"use strict";

Object.defineProperty(exports, "__esModule", {
  value: true
});
exports.turnOffPolicyProtectionsIfNotSupported = void 0;
var _policy_config_helpers = require("../../../common/endpoint/models/policy_config_helpers");
var _app_features = require("../../../common/types/app_features");
var _policy = require("../../../common/endpoint/service/policy");
/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0; you may not use this file except in compliance with the Elastic License
 * 2.0.
 */

const turnOffPolicyProtectionsIfNotSupported = async (esClient, fleetServices, appFeaturesService, logger) => {
  const log = logger.get('endpoint', 'policyProtections');
  if (appFeaturesService.isEnabled(_app_features.AppFeatureSecurityKey.endpointPolicyProtections)) {
    log.info(`App feature [${_app_features.AppFeatureSecurityKey.endpointPolicyProtections}] is enabled. Nothing to do!`);
    return;
  }
  log.info(`App feature [${_app_features.AppFeatureSecurityKey.endpointPolicyProtections}] is disabled. Checking endpoint integration policies for compliance`);
  const {
    packagePolicy,
    internalSoClient,
    endpointPolicyKuery
  } = fleetServices;
  const updates = [];
  const messages = [];
  const perPage = 1000;
  let hasMoreData = true;
  let total = 0;
  let page = 1;
  do {
    const currentPage = page++;
    const {
      items,
      total: totalPolicies
    } = await packagePolicy.list(internalSoClient, {
      page: currentPage,
      kuery: endpointPolicyKuery,
      perPage
    });
    total = totalPolicies;
    hasMoreData = currentPage * perPage < total;
    for (const item of items) {
      const integrationPolicy = item;
      const policySettings = integrationPolicy.inputs[0].config.policy.value;
      const {
        message,
        isOnlyCollectingEvents
      } = (0, _policy_config_helpers.isPolicySetToEventCollectionOnly)(policySettings);
      if (!isOnlyCollectingEvents) {
        messages.push(`Policy [${integrationPolicy.id}][${integrationPolicy.name}] updated to disable protections. Trigger: [${message}]`);
        integrationPolicy.inputs[0].config.policy.value = (0, _policy_config_helpers.ensureOnlyEventCollectionIsAllowed)(policySettings);
        updates.push({
          ...(0, _policy.getPolicyDataForUpdate)(integrationPolicy),
          id: integrationPolicy.id
        });
      }
    }
  } while (hasMoreData);
  if (updates.length > 0) {
    log.info(`Found ${updates.length} policies that need updates:\n${messages.join('\n')}`);
    const bulkUpdateResponse = await fleetServices.packagePolicy.bulkUpdate(internalSoClient, esClient, updates, {
      user: {
        username: 'elastic'
      }
    });
    log.debug(`Bulk update response:\n${JSON.stringify(bulkUpdateResponse, null, 2)}`);
    if (bulkUpdateResponse.failedPolicies.length > 0) {
      log.error(`Done. ${bulkUpdateResponse.failedPolicies.length} out of ${updates.length} failed to update:\n${JSON.stringify(bulkUpdateResponse.failedPolicies, null, 2)}`);
    } else {
      log.info(`Done. All updates applied successfully`);
    }
  } else {
    log.info(`Done. Checked ${total} policies and no updates needed`);
  }
};
exports.turnOffPolicyProtectionsIfNotSupported = turnOffPolicyProtectionsIfNotSupported;