Add support for integration deployment mode agentless to include identity fields #801
Conversation
seanrathier
changed the title
spec/integration/manifest.spec.yml
Outdated
| required: | ||
| - organization | ||
| - division | ||
| - team |
There was a problem hiding this comment.
Setting these new fields as required may break existing packages using agentless, do we have any?
There was a problem hiding this comment.
Not at them moment, and not even the CSPM integration. AFAIK there are some integrations like Okta and Cloud Connector that want to use this setting.
@eyalkraft can you confirm?
There was a problem hiding this comment.
The search connectors integration is already merged
The Okta one is on hold
@jsoriano How could we still make these fields required? Can the integrations be updated first? Or could we provide a default value?
There was a problem hiding this comment.
How could we still make these fields required? Can the integrations be updated first? Or could we provide a default value?
We cannot update the integrations first because the field is not allowed yet. We have two options:
- We add the fields as now, but we make them mandatory only for packages using spec >= 3.2.3. Then integrations can add the fields, but they are only required on newer versions of the spec. This would be the less "breaking" approach, but we can have packages with older versions of the spec and without these fields, what would need to be handled by agentless code.
- We make the breaking change, so these fields are required. Then when updating the package-spec in the integrations repository, we need to add the fields where they are missing. This option is more "breaking", but probably better in the long term, but we need to know what fields to use when updating the package-spec.
Regarding default fields, we can add a default to the spec as documentation, but its implementation depends on whatever reads these settings, defaults are not enforced by the spec.
There was a problem hiding this comment.
@jsoriano, I had an offline conversation with @eyalkraft, we decided to change all 3 integrations that have or will have the depoyment_mode attribute.
There was a problem hiding this comment.
LGTM if we are fine with the path of making this a breaking change (see #801 (comment)).
Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>
Co-authored-by: eyalkraft <63912106+eyalkraft@users.noreply.github.com>
test/packages/bad_deployment_mode_without_identities/manifest.yml
Outdated
Show resolved
Hide resolved
test/packages/bad_deployment_mode_without_identities/manifest.yml
Outdated
Show resolved
Hide resolved
💚 Build Succeeded
History
cc @seanrathier |
jsoriano
deleted the
10448-update-package-spec-to-contain-owner-for-deployment-mode-agentless
branch
What does this PR do?
We would like to have additional fields required to be populated in an integration package when the deployment_mode agentless is enabled. These fields are to identify the organization, division, and team responsible for the integration.
Why is it important?
This information will be used to tag the agentless agent deployed in MKI so that we know who to contact when support is needed and for the teams to monitor their agentless agents.
Checklist
test/packagesthat prove my change is effective.spec/changelog.yml.Related issues