-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[UII] Add status tracking for agentless integrations #199567
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…e is no upgrade available
…se EuiBadge component
jen-huang
added
Team:Fleet
Team label for Observability Data Collection Fleet team
release_note:feature
Makes this part of the condensed release notes
backport:prev-minor
Backport to (8.x) the previous minor version (i.e. one version back from main)
labels
Nov 8, 2024
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --update'
… into feat/agentless-policies
… src/core/server/integration_tests/ci_checks'
… into feat/agentless-policies
Starting backport for target branches: 8.x |
💔 All backports failed
Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
9 tasks
jeniawhite
added a commit
that referenced
this pull request
Nov 26, 2024
## Summary Noticed that FTR tests are failing: https://buildkite.com/elastic/appex-qa-serverless-kibana-ftr-tests/builds/3452#01936859-5a54-46bb-8dc5-bc18992bc3b8 Following PR: #199567 Looking at the code, I saw that we look at the status and expect a `Pending` status, yet we get a `Healthy` status. It looks like this should be an async flow. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]>
Backport pending on #197338 being backported first. |
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Nov 26, 2024
## Summary Resolves elastic/ingest-dev#3933. For deployments that support agentless, integrations with agentless deployment mode enabled will allow the status of agentless integration policies to be tracked. ### Key technical changes - A new field `supports_agentless` was added to package policies. This field already exists on agent policies. When an agentless integration is created, `supports_agentless: true` is now added to both the package policy and its parent agent policy. - This allows easier filtering for agentless integrations as we avoid having to retrieve & check against every parent agent policy. - This also means existing agentless policies do not get this new status tracking UI, only new ones created after this change. Since agentless is not yet GA, I think this is okay. - `/api/fleet/agent_status/data` now takes optional query params `pkgName` and `pkgVersion`. When both are specified, the API will check if agent(s) have ingested data for only that package's datastreams. ## UI walkthrough <details> <summary>🖼️ Click to show screenshots</summary> 1. **Integration policies** page now shows two tables for integrations meeting the above condition, one for agentless policies and one for agent-based policies: ![image](https://github.com/user-attachments/assets/58c6a932-9bda-4229-ba5f-d341bdbd539a) 2. Clicking the status badge in the agentless policies table opens a flyout with two steps: confirm agentless enrollment and confirm incoming data: ![image](https://github.com/user-attachments/assets/e19e6ba0-f40d-48a7-a524-0373934ac46a) 3. Confirm agentless enrollment polls for an agent enrolled into that integration policy's agent policy. If that agent is reporting an unhealthy status, the integration component UI is shown. This UI is the same one used on Fleet > Agents > Agent details page and shows all components reported by that agent: ![image](https://github.com/user-attachments/assets/ce214f7f-4bdd-48e5-a5eb-a1e8fcc7a512) 4. Once a healthy agentless enrollment is established, confirm incoming data starts polling for data for that integration ingested by that agent ID in the past 5 minutes: ![image](https://github.com/user-attachments/assets/7f3de40b-3418-4174-b529-e805407949b6) 5. If data could not be retrieved in 5 minutes, an error message shows while polling continues in the background: ![image](https://github.com/user-attachments/assets/a3fd198e-1570-4357-9b7f-e541a769d33f) 6. If data is retrieved, a success message is shown: ![image](https://github.com/user-attachments/assets/f4e442af-ca60-4448-9bfb-3f244cd03c2d) </details> ## Testing Easiest way to test is use the Cloud deployment from this PR. Enable Beta integrations and navigate to CSPM. Add a CSPM integration using `Agentless` setup technology. Then you can track the status of the agentless deployment on the Integrations policies tab. For local testing, the following is required to simulate agentless agent: 1. Add the following to kibana.dev.yml: ``` xpack.cloud.id: 'anything-to-pass-cloud-validation-checks' xpack.fleet.agentless.enabled: true xpack.fleet.agentless.api.url: 'https://localhost:8443' xpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt' xpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key' xpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt' ``` 2. Apply [this patch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4) to prevent attempt to create agentless pod 3. Enroll a Fleet Server as usual 4. Enable Beta integrations and navigate to CSPM. Add a CSPM integration using `Agentless` setup technology. 5. Enroll a normal Elastic Agent to the agent policy for that CSPM integration by using the token from Enrollment tokens ## To-do - [x] API tests - [x] Unit UI tests - [x] Manual Cloud tests - [x] File docs request - elastic/ingest-docs#1466 - [ ] Update troubleshooting guide link once available ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Nov 26, 2024
## Summary Noticed that FTR tests are failing: https://buildkite.com/elastic/appex-qa-serverless-kibana-ftr-tests/builds/3452#01936859-5a54-46bb-8dc5-bc18992bc3b8 Following PR: elastic#199567 Looking at the code, I saw that we look at the status and expect a `Pending` status, yet we get a `Healthy` status. It looks like this should be an async flow. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]>
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
jen-huang
added a commit
to jen-huang/kibana
that referenced
this pull request
Nov 27, 2024
## Summary Resolves elastic/ingest-dev#3933. For deployments that support agentless, integrations with agentless deployment mode enabled will allow the status of agentless integration policies to be tracked. ### Key technical changes - A new field `supports_agentless` was added to package policies. This field already exists on agent policies. When an agentless integration is created, `supports_agentless: true` is now added to both the package policy and its parent agent policy. - This allows easier filtering for agentless integrations as we avoid having to retrieve & check against every parent agent policy. - This also means existing agentless policies do not get this new status tracking UI, only new ones created after this change. Since agentless is not yet GA, I think this is okay. - `/api/fleet/agent_status/data` now takes optional query params `pkgName` and `pkgVersion`. When both are specified, the API will check if agent(s) have ingested data for only that package's datastreams. ## UI walkthrough <details> <summary>🖼️ Click to show screenshots</summary> 1. **Integration policies** page now shows two tables for integrations meeting the above condition, one for agentless policies and one for agent-based policies: ![image](https://github.com/user-attachments/assets/58c6a932-9bda-4229-ba5f-d341bdbd539a) 2. Clicking the status badge in the agentless policies table opens a flyout with two steps: confirm agentless enrollment and confirm incoming data: ![image](https://github.com/user-attachments/assets/e19e6ba0-f40d-48a7-a524-0373934ac46a) 3. Confirm agentless enrollment polls for an agent enrolled into that integration policy's agent policy. If that agent is reporting an unhealthy status, the integration component UI is shown. This UI is the same one used on Fleet > Agents > Agent details page and shows all components reported by that agent: ![image](https://github.com/user-attachments/assets/ce214f7f-4bdd-48e5-a5eb-a1e8fcc7a512) 4. Once a healthy agentless enrollment is established, confirm incoming data starts polling for data for that integration ingested by that agent ID in the past 5 minutes: ![image](https://github.com/user-attachments/assets/7f3de40b-3418-4174-b529-e805407949b6) 5. If data could not be retrieved in 5 minutes, an error message shows while polling continues in the background: ![image](https://github.com/user-attachments/assets/a3fd198e-1570-4357-9b7f-e541a769d33f) 6. If data is retrieved, a success message is shown: ![image](https://github.com/user-attachments/assets/f4e442af-ca60-4448-9bfb-3f244cd03c2d) </details> ## Testing Easiest way to test is use the Cloud deployment from this PR. Enable Beta integrations and navigate to CSPM. Add a CSPM integration using `Agentless` setup technology. Then you can track the status of the agentless deployment on the Integrations policies tab. For local testing, the following is required to simulate agentless agent: 1. Add the following to kibana.dev.yml: ``` xpack.cloud.id: 'anything-to-pass-cloud-validation-checks' xpack.fleet.agentless.enabled: true xpack.fleet.agentless.api.url: 'https://localhost:8443' xpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt' xpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key' xpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt' ``` 2. Apply [this patch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4) to prevent attempt to create agentless pod 3. Enroll a Fleet Server as usual 4. Enable Beta integrations and navigate to CSPM. Add a CSPM integration using `Agentless` setup technology. 