Enable the Cloud Security Posture Kibana plugin

internal/profile/_static/kibana_config_80.yml

@@ -0,0 +1,46 @@
+server.name: kibana
+server.host: "0.0.0.0"
+
+elasticsearch.hosts: [ "http://elasticsearch:9200" ]
+elasticsearch.serviceAccountToken: "AAEAAWVsYXN0aWMva2liYW5hL2VsYXN0aWMtcGFja2FnZS1raWJhbmEtdG9rZW46b2x4b051SWNRa0tYMHdXazdLWmFBdw"
+
+monitoring.ui.container.elasticsearch.enabled: true
+
+xpack.fleet.registryUrl: "http://package-registry:8080"
+xpack.fleet.agents.enabled: true
+xpack.fleet.agents.elasticsearch.hosts: ["http://elasticsearch:9200"]
+xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"]
+
+xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012"
+
+xpack.fleet.packages:
+  - name: system
+    version: latest
+  - name: elastic_agent
+    version: latest
+  - name: fleet_server
+    version: latest
+xpack.fleet.agentPolicies:
+  - name: Elastic-Agent (elastic-package)
+    id: elastic-agent-managed-ep
+    is_default: true
+    is_managed: false
+    namespace: default
+    monitoring_enabled:
+      - logs
+      - metrics
+    package_policies:
+      - name: system-1
+        id: default-system
+        package:
+          name: system
+  - name: Fleet Server (elastic-package)
+    id: fleet-server-policy
+    is_default_fleet_server: true
+    is_managed: false
+    namespace: default
+    package_policies:
+      - name: fleet_server-1
+        id: default-fleet-server
+        package:
+          name: fleet_server

internal/profile/_static/kibana_config_8x.yml

@@ -13,6 +13,8 @@ xpack.fleet.agents.fleet_server.hosts: ["http://fleet-server:8220"]
 
 xpack.encryptedSavedObjects.encryptionKey: "12345678901234567890123456789012"
 
+xpack.cloudSecurityPosture.enabled: true
+
 xpack.fleet.packages:
   - name: system
     version: latest

internal/profile/profile.go

@@ -38,10 +38,13 @@ type configFile string
 var managedProfileFiles = map[configFile]NewConfig{
 	ElasticAgentDefaultEnvFile:     newElasticAgentDefaultEnv,
 	ElasticAgent8xEnvFile:          newElasticAgent8xEnv,
+	ElasticAgent80EnvFile:          newElasticAgent80Env,
 	ElasticsearchConfigDefaultFile: newElasticsearchConfigDefault,
 	ElasticsearchConfig8xFile:      newElasticsearchConfig8x,
+	ElasticsearchConfig80File:      newElasticsearchConfig80,
 	KibanaConfigDefaultFile:        newKibanaConfigDefault,
 	KibanaConfig8xFile:             newKibanaConfig8x,
+	KibanaConfig80File:             newKibanaConfig80,
 	PackageRegistryDockerfileFile:  newPackageRegistryDockerfile,
 	PackageRegistryConfigFile:      newPackageRegistryConfig,
 	SnapshotFile:                   newSnapshotFile,

internal/profile/static.go

@@ -53,6 +53,20 @@ func newKibanaConfig8x(_ string, profilePath string) (*simpleFile, error) {
 	}, nil
 }
 
+// KibanaConfig80File is the Kibana config file for 8.0 stack family (8.0 to 8.1)
+const KibanaConfig80File configFile = "kibana.config.80.yml"
+
+//go:embed _static/kibana_config_80.yml
+var kibanaConfig80Yml string
+
+func newKibanaConfig80(_ string, profilePath string) (*simpleFile, error) {
+	return &simpleFile{
+		name: string(KibanaConfig80File),
+		path: filepath.Join(profilePath, profileStackPath, string(KibanaConfig80File)),
+		body: kibanaConfig80Yml,
+	}, nil
+}
+
 // ElasticsearchConfigDefaultFile is the default Elasticsearch config file
 const ElasticsearchConfigDefaultFile configFile = "elasticsearch.config.default.yml"
 
