: Path to log files to be collected
type: text
multi: true
- name: data_stream.dataset
required: true
default: generic
title: Dataset name
description: >
Set the name for your dataset. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html).
type: text
- name: custom
title: Custom configurations
description: >
Here YAML configuration options can be used to be added to your configuration. Be careful using this as it might break your configuration file.
type: yaml
default: ""

3
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/docs/README.md vendored Normal file
View file

@ -0,0 +1,3 @@
# Valid Package
This package has a valid signature

4
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/img/icon.svg vendored Normal file
View file

@ -0,0 +1,4 @@
<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M17 13H8V15H17V13ZM24 18H8V20H24V18ZM8 23H24V25H8V23Z" fill="#017D73"/>
<path d="M21.41 0H5C3.34315 0 2 1.34315 2 3V29C2 30.6569 3.34315 32 5 32H27C28.6569 32 30 30.6569 30 29V8.59L21.41 0ZM22 3.41L26.59 8H22V3.41ZM27 30H5C4.44772 30 4 29.5523 4 29V3C4 2.44772 4.44772 2 5 2H20V10H28V29C28 29.5523 27.5523 30 27 30Z" fill="#343741"/>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 493 B

24
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/unverified_content-1.0.0/manifest.yml vendored Normal file
View file

@ -0,0 +1,24 @@
format_version: 1.0.0
name: unverified_content
title: Unverified Package
description: >-
This package has a signature created by the right publick key but the content doesn't match.
type: integration
version: 1.0.0
release: ga
license: basic
categories:
- custom
policy_templates:
- name: logs
title: Custom logs
description: Collect your custom log files.
inputs:
- type: logfile
title: Custom log file
description: Collect your custom log files.
icons:
- src: "/img/icon.svg"
type: "image/svg+xml"
owner:
github: elastic/fleet

5
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/changelog.yml vendored Normal file
View file

@ -0,0 +1,5 @@
- version: "1.0.0"
changes:
- description: This is a test
type: enhancement
link: fakelink

9
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/data_stream/log/agent/stream/stream.yml.hbs vendored Normal file
View file

@ -0,0 +1,9 @@
paths:
{{#each paths}}
- {{this}}
{{/each}}
data_stream:
dataset: {{data_stream.dataset}}
{{custom}}

198
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/data_stream/log/fields/agent.yml vendored Normal file
View file

@ -0,0 +1,198 @@
- name: cloud
title: Cloud
group: 2
description: Fields related to the cloud or infrastructure the events are coming from.
footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
type: group
fields:
- name: account.id
level: extended
type: keyword
ignore_above: 1024
description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
example: 666777888999
- name: availability_zone
level: extended
type: keyword
ignore_above: 1024
description: Availability zone in which this host is running.
example: us-east-1c
- name: instance.id
level: extended
type: keyword
ignore_above: 1024
description: Instance ID of the host machine.
example: i-1234567890abcdef0
- name: instance.name
level: extended
type: keyword
ignore_above: 1024
description: Instance name of the host machine.
- name: machine.type
level: extended
type: keyword
ignore_above: 1024
description: Machine type of the host machine.
example: t2.medium
- name: provider
level: extended
type: keyword
ignore_above: 1024
description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
example: aws
- name: region
level: extended
type: keyword
ignore_above: 1024
description: Region in which this host is running.
example: us-east-1
- name: project.id
type: keyword
description: Name of the project in Google Cloud.
- name: image.id
type: keyword
description: Image ID for the cloud instance.
- name: container
title: Container
group: 2
description: 'Container fields are used for meta information about the specific container that is the source of information.
These fields help correlate data based containers from any runtime.'
type: group
fields:
- name: id
level: core
type: keyword
ignore_above: 1024
description: Unique container id.
- name: image.name
level: extended
type: keyword
ignore_above: 1024
description: Name of the image the container was built on.
- name: labels
level: extended
type: object
object_type: keyword
description: Image labels.
- name: name
level: extended
type: keyword
ignore_above: 1024
description: Container name.
- name: host
title: Host
group: 2
description: 'A host is defined as a general computing instance.
ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
type: group
fields:
- name: architecture
level: core
type: keyword
ignore_above: 1024
description: Operating system architecture.
example: x86_64
- name: domain
level: extended
type: keyword
ignore_above: 1024
description: 'Name of the domain of which the host is a member.
For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
example: CONTOSO
default_field: false
- name: hostname
level: core
type: keyword
ignore_above: 1024
description: 'Hostname of the host.
It normally contains what the `hostname` command returns on the host machine.'
- name: id
level: core
type: keyword
ignore_above: 1024
description: 'Unique host id.
As hostname is not always unique, use values that are meaningful in your environment.
Example: The current usage of `beat.name`.'
- name: ip
level: core
type: ip
description: Host ip addresses.
- name: mac
level: core
type: keyword
ignore_above: 1024
description: Host mac addresses.
- name: name
level: core
type: keyword
ignore_above: 1024
description: 'Name of the host.
It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.'
- name: os.family
level: extended
type: keyword
ignore_above: 1024
description: OS family (such as redhat, debian, freebsd, windows).
example: debian
- name: os.kernel
level: extended
type: keyword
ignore_above: 1024
description: Operating system kernel version as a raw string.
example: 4.4.0-112-generic
- name: os.name
level: extended
type: keyword
ignore_above: 1024
multi_fields:
- name: text
type: text
norms: false
default_field: false
description: Operating system name, without the version.
example: Mac OS X
- name: os.platform
level: extended
type: keyword
ignore_above: 1024
description: Operating system platform (such centos, ubuntu, windows).
example: darwin
- name: os.version
level: extended
type: keyword
ignore_above: 1024
description: Operating system version as a raw string.
example: 10.14.1
- name: type
level: core
type: keyword
ignore_above: 1024
description: 'Type of host.
For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.'
- name: containerized
type: boolean
description: >
If the host is a container.
- name: os.build
type: keyword
example: "18D109"
description: >
OS build information.
- name: os.codename
type: keyword
example: "stretch"
description: >
OS codename, if any.

12
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/data_stream/log/fields/base-fields.yml vendored Normal file
View file

@ -0,0 +1,12 @@
- name: data_stream.type
type: constant_keyword
description: Data stream type.
- name: data_stream.dataset
type: constant_keyword
description: Data stream dataset.
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: '@timestamp'
type: date
description: Event timestamp.

28
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/data_stream/log/manifest.yml vendored Normal file
View file

@ -0,0 +1,28 @@
title: Log Dataset
type: logs
streams:
- input: logfile
description: Collect your custom log files.
title: Collect log files
vars:
- name: paths
required: true
title: Log file path
description: Path to log files to be collected
type: text
multi: true
- name: data_stream.dataset
required: true
default: generic
title: Dataset name
description: >
Set the name for your dataset. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html).
type: text
- name: custom
title: Custom configurations
description: >
Here YAML configuration options can be used to be added to your configuration. Be careful using this as it might break your configuration file.
type: yaml
default: ""

3
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/docs/README.md vendored Normal file
View file

@ -0,0 +1,3 @@
# Valid Package
This package has a valid signature

4
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/img/icon.svg vendored Normal file
View file

@ -0,0 +1,4 @@
<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M17 13H8V15H17V13ZM24 18H8V20H24V18ZM8 23H24V25H8V23Z" fill="#017D73"/>
<path d="M21.41 0H5C3.34315 0 2 1.34315 2 3V29C2 30.6569 3.34315 32 5 32H27C28.6569 32 30 30.6569 30 29V8.59L21.41 0ZM22 3.41L26.59 8H22V3.41ZM27 30H5C4.44772 30 4 29.5523 4 29V3C4 2.44772 4.44772 2 5 2H20V10H28V29C28 29.5523 27.5523 30 27 30Z" fill="#343741"/>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 493 B

24
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/verified-1.0.0/manifest.yml vendored Normal file
View file

@ -0,0 +1,24 @@
format_version: 1.0.0
name: verified
title: Verified Package
description: >-
A package with a valid signature.
type: integration
version: 1.0.0
release: ga
license: basic
categories:
- custom
policy_templates:
- name: logs
title: Custom logs
description: Collect your custom log files.
inputs:
- type: logfile
title: Custom log file
description: Collect your custom log files.
icons:
- src: "/img/icon.svg"
type: "image/svg+xml"
owner:
github: elastic/fleet

5
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/changelog.yml vendored Normal file
View file

@ -0,0 +1,5 @@
- version: "1.0.0"
changes:
- description: This is a test
type: enhancement
link: fakelink

9
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/data_stream/log/agent/stream/stream.yml.hbs vendored Normal file
View file

@ -0,0 +1,9 @@
paths:
{{#each paths}}
- {{this}}
{{/each}}
data_stream:
dataset: {{data_stream.dataset}}
{{custom}}

198
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/data_stream/log/fields/agent.yml vendored Normal file
View file

@ -0,0 +1,198 @@
- name: cloud
title: Cloud
group: 2
description: Fields related to the cloud or infrastructure the events are coming from.
footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
type: group
fields:
- name: account.id
level: extended
type: keyword
ignore_above: 1024
description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
example: 666777888999
- name: availability_zone
level: extended
type: keyword
ignore_above: 1024
description: Availability zone in which this host is running.
example: us-east-1c
- name: instance.id
level: extended
type: keyword
ignore_above: 1024
description: Instance ID of the host machine.
example: i-1234567890abcdef0
- name: instance.name
level: extended
type: keyword
ignore_above: 1024
description: Instance name of the host machine.
- name: machine.type
level: extended
type: keyword
ignore_above: 1024
description: Machine type of the host machine.
example: t2.medium
- name: provider
level: extended
type: keyword
ignore_above: 1024
description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
example: aws
- name: region
level: extended
type: keyword
ignore_above: 1024
description: Region in which this host is running.
example: us-east-1
- name: project.id
type: keyword
description: Name of the project in Google Cloud.
- name: image.id
type: keyword
description: Image ID for the cloud instance.
- name: container
title: Container
group: 2
description: 'Container fields are used for meta information about the specific container that is the source of information.
These fields help correlate data based containers from any runtime.'
type: group
fields:
- name: id
level: core
type: keyword
ignore_above: 1024
description: Unique container id.
- name: image.name
level: extended
type: keyword
ignore_above: 1024
description: Name of the image the container was built on.
- name: labels
level: extended
type: object
object_type: keyword
description: Image labels.
- name: name
level: extended
type: keyword
ignore_above: 1024
description: Container name.
- name: host
title: Host
group: 2
description: 'A host is defined as a general computing instance.
ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
type: group
fields:
- name: architecture
level: core
type: keyword
ignore_above: 1024
description: Operating system architecture.
example: x86_64
- name: domain
level: extended
type: keyword
ignore_above: 1024
description: 'Name of the domain of which the host is a member.
For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
example: CONTOSO
default_field: false
- name: hostname
level: core
type: keyword
ignore_above: 1024
description: 'Hostname of the host.
It normally contains what the `hostname` command returns on the host machine.'
- name: id
level: core
type: keyword
ignore_above: 1024
description: 'Unique host id.
As hostname is not always unique, use values that are meaningful in your environment.
Example: The current usage of `beat.name`.'
- name: ip
level: core
type: ip
description: Host ip addresses.
- name: mac
level: core
type: keyword
ignore_above: 1024
description: Host mac addresses.
- name: name
level: core
type: keyword
ignore_above: 1024
description: 'Name of the host.
It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.'
- name: os.family
level: extended
type: keyword
ignore_above: 1024
description: OS family (such as redhat, debian, freebsd, windows).
example: debian
- name: os.kernel
level: extended
type: keyword
ignore_above: 1024
description: Operating system kernel version as a raw string.
example: 4.4.0-112-generic
- name: os.name
level: extended
type: keyword
ignore_above: 1024
multi_fields:
- name: text
type: text
norms: false
default_field: false
description: Operating system name, without the version.
example: Mac OS X
- name: os.platform
level: extended
type: keyword
ignore_above: 1024
description: Operating system platform (such centos, ubuntu, windows).
example: darwin
- name: os.version
level: extended
type: keyword
ignore_above: 1024
description: Operating system version as a raw string.
example: 10.14.1
- name: type
level: core
type: keyword
ignore_above: 1024
description: 'Type of host.
For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.'
- name: containerized
type: boolean
description: >
If the host is a container.
- name: os.build
type: keyword
example: "18D109"
description: >
OS build information.
- name: os.codename
type: keyword
example: "stretch"
description: >
OS codename, if any.

12
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/data_stream/log/fields/base-fields.yml vendored Normal file
View file

@ -0,0 +1,12 @@
- name: data_stream.type
type: constant_keyword
description: Data stream type.
- name: data_stream.dataset
type: constant_keyword
description: Data stream dataset.
- name: data_stream.namespace
type: constant_keyword
description: Data stream namespace.
- name: '@timestamp'
type: date
description: Event timestamp.

28
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/data_stream/log/manifest.yml vendored Normal file
View file

@ -0,0 +1,28 @@
title: Log Dataset
type: logs
streams:
- input: logfile
description: Collect your custom log files.
title: Collect log files
vars:
- name: paths
required: true
title: Log file path
description: Path to log files to be collected
type: text
multi: true
- name: data_stream.dataset
required: true
default: generic
title: Dataset name
description: >
Set the name for your dataset. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html).
type: text
- name: custom
title: Custom configurations
description: >
Here YAML configuration options can be used to be added to your configuration. Be careful using this as it might break your configuration file.
type: yaml
default: ""

3
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/docs/README.md vendored Normal file
View file

@ -0,0 +1,3 @@
# Valid Package
This package has a valid signature

4
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/img/icon.svg vendored Normal file
View file

@ -0,0 +1,4 @@
<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M17 13H8V15H17V13ZM24 18H8V20H24V18ZM8 23H24V25H8V23Z" fill="#017D73"/>
<path d="M21.41 0H5C3.34315 0 2 1.34315 2 3V29C2 30.6569 3.34315 32 5 32H27C28.6569 32 30 30.6569 30 29V8.59L21.41 0ZM22 3.41L26.59 8H22V3.41ZM27 30H5C4.44772 30 4 29.5523 4 29V3C4 2.44772 4.44772 2 5 2H20V10H28V29C28 29.5523 27.5523 30 27 30Z" fill="#343741"/>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 493 B

24
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/src/wrong_key-1.0.0/manifest.yml vendored Normal file
View file

@ -0,0 +1,24 @@
format_version: 1.0.0
name: wrong_key
title: Unverified Package
description: >-
This package has a .sig generated by the incorrect private key.
type: integration
version: 1.0.0
release: ga
license: basic
categories:
- custom
policy_templates:
- name: logs
title: Custom logs
description: Collect your custom log files.
inputs:
- type: logfile
title: Custom log file
description: Collect your custom log files.
icons:
- src: "/img/icon.svg"
type: "image/svg+xml"
owner:
github: elastic/fleet

BIN
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/zips/unverified_content-1.0.0.zip Normal file
View file

Binary file not shown.

16
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/zips/unverified_content-1.0.0.zip.sig Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
Version: verified-1.0.0
Comment: Signed with elastic-package (using GopenPGP: https://gopenpgp.org)
wsDzBAABCgAnBQJi2m5jCZDSoYKnsOAMFBYhBOpp3B9hL6vyZ4UHQdKhgqew4AwU
AAD4uQv/cIjgccAGi50QCpXbKVkIj3/6zxsxUlIjEcEmFJWO2mucVcnjVmf4tr9/
7w52xix+jDR/cPrxMOwohJ+ACyY4ZEwA61CzmrOwPkmdzMaJWPwQCBBt0r2cIhLn
g9Y1Za8N7g0Bn77dxZv1jeajQQQ4rEnFTfd1pSSfMx8TeCDvJyOKCwfBUQ1GsAyG
h7krqGGKurQmV77siIGvSfu5jCSWZI9pnvfQeLvmgB0P+kKyVn0E80EaO75M92P/
pXHxdDhc4L59x3G7MJRQKuHRJ009jrDTW3UBYmw9a++oT2xlyH8Q/StDfWIla536
+aYI390dp2S/FxYK/szKYU4L1LzcVFW2WRCPXC8ycbk/YAlqIqZqETzlolfrb2JJ
VhZ5tCGksZFGJIYik/GveMq1W61HWfwYAuoGkJsO5R9A7d3u5aCwl7ALxGnJD6rh
6YatMYHrRLyFQ2sItH0oC8pg/VYL8HCQ5elkTYKErN32bPRFfyNVlISAG525pBkv
AM+OQr2H
=qDeH
-----END PGP SIGNATURE-----

BIN
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/zips/verified-1.0.0.zip Normal file
View file

Binary file not shown.

16
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/zips/verified-1.0.0.zip.sig Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
Version: verified-1.0.0
Comment: Signed with elastic-package (using GopenPGP: https://gopenpgp.org)
wsDzBAABCgAnBQJi2m5jCZDSoYKnsOAMFBYhBOpp3B9hL6vyZ4UHQdKhgqew4AwU
AAD4uQv/cIjgccAGi50QCpXbKVkIj3/6zxsxUlIjEcEmFJWO2mucVcnjVmf4tr9/
7w52xix+jDR/cPrxMOwohJ+ACyY4ZEwA61CzmrOwPkmdzMaJWPwQCBBt0r2cIhLn
g9Y1Za8N7g0Bn77dxZv1jeajQQQ4rEnFTfd1pSSfMx8TeCDvJyOKCwfBUQ1GsAyG
h7krqGGKurQmV77siIGvSfu5jCSWZI9pnvfQeLvmgB0P+kKyVn0E80EaO75M92P/
pXHxdDhc4L59x3G7MJRQKuHRJ009jrDTW3UBYmw9a++oT2xlyH8Q/StDfWIla536
+aYI390dp2S/FxYK/szKYU4L1LzcVFW2WRCPXC8ycbk/YAlqIqZqETzlolfrb2JJ
VhZ5tCGksZFGJIYik/GveMq1W61HWfwYAuoGkJsO5R9A7d3u5aCwl7ALxGnJD6rh
6YatMYHrRLyFQ2sItH0oC8pg/VYL8HCQ5elkTYKErN32bPRFfyNVlISAG525pBkv
AM+OQr2H
=qDeH
-----END PGP SIGNATURE-----

BIN
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/zips/wrong_key-1.0.0.zip Normal file
View file

Binary file not shown.

16
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/packages/zips/wrong_key-1.0.0.zip.sig Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
Version: wrong_key-1.0.0
Comment: Signed with elastic-package (using GopenPGP: https://gopenpgp.org)
wsDzBAABCgAnBQJi2n4aCZBSG/qV2sAoJRYhBIH3Pw5l3AfU05N6W1Ib+pXawCgl
AABFSgv8DRSfgx3dLBEqTPQ5tCQBuy4wbWKjxc+XarqXflPoAmxzex39WqTbyWP/
kePldLJAayd/TdGGEFKx1/UYtspfrmT7hfe9V8KVU6cFZlnJKmGtGGG64ONz+0qJ
tkcFOAvo9bS+06oJh+peB3I8jaensV9qizKPoDredKpYRB4LsLhAtzDa8Yr583WS
GVlmpTPLWg+Q9755dOXEZOWyRIHR/KrsHuIwGwqH9XJmMukX+a65s2OJ3OzHGrLX
u/weA+tj82PHqBmXmoGaaTL4n1y1+gs/dwcSz8wwrbuTA4N9aj/JFXi0jWVex2XK
Kei6UWwa9uVrMosQEIV4P2NdvM+EQrY4ynFl5LGSWfEIWKQGJd1Q8b7Db2Wkl2qU
MDG0KqME0CunVlmY/TvM1ZsLyED4N5pgXA233Pfb1OQpsTAu/nx7zJgUN+cQafiJ
YDDmsyIFzmcBmjTrRGgxb8UZPVbcZ3e1ypog74FpMnPG+Ls9Nmqf8o7L6F01jWAN
eGJV/tD2
=JiJZ
-----END PGP SIGNATURE-----

46
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/signatures/fleet_test_key_private.asc Normal file
View file

@ -0,0 +1,46 @@
-----BEGIN PGP PRIVATE KEY BLOCK-----
Comment: This key was generated for testing pruposes and is not sensitive in any way.
lQWGBGLZo8EBDACoP/vHJiblZEgg98sl6qzV6jfk2cl5up2WTdpXCrBXurt2DLpG
Pw9gPCNG93cyhdCfw0y8Ojla4qqqvkZhCcyMt/RpEVFxwLW6RZX1IFD47LW2Mk1p
mulJ+hNZuynO71DNbUwf9hju2bZfF+U2ToG+S4eqx2duvI0yk7zzNwFY1txFhH8c
dQ1CZ+ybUyt1Qtekcm0M8AplyyRfn4WcIdhPP/qHkZlpZ0k9sBFzml4Tpw1luY3Q
v+hIa5EaLDiTsFlEE56KIA+zd5jsuGOG9FbJUKhqrfOyEY2LxgdiOCBQy6sK6wQw
X22bIm+CQgMHwkJH4jccwQ+M3aEZn7xDAyz9RDJvgbaloB+Ru4xGnfgJDFPFxbNw
bH1zh9iARe0W8/IFb85U5/ljBeSmlzIrJiTFEHqncar3azn1lfBlCyxzJRIzvZRV
9qMeisz2F1YZYJl0jK/b7Fm2HFJMOUUCalGCh6UP3wk40q18Oi00eiH/EwU1wTCB
lpz5DvOKvQ0n9AMAEQEAAf4HAwJQ6ag8/yMsgOliMP5BOdKoEg048sI0+p4cSzan
sNf+YbX6qv56KniH6chb3mKA6oadT5WSu0Ao/VqdgxY3baX+z0GAnRADj3jHIt5F
73Ih8pOI3IJd+qXUm+Pkbr6KIcrFG56zkF5jfuEFQlPIg4rrdTFs3M98oPH+Azye
ABFz7jvcUBLl9ZMJTN+otjrGLSMM9SilDoHRDzJMbl67NETEy9Npnh68hK+Jzu6k
xfd/giWkj11UXYwhrYVX/Dd8sHGV6/RpLZlU5Tx1LqhdqLGXkVNUFqb/JOkLIK2P
PZH0Ovh4hUhb2o87pypA8y6TgpQaO730oXPitplkAXPU8RIT3pKDXWrhkUvfIkhh
sHiVfZRXNHt8eu9qaF865X/yiS6x0LIzQApZEVe9+CjtesVPieXGkD3xTmfUqu3k
dLUTKdcOaNH3YFZk3oEaOsCpEmJ/w9WmiYKYlQ5CFFe+LcZCnL/AjIgXLbs9PmlA
cYksCfSCY0LBWd6WkwebXVyTeeKKMhX56GpHsDBYlziWdQceTtliQiOeVODnio8a
aKwzR0t81xIS9JAkw80PtjlPPCdhYoeXa6UNmhYFuu7IrUuNQW7QFCmOrKrPLhF+
y2DCpVDCFoaJ4Ov8J85KNcRVaeK4M36RxgFvnKVz/jec6cJ0ztFlnS+yHLEkIdMV
xdsmmQn0sKNHcgN8rhgLoE1vYfGKoGLQyMYqQMa57slxXO/ZfQXUa0YXfwn2aZck
7T0sU65AuFgiPmKo93Pb0RvIhAyD/Crkw13fM82Hts0QdDog+K3gLGJ1VOlyZVbP
smdZosYlhrSswnNg/ThDyfDSfejMVzJrWmvSdHYtsN7CWxFBknXlzZM31LY9NaVk
AkD2n8NCQtzk/u6/N1DdRxb+z7Xwxr6HBqRtuE3Wtolkghd1dfB9UtSY5I+R4xFk
bBXT4BQN+U0dYYuhGwhOxQD4c7YozYg5XpCEy2uAc1uW6ZlIqne+QxP7pcjYt1Wz
Q+haSgFyTE1+IUHFhoyIG6zUbiOixUv3oj6O1ktDickIIYv+ZOc3VXW0rPYuNviR
iw3q3PUschy3rUkwvnY/TpKnE7pUvIlMYzqPnoEDTNawlSQpgKxXMtEPAea9Pgqz
km6aEWqRCh9hJSUEFiO4Sj/wGd1+oK1aYB6saY48GowxME7IZrM4qagI4Stm1BFp
1LVUqIhGwn9u8cKB7QxwlcxAO5emMC6vlUYKfxp6JW12MCTFePaZOd3x807t/qIA
/RE9hXewPWeNE1z2PF+HSVq3KnkmhfAmixXpRei6VNNqsA3DsX9VW7sZUUHCYKuQ
9Yaqa1raFv2ZsynvjspyR+DMMwr5ddz6DLQ6RmxlZXQgVGVzdCAoRmxlZXQgSW50
ZWdyYXRpb24gVGVzdCBLZXkpIDxmbGVldEBlbGFzdGljLmNvPokB0QQTAQgAOxYh
BOpp3B9hL6vyZ4UHQdKhgqew4AwUBQJi2aPBAhsDBQsJCAcCAiICBhUKCQgLAgQW
AgMBAh4HAheAAAoJENKhgqew4AwUbY0L/iYud7CxopRK2RzuX5KzProPaM+OVbJZ
OB7eMlE+0EucPWioMyY77DMHHI2xOdpVTm1PTBSjvca70JIUEu38W8LsVlQctI71
U7N+R7JoENFoKoFPOsfZNSbvSaTRKuzNUpodDts4IdvDxmd8wm0S76ZJ/gNfJ58q
QxoIUkDNpPHc0Y8jbu4raTsM74TZCdOGTmlZ+SkQ5S+HwiBjsc++FZp0t8gIBCQ4
XW4qItsnMEMFcAxI/RHUvvSQXvP3xO7/oIcHlb/Bq7uivtiaPQBaHFmKyJbdGc9D
+4cURLZOQxDB59GhavJkkvUHeiskIrQ9htWCtetkxkroZEOlMgVGBEHNuFwOoiM9
SdIeSOBnLAwiZgM02bEyO4r2xeZF9qeqYr8jrZKLLUnuc1NPrte8TRyQCiI/PaUU
lmBh3H6kSNTNRttLdmtLKqX0ANKvEe765pj0qD6Nk8sZGL6ee5L1UnUNzZEQDUjD
mMgfZmqj1T8V9LbA9WW8IX+fF9nfLoj3+g==
=SkuR
-----END PGP PRIVATE KEY BLOCK-----

24
x-pack/test/fleet_api_integration/apis/fixtures/package_verification/signatures/fleet_test_key_public.asc Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGLZo8EBDACoP/vHJiblZEgg98sl6qzV6jfk2cl5up2WTdpXCrBXurt2DLpG
Pw9gPCNG93cyhdCfw0y8Ojla4qqqvkZhCcyMt/RpEVFxwLW6RZX1IFD47LW2Mk1p
mulJ+hNZuynO71DNbUwf9hju2bZfF+U2ToG+S4eqx2duvI0yk7zzNwFY1txFhH8c
dQ1CZ+ybUyt1Qtekcm0M8AplyyRfn4WcIdhPP/qHkZlpZ0k9sBFzml4Tpw1luY3Q
v+hIa5EaLDiTsFlEE56KIA+zd5jsuGOG9FbJUKhqrfOyEY2LxgdiOCBQy6sK6wQw
X22bIm+CQgMHwkJH4jccwQ+M3aEZn7xDAyz9RDJvgbaloB+Ru4xGnfgJDFPFxbNw
bH1zh9iARe0W8/IFb85U5/ljBeSmlzIrJiTFEHqncar3azn1lfBlCyxzJRIzvZRV
9qMeisz2F1YZYJl0jK/b7Fm2HFJMOUUCalGCh6UP3wk40q18Oi00eiH/EwU1wTCB
lpz5DvOKvQ0n9AMAEQEAAbQ6RmxlZXQgVGVzdCAoRmxlZXQgSW50ZWdyYXRpb24g
VGVzdCBLZXkpIDxmbGVldEBlbGFzdGljLmNvPokB0QQTAQgAOxYhBOpp3B9hL6vy
Z4UHQdKhgqew4AwUBQJi2aPBAhsDBQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheA
AAoJENKhgqew4AwUbY0L/iYud7CxopRK2RzuX5KzProPaM+OVbJZOB7eMlE+0Euc
PWioMyY77DMHHI2xOdpVTm1PTBSjvca70JIUEu38W8LsVlQctI71U7N+R7JoENFo
KoFPOsfZNSbvSaTRKuzNUpodDts4IdvDxmd8wm0S76ZJ/gNfJ58qQxoIUkDNpPHc
0Y8jbu4raTsM74TZCdOGTmlZ+SkQ5S+HwiBjsc++FZp0t8gIBCQ4XW4qItsnMEMF
cAxI/RHUvvSQXvP3xO7/oIcHlb/Bq7uivtiaPQBaHFmKyJbdGc9D+4cURLZOQxDB
59GhavJkkvUHeiskIrQ9htWCtetkxkroZEOlMgVGBEHNuFwOoiM9SdIeSOBnLAwi
ZgM02bEyO4r2xeZF9qeqYr8jrZKLLUnuc1NPrte8TRyQCiI/PaUUlmBh3H6kSNTN
RttLdmtLKqX0ANKvEe765pj0qD6Nk8sZGL6ee5L1UnUNzZEQDUjDmMgfZmqj1T8V
9LbA9WW8IX+fF9nfLoj3+g==
=cw33
-----END PGP PUBLIC KEY BLOCK-----

18
x-pack/test/fleet_api_integration/apis/fleet_telemetry.ts
View file

@ -16,7 +16,7 @@ export default function (providerContext: FtrProviderContext) {
const esArchiver = getService('esArchiver');
let agentCount = 0;
let pkgVersion: string;
describe('fleet_telemetry', () => {
skipIfNoDockerRegistry(providerContext);
before(async () => {
@ -29,9 +29,25 @@ export default function (providerContext: FtrProviderContext) {
after(async () => {
await esArchiver.unload('x-pack/test/functional/es_archives/empty_kibana');
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
if (pkgVersion) {
await supertest.delete(`/api/fleet/epm/packages/fleet_server/${pkgVersion}`);
}
});
before(async () => {
// we must first force install the fleet_server package to override package verification error on policy create
// https://github.com/elastic/kibana/issues/137450
const getPkRes = await supertest
.get(`/api/fleet/epm/packages/fleet_server`)
.set('kbn-xsrf', 'xxxx')
.expect(200);
pkgVersion = getPkRes.body.item.version;
await supertest
.post(`/api/fleet/epm/packages/fleet_server/${pkgVersion}`)
.set('kbn-xsrf', 'xxxx')
.send({ force: true })
.expect(200);
// create agent policies
let { body: apiResponse } = await supertest
.post(`/api/fleet/agent_policies`)

1
x-pack/test/fleet_api_integration/apis/integrations/elastic_agent.ts
View file

@ -34,7 +34,6 @@ export default function (providerContext: FtrProviderContext) {
.set('kbn-xsrf', 'xxxx')
.expect(200);
pkgVersion = getPkRes.body.item.version;
// pkgVersion
// Install latest version of the package
await supertest
.post(`/api/fleet/epm/packages/${FLEET_ELASTIC_AGENT_PACKAGE}/${pkgVersion}`)

1
x-pack/test/fleet_api_integration/apis/package_policy/create.ts
View file

@ -225,6 +225,7 @@ export default function (providerContext: FtrProviderContext) {
title: 'Endpoint',
version: '1.4.1',
},
force: true,
})
.expect(200);
await supertest