5. Enroll a normal Elastic Agent to the agent policy for that CSPM integration by using the token from Enrollment tokens ## To-do - [x] API tests - [x] Unit UI tests - [x] Manual Cloud tests - [x] File docs request - elastic/ingest-docs#1466 - [ ] Update troubleshooting guide link once available ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 3188cda) # Conflicts: # oas_docs/bundle.json # oas_docs/bundle.serverless.json # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml # src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts # x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx # x-pack/plugins/fleet/public/components/package_policy_actions_menu.tsx # x-pack/plugins/fleet/server/routes/agent/handlers.ts # x-pack/plugins/fleet/server/types/models/package_policy.ts
jen-huang
added a commit
that referenced
this pull request
Nov 27, 2024
…201901) # Backport This will backport the following commits from `main` to `8.x`: - [[UII] Add status tracking for agentless integrations (#199567)](#199567) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jen Huang","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-26T08:12:14Z","message":"[UII] Add status tracking for agentless integrations (#199567)\n\n## Summary\r\n\r\nResolves elastic/ingest-dev#3933. For\r\ndeployments that support agentless, integrations with agentless\r\ndeployment mode enabled will allow the status of agentless integration\r\npolicies to be tracked.\r\n\r\n### Key technical changes\r\n\r\n- A new field `supports_agentless` was added to package policies. This\r\nfield already exists on agent policies. When an agentless integration is\r\ncreated, `supports_agentless: true` is now added to both the package\r\npolicy and its parent agent policy.\r\n- This allows easier filtering for agentless integrations as we avoid\r\nhaving to retrieve & check against every parent agent policy.\r\n- This also means existing agentless policies do not get this new status\r\ntracking UI, only new ones created after this change. Since agentless is\r\nnot yet GA, I think this is okay.\r\n- `/api/fleet/agent_status/data` now takes optional query params\r\n`pkgName` and `pkgVersion`. When both are specified, the API will check\r\nif agent(s) have ingested data for only that package's datastreams.\r\n\r\n## UI walkthrough\r\n<details>\r\n<summary>🖼️ Click to show screenshots</summary>\r\n\r\n1. **Integration policies** page now shows two tables for integrations\r\nmeeting the above condition, one for agentless policies and one for\r\nagent-based policies:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/58c6a932-9bda-4229-ba5f-d341bdbd539a)\r\n\r\n2. Clicking the status badge in the agentless policies table opens a\r\nflyout with two steps: confirm agentless enrollment and confirm incoming\r\ndata:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/e19e6ba0-f40d-48a7-a524-0373934ac46a)\r\n\r\n3. Confirm agentless enrollment polls for an agent enrolled into that\r\nintegration policy's agent policy. If that agent is reporting an\r\nunhealthy status, the integration component UI is shown. This UI is the\r\nsame one used on Fleet > Agents > Agent details page and shows all\r\ncomponents reported by that agent:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/ce214f7f-4bdd-48e5-a5eb-a1e8fcc7a512)\r\n\r\n4. Once a healthy agentless enrollment is established, confirm incoming\r\ndata starts polling for data for that integration ingested by that agent\r\nID in the past 5 minutes:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/7f3de40b-3418-4174-b529-e805407949b6)\r\n\r\n5. If data could not be retrieved in 5 minutes, an error message shows\r\nwhile polling continues in the background:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/a3fd198e-1570-4357-9b7f-e541a769d33f)\r\n\r\n6. If data is retrieved, a success message is shown:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/f4e442af-ca60-4448-9bfb-3f244cd03c2d)\r\n</details>\r\n\r\n## Testing\r\nEasiest way to test is use the Cloud deployment from this PR. Enable\r\nBeta integrations and navigate to CSPM. Add a CSPM integration using\r\n`Agentless` setup technology. Then you can track the status of the\r\nagentless deployment on the Integrations policies tab.\r\n\r\nFor local testing, the following is required to simulate agentless\r\nagent:\r\n1. Add the following to kibana.dev.yml:\r\n```\r\nxpack.cloud.id: 'anything-to-pass-cloud-validation-checks'\r\nxpack.fleet.agentless.enabled: true\r\nxpack.fleet.agentless.api.url: 'https://localhost:8443'\r\nxpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt'\r\nxpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key'\r\nxpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt'\r\n```\r\n2. Apply [this\r\npatch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4)\r\nto prevent attempt to create agentless pod\r\n3. Enroll a Fleet Server as usual\r\n4. Enable Beta integrations and navigate to CSPM. Add a CSPM integration\r\nusing `Agentless` setup technology.\r\n5. Enroll a normal Elastic Agent to the agent policy for that CSPM\r\nintegration by using the token from Enrollment tokens\r\n\r\n## To-do\r\n- [x] API tests\r\n- [x] Unit UI tests\r\n- [x] Manual Cloud tests\r\n- [x] File docs request\r\n - https://github.com/elastic/ingest-docs/issues/1466\r\n- [ ] Update troubleshooting guide link once available\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"3188cda4e3f16161f58fb6c314cf1bffbdac4f41","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Fleet","v9.0.0","release_note:feature","backport:prev-minor","ci:cloud-deploy"],"number":199567,"url":"https://github.com/elastic/kibana/pull/199567","mergeCommit":{"message":"[UII] Add status tracking for agentless integrations (#199567)\n\n## Summary\r\n\r\nResolves elastic/ingest-dev#3933. For\r\ndeployments that support agentless, integrations with agentless\r\ndeployment mode enabled will allow the status of agentless integration\r\npolicies to be tracked.\r\n\r\n### Key technical changes\r\n\r\n- A new field `supports_agentless` was added to package policies. This\r\nfield already exists on agent policies. When an agentless integration is\r\ncreated, `supports_agentless: true` is now added to both the package\r\npolicy and its parent agent policy.\r\n- This allows easier filtering for agentless integrations as we avoid\r\nhaving to retrieve & check against every parent agent policy.\r\n- This also means existing agentless policies do not get this new status\r\ntracking UI, only new ones created after this change. Since agentless is\r\nnot yet GA, I think this is okay.\r\n- `/api/fleet/agent_status/data` now takes optional query params\r\n`pkgName` and `pkgVersion`. When both are specified, the API will check\r\nif agent(s) have ingested data for only that package's datastreams.\r\n\r\n## UI walkthrough\r\n<details>\r\n<summary>🖼️ Click to show screenshots</summary>\r\n\r\n1. **Integration policies** page now shows two tables for integrations\r\nmeeting the above condition, one for agentless policies and one for\r\nagent-based policies:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/58c6a932-9bda-4229-ba5f-d341bdbd539a)\r\n\r\n2. Clicking the status badge in the agentless policies table opens a\r\nflyout with two steps: confirm agentless enrollment and confirm incoming\r\ndata:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/e19e6ba0-f40d-48a7-a524-0373934ac46a)\r\n\r\n3. Confirm agentless enrollment polls for an agent enrolled into that\r\nintegration policy's agent policy. If that agent is reporting an\r\nunhealthy status, the integration component UI is shown. This UI is the\r\nsame one used on Fleet > Agents > Agent details page and shows all\r\ncomponents reported by that agent:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/ce214f7f-4bdd-48e5-a5eb-a1e8fcc7a512)\r\n\r\n4. Once a healthy agentless enrollment is established, confirm incoming\r\ndata starts polling for data for that integration ingested by that agent\r\nID in the past 5 minutes:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/7f3de40b-3418-4174-b529-e805407949b6)\r\n\r\n5. If data could not be retrieved in 5 minutes, an error message shows\r\nwhile polling continues in the background:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/a3fd198e-1570-4357-9b7f-e541a769d33f)\r\n\r\n6. If data is retrieved, a success message is shown:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/f4e442af-ca60-4448-9bfb-3f244cd03c2d)\r\n</details>\r\n\r\n## Testing\r\nEasiest way to test is use the Cloud deployment from this PR. Enable\r\nBeta integrations and navigate to CSPM. Add a CSPM integration using\r\n`Agentless` setup technology. Then you can track the status of the\r\nagentless deployment on the Integrations policies tab.\r\n\r\nFor local testing, the following is required to simulate agentless\r\nagent:\r\n1. Add the following to kibana.dev.yml:\r\n```\r\nxpack.cloud.id: 'anything-to-pass-cloud-validation-checks'\r\nxpack.fleet.agentless.enabled: true\r\nxpack.fleet.agentless.api.url: 'https://localhost:8443'\r\nxpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt'\r\nxpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key'\r\nxpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt'\r\n```\r\n2. Apply [this\r\npatch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4)\r\nto prevent attempt to create agentless pod\r\n3. Enroll a Fleet Server as usual\r\n4. Enable Beta integrations and navigate to CSPM. Add a CSPM integration\r\nusing `Agentless` setup technology.\r\n5. Enroll a normal Elastic Agent to the agent policy for that CSPM\r\nintegration by using the token from Enrollment tokens\r\n\r\n## To-do\r\n- [x] API tests\r\n- [x] Unit UI tests\r\n- [x] Manual Cloud tests\r\n- [x] File docs request\r\n - https://github.com/elastic/ingest-docs/issues/1466\r\n- [ ] Update troubleshooting guide link once available\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"3188cda4e3f16161f58fb6c314cf1bffbdac4f41"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199567","number":199567,"mergeCommit":{"message":"[UII] Add status tracking for agentless integrations (#199567)\n\n## Summary\r\n\r\nResolves elastic/ingest-dev#3933. For\r\ndeployments that support agentless, integrations with agentless\r\ndeployment mode enabled will allow the status of agentless integration\r\npolicies to be tracked.\r\n\r\n### Key technical changes\r\n\r\n- A new field `supports_agentless` was added to package policies. This\r\nfield already exists on agent policies. When an agentless integration is\r\ncreated, `supports_agentless: true` is now added to both the package\r\npolicy and its parent agent policy.\r\n- This allows easier filtering for agentless integrations as we avoid\r\nhaving to retrieve & check against every parent agent policy.\r\n- This also means existing agentless policies do not get this new status\r\ntracking UI, only new ones created after this change. Since agentless is\r\nnot yet GA, I think this is okay.\r\n- `/api/fleet/agent_status/data` now takes optional query params\r\n`pkgName` and `pkgVersion`. When both are specified, the API will check\r\nif agent(s) have ingested data for only that package's datastreams.\r\n\r\n## UI walkthrough\r\n<details>\r\n<summary>🖼️ Click to show screenshots</summary>\r\n\r\n1. **Integration policies** page now shows two tables for integrations\r\nmeeting the above condition, one for agentless policies and one for\r\nagent-based policies:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/58c6a932-9bda-4229-ba5f-d341bdbd539a)\r\n\r\n2. Clicking the status badge in the agentless policies table opens a\r\nflyout with two steps: confirm agentless enrollment and confirm incoming\r\ndata:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/e19e6ba0-f40d-48a7-a524-0373934ac46a)\r\n\r\n3. Confirm agentless enrollment polls for an agent enrolled into that\r\nintegration policy's agent policy. If that agent is reporting an\r\nunhealthy status, the integration component UI is shown. This UI is the\r\nsame one used on Fleet > Agents > Agent details page and shows all\r\ncomponents reported by that agent:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/ce214f7f-4bdd-48e5-a5eb-a1e8fcc7a512)\r\n\r\n4. Once a healthy agentless enrollment is established, confirm incoming\r\ndata starts polling for data for that integration ingested by that agent\r\nID in the past 5 minutes:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/7f3de40b-3418-4174-b529-e805407949b6)\r\n\r\n5. If data could not be retrieved in 5 minutes, an error message shows\r\nwhile polling continues in the background:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/a3fd198e-1570-4357-9b7f-e541a769d33f)\r\n\r\n6. If data is retrieved, a success message is shown:\r\n\r\n\r\n![image](https://github.com/user-attachments/assets/f4e442af-ca60-4448-9bfb-3f244cd03c2d)\r\n</details>\r\n\r\n## Testing\r\nEasiest way to test is use the Cloud deployment from this PR. Enable\r\nBeta integrations and navigate to CSPM. Add a CSPM integration using\r\n`Agentless` setup technology. Then you can track the status of the\r\nagentless deployment on the Integrations policies tab.\r\n\r\nFor local testing, the following is required to simulate agentless\r\nagent:\r\n1. Add the following to kibana.dev.yml:\r\n```\r\nxpack.cloud.id: 'anything-to-pass-cloud-validation-checks'\r\nxpack.fleet.agentless.enabled: true\r\nxpack.fleet.agentless.api.url: 'https://localhost:8443'\r\nxpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt'\r\nxpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key'\r\nxpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt'\r\n```\r\n2. Apply [this\r\npatch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4)\r\nto prevent attempt to create agentless pod\r\n3. Enroll a Fleet Server as usual\r\n4. Enable Beta integrations and navigate to CSPM. Add a CSPM integration\r\nusing `Agentless` setup technology.\r\n5. Enroll a normal Elastic Agent to the agent policy for that CSPM\r\nintegration by using the token from Enrollment tokens\r\n\r\n## To-do\r\n- [x] API tests\r\n- [x] Unit UI tests\r\n- [x] Manual Cloud tests\r\n- [x] File docs request\r\n - https://github.com/elastic/ingest-docs/issues/1466\r\n- [ ] Update troubleshooting guide link once available\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"3188cda4e3f16161f58fb6c314cf1bffbdac4f41"}}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Dec 12, 2024
## Summary Resolves elastic/ingest-dev#3933. For deployments that support agentless, integrations with agentless deployment mode enabled will allow the status of agentless integration policies to be tracked. ### Key technical changes - A new field `supports_agentless` was added to package policies. This field already exists on agent policies. When an agentless integration is created, `supports_agentless: true` is now added to both the package policy and its parent agent policy. - This allows easier filtering for agentless integrations as we avoid having to retrieve & check against every parent agent policy. - This also means existing agentless policies do not get this new status tracking UI, only new ones created after this change. Since agentless is not yet GA, I think this is okay. - `/api/fleet/agent_status/data` now takes optional query params `pkgName` and `pkgVersion`. When both are specified, the API will check if agent(s) have ingested data for only that package's datastreams. ## UI walkthrough <details> <summary>🖼️ Click to show screenshots</summary> 1. **Integration policies** page now shows two tables for integrations meeting the above condition, one for agentless policies and one for agent-based policies: ![image](https://github.com/user-attachments/assets/58c6a932-9bda-4229-ba5f-d341bdbd539a) 2. Clicking the status badge in the agentless policies table opens a flyout with two steps: confirm agentless enrollment and confirm incoming data: ![image](https://github.com/user-attachments/assets/e19e6ba0-f40d-48a7-a524-0373934ac46a) 3. Confirm agentless enrollment polls for an agent enrolled into that integration policy's agent policy. If that agent is reporting an unhealthy status, the integration component UI is shown. This UI is the same one used on Fleet > Agents > Agent details page and shows all components reported by that agent: ![image](https://github.com/user-attachments/assets/ce214f7f-4bdd-48e5-a5eb-a1e8fcc7a512) 4. Once a healthy agentless enrollment is established, confirm incoming data starts polling for data for that integration ingested by that agent ID in the past 5 minutes: ![image](https://github.com/user-attachments/assets/7f3de40b-3418-4174-b529-e805407949b6) 5. If data could not be retrieved in 5 minutes, an error message shows while polling continues in the background: ![image](https://github.com/user-attachments/assets/a3fd198e-1570-4357-9b7f-e541a769d33f) 6. If data is retrieved, a success message is shown: ![image](https://github.com/user-attachments/assets/f4e442af-ca60-4448-9bfb-3f244cd03c2d) </details> ## Testing Easiest way to test is use the Cloud deployment from this PR. Enable Beta integrations and navigate to CSPM. Add a CSPM integration using `Agentless` setup technology. Then you can track the status of the agentless deployment on the Integrations policies tab. For local testing, the following is required to simulate agentless agent: 1. Add the following to kibana.dev.yml: ``` xpack.cloud.id: 'anything-to-pass-cloud-validation-checks' xpack.fleet.agentless.enabled: true xpack.fleet.agentless.api.url: 'https://localhost:8443' xpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt' xpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key' xpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt' ``` 2. Apply [this patch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4) to prevent attempt to create agentless pod 3. Enroll a Fleet Server as usual 4. Enable Beta integrations and navigate to CSPM. Add a CSPM integration using `Agentless` setup technology. 5. Enroll a normal Elastic Agent to the agent policy for that CSPM integration by using the token from Enrollment tokens ## To-do - [x] API tests - [x] Unit UI tests - [x] Manual Cloud tests - [x] File docs request - elastic/ingest-docs#1466 - [ ] Update troubleshooting guide link once available ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Dec 12, 2024
## Summary Noticed that FTR tests are failing: https://buildkite.com/elastic/appex-qa-serverless-kibana-ftr-tests/builds/3452#01936859-5a54-46bb-8dc5-bc18992bc3b8 Following PR: elastic#199567 Looking at the code, I saw that we look at the status and expect a `Pending` status, yet we get a `Healthy` status. It looks like this should be an async flow. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]>
1 task
2 tasks
juliaElastic
added a commit
that referenced
this pull request
Dec 17, 2024
… field (#204410) ## Summary Closes #203821 Added a function to Fleet setup to query package policies that are missing `supports_agentless` field and backfilling them. Only doing this for `cloud_security_posture` package, to skip other non-related packages like `system`. To verify: - follow the steps in the description here to create an agentless agent policy with cspm integration: #199567 - manually update the package policy to simulate `supports_agentless:false` - trigger Fleet setup - verify that the cspm package policy has `supports_agentless:true` ``` PUT kbn:/api/fleet/package_policies/<policy_id> { "supports_agentless": false } POST kbn:/api/fleet/setup GET kbn:/api/fleet/package_policies/<policy_id> ``` Logs: ``` [2024-12-16T15:42:11.027+01:00][DEBUG][plugins.fleet] Backfilling package policy supports_agentless field [2024-12-16T15:42:11.034+01:00][DEBUG][plugins.fleet] Backfilling supports_agentless on package policies: 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:11.035+01:00][DEBUG][plugins.fleet] Starting update of package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:13.213+01:00][DEBUG][plugins.fleet] Deploying policies: 0ed942d5-6c01-484f-a1c5-6c7fff92b020:12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Agent policy 0ed942d5-6c01-484f-a1c5-6c7fff92b020 update completed, revision: 12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 update completed ``` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Dec 17, 2024
… field (elastic#204410) ## Summary Closes elastic#203821 Added a function to Fleet setup to query package policies that are missing `supports_agentless` field and backfilling them. Only doing this for `cloud_security_posture` package, to skip other non-related packages like `system`. To verify: - follow the steps in the description here to create an agentless agent policy with cspm integration: elastic#199567 - manually update the package policy to simulate `supports_agentless:false` - trigger Fleet setup - verify that the cspm package policy has `supports_agentless:true` ``` PUT kbn:/api/fleet/package_policies/<policy_id> { "supports_agentless": false } POST kbn:/api/fleet/setup GET kbn:/api/fleet/package_policies/<policy_id> ``` Logs: ``` [2024-12-16T15:42:11.027+01:00][DEBUG][plugins.fleet] Backfilling package policy supports_agentless field [2024-12-16T15:42:11.034+01:00][DEBUG][plugins.fleet] Backfilling supports_agentless on package policies: 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:11.035+01:00][DEBUG][plugins.fleet] Starting update of package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:13.213+01:00][DEBUG][plugins.fleet] Deploying policies: 0ed942d5-6c01-484f-a1c5-6c7fff92b020:12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Agent policy 0ed942d5-6c01-484f-a1c5-6c7fff92b020 update completed, revision: 12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 update completed ``` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit a229d7a)
criamico
added a commit
that referenced
this pull request
Dec 17, 2024
…ut (#203824) ## Summary Display next steps and actions in agentless integrations flyout. This PR is based off the following changes: **Agentless flyout** Introduced with #199567 **package-spec** The definitions for package-spec have been updated in these two PRs: - elastic/package-spec#834 - elastic/package-spec#844 Any agentless package can now define internal links with format `kbn:/app/...` and external links with format `https://...`. This PR shows a card or a button linking to these urls in the new agentless flyout **Connectors** Agentless integration now expose connectors name and id in the package policy (see code [here](https://github.com/elastic/integrations/blob/69fd5a26c4d0a8e9e999c51fb49a2cf28c078dd2/packages/elastic_connectors/manifest.yml#L45-L62) for elastic connectors integration). <img width="1003" alt="Screenshot 2024-12-16 at 16 30 22" src="https://github.com/user-attachments/assets/70b3471e-51bb-4e79-95a4-843e20128c26" /> This PR creates a dynamic link to the connector configured in the policy and shows it in the agentless flyout. ### Testing - First of all, enable agentless following the steps under `Testing` in [ this PR](#199567). Follow up to step 3 - Instead of installing CSPM, install this test package [agentless_package_links-0.0.1.zip](https://github.com/user-attachments/files/18152872/agentless_package_links-0.0.1.zip) with the upload command ``` curl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOURPATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.1.zip ``` - Once appears installed, create a package policy with this new integration. Make sure to choose `agentless` as deployment mode <img width="1278" alt="Screenshot 2024-12-16 at 16 22 09" src="https://github.com/user-attachments/assets/7104bf2a-e419-4efa-b352-278ad2057951" /> - Enroll an agent to the newly created "agentless" policy by using the token (it's available in the token page) - Go back to integrations, you should see a page like this one: <img width="1569" alt="Screenshot 2024-12-16 at 16 38 18" src="https://github.com/user-attachments/assets/de770984-985e-449e-b6e3-5c78eb5d3926" /> - Click on the state ("pending"/"healhty"/"unhealthy") and see the flyout. If the enrollment was successful, you should see some cards and buttons that link to internal and external links in kibana <img width="878" alt="Screenshot 2024-12-16 at 16 21 57" src="https://github.com/user-attachments/assets/c77b224f-882c-4d52-956a-744e94e36f1e" /> ### Testing the connector cards - First create a new connector: go to `app/elasticsearch/content/connectors` and click on "new connector". For this purpose there's no need to complete the procedure - Note down the name and id of the connector <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/b60e491c-809a-40d5-8d01-12b225896fca" /> <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/1adc65e4-0b3b-4e03-9e65-5cc01385b0db" /> - Go back to the integration policy previously installed. Enable the "Test Connector" input and add the name and id from above. - The agentless flyout should now have a card that will link the user to `app/elasticsearch/content/connectors/<id>` ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: kibanamachine <[email protected]>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Dec 17, 2024
