Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] add setup technology selector to add integration page #189612

Merged
merged 10 commits into from
Aug 2, 2024
Merged

[Fleet] add setup technology selector to add integration page #189612

merged 10 commits into from
Aug 2, 2024

Conversation

juliaElastic
Copy link
Contributor

@juliaElastic juliaElastic commented Jul 31, 2024
edited
Loading

Summary

Closes #183863

TODO refactor cspm integration so that the same setup technology selector is used as other packages
I might do this in a separate pr, it seems this pr also adds Beta badge to the cspm selector #189217

Note: in Serverless, currently the preconfigured agentless agent policy is being used for all agentless integrations. When Agentless API is supported in serverless, this code can be removed and serverless will work the same way as ESS. Related issue https://github.com/elastic/security-team/issues/9781

Open question:

Requirements completed:

  • Add a agentless/agent-based selector component when deployment_modes.agentless.enabled: true is set on a given policy template
  • Hide/show the "Select or create agent policy" UI based on the state of the agentless selector
  • Always create a new agent policy when saving an integration policy in agentless mode. This newly created policy should have supports_agentless: true set.
  • When deleting an agentless integration policy, the agentless agent policy should also be deleted
  • The toggle and agentless logic should still be gated behind the agentless feature flag in addition to the integration level configuration
  • Ensure that even if supports_agentless: true is set, the policy editor default to the current agent-based option and the toggle is set to agent-based
  • Ensure that the agentless option is clearly marked as beta, and display a beta banner in the policy editor form itself to reiterate this when agentless mode is enabled
  • Editing an agentless integration policy should not be possible. The "edit" action should be disabled with a tooltip directing the user to instead create a new integration policy and delete the existing one.

Steps to verify locally (ESS):

  • Add to kibana.dev.yml:
xpack.fleet.enableExperimental: ['agentless'] 
xpack.fleet.agentless.api.url: 'https://api.agentless.url/api/v1/ess'
xpack.fleet.agentless.api.tls.certificate: './config/node.crt'
xpack.fleet.agentless.api.tls.key: './config/node.key'
xpack.fleet.agentless.api.tls.ca: './config/ca.crt'
xpack.cloud.id: '123456789'

curl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/julia/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_test_package-0.0.1.zip

Verify Agent-based option:

  • Go to Add integration - Agentless test package
  • Setup technology selector should be visible, Agent-based option selected by default
  • New/Existing agent policy selection should be visible
  • On submitting, the Agentless test package integration policy should be created with the selected agent policies as normal
  • Edit integration should be enabled as normal
image image

Verify Agentless option:

  • To verify the agentless option, add another integration
  • Select Agentless option in the selector
  • New/Existing agent policy selection should be hidden
  • On submitting, the Agentless test package integration policy should be created with a new managed agent policy
    Note: locally the agentless API won't work, comment out this line to test https://github.com/elastic/kibana/blob/main/x-pack/plugins/fleet/server/services/agent_policy_create.ts#L178
  • Edit integration should be disabled
  • Delete integration action should be enabled, when clicking it, the agent policy should be deleted too, navigating back to the list of agent policies
image image image image image

Checklist

@juliaElastic juliaElastic added release_note:enhancement ci:cloud-deploy Create or update a Cloud deployment labels Jul 31, 2024
@juliaElastic juliaElastic self-assigned this Jul 31, 2024
@obltmachine
Copy link

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@juliaElastic
Copy link
Contributor Author

/ci

@juliaElastic
Copy link
Contributor Author

/ci

@juliaElastic
Copy link
Contributor Author

/ci

@juliaElastic juliaElastic marked this pull request as ready for review July 31, 2024 12:05
@juliaElastic juliaElastic requested review from a team as code owners July 31, 2024 12:05
@kpollich
Copy link
Member

@kilfoyle - Could you help with a quick check of the text here 🙏

@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Jul 31, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@kilfoyle
Copy link
Contributor

This looks great! I added a couple of small suggestions for the UI text.

juliaElastic and others added 4 commits July 31, 2024 16:05
@juliaElastic @kilfoyle
Update x-pack/plugins/fleet/public/applications/fleet/sections/agent_…
6ac27e6 
…policy/create_package_policy_page/single_page_layout/components/setup_technology_selector.tsx

Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
@juliaElastic @kilfoyle
Update x-pack/plugins/fleet/public/applications/fleet/sections/agent_…
e0eab06 
…policy/details_page/components/package_policies/package_policies_table.tsx

Co-authored-by: David Kilfoyle <41695641+kilfoyle@users.noreply.github.com>
@juliaElastic
added tests
d638b03
@juliaElastic
fix test, rename tittles
864a245
@juliaElastic juliaElastic removed the ci:cloud-deploy Create or update a Cloud deployment label Jul 31, 2024
@juliaElastic
Copy link
Contributor Author

Tried to test in kibana pr deployment, but it seems the agentless url is not set there (tried to enable the feature flag, but still the agentless selector is not showing up).

@kpollich
Copy link
Member

Tried to test in kibana pr deployment, but it seems the agentless url is not set there (tried to enable the feature flag, but still the agentless selector is not showing up).

Agentless is only supported in serverless deployments for now, so ESS deployments won't be able to set up agentless.

@seanrathier
Copy link
Contributor

seanrathier commented Jul 31, 2024
edited
Loading

Looks good, I have a comment and a question.

I am glad you have not moved the CSP plugin's SetupTechnology selector because we still have some ongoing work with that and we may migrate that later.

I also have a PR to add the Beta badge and default the selected value of the SetupTechnology to Agent-based. Are you doing the same? I saw some similar code changes in the setup_technology hook and I thought you were but it was not in the requirements.

@seanrathier
Copy link
Contributor

Tried to test in kibana pr deployment, but it seems the agentless url is not set there (tried to enable the feature flag, but still the agentless selector is not showing up).

@juliaElastic If you deploy this to one of our Cloud First test environments and you use your @elastic.co account you can bypass the allow-deny list and edit the configurations to enable agentless in ESS

@juliaElastic
Copy link
Contributor Author

juliaElastic commented Aug 1, 2024
edited
Loading

I also have ahttps://github.com//pull/189217 and default the selected value of the SetupTechnology to Agent-based. Are you doing the same? I saw some similar code changes in the setup_technology hook and I thought you were but it was not in the requirements.

Yes, made that changes, it's in the description. We can unify the selector component with the one in cspm plugin later.

  • Ensure that even if supports_agentless: true is set, the policy editor default to the current agent-based option and the toggle is set to agent-based
  • Ensure that the agentless option is clearly marked as beta, and display a beta banner in the policy editor form itself to reiterate this when agentless mode is enabled

criamico
criamico approved these changes Aug 2, 2024
View reviewed changes
Copy link
Contributor

@criamico criamico left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, left just a small comment.

x-pack/plugins/fleet/public/components/package_policy_actions_menu.tsx Outdated Show resolved Hide resolved
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
fleet 1208 1209 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
fleet 1.8MB 1.8MB +3.3KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @juliaElastic

@juliaElastic juliaElastic merged commit e67b460 into elastic:main Aug 2, 2024
25 checks passed
@kibanamachine kibanamachine added v8.16.0 backport:skip This commit does not require backporting labels Aug 2, 2024
This was referenced Aug 6, 2024
Open
Merged
juliaElastic added a commit that referenced this pull request Aug 14, 2024
@juliaElastic
[Fleet] hide changing agent policies when editing agentless integrati…
9cb49ea 
…on policy (#190391)

## Summary

Related to #183863

Follow up from
#189934 (comment)

Since the edit integration was re-enabled for agentless integration
policies, we have to make sure to hide the agent policy change option
when editing an agentless policy. This pr addresses that.

To verify:
- add CSPM integration with agentless setup technology
- edit the integration policy
- verify that the agent policies can't be modified
- upload another agentless package (instruction
[here](#189612))
- add Agentless integration with setup technology agentless
- edit the integration policly
- verify that the agent policies can't be modified

<img width="1526" alt="image"
src="https://github.com/user-attachments/assets/557cc6d4-37e7-43f6-b52a-3d5f4c073e1c">
<img width="1524" alt="image"
src="https://github.com/user-attachments/assets/e890efa8-4faf-4608-9228-32debadb895a">


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
@juliaElastic juliaElastic mentioned this pull request Aug 28, 2024
Merged
juliaElastic added a commit that referenced this pull request Aug 29, 2024
@juliaElastic
[Fleet] add back monitoring for agentless policies (#191635)
2678101 
Added back agent monitoring on agentless policies as requested. It was
incorrectly removed in #189612
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kilfoyle kilfoyle kilfoyle left review comments

@criamico criamico criamico approved these changes

Assignees

@juliaElastic juliaElastic

Labels
backport:skip This commit does not require backporting release_note:enhancement Team:Fleet Team label for Observability Data Collection Fleet team v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Fleet] Finalize generic support for agentless integration policies in Fleet policy editor
9 participants
@juliaElastic @obltmachine @kpollich @elasticmachine @kilfoyle @seanrathier @kibana-ci @criamico @kibanamachine