@@ -81,6 +95,18 @@ func newElasticsearchConfig8x(_ string, profilePath string) (*simpleFile, error)
 	}, nil
 }
 
+// ElasticsearchConfig80File is the Elasticsearch virtual config file name for 8.0 stack family (8.0 to 8.1)
+// This file does not exist in the source code, since it's identical to the 8x config file.
+const ElasticsearchConfig80File configFile = "elasticsearch.config.80.yml"
+
+func newElasticsearchConfig80(_ string, profilePath string) (*simpleFile, error) {
+	return &simpleFile{
+		name: string(ElasticsearchConfig80File),
+		path: filepath.Join(profilePath, profileStackPath, string(ElasticsearchConfig80File)),
+		body: elasticsearchConfig8xYml,
+	}, nil
+}
+
 // PackageRegistryConfigFile is the config file for the Elastic Package registry
 const PackageRegistryConfigFile configFile = "package-registry.config.yml"
 
@@ -117,6 +143,18 @@ func newPackageRegistryDockerfile(_ string, profilePath string) (*simpleFile, er
 	}, nil
 }
 
+// ElasticAgent80EnvFile is the .env for the 8.0 stack.
+// This file does not exist in the source code, since it's identical to the 8x env file.
+const ElasticAgent80EnvFile configFile = "elastic-agent.80.env"
+
+func newElasticAgent80Env(_ string, profilePath string) (*simpleFile, error) {
+	return &simpleFile{
+		name: string(ElasticAgent80EnvFile),
+		path: filepath.Join(profilePath, profileStackPath, string(ElasticAgent80EnvFile)),
+		body: elasticAgent8xEnv,
+	}, nil
+}
+
 // ElasticAgent8xEnvFile is the .env for the 8x stack.
 const ElasticAgent8xEnvFile configFile = "elastic-agent.8x.env"
 

internal/stack/variants.go

@@ -10,15 +10,19 @@ import (
 )
 
 // stackVariantAsEnv function returns a stack variant based on the given stack version.
-// We identified two variants:
+// We identified three variants:
 // * default, covers all of 7.x branches
-// * 8x, supports different configuration options in Kibana
+// * 80, covers stack versions 8.0.0 to 8.1.x
+// * 8x, supports different configuration options in Kibana, covers stack versions 8.2.0+
 func stackVariantAsEnv(version string) string {
 	return fmt.Sprintf("STACK_VERSION_VARIANT=%s", selectStackVersion(version))
 }
 
 func selectStackVersion(version string) string {
 	if strings.HasPrefix(version, "8.") {
+		if len(version) > 2 && (int(version[2])-'0') < 2 {
+			return "80"
+		}
 		return "8x"
 	}
 	return "default"

internal/stack/variants_test.go

@@ -0,0 +1,59 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package stack
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSelectStackVersion_NoVersion(t *testing.T) {
+	var version string
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "default")
+}
+
+func TestSelectStackVersion_OlderStack(t *testing.T) {
+	version := "7.14.99-SNAPSHOT"
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "default")
+}
+
+func TestSelectStackVersion_80(t *testing.T) {
+	version := "8.0.33"
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "80")
+}
+
+func TestSelectStackVersion_81(t *testing.T) {
+	version := "8.1.99-SNAPSHOT"
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "80")
+}
+
+func TestSelectStackVersion_82(t *testing.T) {
+	version := "8.2.3"
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "8x")
+}
+
+func TestSelectStackVersion_82plus(t *testing.T) {
+	version := "8.5.0-SNAPSHOT"
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "8x")
+}
+
+func TestSelectStackVersion_8dot(t *testing.T) {
+	version := "8."
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "8x")
+}
+
+func TestSelectStackVersion_8(t *testing.T) {
+	version := "8"
+	selected := selectStackVersion(version)
+	assert.Equal(t, selected, "default")
+}