…ut (elastic#203824) ## Summary Display next steps and actions in agentless integrations flyout. This PR is based off the following changes: **Agentless flyout** Introduced with elastic#199567 **package-spec** The definitions for package-spec have been updated in these two PRs: - elastic/package-spec#834 - elastic/package-spec#844 Any agentless package can now define internal links with format `kbn:/app/...` and external links with format `https://...`. This PR shows a card or a button linking to these urls in the new agentless flyout **Connectors** Agentless integration now expose connectors name and id in the package policy (see code [here](https://github.com/elastic/integrations/blob/69fd5a26c4d0a8e9e999c51fb49a2cf28c078dd2/packages/elastic_connectors/manifest.yml#L45-L62) for elastic connectors integration). <img width="1003" alt="Screenshot 2024-12-16 at 16 30 22" src="https://github.com/user-attachments/assets/70b3471e-51bb-4e79-95a4-843e20128c26" /> This PR creates a dynamic link to the connector configured in the policy and shows it in the agentless flyout. ### Testing - First of all, enable agentless following the steps under `Testing` in [ this PR](elastic#199567). Follow up to step 3 - Instead of installing CSPM, install this test package [agentless_package_links-0.0.1.zip](https://github.com/user-attachments/files/18152872/agentless_package_links-0.0.1.zip) with the upload command ``` curl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOURPATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.1.zip ``` - Once appears installed, create a package policy with this new integration. Make sure to choose `agentless` as deployment mode <img width="1278" alt="Screenshot 2024-12-16 at 16 22 09" src="https://github.com/user-attachments/assets/7104bf2a-e419-4efa-b352-278ad2057951" /> - Enroll an agent to the newly created "agentless" policy by using the token (it's available in the token page) - Go back to integrations, you should see a page like this one: <img width="1569" alt="Screenshot 2024-12-16 at 16 38 18" src="https://github.com/user-attachments/assets/de770984-985e-449e-b6e3-5c78eb5d3926" /> - Click on the state ("pending"/"healhty"/"unhealthy") and see the flyout. If the enrollment was successful, you should see some cards and buttons that link to internal and external links in kibana <img width="878" alt="Screenshot 2024-12-16 at 16 21 57" src="https://github.com/user-attachments/assets/c77b224f-882c-4d52-956a-744e94e36f1e" /> ### Testing the connector cards - First create a new connector: go to `app/elasticsearch/content/connectors` and click on "new connector". For this purpose there's no need to complete the procedure - Note down the name and id of the connector <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/b60e491c-809a-40d5-8d01-12b225896fca" /> <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/1adc65e4-0b3b-4e03-9e65-5cc01385b0db" /> - Go back to the integration policy previously installed. Enable the "Test Connector" input and add the name and id from above. - The agentless flyout should now have a card that will link the user to `app/elasticsearch/content/connectors/<id>` ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 790c589)
kibanamachine
added a commit
that referenced
this pull request
Dec 17, 2024
…_agentless` field (#204410) (#204552) # Backport This will backport the following commits from `main` to `8.x`: - [[Fleet] backfill agentless package policies with `supports_agentless` field (#204410)](#204410) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Julia Bardi","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-17T11:31:08Z","message":"[Fleet] backfill agentless package policies with `supports_agentless` field (#204410)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/203821\r\n\r\nAdded a function to Fleet setup to query package policies that are\r\nmissing `supports_agentless` field and backfilling them. Only doing this\r\nfor `cloud_security_posture` package, to skip other non-related packages\r\nlike `system`.\r\n\r\nTo verify:\r\n- follow the steps in the description here to create an agentless agent\r\npolicy with cspm integration:\r\nhttps://github.com//pull/199567\r\n- manually update the package policy to simulate\r\n`supports_agentless:false`\r\n- trigger Fleet setup\r\n- verify that the cspm package policy has `supports_agentless:true`\r\n\r\n```\r\nPUT kbn:/api/fleet/package_policies/<policy_id>\r\n{\r\n \"supports_agentless\": false\r\n}\r\n\r\nPOST kbn:/api/fleet/setup\r\n\r\nGET kbn:/api/fleet/package_policies/<policy_id>\r\n```\r\n\r\nLogs:\r\n```\r\n[2024-12-16T15:42:11.027+01:00][DEBUG][plugins.fleet] Backfilling package policy supports_agentless field\r\n[2024-12-16T15:42:11.034+01:00][DEBUG][plugins.fleet] Backfilling supports_agentless on package policies: 6a06d167-e02e-4057-9d71-e1f7e5dd2847\r\n[2024-12-16T15:42:11.035+01:00][DEBUG][plugins.fleet] Starting update of package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847\r\n[2024-12-16T15:42:13.213+01:00][DEBUG][plugins.fleet] Deploying policies: 0ed942d5-6c01-484f-a1c5-6c7fff92b020:12\r\n[2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Agent policy 0ed942d5-6c01-484f-a1c5-6c7fff92b020 update completed, revision: 12\r\n[2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 update completed\r\n```\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"a229d7ab1d98ef9461209356ea2ffe43f920376f","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","backport:prev-minor"],"title":"[Fleet] backfill agentless package policies with `supports_agentless` field","number":204410,"url":"https://github.com/elastic/kibana/pull/204410","mergeCommit":{"message":"[Fleet] backfill agentless package policies with `supports_agentless` field (#204410)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/203821\r\n\r\nAdded a function to Fleet setup to query package policies that are\r\nmissing `supports_agentless` field and backfilling them. Only doing this\r\nfor `cloud_security_posture` package, to skip other non-related packages\r\nlike `system`.\r\n\r\nTo verify:\r\n- follow the steps in the description here to create an agentless agent\r\npolicy with cspm integration:\r\nhttps://github.com//pull/199567\r\n- manually update the package policy to simulate\r\n`supports_agentless:false`\r\n- trigger Fleet setup\r\n- verify that the cspm package policy has `supports_agentless:true`\r\n\r\n```\r\nPUT kbn:/api/fleet/package_policies/<policy_id>\r\n{\r\n \"supports_agentless\": false\r\n}\r\n\r\nPOST kbn:/api/fleet/setup\r\n\r\nGET kbn:/api/fleet/package_policies/<policy_id>\r\n```\r\n\r\nLogs:\r\n```\r\n[2024-12-16T15:42:11.027+01:00][DEBUG][plugins.fleet] Backfilling package policy supports_agentless field\r\n[2024-12-16T15:42:11.034+01:00][DEBUG][plugins.fleet] Backfilling supports_agentless on package policies: 6a06d167-e02e-4057-9d71-e1f7e5dd2847\r\n[2024-12-16T15:42:11.035+01:00][DEBUG][plugins.fleet] Starting update of package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847\r\n[2024-12-16T15:42:13.213+01:00][DEBUG][plugins.fleet] Deploying policies: 0ed942d5-6c01-484f-a1c5-6c7fff92b020:12\r\n[2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Agent policy 0ed942d5-6c01-484f-a1c5-6c7fff92b020 update completed, revision: 12\r\n[2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 update completed\r\n```\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"a229d7ab1d98ef9461209356ea2ffe43f920376f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204410","number":204410,"mergeCommit":{"message":"[Fleet] backfill agentless package policies with `supports_agentless` field (#204410)\n\n## Summary\r\n\r\nCloses https://github.com/elastic/kibana/issues/203821\r\n\r\nAdded a function to Fleet setup to query package policies that are\r\nmissing `supports_agentless` field and backfilling them. Only doing this\r\nfor `cloud_security_posture` package, to skip other non-related packages\r\nlike `system`.