Elastic connector integration

[jedrazb]

Proposed commit message

Initial implementation of the package for the connectors service, running exclusively in agentless mode. The package supports ~ 30 connector types (e.g., Google Drive, SharePoint, MongoDB), each syncing data to an ES index. We have a policy_template per connector type, so that we have a unique tiles displayed the integrations UI. This PR just adds support for Google Drive and Github Connectors.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
  • This component doesn't produce any datastreams (the logs are collected via "System" integration) do we need to document it here?
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Author's Checklist

• Verified policy locally with WIP connectors running in agent (custom docker image)

How to test this PR locally

• Reach out to @jedrazb (@jedr.blaszyk on Slack) I have doc with all the steps to get this running locally, not linking here since it's public repo

Related issues

Screenshots

[seanstory]

LGTM from the Search side. Two small comments.

[seanstory]

CC @danajuratoni - I expect we actually want this platinum+, but since it'll only be accessible through Agentless (cloud and serverless) maybe this doesn't matter?

[jedrazb]

@seanstory This should be standard (I confirmed with Dana). Looking at integration manifest only 4 options are supported in enum: basic, gold, platinum and enterprise. So I think in such a case: basic == standard?

[danajuratoni]

I expect we actually want this platinum+, but since it'll only be accessible through Agentless (cloud and serverless) maybe this doesn't matter?

This is a great place to get our wires crossed, so I'd like to double check:

• licensing for Elastic managed connectors (i.e. Agentless connectors) should remain unchanged. This means Standard on Elastic Cloud hosted.
• licensing for connectors on Agent (i.e. self-managed connectors via Agent) is not part of 9.0, but should be equivalent to self-managed connector clients. This would mean likely Platinum+ for self-managed connectors via Agent, final decision to be made in the future / if and when we'll add support.

[jedrazb]

The approach we took makes it hard if not impossible for users to run this on agent so I wouldn't worry about the self-managed agent case. But I'm following up on this thread.

[seanstory]

"standard" == "platinum" IIRC. Standard is our lowest tier in cloud, but it's still a paid tier, to it's higher than basic.

[jedrazb]

🤯 Good point, Sean. We need to verify that the cloud standard license is included if we enforce platinum in the integration definition.

[jedrazb]

Setting the Kibana version restriction to 9+ is causing a Buildkite error. I’m thinking we need to point it to an existing version instead

Error response from daemon: manifest for docker.elastic.co/kibana/kibana:9.0.0 not found: manifest unknown: manifest unknown
--
  | Error: booting up the stack failed: running docker-compose failed: running command failed: running Docker Compose up command failed: exit status 18: manifest for docker.elastic.co/kibana/kibana:9.0.0 not found: manifest

[kfirpeled]

pay attention a user will be able to enable more than one input using the high-level tile.

Correct me if I'm wrong @jsoriano but there's no way to validate there's only one input in use, correct?

[seanstory]

Is there actually a way for us to hide/disable this high-level tile? Since we really only want one input at a time, only the lower-level tiles really make sense for us.

[kfirpeled]

not that I know of
with CSPM integration the top-level tier doesn't serve our use case either. When we thought of enabling such capability we noticed that in the fleet, the top-level tier is used in multiple flows, so it seemed like a big change at the time to address. We ended up having a custom UI component instead.

[seanstory]

We ended up having a custom UI component instead.

Can you elaborate?

[kfirpeled]

nit: going forward it is recommended to have screenshots per policy_template

[eyalkraft]

FYI we'll soon require some owner tags as part of this section.
It's not yet part of the spec but you can follow here to add it when it'll be added to the spec:

• [Change Proposal] When the deployment_mode agentless is enabled we want the package to have additional fields populated. package-spec#795

[seanstory]

I assume this won't block us from merging, will just be something we need to add to a todo list?

[seanstory]

buildkite test this

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 0598b01

History

• 💔 Build #15777 failed 0598b01
• 💔 Build #15704 failed 79843ac
• 💔 Build #15695 failed 4f587d5
• 💔 Build #15529 failed 3168a8e
• 💚 Build #15460 succeeded a4510a7
• 💔 Build #15084 failed 8629309

[elastic-sonarqube]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

[seanstory]

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

Can I ignore this? Looks like the PR would let me merge as is, but I don't want to skip something I shouldn't

[seanstory]

Forgiveness over permission 🤞

[elasticmachine]

Package elastic_connectors - 0.0.1 containing this change is available at https://epr.elastic.co/search?package=elastic_connectors