[8.x] [Cloud Security] Agentless integration deletion flow (#191557) #194629
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. This PR is completes the deletion flow for Agentless CSPM. **Current Agentless Integraton deletion flow**: 1. Successfully delete integration policy 2. Successfully unenrolls agent from agent policy 3. Successfully revokes enrollment token 4. Successfully deletes agentless deployment 5. Successfully deletes agent policy 6. Successful notification shows when deleted integration policy is successful ## Agentless Agent API - Unenrolls agent and revokes token first to avoid 404 save object client error. - Update `is_managed` property to no longer check for `agentPolicy.supports_agentless`. Agentless policies will now be a regular policy. - Adds logging for DELETE agentless Agent API endpoint - Adds agentless API deleteendpoint using try & catch. No errors will be thrown. Agent status will become offline after deployment deletion - If agentless deployment api fails, then we will continue to delete the agent policy ## UI Changes **CSPM Integration** - Updates Agent Policy Error toast notification title - Updates Agent Policy Error toast notification message <img width="1612" alt="image" src="https://github.com/user-attachments/assets/0003ce04-c53c-4e11-8363-ddc25ba342a7"> **Edit Mode** - Adds back the Agentless selector in Edit Integration <img width="1316" alt="image" src="https://github.com/user-attachments/assets/0d2f20ce-32fc-421c-a15a-48ca6226b67f"> **Integration Policies Page** - Removes automatic navigation to agent policies page when deleting an integration. In 8.17, we have a ticket to [hide the agentless agent policies.](elastic/security-team#9857) - Enables delete button when deleting package policy with agents for agentless policies - Disables Upgrade Action - Removes Add Agent Action <img width="1717" alt="image" src="https://github.com/user-attachments/assets/1b7ac4c7-e8bc-41b8-836f-4d3c79a449dd"> <img width="670" alt="image" src="https://github.com/user-attachments/assets/0ab6a4c4-d7c6-43ea-9537-67e7fbcca2b0"> **Agent Policies Page** - Updates messaging when deleting the agentless policy from agent policy page. Warning users that deleting agentless policy will also delete the integration and unenroll agent. - Enables delete button when deleting agentless policy with agents for agentless policies - Removes Add agent menu action - Removes Upgrade policy menu action - Removes Uninstall agent action - Removes Copy policy menu action <img width="1595" alt="image" src="https://github.com/user-attachments/assets/2f195da2-4594-4f54-8f8d-7995e829a5ac"> <img width="1365" alt="image" src="https://github.com/user-attachments/assets/4915642d-41e8-4e83-80f9-f334cb879506"> **Agent Policy Settings** For agent policy that are agentless, we disabled the following [fleet actions:](https://www.elastic.co/guide/en/fleet/current/agent-policy.html#agent-policy-types) - Disables Agent monitoring - Disables Inactivity timeout - Disables Fleet Server - Disables Output for integrations - Disables Output for agent monitoring - Disables Agent binary download - Disables Host name format - Disables Inactive agent unenrollment timeout - Disables Advanced Settings - Limit CPU usage - Disables HTTP monitoring endpoint - Disables Agent Logging <img width="1569" alt="image" src="https://github.com/user-attachments/assets/2639be9f-ea10-4d42-b379-a13c4c2b08a1"> <img width="1517" alt="image" src="https://github.com/user-attachments/assets/ae6f3e10-8c2b-42fe-8f27-7e8621d373c0"> **Agents Page** - Disables Assign to Policy action - Disables Upgrade Policy action - Removes Unassign agent action - Removes agentless policies where user can add agent to agentless policy <img width="1710" alt="image" src="https://github.com/user-attachments/assets/61bf2d06-d337-45dd-8255-499db1e1ed42"> <img width="1723" alt="image" src="https://github.com/user-attachments/assets/cc76787f-d6a2-44fb-9289-7f1f643620ec"> ### How to test in Serverless Use vault access and open the security Project in [build ]([Buildkite Build](https://buildkite.com/elastic/kibana-pull-request/builds/234438)) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 6742f77)
1 task
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
💚 Build Succeeded
Metrics [docs]Async chunks
Page load bundle
To update your PR or re-run it, just comment with: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.x:Questions ?
Please refer to the Backport tool documentation