\r\n\r\nTo verify:\r\n- follow the steps in the description here to create an agentless agent\r\npolicy with cspm integration:\r\nhttps://github.com//pull/199567\r\n- manually update the package policy to simulate\r\n`supports_agentless:false`\r\n- trigger Fleet setup\r\n- verify that the cspm package policy has `supports_agentless:true`\r\n\r\n```\r\nPUT kbn:/api/fleet/package_policies/<policy_id>\r\n{\r\n \"supports_agentless\": false\r\n}\r\n\r\nPOST kbn:/api/fleet/setup\r\n\r\nGET kbn:/api/fleet/package_policies/<policy_id>\r\n```\r\n\r\nLogs:\r\n```\r\n[2024-12-16T15:42:11.027+01:00][DEBUG][plugins.fleet] Backfilling package policy supports_agentless field\r\n[2024-12-16T15:42:11.034+01:00][DEBUG][plugins.fleet] Backfilling supports_agentless on package policies: 6a06d167-e02e-4057-9d71-e1f7e5dd2847\r\n[2024-12-16T15:42:11.035+01:00][DEBUG][plugins.fleet] Starting update of package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847\r\n[2024-12-16T15:42:13.213+01:00][DEBUG][plugins.fleet] Deploying policies: 0ed942d5-6c01-484f-a1c5-6c7fff92b020:12\r\n[2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Agent policy 0ed942d5-6c01-484f-a1c5-6c7fff92b020 update completed, revision: 12\r\n[2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 update completed\r\n```\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"a229d7ab1d98ef9461209356ea2ffe43f920376f"}}]}] BACKPORT--> --------- Co-authored-by: Julia Bardi <[email protected]>
kibanamachine
added a commit
that referenced
this pull request
Dec 17, 2024
…s flyout (#203824) (#204573) # Backport This will backport the following commits from `main` to `8.x`: - [[Fleet] Display next steps and actions in agentless integrations flyout (#203824)](#203824) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Cristina Amico","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-17T13:13:58Z","message":"[Fleet] Display next steps and actions in agentless integrations flyout (#203824)\n\n## Summary\r\n\r\nDisplay next steps and actions in agentless integrations flyout. This PR\r\nis based off the following changes:\r\n\r\n**Agentless flyout**\r\nIntroduced with https://github.com/elastic/kibana/pull/199567\r\n\r\n**package-spec**\r\nThe definitions for package-spec have been updated in these two PRs:\r\n- https://github.com/elastic/package-spec/pull/834\r\n- https://github.com/elastic/package-spec/pull/844\r\nAny agentless package can now define internal links with format\r\n`kbn:/app/...` and external links with format `https://...`. This PR\r\nshows a card or a button linking to these urls in the new agentless\r\nflyout\r\n\r\n**Connectors**\r\nAgentless integration now expose connectors name and id in the package\r\npolicy (see code\r\n[here](https://github.com/elastic/integrations/blob/69fd5a26c4d0a8e9e999c51fb49a2cf28c078dd2/packages/elastic_connectors/manifest.yml#L45-L62)\r\nfor elastic connectors integration).\r\n<img width=\"1003\" alt=\"Screenshot 2024-12-16 at 16 30 22\"\r\nsrc=\"https://github.com/user-attachments/assets/70b3471e-51bb-4e79-95a4-843e20128c26\"\r\n/>\r\n\r\nThis PR creates a dynamic link to the connector configured in the policy\r\nand shows it in the agentless flyout.\r\n\r\n### Testing\r\n- First of all, enable agentless following the steps under `Testing` in\r\n[ this PR](#199567). Follow up to\r\nstep 3\r\n- Instead of installing CSPM, install this test package\r\n[agentless_package_links-0.0.1.zip](https://github.com/user-attachments/files/18152872/agentless_package_links-0.0.1.zip)\r\nwith the upload command\r\n```\r\ncurl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOURPATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.1.zip\r\n```\r\n- Once appears installed, create a package policy with this new\r\nintegration. Make sure to choose `agentless` as deployment mode\r\n<img width=\"1278\" alt=\"Screenshot 2024-12-16 at 16 22 09\"\r\nsrc=\"https://github.com/user-attachments/assets/7104bf2a-e419-4efa-b352-278ad2057951\"\r\n/>\r\n\r\n- Enroll an agent to the newly created \"agentless\" policy by using the\r\ntoken (it's available in the token page)\r\n- Go back to integrations, you should see a page like this one:\r\n<img width=\"1569\" alt=\"Screenshot 2024-12-16 at 16 38 18\"\r\nsrc=\"https://github.com/user-attachments/assets/de770984-985e-449e-b6e3-5c78eb5d3926\"\r\n/>\r\n\r\n- Click on the state (\"pending\"/\"healhty\"/\"unhealthy\") and see the\r\nflyout. If the enrollment was successful, you should see some cards and\r\nbuttons that link to internal and external links in kibana\r\n\r\n<img width=\"878\" alt=\"Screenshot 2024-12-16 at 16 21 57\"\r\nsrc=\"https://github.com/user-attachments/assets/c77b224f-882c-4d52-956a-744e94e36f1e\"\r\n/>\r\n\r\n### Testing the connector cards\r\n- First create a new connector: go to\r\n`app/elasticsearch/content/connectors` and click on \"new connector\". For\r\nthis purpose there's no need to complete the procedure\r\n- Note down the name and id of the connector\r\n<img width=\"1789\" alt=\"Screenshot 2024-12-16 at 16 42 00\"\r\nsrc=\"https://github.com/user-attachments/assets/b60e491c-809a-40d5-8d01-12b225896fca\"\r\n/>\r\n<img width=\"1789\" alt=\"Screenshot 2024-12-16 at 16 42 00\"\r\nsrc=\"https://github.com/user-attachments/assets/1adc65e4-0b3b-4e03-9e65-5cc01385b0db\"\r\n/>\r\n- Go back to the integration policy previously installed. Enable the\r\n\"Test Connector\" input and add the name and id from above.\r\n- The agentless flyout should now have a card that will link the user to\r\n`app/elasticsearch/content/connectors/<id>`\r\n\r\n\r\n### Checklist\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"790c58932f797f338b10a7d6a93627313c42671e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Fleet","v9.0.0","release_note:feature","backport:prev-minor","v8.18.0"],"title":"[Fleet] Display next steps and actions in agentless integrations flyout","number":203824,"url":"https://github.com/elastic/kibana/pull/203824","mergeCommit":{"message":"[Fleet] Display next steps and actions in agentless integrations flyout (#203824)\n\n## Summary\r\n\r\nDisplay next steps and actions in agentless integrations flyout. This PR\r\nis based off the following changes:\r\n\r\n**Agentless flyout**\r\nIntroduced with https://github.com/elastic/kibana/pull/199567\r\n\r\n**package-spec**\r\nThe definitions for package-spec have been updated in these two PRs:\r\n- https://github.com/elastic/package-spec/pull/834\r\n- https://github.com/elastic/package-spec/pull/844\r\nAny agentless package can now define internal links with format\r\n`kbn:/app/...` and external links with format `https://...`. This PR\r\nshows a card or a button linking to these urls in the new agentless\r\nflyout\r\n\r\n**Connectors**\r\nAgentless integration now expose connectors name and id in the package\r\npolicy (see code\r\n[here](https://github.com/elastic/integrations/blob/69fd5a26c4d0a8e9e999c51fb49a2cf28c078dd2/packages/elastic_connectors/manifest.yml#L45-L62)\r\nfor elastic connectors integration).\r\n<img width=\"1003\" alt=\"Screenshot 2024-12-16 at 16 30 22\"\r\nsrc=\"https://github.com/user-attachments/assets/70b3471e-51bb-4e79-95a4-843e20128c26\"\r\n/>\r\n\r\nThis PR creates a dynamic link to the connector configured in the policy\r\nand shows it in the agentless flyout.