Open jen-huang opened 3 months ago
Pinging @elastic/fleet (Team:Fleet)
@jillguyonnet Not sure if we made enough progress on this to get a PR up, but I'm moving this to the backlog for now and putting it back in Ready
. Feel free to move this back if we're further along than I assume!
Thanks @kpollich - the work I had on this issue was WIP, not PR ready. I will check in during the sprint to see if it makes sense to bring it back into it.
Noticed this issue when upgrading a package policy from a regular version to an input-package version. It may present for non-input packages too, depending on what has changed in the package spec between versions.
Add azure_blob_storage v1.1.0 to a policy, notice that there are input level vars in this version:
Upgrade the base azure_blob_storage installation to the latest version (at time of writing this is 2.1.0) which converts it to an input package
Trigger upgrade of the integration policy, notice that the input-level vars
account_name
andservice_account_key
were removed and moved to stream-level due to package spec changes, but are still present in the request:Input-level vars which are no longer defined in the new package spec version should be removed when the policy is upgraded. The policy still compiles correctly so there aren't any issues with using it, but we could be exposing outdated data (including secrets if the previous version was created before secret storage was available).