29
x-pack/test/fleet_api_integration/config.ts
View file

@ -13,12 +13,13 @@ import {
getKibanaCliLoggers,
} from '@kbn/test';
const getFullPath = (relativePath: string) => path.join(path.dirname(__filename), relativePath);
// Docker image to use for Fleet API integration tests.
// This hash comes from the latest successful build of the Snapshot Distribution of the Package Registry, for
// example: https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Fpackage-storage/detail/snapshot/74/pipeline/257#step-302-log-1.
// It should be updated any time there is a new Docker image published for the Snapshot Distribution of the Package Registry.
export const dockerImage =
'docker.elastic.co/package-registry/distribution:433d99a96f3289c5013ae35826877adf408eb9c9';
'docker.elastic.co/package-registry/distribution:production-v2-experimental-1658837582506';
export const BUNDLED_PACKAGE_DIR = '/tmp/fleet_bundled_packages';
@ -28,19 +29,17 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
const registryPort: string | undefined = process.env.FLEET_PACKAGE_REGISTRY_PORT;
// mount the config file for the package registry as well as
// the directory containing additional packages into the container
const dockerArgs: string[] = [
// the directories containing additional packages into the container
const volumes = {
// src : dest
'./apis/fixtures/package_registry_config.yml': '/package-registry/config.yml',
'./apis/fixtures/test_packages': '/packages/test-packages',
'./apis/fixtures/package_verification/packages/zips': '/packages/signed-test-packages',
};
const dockerArgs: string[] = Object.entries(volumes).flatMap(([src, dest]) => [
'-v',
`${path.join(
path.dirname(__filename),
'./apis/fixtures/package_registry_config.yml'
)}:/package-registry/config.yml`,
'-v',
`${path.join(
path.dirname(__filename),
'./apis/fixtures/test_packages'
)}:/packages/test-packages`,
];
`${getFullPath(src)}:${dest}`,
]);
return {
testFiles: [require.resolve('./apis')],
@ -70,7 +69,9 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
...(registryPort ? [`--xpack.fleet.registryUrl=http://localhost:${registryPort}`] : []),
`--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`,
'--xpack.cloudSecurityPosture.enabled=true',
`--xpack.fleet.packageVerification.gpgKeyPath=${getFullPath(
'./apis/fixtures/package_verification/signatures/fleet_test_key_public.asc'
)}`,
`--logging.loggers=${JSON.stringify([
...getKibanaCliLoggers(xPackAPITestsConfig.get('kbnTestServer.serverArgs')),

4
x-pack/test/functional/fixtures/package_registry_config.yml
View file

@ -1,4 +1,2 @@
package_paths:
- /packages/production
- /packages/staging
- /packages/snapshot
- /packages/package-storage

10
x-pack/test/functional_synthetics/config.js
View file

@ -8,17 +8,11 @@
import path, { resolve } from 'path';
import { defineDockerServersConfig } from '@kbn/test';
import { dockerImage as fleetDockerImage } from '../fleet_api_integration/config';
import { services } from './services';
import { pageObjects } from './page_objects';
// Docker image to use for Fleet API integration tests.
// This hash comes from the latest successful build of the Snapshot Distribution of the Package Registry, for
// example: https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Fpackage-storage/detail/snapshot/74/pipeline/257#step-302-log-1.
// It should be updated any time there is a new Docker image published for the Snapshot Distribution of the Package Registry that updates Synthetics.
export const dockerImage =
'docker.elastic.co/package-registry/distribution:433d99a96f3289c5013ae35826877adf408eb9c9';
// the default export of config files must be a config provider
// that returns an object with the projects config values
export default async function ({ readConfigFile }) {
@ -99,7 +93,7 @@ export default async function ({ readConfigFile }) {
dockerServers: defineDockerServersConfig({
registry: {
enabled: !!registryPort,
image: dockerImage,
image: fleetDockerImage,
portInContainer: 8080,
port: registryPort,
args: dockerArgs,

4
x-pack/test/functional_synthetics/fixtures/package_registry_config.yml
View file

@ -1,4 +1,2 @@
package_paths:
- /packages/production
- /packages/staging
- /packages/snapshot
- /packages/package-storage

15
x-pack/test/functional_synthetics/page_objects/synthetics_integration_page.ts
View file

@ -143,7 +143,20 @@ export function SyntheticsIntegrationPageProvider({
async confirmAndSave(isEditPage?: boolean) {
await this.ensureIsOnPackagePage();
const saveButton = await this.findSaveButton(isEditPage);
saveButton.click();
await saveButton.click();
await this.maybeForceInstall();
},
/**
* If the force install modal opens, click force install
*/
async maybeForceInstall() {
const confirmForceInstallModalOpen = await testSubjects.exists('confirmForceInstallModal');
if (confirmForceInstallModalOpen) {
const forceInstallBtn = await testSubjects.find('confirmModalConfirmButton');
return forceInstallBtn.click();
}
},
/**

2
x-pack/test/security_solution_endpoint/services/endpoint_policy.ts
View file

@ -33,7 +33,7 @@ const INGEST_API_PACKAGE_POLICIES = `${INGEST_API_ROOT}/package_policies`;
const INGEST_API_PACKAGE_POLICIES_DELETE = `${INGEST_API_PACKAGE_POLICIES}/delete`;
const INGEST_API_EPM_PACKAGES = `${INGEST_API_ROOT}/epm/packages`;
const SECURITY_PACKAGES_ROUTE = `${INGEST_API_EPM_PACKAGES}?category=security`;
const SECURITY_PACKAGES_ROUTE = `${INGEST_API_EPM_PACKAGES}?category=security&experimental=true`;
/**
* Holds information about the test resources created to support an Endpoint Policy

4
x-pack/test/security_solution_endpoint_api_int/apis/fixtures/package_registry_config.yml
View file

@ -1,4 +1,2 @@
package_paths:
- /packages/production
- /packages/staging
- /packages/snapshot
- /packages/package-storage