Skip to content

[Fleet] Update Fleet UI to handle agentless integrations + policies #180375

New issue
New issue
Closed
#183045
Closed
[Fleet] Update Fleet UI to handle agentless integrations + policies#180375
#183045

Description

@kpollich

kpollich
openedon Apr 9, 2024

Blocked by elastic/package-spec#684

Today, the Cloud Security Posture Management (CSPM) integration supports agentless deployment through some hardcoded code paths, e.g.

kibana/x-pack/plugins/fleet/common/constants/agent_policy.ts

Line 39 in 6348ab3

export const AGENTLESS_POLICY_ID = 'agentless'; // the policy id defined here: https://github.com/elastic/project-controller/blob/main/internal/project/security/security_kibana_config.go#L86

kibana/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts

Lines 17 to 29 in f7ebd29

export const useAgentlessPolicy = () => {
const { agentless: agentlessExperimentalFeatureEnabled } = ExperimentalFeaturesService.get();
const { cloud } = useStartServices();
const isServerless = !!cloud?.isServerlessEnabled;
const isAgentlessEnabled = agentlessExperimentalFeatureEnabled && isServerless;
const isAgentlessPolicyId = (id: string) => isAgentlessEnabled && id === AGENTLESS_POLICY_ID;
return {
isAgentlessEnabled,
isAgentlessPolicyId,
};
};

These hardcoded checks need to be replaced with dynamic ones based on the above changes made to package-spec/integration. When creating an integration policy, we need to check whether the selected policy template has deployment_modes.agentless.enabled set to true. If a policy template supports agentless, we should show the "setup technology" selector UI that the cloud security team has built for CSPM today.

This logic can assume there will be a single agentless agent policy onto which these integration policies should be installed. When installing an agentless integration, the agent policy selector UI should not appear at all.

We'll also need to honor the hide_in_deployment_modes property for variables in order to hide/show certain variables in either the agentless or default UI.

Implementation

  • Replace hardcoded checks for agentless support with dynamic ones based on policy template's deployment_modes.agentless.enabled value
  • Ensure agentless integration policies are created on the hardcoded agentless policy when saved
  • Honor hide_in_deployment_modes setting for variables that are explicitly hidden/shown in either the default or agentless UI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

Labels

Team:FleetTeam label for Observability Data Collection Fleet team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions