feat: add first scenario for Fleet Server

.ci/.e2e-tests.yaml

@@ -17,6 +17,9 @@ SUITES:
       - name: "Fleet"
         pullRequestFilter: " && ~debian"
         tags: "fleet_mode_agent"
+      - name: "Fleet Server"
+        pullRequestFilter: " && ~debian"
+        tags: "fleet_server"
       - name: "Endpoint Integration"
         pullRequestFilter: " && ~debian"
         tags: "agent_endpoint_integration"

e2e/_suites/fleet/configurations/kibana.config.yml

@@ -15,5 +15,6 @@ xpack.fleet.enabled: true
 xpack.fleet.registryUrl: http://package-registry:8080
 xpack.fleet.agents.enabled: true
 xpack.fleet.agents.elasticsearch.host: http://elasticsearch:9200
+xpack.fleet.agents.fleetServerEnabled: true
 xpack.fleet.agents.kibana.host: http://kibana:5601
 xpack.fleet.agents.tlsCheckDisabled: true

e2e/_suites/fleet/features/fleet_server.feature

@@ -0,0 +1,19 @@
+@fleet_server
+Feature: Fleet Server
+  Scenarios for Fleet Server, where an Elasticseach and a Kibana instances are already provisioned,
+  so that the Agent is able to communicate with them
+
+@start-fleet-server
+Scenario Outline: Deploying the <os> fleet-server agent
+  When a "<os>" agent is deployed to Fleet with "tar" installer in fleet-server mode
+  Then Fleet server is enabled
+
+@centos
+Examples: Centos
+| os     |
+| centos |
+
+@debian
+Examples: Debian
+| os     |
+| debian |

e2e/_suites/fleet/fleet.go

@@ -121,7 +121,7 @@ func (fts *FleetTestSuite) beforeScenario() {
 	fts.Version = agentVersion
 
 	// create policy with system monitoring enabled
-	defaultPolicy, err := getAgentDefaultPolicy()
+	defaultPolicy, err := getAgentDefaultPolicy("is_default")
 	if err != nil {
 		log.WithFields(log.Fields{
 			"err": err,
@@ -158,6 +158,10 @@ func (fts *FleetTestSuite) contributeSteps(s *godog.ScenarioContext) {
 	s.Step(`^the policy response will be shown in the Security App$`, fts.thePolicyResponseWillBeShownInTheSecurityApp)
 	s.Step(`^the policy is updated to have "([^"]*)" in "([^"]*)" mode$`, fts.thePolicyIsUpdatedToHaveMode)
 	s.Step(`^the policy will reflect the change in the Security App$`, fts.thePolicyWillReflectTheChangeInTheSecurityApp)
+
+	// fleet server steps
+	s.Step(`^a "([^"]*)" agent is deployed to Fleet with "([^"]*)" installer in fleet-server mode$`, fts.anAgentIsDeployedToFleetWithInstallerInFleetMode)
+	s.Step(`^Fleet server is enabled$`, fts.fleetServerIsEnabled)
 }
 
 func (fts *FleetTestSuite) anStaleAgentIsDeployedToFleetWithInstaller(image, version, installerType string) error {
@@ -271,10 +275,15 @@ func (fts *FleetTestSuite) agentInVersion(version string) error {
 
 // supported installers: tar, systemd
 func (fts *FleetTestSuite) anAgentIsDeployedToFleetWithInstaller(image string, installerType string) error {
+	return fts.anAgentIsDeployedToFleetWithInstallerAndFleetServer(image, installerType, false)
+}
+
+func (fts *FleetTestSuite) anAgentIsDeployedToFleetWithInstallerAndFleetServer(image string, installerType string, isFleetServer bool) error {
 	log.WithFields(log.Fields{
-		"image":     image,
-		"installer": installerType,
-	}).Trace("Deploying an agent to Fleet with base image")
+		"fleetServer": isFleetServer,
+		"image":       image,
+		"installer":   installerType,
+	}).Trace("Deploying an agent to Fleet with base image and fleet server")
 
 	fts.Image = image
 	fts.InstallerType = installerType
@@ -296,15 +305,16 @@ func (fts *FleetTestSuite) anAgentIsDeployedToFleetWithInstaller(image string, i
 	fts.CurrentToken = tokenJSONObject.Path("api_key").Data().(string)
 	fts.CurrentTokenID = tokenJSONObject.Path("id").Data().(string)
 
-	err = deployAgentToFleet(installer, containerName, fts.CurrentToken)
+	var fleetConfig *FleetConfig
+	fleetConfig, err = deployAgentToFleet(installer, containerName, fts.CurrentToken, isFleetServer)
 	fts.Cleanup = true
 	if err != nil {
 		return err
 	}
 
 	// the installation process for TAR includes the enrollment
 	if installer.installerType != "tar" {
-		err = installer.EnrollFn(fts.CurrentToken)
+		err = installer.EnrollFn(fleetConfig)
 		if err != nil {
 			return err
 		}
@@ -593,7 +603,7 @@ func (fts *FleetTestSuite) theAgentIsReenrolledOnTheHost() error {
 
 	installer := fts.getInstaller()
 
-	err := installer.EnrollFn(fts.CurrentToken)
+	err := installer.EnrollFn(NewFleetConfig(fts.CurrentToken))
 	if err != nil {
 		return err
 	}
@@ -638,7 +648,7 @@ func (fts *FleetTestSuite) thePolicyShowsTheDatasourceAdded(packageName string)
 	fts.Integration = integration
 
 	configurationIsPresentFn := func() error {
-		defaultPolicy, err := getAgentDefaultPolicy()
+		defaultPolicy, err := getAgentDefaultPolicy("is_default")
 		if err != nil {
 			log.WithFields(log.Fields{
 				"error":    err,
@@ -1009,14 +1019,14 @@ func (fts *FleetTestSuite) anAttemptToEnrollANewAgentFails() error {
 
 	containerName := fmt.Sprintf("%s_%s_%s_%d", profile, fts.Image+"-systemd", ElasticAgentServiceName, 2) // name of the new container
 
-	err := deployAgentToFleet(installer, containerName, fts.CurrentToken)
+	fleetConfig, err := deployAgentToFleet(installer, containerName, fts.CurrentToken, false)
 	// the installation process for TAR includes the enrollment
 	if installer.installerType != "tar" {
 		if err != nil {
 			return err
 		}
 
-		err = installer.EnrollFn(fts.CurrentToken)
+		err = installer.EnrollFn(fleetConfig)
 		if err == nil {
 			err = fmt.Errorf("The agent was enrolled although the token was previously revoked")
 
@@ -1236,7 +1246,7 @@ func createFleetToken(name string, policyID string) (*gabs.Container, error) {
 	return tokenItem, nil
 }
 
-func deployAgentToFleet(installer ElasticAgentInstaller, containerName string, token string) error {
+func deployAgentToFleet(installer ElasticAgentInstaller, containerName string, token string, isFleetServer bool) (*FleetConfig, error) {
 	profile := installer.profile // name of the runtime dependencies compose file
 	service := installer.service // name of the service
 	serviceTag := installer.tag  // docker tag of the service
@@ -1259,24 +1269,38 @@ func deployAgentToFleet(installer ElasticAgentInstaller, containerName string, t
 			"service": service,
 			"tag":     serviceTag,
 		}).Error("Could not run the target box")
-		return err
+		return nil, err
 	}
 
 	err = installer.PreInstallFn()
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	err = installer.InstallFn(containerName, token)
+	var fleetConfig *FleetConfig
+	if isFleetServer {
+		cfg, cfgError := NewFleetServerConfig(token)
+		if cfgError != nil {
+			return nil, cfgError
+		}
+		fleetConfig = cfg
+	} else {
+		fleetConfig = NewFleetConfig(token)
+	}
+
+	err = installer.InstallFn(fleetConfig)
+
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	return installer.PostInstallFn()
+	return fleetConfig, installer.PostInstallFn()
 }
 
-// getAgentDefaultPolicy sends a GET request to Fleet for the existing default policy
-func getAgentDefaultPolicy() (*gabs.Container, error) {
+// getAgentDefaultPolicy sends a GET request to Fleet for the existing default policy, using the
+// "defaultPolicyFieldName" passed as parameter as field to be used to find the policy in list
+// of fleet policies
+func getAgentDefaultPolicy(defaultPolicyFieldName string) (*gabs.Container, error) {
 	r := createDefaultHTTPRequest(ingestManagerAgentPoliciesURL)
 	body, err := curl.Get(r)
 	if err != nil {
@@ -1304,10 +1328,21 @@ func getAgentDefaultPolicy() (*gabs.Container, error) {
 		"count": len(policies.Children()),
 	}).Trace("Fleet policies retrieved")
 
-	// TODO: perform a strong check to capture default policy
-	defaultPolicy := policies.Index(0)
+	for _, policy := range policies.Children() {
+		if !policy.Exists(defaultPolicyFieldName) {
+			continue
+		}
+
+		if policy.Path(defaultPolicyFieldName).Data().(bool) {
+			log.WithFields(log.Fields{
+				"field":  defaultPolicyFieldName,
+				"policy": policy,
+			}).Trace("Default Policy was found")
+			return policy, nil
+		}
+	}
 
-	return defaultPolicy, nil
+	return nil, fmt.Errorf("Default policy was not found with '%s' field equals to 'true'", defaultPolicyFieldName)
 }
 
 func getAgentEvents(applicationName string, agentID string, packagePolicyID string, updatedAt string) error {

e2e/_suites/fleet/fleet_server.go

@@ -0,0 +1,74 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/cucumber/godog"
+	log "github.com/sirupsen/logrus"
+)
+
+// FleetConfig represents the configuration for Fleet Server when building the enrollment command
+type FleetConfig struct {
+	EnrollmentToken          string
+	ElasticsearchPort        int
+	ElasticsearchURI         string
+	ElasticsearchCredentials string
+	// server
+	ServerPolicyID string
+}
+
+// NewFleetConfig builds a new configuration for the fleet agent, defaulting ES credentials, URI and port
+func NewFleetConfig(token string) *FleetConfig {
+	return &FleetConfig{
+		EnrollmentToken:          token,
+		ElasticsearchCredentials: "elastic:changeme",
+		ElasticsearchPort:        9200,
+		ElasticsearchURI:         "elasticsearch",
+	}
+}
+
+// NewFleetServerConfig builds a new configuration for the fleet server agent, defaulting credentials and port,
+// also retrieving the default policy ID for fleet server
+func NewFleetServerConfig(token string) (*FleetConfig, error) {
+	cfg := NewFleetConfig(token)
+
+	defaultFleetServerPolicy, err := getAgentDefaultPolicy("is_default_fleet_server")
+	if err != nil {
+		return nil, err
+	}
+
+	cfg.ServerPolicyID = defaultFleetServerPolicy.Path("id").Data().(string)
+
+	log.WithFields(log.Fields{
+		"elasticsearch":     cfg.ElasticsearchURI,
+		"elasticsearchPort": cfg.ElasticsearchPort,
+		"policyID":          cfg.ServerPolicyID,
+		"token":             cfg.EnrollmentToken,
+	}).Debug("Fleet Server config created")
+
+	return cfg, nil
+}
+
+func (cfg FleetConfig) flags() []string {
+	baseFlags := []string{"--force", "--insecure", "--enrollment-token=" + cfg.EnrollmentToken}
+
+	if cfg.ServerPolicyID != "" {
+		return append(baseFlags, "--fleet-server", fmt.Sprintf("http://%s@%s:%d", cfg.ElasticsearchCredentials, cfg.ElasticsearchURI, cfg.ElasticsearchPort), "--fleet-server-policy", cfg.ServerPolicyID)
+	}
+
+	return append(baseFlags, "--kibana-url", "http://kibana:5601")
+}
+
+func (fts *FleetTestSuite) anAgentIsDeployedToFleetWithInstallerInFleetMode(image string, installerType string) error {
+	fts.ElasticAgentStopped = true
+	return fts.anAgentIsDeployedToFleetWithInstallerAndFleetServer(image, installerType, true)
+}
+
+func (fts *FleetTestSuite) fleetServerIsEnabled() error {
+	log.Debug("Fleet server is enabled")
+	return godog.ErrPending
+}

e2e/_suites/fleet/installers.go

@@ -17,7 +17,7 @@ import (
 
 // InstallerPackage represents the operations that can be performed by an installer package type
 type InstallerPackage interface {
-	Install(containerName string, token string) error
+	Install(cfg *FleetConfig) error
 	InstallCerts() error
 	PrintLogs(containerName string) error
 	Postinstall() error
@@ -119,7 +119,7 @@ func NewDEBPackage(binaryName string, profile string, image string, service stri
 }
 
 // Install installs a DEB package
-func (i *DEBPackage) Install(containerName string, token string) error {
+func (i *DEBPackage) Install(cfg *FleetConfig) error {
 	return i.extractPackage([]string{"apt", "install", "/" + i.binaryName, "-y"})
 }
 
@@ -182,7 +182,7 @@ func NewDockerPackage(binaryName string, profile string, image string, service s
 }
 
 // Install installs a Docker package
-func (i *DockerPackage) Install(containerName string, token string) error {
+func (i *DockerPackage) Install(cfg *FleetConfig) error {
 	log.Trace("No install commands for Docker packages")
 	return nil
 }
@@ -267,7 +267,7 @@ func NewRPMPackage(binaryName string, profile string, image string, service stri
 }
 
 // Install installs a RPM package
-func (i *RPMPackage) Install(containerName string, token string) error {
+func (i *RPMPackage) Install(cfg *FleetConfig) error {
 	return i.extractPackage([]string{"yum", "localinstall", "/" + i.binaryName, "-y"})
 }
 
@@ -329,10 +329,11 @@ func NewTARPackage(binaryName string, profile string, image string, service stri
 }
 
 // Install installs a TAR package
-func (i *TARPackage) Install(containerName string, token string) error {
+func (i *TARPackage) Install(cfg *FleetConfig) error {
 	// install the elastic-agent to /usr/bin/elastic-agent using command
 	binary := fmt.Sprintf("/elastic-agent/%s", i.artifact)
-	args := []string{"--force", "--insecure", "--enrollment-token=" + token, "--kibana-url", "http://kibana:5601"}
+
+	args := cfg.flags()
 
 	err := runElasticAgentCommand(i.profile, i.image, i.service, binary, "install", args)
 	if err != nil {
@@ -374,8 +375,8 @@ func (i *TARPackage) Preinstall() error {
 
 	// simplify layout
 	cmds := [][]string{
-		[]string{"rm", "-fr", "/elastic-agent"},
-		[]string{"mv", fmt.Sprintf("/%s-%s-%s-%s", i.artifact, i.version, i.OS, i.arch), "/elastic-agent"},
+		{"rm", "-fr", "/elastic-agent"},
+		{"mv", fmt.Sprintf("/%s-%s-%s-%s", i.artifact, i.version, i.OS, i.arch), "/elastic-agent"},
 	}
 	for _, cmd := range cmds {
 		err = execCommandInService(i.profile, i.image, i.service, cmd, false)