Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add enrollment agent assistant to fleet management plugin #7289

Open
wants to merge 26 commits into
base: main
Choose a base branch
from
Open

Add enrollment agent assistant to fleet management plugin #7289

wants to merge 26 commits into from

Conversation

Desvelao
Copy link
Member

@Desvelao Desvelao commented Feb 11, 2025
edited
Loading

Description

This pull request adds the enrollment agent assitant to the fleet management plugin.

The code was ported from wazuh to wazuh-fleet plugin and modified to adapt to the requirements of 5.0.

Added:

  • Added inputs to match with the wazuh-agent cli:
    • Input to manage the username
    • Input to manage the password
    • Input to manage the SSL verification mode
    • Input to manage the key (This key must have 32 alphanumeric characters validation)
  • Added new step "Server credentials" to define the username and password

Changed:

  • Changed the generation of command to install and enroll the agent
  • Changed the validation of "Assign a server address" input
  • Changed the placeholder of "Assign a server address" input
  • Changed the description of "Server address" step to indicate the usage of URL instead of raw IP or FQDN
  • Changed the display of remember server address from switch to icon button

Removed:

  • Groups management was removed because the current Wazuh agent enrollment does not support the definition of these.
    • Removed groups form input
    • Removed fetch information about available groups
  • Removed fetch information about authentication password provided through the Wazuh server API
  • Removed fetch information about protocol provided through the Wazuh server API
  • Removed the enrollment.password setting that was unused and it will not be added for security reasons (shared configuration by tenants that could see other users with read only permissions)
  • Temporally:
    • The command to download the packages were temporally removed because the packages are not publically hosted. A warning message was added to inform about this.

Issues Resolved

wazuh/wazuh-dashboard#514

Evidence

image

Test

Legend:
⚫: none
🟢: pass
🟡: warning
🔴: fail
⚪: not applicable

Generate a Wazuh stack environment 5.0

  1. Clone the enhancement/526-docker-compose-environment branch of wazuh-agent repository.
    1.1 Read the README.md from src/tests/stack/README.md
    1.2 Download the packages for Wazuh server and Wazuh agent for .rmp according to your CPU architecture.

  2. Apply the following patch:

wdp-pull-7289-patch-env-wazuh-agent-repository.txt

  1. Then, in the branch of this pull request (wazuh-dashboard-plugins repository), apply the following patch:

Review the changes, depending on your case, you could need to uncomment or comment some lines. Edit MVP_50_PATH enviroment variable in the dev.sh file with the path to the root of wazuh-agent repository with the applied changes.

wdp-pull-7289-patch-env-wazuh-dashboard-plugins-repository.txt

  1. Start the dev environment of wazuh-dashboard-plugins.

  2. Enter to the server container and run in foreground the server:

/usr/share/wazuh-server/bin/wazuh-server start
  1. Then you could enroll the agents:

You could need to wait some time, review the Wazuh server logs

  • in the same Docker network: use https://server:55000 as server address
  • in other networks: use https://<DOCKER_HOST_IP>:55000 as server address

UI

Test Chrome Firefox Safari
Invalid values in server address and/or enrollment key, should avoid the enroll comands are displayed.
Fill the form and use the provided commands enroll an agent in Linux (.deb)
Fill the form and use the provided commands enroll an agent in Linux (.rpm)
Fill the form and use the provided commands enroll an agent in macOS
Fill the form and use the provided commands enroll an agent in Windows
Fill the server address input with a valid value and use the save optin, then reload the page and the field should have the saved value
Set the enrollment.dns setting from Advanced settings, then go to enrollment assistant and the server address field should be set with the defined value

Details

⚫ Invalid values in server address and/or enrollment key, should avoid the enroll comands are displayed.