\r\n\r\n### Testing\r\n- First of all, enable agentless following the steps under `Testing` in\r\n[ this PR](#199567). Follow up to\r\nstep 3\r\n- Instead of installing CSPM, install this test package\r\n[agentless_package_links-0.0.1.zip](https://github.com/user-attachments/files/18152872/agentless_package_links-0.0.1.zip)\r\nwith the upload command\r\n```\r\ncurl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOURPATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.1.zip\r\n```\r\n- Once appears installed, create a package policy with this new\r\nintegration. Make sure to choose `agentless` as deployment mode\r\n<img width=\"1278\" alt=\"Screenshot 2024-12-16 at 16 22 09\"\r\nsrc=\"https://github.com/user-attachments/assets/7104bf2a-e419-4efa-b352-278ad2057951\"\r\n/>\r\n\r\n- Enroll an agent to the newly created \"agentless\" policy by using the\r\ntoken (it's available in the token page)\r\n- Go back to integrations, you should see a page like this one:\r\n<img width=\"1569\" alt=\"Screenshot 2024-12-16 at 16 38 18\"\r\nsrc=\"https://github.com/user-attachments/assets/de770984-985e-449e-b6e3-5c78eb5d3926\"\r\n/>\r\n\r\n- Click on the state (\"pending\"/\"healhty\"/\"unhealthy\") and see the\r\nflyout. If the enrollment was successful, you should see some cards and\r\nbuttons that link to internal and external links in kibana\r\n\r\n<img width=\"878\" alt=\"Screenshot 2024-12-16 at 16 21 57\"\r\nsrc=\"https://github.com/user-attachments/assets/c77b224f-882c-4d52-956a-744e94e36f1e\"\r\n/>\r\n\r\n### Testing the connector cards\r\n- First create a new connector: go to\r\n`app/elasticsearch/content/connectors` and click on \"new connector\". For\r\nthis purpose there's no need to complete the procedure\r\n- Note down the name and id of the connector\r\n<img width=\"1789\" alt=\"Screenshot 2024-12-16 at 16 42 00\"\r\nsrc=\"https://github.com/user-attachments/assets/b60e491c-809a-40d5-8d01-12b225896fca\"\r\n/>\r\n<img width=\"1789\" alt=\"Screenshot 2024-12-16 at 16 42 00\"\r\nsrc=\"https://github.com/user-attachments/assets/1adc65e4-0b3b-4e03-9e65-5cc01385b0db\"\r\n/>\r\n- Go back to the integration policy previously installed. Enable the\r\n\"Test Connector\" input and add the name and id from above.\r\n- The agentless flyout should now have a card that will link the user to\r\n`app/elasticsearch/content/connectors/<id>`\r\n\r\n\r\n### Checklist\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"790c58932f797f338b10a7d6a93627313c42671e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203824","number":203824,"mergeCommit":{"message":"[Fleet] Display next steps and actions in agentless integrations flyout (#203824)\n\n## Summary\r\n\r\nDisplay next steps and actions in agentless integrations flyout. This PR\r\nis based off the following changes:\r\n\r\n**Agentless flyout**\r\nIntroduced with https://github.com/elastic/kibana/pull/199567\r\n\r\n**package-spec**\r\nThe definitions for package-spec have been updated in these two PRs:\r\n- https://github.com/elastic/package-spec/pull/834\r\n- https://github.com/elastic/package-spec/pull/844\r\nAny agentless package can now define internal links with format\r\n`kbn:/app/...` and external links with format `https://...`. This PR\r\nshows a card or a button linking to these urls in the new agentless\r\nflyout\r\n\r\n**Connectors**\r\nAgentless integration now expose connectors name and id in the package\r\npolicy (see code\r\n[here](https://github.com/elastic/integrations/blob/69fd5a26c4d0a8e9e999c51fb49a2cf28c078dd2/packages/elastic_connectors/manifest.yml#L45-L62)\r\nfor elastic connectors integration).\r\n<img width=\"1003\" alt=\"Screenshot 2024-12-16 at 16 30 22\"\r\nsrc=\"https://github.com/user-attachments/assets/70b3471e-51bb-4e79-95a4-843e20128c26\"\r\n/>\r\n\r\nThis PR creates a dynamic link to the connector configured in the policy\r\nand shows it in the agentless flyout.\r\n\r\n### Testing\r\n- First of all, enable agentless following the steps under `Testing` in\r\n[ this PR](#199567). Follow up to\r\nstep 3\r\n- Instead of installing CSPM, install this test package\r\n[agentless_package_links-0.0.1.zip](https://github.com/user-attachments/files/18152872/agentless_package_links-0.0.1.zip)\r\nwith the upload command\r\n```\r\ncurl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOURPATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.1.zip\r\n```\r\n- Once appears installed, create a package policy with this new\r\nintegration. Make sure to choose `agentless` as deployment mode\r\n<img width=\"1278\" alt=\"Screenshot 2024-12-16 at 16 22 09\"\r\nsrc=\"https://github.com/user-attachments/assets/7104bf2a-e419-4efa-b352-278ad2057951\"\r\n/>\r\n\r\n- Enroll an agent to the newly created \"agentless\" policy by using the\r\ntoken (it's available in the token page)\r\n- Go back to integrations, you should see a page like this one:\r\n<img width=\"1569\" alt=\"Screenshot 2024-12-16 at 16 38 18\"\r\nsrc=\"https://github.com/user-attachments/assets/de770984-985e-449e-b6e3-5c78eb5d3926\"\r\n/>\r\n\r\n- Click on the state (\"pending\"/\"healhty\"/\"unhealthy\") and see the\r\nflyout. If the enrollment was successful, you should see some cards and\r\nbuttons that link to internal and external links in kibana\r\n\r\n<img width=\"878\" alt=\"Screenshot 2024-12-16 at 16 21 57\"\r\nsrc=\"https://github.com/user-attachments/assets/c77b224f-882c-4d52-956a-744e94e36f1e\"\r\n/>\r\n\r\n### Testing the connector cards\r\n- First create a new connector: go to\r\n`app/elasticsearch/content/connectors` and click on \"new connector\". For\r\nthis purpose there's no need to complete the procedure\r\n- Note down the name and id of the connector\r\n<img width=\"1789\" alt=\"Screenshot 2024-12-16 at 16 42 00\"\r\nsrc=\"https://github.com/user-attachments/assets/b60e491c-809a-40d5-8d01-12b225896fca\"\r\n/>\r\n<img width=\"1789\" alt=\"Screenshot 2024-12-16 at 16 42 00\"\r\nsrc=\"https://github.com/user-attachments/assets/1adc65e4-0b3b-4e03-9e65-5cc01385b0db\"\r\n/>\r\n- Go back to the integration policy previously installed. Enable the\r\n\"Test Connector\" input and add the name and id from above.\r\n- The agentless flyout should now have a card that will link the user to\r\n`app/elasticsearch/content/connectors/<id>`\r\n\r\n\r\n### Checklist\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"790c58932f797f338b10a7d6a93627313c42671e"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Cristina Amico <[email protected]>
JoseLuisGJ
pushed a commit
to JoseLuisGJ/kibana
that referenced
this pull request
Dec 19, 2024
… field (elastic#204410) ## Summary Closes elastic#203821 Added a function to Fleet setup to query package policies that are missing `supports_agentless` field and backfilling them. Only doing this for `cloud_security_posture` package, to skip other non-related packages like `system`. To verify: - follow the steps in the description here to create an agentless agent policy with cspm integration: elastic#199567 - manually update the package policy to simulate `supports_agentless:false` - trigger Fleet setup - verify that the cspm package policy has `supports_agentless:true` ``` PUT kbn:/api/fleet/package_policies/<policy_id> { "supports_agentless": false } POST kbn:/api/fleet/setup GET kbn:/api/fleet/package_policies/<policy_id> ``` Logs: ``` [2024-12-16T15:42:11.027+01:00][DEBUG][plugins.fleet] Backfilling package policy supports_agentless field [2024-12-16T15:42:11.034+01:00][DEBUG][plugins.fleet] Backfilling supports_agentless on package policies: 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:11.035+01:00][DEBUG][plugins.fleet] Starting update of package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:13.213+01:00][DEBUG][plugins.fleet] Deploying policies: 0ed942d5-6c01-484f-a1c5-6c7fff92b020:12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Agent policy 0ed942d5-6c01-484f-a1c5-6c7fff92b020 update completed, revision: 12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 update completed ``` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
JoseLuisGJ
pushed a commit
to JoseLuisGJ/kibana
that referenced
this pull request
Dec 19, 2024
…ut (elastic#203824) ## Summary Display next steps and actions in agentless integrations flyout. This PR is based off the following changes: **Agentless flyout** Introduced with elastic#199567 **package-spec** The definitions for package-spec have been updated in these two PRs: - elastic/package-spec#834 - elastic/package-spec#844 Any agentless package can now define internal links with format `kbn:/app/...` and external links with format `https://...`. This PR shows a card or a button linking to these urls in the new agentless flyout **Connectors** Agentless integration now expose connectors name and id in the package policy (see code [here](https://github.com/elastic/integrations/blob/69fd5a26c4d0a8e9e999c51fb49a2cf28c078dd2/packages/elastic_connectors/manifest.yml#L45-L62) for elastic connectors integration). <img width="1003" alt="Screenshot 2024-12-16 at 16 30 22" src="https://github.com/user-attachments/assets/70b3471e-51bb-4e79-95a4-843e20128c26" /> This PR creates a dynamic link to the connector configured in the policy and shows it in the agentless flyout. ### Testing - First of all, enable agentless following the steps under `Testing` in [ this PR](elastic#199567). Follow up to step 3 - Instead of installing CSPM, install this test package [agentless_package_links-0.0.1.zip](https://github.com/user-attachments/files/18152872/agentless_package_links-0.0.1.zip) with the upload command ``` curl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOURPATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.1.zip ``` - Once appears installed, create a package policy with this new integration. Make sure to choose `agentless` as deployment mode <img width="1278" alt="Screenshot 2024-12-16 at 16 22 09" src="https://github.com/user-attachments/assets/7104bf2a-e419-4efa-b352-278ad2057951" /> - Enroll an agent to the newly created "agentless" policy by using the token (it's available in the token page) - Go back to integrations, you should see a page like this one: <img width="1569" alt="Screenshot 2024-12-16 at 16 38 18" src="https://github.com/user-attachments/assets/de770984-985e-449e-b6e3-5c78eb5d3926" /> - Click on the state ("pending"/"healhty"/"unhealthy") and see the flyout. If the enrollment was successful, you should see some cards and buttons that link to internal and external links in kibana <img width="878" alt="Screenshot 2024-12-16 at 16 21 57" src="https://github.com/user-attachments/assets/c77b224f-882c-4d52-956a-744e94e36f1e" /> ### Testing the connector cards - First create a new connector: go to `app/elasticsearch/content/connectors` and click on "new connector". For this purpose there's no need to complete the procedure - Note down the name and id of the connector <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/b60e491c-809a-40d5-8d01-12b225896fca" /> <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/1adc65e4-0b3b-4e03-9e65-5cc01385b0db" /> - Go back to the integration policy previously installed. Enable the "Test Connector" input and add the name and id from above. - The agentless flyout should now have a card that will link the user to `app/elasticsearch/content/connectors/<id>` ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: kibanamachine <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Jan 13, 2025
… field (elastic#204410) ## Summary Closes elastic#203821 Added a function to Fleet setup to query package policies that are missing `supports_agentless` field and backfilling them. Only doing this for `cloud_security_posture` package, to skip other non-related packages like `system`. To verify: - follow the steps in the description here to create an agentless agent policy with cspm integration: elastic#199567 - manually update the package policy to simulate `supports_agentless:false` - trigger Fleet setup - verify that the cspm package policy has `supports_agentless:true` ``` PUT kbn:/api/fleet/package_policies/<policy_id> { "supports_agentless": false } POST kbn:/api/fleet/setup GET kbn:/api/fleet/package_policies/<policy_id> ``` Logs: ``` [2024-12-16T15:42:11.027+01:00][DEBUG][plugins.fleet] Backfilling package policy supports_agentless field [2024-12-16T15:42:11.034+01:00][DEBUG][plugins.fleet] Backfilling supports_agentless on package policies: 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:11.035+01:00][DEBUG][plugins.fleet] Starting update of package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 [2024-12-16T15:42:13.213+01:00][DEBUG][plugins.fleet] Deploying policies: 0ed942d5-6c01-484f-a1c5-6c7fff92b020:12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Agent policy 0ed942d5-6c01-484f-a1c5-6c7fff92b020 update completed, revision: 12 [2024-12-16T15:42:13.610+01:00][DEBUG][plugins.fleet] Package policy 6a06d167-e02e-4057-9d71-e1f7e5dd2847 update completed ``` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Jan 13, 2025
…ut (elastic#203824) ## Summary Display next steps and actions in agentless integrations flyout. This PR is based off the following changes: **Agentless flyout** Introduced with elastic#199567 **package-spec** The definitions for package-spec have been updated in these two PRs: - elastic/package-spec#834 - elastic/package-spec#844 Any agentless package can now define internal links with format `kbn:/app/...` and external links with format `https://...`. This PR shows a card or a button linking to these urls in the new agentless flyout **Connectors** Agentless integration now expose connectors name and id in the package policy (see code [here](https://github.com/elastic/integrations/blob/69fd5a26c4d0a8e9e999c51fb49a2cf28c078dd2/packages/elastic_connectors/manifest.yml#L45-L62) for elastic connectors integration). <img width="1003" alt="Screenshot 2024-12-16 at 16 30 22" src="https://github.com/user-attachments/assets/70b3471e-51bb-4e79-95a4-843e20128c26" /> This PR creates a dynamic link to the connector configured in the policy and shows it in the agentless flyout. ### Testing - First of all, enable agentless following the steps under `Testing` in [ this PR](elastic#199567). Follow up to step 3 - Instead of installing CSPM, install this test package [agentless_package_links-0.0.1.zip](https://github.com/user-attachments/files/18152872/agentless_package_links-0.0.1.zip) with the upload command ``` curl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOURPATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.1.zip ``` - Once appears installed, create a package policy with this new integration. Make sure to choose `agentless` as deployment mode <img width="1278" alt="Screenshot 2024-12-16 at 16 22 09" src="https://github.com/user-attachments/assets/7104bf2a-e419-4efa-b352-278ad2057951" /> - Enroll an agent to the newly created "agentless" policy by using the token (it's available in the token page) - Go back to integrations, you should see a page like this one: <img width="1569" alt="Screenshot 2024-12-16 at 16 38 18" src="https://github.com/user-attachments/assets/de770984-985e-449e-b6e3-5c78eb5d3926" /> - Click on the state ("pending"/"healhty"/"unhealthy") and see the flyout. If the enrollment was successful, you should see some cards and buttons that link to internal and external links in kibana <img width="878" alt="Screenshot 2024-12-16 at 16 21 57" src="https://github.com/user-attachments/assets/c77b224f-882c-4d52-956a-744e94e36f1e" /> ### Testing the connector cards - First create a new connector: go to `app/elasticsearch/content/connectors` and click on "new connector". For this purpose there's no need to complete the procedure - Note down the name and id of the connector <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/b60e491c-809a-40d5-8d01-12b225896fca" /> <img width="1789" alt="Screenshot 2024-12-16 at 16 42 00" src="https://github.com/user-attachments/assets/1adc65e4-0b3b-4e03-9e65-5cc01385b0db" /> - Go back to the integration policy previously installed. Enable the "Test Connector" input and add the name and id from above. - The agentless flyout should now have a card that will link the user to `app/elasticsearch/content/connectors/<id>` ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: kibanamachine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
backport:prev-minor
Backport to (8.x) the previous minor version (i.e. one version back from main)
ci:cloud-deploy
Create or update a Cloud deployment
release_note:feature
Makes this part of the condensed release notes
Team:Fleet
Team label for Observability Data Collection Fleet team
v8.18.0
v9.0.0
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Resolves https://github.com/elastic/ingest-dev/issues/3933. For deployments that support agentless, integrations with agentless deployment mode enabled will allow the status of agentless integration policies to be tracked.
Key technical changes
supports_agentless
was added to package policies. This field already exists on agent policies. When an agentless integration is created,supports_agentless: true
is now added to both the package policy and its parent agent policy./api/fleet/agent_status/data
now takes optional query paramspkgName
andpkgVersion
. When both are specified, the API will check if agent(s) have ingested data for only that package's datastreams.UI walkthrough
🖼️ Click to show screenshots
Testing
Easiest way to test is use the Cloud deployment from this PR. Enable Beta integrations and navigate to CSPM. Add a CSPM integration using
Agentless
setup technology. Then you can track the status of the agentless deployment on the Integrations policies tab.For local testing, the following is required to simulate agentless agent:
Agentless
setup technology.To-do
Checklist
Delete any items that are not applicable to this PR.