From c89adce3a1c53d06b3aff639117bc3a04194abd5 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Mon, 21 Apr 2025 10:48:18 -0500 Subject: [PATCH 1/6] default disable automatic upgrades for optional integration packages & policies --- salt/elasticfleet/defaults.yaml | 1 + salt/elasticfleet/enabled.sls | 4 ++ salt/elasticfleet/soc_elasticfleet.yaml | 4 ++ .../sbin/so-elastic-fleet-integration-upgrade | 62 ---------------- .../so-elastic-fleet-integration-upgrade | 72 +++++++++++++++++++ 5 files changed, 81 insertions(+), 62 deletions(-) delete mode 100644 salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade create mode 100644 salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade diff --git a/salt/elasticfleet/defaults.yaml b/salt/elasticfleet/defaults.yaml index a0f509136..d6cdd7351 100644 --- a/salt/elasticfleet/defaults.yaml +++ b/salt/elasticfleet/defaults.yaml @@ -11,6 +11,7 @@ elasticfleet: defend_filters: enable_auto_configuration: False subscription_integrations: False + auto_upgrade_integrations: False logging: zeek: excluded: diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index 5a52f3a41..846203725 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -151,9 +151,13 @@ so-elastic-fleet-integration-upgrade: cmd.run: - name: /usr/sbin/so-elastic-fleet-integration-upgrade +{# CHECK THAT THIS STILL INSTALLS ALL INTEGRATIONS IN THE 2.4.130 SOUP #} +{# Subsequent runs should not modify the initially installed integration version.. until switch is flipped #} +{% if ELASTICFLEETMERGED.config.auto_upgrade_integrations %} so-elastic-fleet-addon-integrations: cmd.run: - name: /usr/sbin/so-elastic-fleet-optional-integrations-load +{% endif %} {% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %} so-elastic-defend-manage-filters-file-watch: diff --git a/salt/elasticfleet/soc_elasticfleet.yaml b/salt/elasticfleet/soc_elasticfleet.yaml index 7ca59401f..29439dfc0 100644 --- a/salt/elasticfleet/soc_elasticfleet.yaml +++ b/salt/elasticfleet/soc_elasticfleet.yaml @@ -45,6 +45,10 @@ elasticfleet: global: True forcedType: bool helpLink: elastic-fleet.html + auto_upgrade_integrations: + description: Enables or disables automatically upgrading Elastic Agent integrations. + global: True + helpLink: elastic-fleet.html server: custom_fqdn: description: Custom FQDN for Agents to connect to. One per line. diff --git a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade deleted file mode 100644 index baad389eb..000000000 --- a/salt/elasticfleet/tools/sbin/so-elastic-fleet-integration-upgrade +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -. /usr/sbin/so-elastic-fleet-common - -curl_output=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/) -if [ $? -ne 0 ]; then - echo "Error: Failed to connect to Kibana." - exit 1 -fi - -IFS=$'\n' -agent_policies=$(elastic_fleet_agent_policy_ids) -if [ $? -ne 0 ]; then - echo "Error: Failed to retrieve agent policies." - exit 1 -fi - -for AGENT_POLICY in $agent_policies; do - integrations=$(elastic_fleet_integration_policy_names "$AGENT_POLICY") - for INTEGRATION in $integrations; do - if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then - # Get package name so we know what package to look for when checking the current and latest available version - PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") - - # Get currently installed version of package - PACKAGE_VERSION=$(elastic_fleet_integration_policy_package_version "$AGENT_POLICY" "$INTEGRATION") - - # Get latest available version of package - AVAILABLE_VERSION=$(elastic_fleet_package_latest_version_check "$PACKAGE_NAME") - - # Get integration ID - INTEGRATION_ID=$(elastic_fleet_integration_id "$AGENT_POLICY" "$INTEGRATION") - - if [[ "$PACKAGE_VERSION" != "$AVAILABLE_VERSION" ]]; then - # Dry run of the upgrade - echo "Current $PACKAGE_NAME package version ($PACKAGE_VERSION) is not the same as the latest available package ($AVAILABLE_VERSION)..." - echo "Upgrading $INTEGRATION..." - echo "Starting dry run..." - DRYRUN_OUTPUT=$(elastic_fleet_integration_policy_dryrun_upgrade "$INTEGRATION_ID") - DRYRUN_ERRORS=$(echo "$DRYRUN_OUTPUT" | jq .[].hasErrors) - - # If no errors with dry run, proceed with actual upgrade - if [[ "$DRYRUN_ERRORS" == "false" ]]; then - echo "No errors detected. Proceeding with upgrade..." - elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID" - if [ $? -ne 0 ]; then - echo "Error: Upgrade failed for integration ID '$INTEGRATION_ID'." - exit 1 - fi - else - echo "Errors detected during dry run. Stopping upgrade..." - exit 1 - fi - fi - fi - done -done -echo diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade new file mode 100644 index 000000000..3c5bb06cb --- /dev/null +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade @@ -0,0 +1,72 @@ +#!/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. +{%- import_yaml 'elasticfleet/defaults.yaml' as ELASTICFLEETDEFAULTS %} +{%- set SUPPORTED_PACKAGES = salt['pillar.get']('elasticfleet:packages', default=ELASTICFLEETDEFAULTS.elasticfleet.packages, merge=True) %} +{%- set AUTO_UPGRADE_INTEGRATIONS = salt['pillar.get']('elasticfleet:config:auto_upgrade_integrations', default=ELASTICFLEETDEFAULTS.elasticfleet.config.auto_upgrade_integrations) %} + +. /usr/sbin/so-elastic-fleet-common + +curl_output=$(curl -s -K /opt/so/conf/elasticsearch/curl.config -c - -X GET http://localhost:5601/) +if [ $? -ne 0 ]; then + echo "Error: Failed to connect to Kibana." + exit 1 +fi + +IFS=$'\n' +agent_policies=$(elastic_fleet_agent_policy_ids) +if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve agent policies." + exit 1 +fi + +default_packages=({% for pkg in SUPPORTED_PACKAGES %}"{{ pkg }}"{% if not loop.last %} {% endif %}{% endfor %}) + +for AGENT_POLICY in $agent_policies; do + integrations=$(elastic_fleet_integration_policy_names "$AGENT_POLICY") + for INTEGRATION in $integrations; do + if ! [[ "$INTEGRATION" == "elastic-defend-endpoints" ]] && ! [[ "$INTEGRATION" == "fleet_server-"* ]]; then + # Get package name so we know what package to look for when checking the current and latest available version + PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") + {%- if not AUTO_UPGRADE_INTEGRATIONS %} + if [[ " ${default_packages[@]} " =~ " $PACKAGE_NAME " ]]; then + {%- endif %} + # Get currently installed version of package + PACKAGE_VERSION=$(elastic_fleet_integration_policy_package_version "$AGENT_POLICY" "$INTEGRATION") + + # Get latest available version of package + AVAILABLE_VERSION=$(elastic_fleet_package_latest_version_check "$PACKAGE_NAME") + + # Get integration ID + INTEGRATION_ID=$(elastic_fleet_integration_id "$AGENT_POLICY" "$INTEGRATION") + + if [[ "$PACKAGE_VERSION" != "$AVAILABLE_VERSION" ]]; then + # Dry run of the upgrade + echo "Current $PACKAGE_NAME package version ($PACKAGE_VERSION) is not the same as the latest available package ($AVAILABLE_VERSION)..." + echo "Upgrading $INTEGRATION..." + echo "Starting dry run..." + DRYRUN_OUTPUT=$(elastic_fleet_integration_policy_dryrun_upgrade "$INTEGRATION_ID") + DRYRUN_ERRORS=$(echo "$DRYRUN_OUTPUT" | jq .