[Fleet] Update Fleet UI to handle agentless integrations + policies #180375
Comments
kpollich
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
Does that mean that we want to install all the integration policies that have The way I pictured it is:
@kpollich does it makes sense to you? |
Yep this is exactly what I had in mind as well. For now, the only policy that will exist with |
|
cc @eyalkraft @olegsu to make sure I'm not misrepresenting anything above ☝️ |
Sounds good, that means that for now we're keeping the hardcoded id check here: Also, in the parent issue there is this task
I assume that this flag would be |
|
Yep - that's a typo good catch. Should be |
Correct me if I'm wrong, but we plan to drop the hard-coded One of these things is to stop using the hard-coded @olegsu keep me honest here |
|
The @maxcold please correct me if I am wrong: We actively working to introduce Agentless API (proposal draft) to support the creation of Agentless resources on demand, this will help us to reduce the cost and solve scalability issues. Once the API is deployed, the assumption to show/hide the selector will not work. Kibana needs first to create the policy and then call Agentless API with details. Questions |
@oleg @kfirpeled since I merged the PR adding the support for For this, what we need to do currently in Fleet UI is the following:
Regarding the support to multiple policies: Until the Agentless API are not ready we need to defined the flow for the creation of multiple policies from kibana. |
@criamico it would be great. If am not mistaken, Kibana won't migrate existing policies to have the new property |
I'm trying to clarify how this property should work in Fleet UI. Is it supposed to work like a visibility option for the whole policy template? i.e. a sample integration with following policy templates Then the policy template should visible in |
No I think the policy template fields should all be visible in each mode, but if Right now I think this is a UI Extension, which is probably fine to keep for now: The component itself lives in the CSP plugin, e.g. So I think what we'd need to do is detect whether the current integration has the agentless deployment, then render this UI if that is the case. |
Closes #180375 ## Summary Expand support for Agentless in Fleet UI. Implemented on this PR: - Agent policies created with `supports_agentless` (added in #182709) are now marked as `is_managed` - Added support for `deployment_modes.agentless.enabled` and `hide_in_deployment_modes` introduced with elastic/package-spec#684: - `hide_in_deployment_modes` shows/hides variables in agentless/default UI - `deployment_modes.agentless.enabled: true` determines an integration as enabled for agentless ## Notes - In this PR, an integration enabled for serverless is still added to the default `agentless` policy. - Integrations enabled for agentless don't display any specific "agentless" form yet. That part is TBD ### Testing - Run local env for [agentless](https://docs.elastic.dev/security-solution/cloud-security/agentless) ### Verify that new settings are honoured in integration policy - Use the compiled package with new properties defined in elastic/package-spec#738 `agentless_test_package-1.0.1-rc1.zip` (Packages in this [comment](#183045 (comment))) - Upload it to Kibana: ```sh curl -k -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' https://localhost:5601/api/fleet/epm/packages -u elastic_serverless:changeme --data-binary @agentless_test_package-0.0.1.zip ``` - Check that the variable marked with `hide_in_deployment_modes: "agentless"` are not visible - Check that the agent policies selector is not visible  ### Verify that agent policies with `supports_agentless` are marked as managed - Create a new policy with `supports_agentless` ``` POST kbn:/api/fleet/agent_policies { "name": "Test - Agentless policy", "namespace": "default", "supports_agentless": true } ``` - Check that the created policy has `is_managed = true` - Try to change the value to false - an error is thrown ``` PUT kbn:/api/fleet/agent_policies/<policy_id> { "name": "Test - Agentless policy", "namespace": "default", "supports_agentless": false } ``` ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <[email protected]>
Blocked by elastic/package-spec#684
Today, the Cloud Security Posture Management (CSPM) integration supports agentless deployment through some hardcoded code paths, e.g.
kibana/x-pack/plugins/fleet/common/constants/agent_policy.ts
Line 39 in 6348ab3
kibana/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts
Lines 17 to 29 in f7ebd29
These hardcoded checks need to be replaced with dynamic ones based on the above changes made to package-spec/integration. When creating an integration policy, we need to check whether the selected policy template has
deployment_modes.agentless.enabledset totrue. If a policy template supports agentless, we should show the "setup technology" selector UI that the cloud security team has built for CSPM today.This logic can assume there will be a single
agentlessagent policy onto which these integration policies should be installed. When installing an agentless integration, the agent policy selector UI should not appear at all.We'll also need to honor the
hide_in_deployment_modesproperty for variables in order to hide/show certain variables in either the agentless or default UI.Implementation
deployment_modes.agentless.enabledvalueagentlesspolicy when savedhide_in_deployment_modessetting for variables that are explicitly hidden/shown in either the default or agentless UIThe text was updated successfully, but these errors were encountered: