-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for integration deployment mode agentless to include identity fields #801
Add support for integration deployment mode agentless to include identity fields #801
Conversation
spec/integration/manifest.spec.yml
Outdated
required: | ||
- organization | ||
- division | ||
- team |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Setting these new fields as required may break existing packages using agentless
, do we have any?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not at them moment, and not even the CSPM integration. AFAIK there are some integrations like Okta and Cloud Connector that want to use this setting.
@eyalkraft can you confirm?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The search connectors integration is already merged
The Okta one is on hold
@jsoriano How could we still make these fields required? Can the integrations be updated first? Or could we provide a default value?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How could we still make these fields required? Can the integrations be updated first? Or could we provide a default value?
We cannot update the integrations first because the field is not allowed yet. We have two options:
- We add the fields as now, but we make them mandatory only for packages using spec >= 3.2.3. Then integrations can add the fields, but they are only required on newer versions of the spec. This would be the less "breaking" approach, but we can have packages with older versions of the spec and without these fields, what would need to be handled by agentless code.
- We make the breaking change, so these fields are required. Then when updating the package-spec in the integrations repository, we need to add the fields where they are missing. This option is more "breaking", but probably better in the long term, but we need to know what fields to use when updating the package-spec.
Regarding default fields, we can add a default to the spec as documentation, but its implementation depends on whatever reads these settings, defaults are not enforced by the spec.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jsoriano, I had an offline conversation with @eyalkraft, we decided to change all 3 integrations that have or will have the depoyment_mode
attribute.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM if we are fine with the path of making this a breaking change (see #801 (comment)).
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: eyalkraft <63912106+eyalkraft@users.noreply.github.com>
test/packages/bad_deployment_mode_without_identities/manifest.yml
Outdated
Show resolved
Hide resolved
test/packages/bad_deployment_mode_without_identities/manifest.yml
Outdated
Show resolved
Hide resolved
💚 Build Succeeded
History
cc @seanrathier |
What does this PR do?
We would like to have additional fields required to be populated in an integration package when the deployment_mode agentless is enabled. These fields are to identify the organization, division, and team responsible for the integration.
Why is it important?
This information will be used to tag the agentless agent deployed in MKI so that we know who to contact when support is needed and for the teams to monitor their agentless agents.
Checklist
test/packages
that prove my change is effective.spec/changelog.yml
.Related issues