[].hasErrors) + + # If no errors with dry run, proceed with actual upgrade + if [[ "$DRYRUN_ERRORS" == "false" ]]; then + echo "No errors detected. Proceeding with upgrade..." + elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID" + if [ $? -ne 0 ]; then + echo "Error: Upgrade failed for integration ID '$INTEGRATION_ID'." + exit 1 + fi + else + echo "Errors detected during dry run. Stopping upgrade..." + exit 1 + fi + fi + {%- if not AUTO_UPGRADE_INTEGRATIONS %} + fi + {%- endif %} + fi + done +done +echo From 4b7478654ffe7157f3c3c2f627ab7982f7d09eb6 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Mon, 21 Apr 2025 14:29:37 -0500 Subject: [PATCH 2/6] run optional integrations script so packages get installed. Hold updates unless auto_update_integrations is set --- salt/elasticfleet/enabled.sls | 4 ---- .../sbin_jinja/so-elastic-fleet-optional-integrations-load | 7 +++++++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index 846203725..5a52f3a41 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -151,13 +151,9 @@ so-elastic-fleet-integration-upgrade: cmd.run: - name: /usr/sbin/so-elastic-fleet-integration-upgrade -{# CHECK THAT THIS STILL INSTALLS ALL INTEGRATIONS IN THE 2.4.130 SOUP #} -{# Subsequent runs should not modify the initially installed integration version.. until switch is flipped #} -{% if ELASTICFLEETMERGED.config.auto_upgrade_integrations %} so-elastic-fleet-addon-integrations: cmd.run: - name: /usr/sbin/so-elastic-fleet-optional-integrations-load -{% endif %} {% if ELASTICFLEETMERGED.config.defend_filters.enable_auto_configuration %} so-elastic-defend-manage-filters-file-watch: diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load index f97ed577b..66fa235d1 100644 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load @@ -4,6 +4,7 @@ # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use # this file except in compliance with the Elastic License 2.0. {% set SUB = salt['pillar.get']('elasticfleet:config:subscription_integrations', default=false) %} +{% set AUTO_UPGRADE_INTEGRATIONS = salt['pillar.get']('elasticfleet:config:auto_upgrade_integrations', default=false) %} . /usr/sbin/so-common . /usr/sbin/so-elastic-fleet-common @@ -74,6 +75,8 @@ if [[ -f $STATE_FILE_SUCCESS ]]; then jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST PENDING_UPDATE=true + {# only include upgrading optional integrations when auto_upgrade_integrations is true. DEFAULT integrations are upgraded using so-elastic-fleet-package-upgrade #} + {%- if AUTO_UPGRADE_INTEGRATIONS %} else results=$(compare_versions "$latest_version" "$installed_version") if [ $results == "greater" ]; then @@ -82,6 +85,7 @@ if [[ -f $STATE_FILE_SUCCESS ]]; then PENDING_UPDATE=true fi + {%- endif %} fi fi {% else %} @@ -89,6 +93,8 @@ if [[ -f $STATE_FILE_SUCCESS ]]; then echo "$package_name is not installed... Adding to next update." jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST PENDING_UPDATE=true + {# only include upgrading optional integrations when auto_upgrade_integrations is true. DEFAULT integrations are upgraded using so-elastic-fleet-package-upgrade #} + {%- if AUTO_UPGRADE_INTEGRATIONS %} else results=$(compare_versions "$latest_version" "$installed_version") if [ $results == "greater" ]; then @@ -96,6 +102,7 @@ if [[ -f $STATE_FILE_SUCCESS ]]; then jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST PENDING_UPDATE=true fi + {%- endif %} fi {% endif %} else From 166e4e0ebca3e3758cd71aeab5aa11ff5dd5a6e8 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Mon, 21 Apr 2025 15:51:36 -0500 Subject: [PATCH 3/6] make bool --- salt/elasticfleet/soc_elasticfleet.yaml | 1 + .../tools/sbin_jinja/so-elastic-fleet-integration-upgrade | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/elasticfleet/soc_elasticfleet.yaml b/salt/elasticfleet/soc_elasticfleet.yaml index 29439dfc0..450e044e6 100644 --- a/salt/elasticfleet/soc_elasticfleet.yaml +++ b/salt/elasticfleet/soc_elasticfleet.yaml @@ -48,6 +48,7 @@ elasticfleet: auto_upgrade_integrations: description: Enables or disables automatically upgrading Elastic Agent integrations. global: True + forcedType: bool helpLink: elastic-fleet.html server: custom_fqdn: diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade index 3c5bb06cb..8609395c1 100644 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade @@ -5,7 +5,7 @@ # Elastic