Skip to content

Commit 445168e

Browse files
AndersonQAndersonQ
committed
Add extra protection against accessing null fields to 8.5 migration (#1921)
1 parent 129ea1c commit 445168e

File tree

2 files changed

+15
-5
lines changed

2 files changed

+15
-5
lines changed

cmd/fleet/main.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ func initLogger(cfg *config.Config, version, commit string) (*logger.Logger, err
106106
Str("exe", os.Args[0]).
107107
Strs("args", os.Args[1:]).
108108
Msg("Boot fleet-server")
109-
log.Debug().Strs("env", os.Environ()).Msg("environment")
109+
log.Debug().Strs("env", os.Environ()).Msg("environment variables")
110110

111111
return l, err
112112
}
@@ -832,7 +832,7 @@ func (f *FleetServer) runSubsystems(ctx context.Context, cfg *config.Config, g *
832832
return dl.Migrate(ctx, bulker)
833833
})
834834
if err = loggedMigration(); err != nil {
835-
return fmt.Errorf("failed to run subsystems: %w", err)
835+
return fmt.Errorf("failed to run migrations: %w", err)
836836
}
837837

838838
// Run scheduler for periodic GC/cleanup

internal/pkg/dl/migration.go

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,11 +61,16 @@ func migrate(ctx context.Context, bulker bulk.Bulk, fn migrationBodyFn) (int, er
6161
for {
6262
name, index, body, err := fn()
6363
if err != nil {
64-
return updatedDocs, fmt.Errorf(": %w", err)
64+
return updatedDocs,
65+
fmt.Errorf("failed to prepare request for migration %s: %w",
66+
name, err)
6567
}
6668

6769
resp, err := applyMigration(ctx, name, index, bulker, body)
6870
if err != nil {
71+
log.Err(err).
72+
Bytes("http.request.body.content", body).
73+
Msgf("migration %s failed: %w", err)
6974
return updatedDocs, fmt.Errorf("failed to apply migration %q: %w",
7075
name, err)
7176
}
@@ -239,7 +244,9 @@ map.put("id", ctx._source.default_api_key_id);
239244
240245
// Make current API key empty, so fleet-server will generate a new one
241246
// Add current API jey to be retired
242-
ctx._source['` + fieldOutputs + `']['default'].to_retire_api_key_ids.add(map);
247+
if (ctx._source['` + fieldOutputs + `']['default'].to_retire_api_key_ids != null) {
248+
ctx._source['` + fieldOutputs + `']['default'].to_retire_api_key_ids.add(map);
249+
}
243250
ctx._source['` + fieldOutputs + `']['default'].api_key="";
244251
ctx._source['` + fieldOutputs + `']['default'].api_key_id="";
245252
ctx._source['` + fieldOutputs + `']['default'].permissions_hash=ctx._source.policy_output_permissions_hash;
@@ -273,10 +280,13 @@ func migratePolicyCoordinatorIdx() (string, string, []byte, error) {
273280

274281
query := dsl.NewRoot()
275282
query.Query().MatchAll()
276-
query.Param("script", `ctx._source.coordinator_idx++;`)
283+
painless := `ctx._source.coordinator_idx++;`
284+
query.Param("script", painless)
277285

278286
body, err := query.MarshalJSON()
279287
if err != nil {
288+
log.Debug().Str("painlessScript", painless).
289+
Msgf("%s: failed painless script", migrationName)
280290
return migrationName, FleetPolicies, nil, fmt.Errorf("could not marshal ES query: %w", err)
281291
}
282292

0 commit comments

Comments
 (0)