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

⚫ Fill the form and use the provided commands enroll an agent in Linux (.deb)

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

⚫ Fill the form and use the provided commands enroll an agent in Linux (.rpm)

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

⚫ Fill the form and use the provided commands enroll an agent in macOS

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

⚫ Fill the form and use the provided commands enroll an agent in Windows

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

⚫ Fill the server address input with a valid value and use the save optin, then reload the page and the field should have the saved value

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

⚫ Set the enrollment.dns setting from Advanced settings, then go to enrollment assistant and the server address field should be set with the defined value

Chrome - ⚫

Firefox - ⚫

Safari - ⚫

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

@Desvelao
feat: copy the register agent assistant to wazuh-fleet plugin
659c0f2 
- Copy the register-agent folder from wazuh plugin to wazuh-fleet
- Add the webDocumentationLink and form components/hook to
  register-agent copy
- Register minimal Fleet management app to display the register agent
  assistant view
@Desvelao
feat: add inputs to enrollment agent assistant
f258346 
Added:
- Added inputs to match with the `wazuh-agent` cli:
  - Input to manage the username
  - Input to manage the password
  - Input to manage the SSL verification mode
  - Input to manage the key (This key must have 32 alphanumeric characters validation)
- Added new step "Server credentials" to define the username and password
- Added tests for the new inputs

Changed:
- Changed the generation of command to install and enroll the agent
- Changed the validation of "Assign a server address" input
- Changed the placeholder of "Assign a server address" input
- Changed the description of "Server address" step to indicate the usage of URL instead of raw IP or FQDNS

Removed:
- Groups management was removed because the current Wazuh agent enrollment does not support the definition of these.
  - Removed groups form input
  - Removed fetch information about available groups
- Removed fetch information about authentication password provided through the Wazuh server API
- Removed fetch information about protocol provided through the Wazuh server API
- Temporally:
  - The command to download the package were temporaly removed because the packages are not publically hosted. A warning message was added to inform about this.
@Desvelao Desvelao self-assigned this Feb 11, 2025
@Desvelao Desvelao linked an issue Feb 13, 2025 that may be closed by this pull request
Create agent enrollment assistant wazuh/wazuh-dashboard#514
Open
2 tasks
@Desvelao
feat(enrollment): add ability to remember the server address
591c975
@Desvelao
feat(enrollment): rename Deploy new agent by Enroll new agent
beb18ff
@Desvelao
remove(enrollment): remove enrollment.password setting by securiy rea…
22b8646 
…sons

The setting is saved in the advanced settings (tenant configuration) and
is visible to each user with read permissions in the tenant. So we
remove the setting to avoid other users can see the value. The user should
indicate the username and password each time the enroll agent assistant is
used.
@Desvelao
Merge branch 'main' of https://github.com/wazuh/wazuh-kibana-app into…
9bf7d5d 
… enhancement/514-add-enrollment-agent-assistant
@Desvelao Desvelao mentioned this pull request Feb 13, 2025
Open
2 tasks
@Desvelao Desvelao marked this pull request as ready for review February 17, 2025 14:01
@guidomodarelli guidomodarelli self-requested a review February 17, 2025 20:02
@github-actions GitHub Actions
Copy link
Contributor

Wazuh Check Updates plugin code coverage (Jest) test % values
Statements 76.44% ( 172 / 225 )
Branches 58.65% ( 61 / 104 )
Functions 61.7% ( 29 / 47 )
Lines 76.44% ( 172 / 225 )

@github-actions GitHub Actions
Copy link
Contributor

Wazuh Core plugin code coverage (Jest) test % values
Statements 27.13% ( 639 / 2355 )
Branches 28.75% ( 335 / 1165 )
Functions 24.84% ( 163 / 656 )
Lines 27.25% ( 634 / 2326 )

@github-actions GitHub Actions
Copy link
Contributor

Wazuh Fleet Management plugin code coverage (Jest) test % values
Statements 51.39% ( 441 / 858 )
Branches 55.21% ( 196 / 355 )
Functions 41.15% ( 135 / 328 )
Lines 51.73% ( 433 / 837 )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guidomodarelli guidomodarelli Awaiting requested review from guidomodarelli

At least 1 approving review is required to merge this pull request.

Assignees

@Desvelao Desvelao

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create agent enrollment assistant
1 participant
@Desvelao