License 2.0. {%- import_yaml 'elasticfleet/defaults.yaml' as ELASTICFLEETDEFAULTS %} {%- set SUPPORTED_PACKAGES = salt['pillar.get']('elasticfleet:packages', default=ELASTICFLEETDEFAULTS.elasticfleet.packages, merge=True) %} -{%- set AUTO_UPGRADE_INTEGRATIONS = salt['pillar.get']('elasticfleet:config:auto_upgrade_integrations', default=ELASTICFLEETDEFAULTS.elasticfleet.config.auto_upgrade_integrations) %} +{%- set AUTO_UPGRADE_INTEGRATIONS = salt['pillar.get']('elasticfleet:config:auto_upgrade_integrations', default=false) %} . /usr/sbin/so-elastic-fleet-common From e17fea849a903a9cd0e06c0fc16de903ccfb574d Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Mon, 21 Apr 2025 20:32:42 -0500 Subject: [PATCH 4/6] continue loop after encountering error with first --- .../sbin_jinja/so-elastic-fleet-integration-upgrade | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade index 8609395c1..70148dd07 100644 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade @@ -44,6 +44,7 @@ for AGENT_POLICY in $agent_policies; do if [[ "$PACKAGE_VERSION" != "$AVAILABLE_VERSION" ]]; then # Dry run of the upgrade + echo "" echo "Current $PACKAGE_NAME package version ($PACKAGE_VERSION) is not the same as the latest available package ($AVAILABLE_VERSION)..." echo "Upgrading $INTEGRATION..." echo "Starting dry run..." @@ -55,12 +56,12 @@ for AGENT_POLICY in $agent_policies; do echo "No errors detected. Proceeding with upgrade..." elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID" if [ $? -ne 0 ]; then - echo "Error: Upgrade failed for integration ID '$INTEGRATION_ID'." - exit 1 + echo "Error: Upgrade failed for $PACKAGE_NAME with integration ID '$INTEGRATION_ID'." + continue fi else - echo "Errors detected during dry run. Stopping upgrade..." - exit 1 + echo "Errors detected during dry run. Skipping $PACKAGE_NAME policy upgrade..." + continue fi fi {%- if not AUTO_UPGRADE_INTEGRATIONS %} From 8c4cf0ba08258b8f9bc1e9e1bc8865c053fe84fa Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Tue, 22 Apr 2025 07:29:12 -0500 Subject: [PATCH 5/6] keep hard failure --- .../tools/sbin_jinja/so-elastic-fleet-integration-upgrade | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade index 70148dd07..54540ba33 100644 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-integration-upgrade @@ -57,11 +57,11 @@ for AGENT_POLICY in $agent_policies; do elastic_fleet_integration_policy_upgrade "$INTEGRATION_ID" if [ $? -ne 0 ]; then echo "Error: Upgrade failed for $PACKAGE_NAME with integration ID '$INTEGRATION_ID'." - continue + exit 1 fi else - echo "Errors detected during dry run. Skipping $PACKAGE_NAME policy upgrade..." - continue + echo "Errors detected during dry run for $PACKAGE_NAME policy upgrade..." + exit 1 fi fi {%- if not AUTO_UPGRADE_INTEGRATIONS %} From 559190aee3388434af190d64b9cd66ce40bdaf7e Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Tue, 22 Apr 2025 09:38:22 -0500 Subject: [PATCH 6/6] upgrade integrations if they aren't in an agent policy --- ...o-elastic-fleet-optional-integrations-load | 60 +++++++++++++++---- 1 file changed, 48 insertions(+), 12 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load index 66fa235d1..26d775e82 100644 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-optional-integrations-load @@ -3,8 +3,10 @@ # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one # or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use # this file except in compliance with the Elastic License 2.0. +{%- import_yaml 'elasticfleet/defaults.yaml' as ELASTICFLEETDEFAULTS %} {% set SUB = salt['pillar.get']('elasticfleet:config:subscription_integrations', default=false) %} {% set AUTO_UPGRADE_INTEGRATIONS = salt['pillar.get']('elasticfleet:config:auto_upgrade_integrations', default=false) %} +{%- set SUPPORTED_PACKAGES = salt['pillar.get']('elasticfleet:packages', default=ELASTICFLEETDEFAULTS.elasticfleet.packages, merge=True) %} . /usr/sbin/so-common . /usr/sbin/so-elastic-fleet-common @@ -47,6 +49,28 @@ compare_versions() { fi } +IFS=$'\n' +agent_policies=$(elastic_fleet_agent_policy_ids) +if [ $? -ne 0 ]; then + echo "Error: Failed to retrieve agent policies." + exit 1 +fi + +default_packages=({% for pkg in SUPPORTED_PACKAGES %}"{{ pkg }}"{% if not loop.last %} {% endif %}{% endfor %}) + +in_use_integrations=() + +for AGENT_POLICY in $agent_policies; do + integrations=$(elastic_fleet_integration_policy_names "$AGENT_POLICY") + for INTEGRATION in $integrations; do + PACKAGE_NAME=$(elastic_fleet_integration_policy_package_name "$AGENT_POLICY" "$INTEGRATION") + # non-default integrations that are in-use in any policy + if ! [[ " ${default_packages[@]} " =~ " $PACKAGE_NAME " ]]; then + in_use_integrations+=("$PACKAGE_NAME") + fi + done +done + if [[ -f $STATE_FILE_SUCCESS ]]; then if retry 3 1 "curl -s -K /opt/so/conf/elasticsearch/curl.config --output /dev/null --silent --head --fail localhost:5601/api/fleet/epm/packages"; then # Package_list contains all integrations beta / non-beta. @@ -75,17 +99,23 @@ if [[ -f $STATE_FILE_SUCCESS ]]; then jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST PENDING_UPDATE=true - {# only include upgrading optional integrations when auto_upgrade_integrations is true. DEFAULT integrations are upgraded using so-elastic-fleet-package-upgrade #} - {%- if AUTO_UPGRADE_INTEGRATIONS %} else results=$(compare_versions "$latest_version" "$installed_version") if [ $results == "greater" ]; then - echo "$package_name is at version $installed_version latest version is $latest_version... Adding to next update." - jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST + {#- When auto_upgrade_integrations is false, skip upgrading in_use_integrations #} + {%- if not AUTO_UPGRADE_INTEGRATIONS %} + if ! [[ " ${in_use_integrations[@]} " =~ " $package_name " ]]; then + {%- endif %} + echo "$package_name is at version $installed_version latest version is $latest_version... Adding to next update." + jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST - PENDING_UPDATE=true + PENDING_UPDATE=true + {%- if not AUTO_UPGRADE_INTEGRATIONS %} + else + echo "skipping available upgrade for in use integration - $package_name." + fi + {%- endif %} fi - {%- endif %} fi fi {% else %} @@ -93,16 +123,22 @@ if [[ -f $STATE_FILE_SUCCESS ]]; then echo "$package_name is not installed... Adding to next update." jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST PENDING_UPDATE=true - {# only include upgrading optional integrations when auto_upgrade_integrations is true. DEFAULT integrations are upgraded using so-elastic-fleet-package-upgrade #} - {%- if AUTO_UPGRADE_INTEGRATIONS %} else results=$(compare_versions "$latest_version" "$installed_version") if [ $results == "greater" ]; then - echo "$package_name is at version $installed_version latest version is $latest_version... Adding to next update." - jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST - PENDING_UPDATE=true + {#- When auto_upgrade_integrations is false, skip upgrading in_use_integrations #} + {%- if not AUTO_UPGRADE_INTEGRATIONS %} + if ! [[ " ${in_use_integrations[@]} " =~ " $package_name " ]]; then + {%- endif %} + echo "$package_name is at version $installed_version latest version is $latest_version... Adding to next update." + jq --argjson package "$bulk_package" '.packages += [$package]' $BULK_INSTALL_PACKAGE_LIST > $BULK_INSTALL_PACKAGE_TMP && mv $BULK_INSTALL_PACKAGE_TMP $BULK_INSTALL_PACKAGE_LIST + PENDING_UPDATE=true + {%- if not AUTO_UPGRADE_INTEGRATIONS %} + else + echo "skipping available upgrade for in use integration - $package_name." + fi + {%- endif %} fi - {%- endif %} fi {% endif %} else