[Fleet] Disallow some egress-specific inputs for agentless integrations #206074
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
criamico
added
Team:Fleet
criamico
commented
Jan 15, 2025
| @@ -291,6 +311,41 @@ export function useOnSubmit({ | |||
| } | |||
| }, [packagePolicy, agentPolicies, updatePackagePolicy, canUseMultipleAgentPolicies]); | |||
|
|
|||
| const { handleSetupTechnologyChange, selectedSetupTechnology } = useSetupTechnology({ | |||
There was a problem hiding this comment.
I moved the useSetupTechnology inside the main hook, it was outside and was causing unexpected behaviours with state updates.
|
Pinging @elastic/fleet (Team:Fleet) |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
The UI works fine, I am seeing something strange when trying to update an existing package policy with the API, changing |
@juliaElastic I think that this happens only when using the "simplified" handler, as it uses defaults to create the policy. If you notice, it gives back the "expected" values, but as you said it doesn't really fail validation. I'll take a look on how to do it. |
juliaElastic
approved these changes
Jan 17, 2025
criamico
added
the
ci:project-deploy-security
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
Page load bundle
History
cc @criamico |
seanrathier
approved these changes
Jan 22, 2025
| @@ -44,7 +44,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { | |||
| mockApiServer.close(); | |||
| }); | |||
|
|
|||
| describe('Agentless CIS_GCP Single Account Launch Cloud shell', () => { | |||
| describe.skip('Agentless CIS_GCP Single Account Launch Cloud shell', () => { | |||
There was a problem hiding this comment.
There was a problem hiding this comment.
No problem, I tried running the FTRs by changing the version of the CSPM integration, but it still failed.
| @@ -61,7 +61,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { | |||
| }); | |||
| }); | |||
|
|
|||
| describe('Agentless CIS_GCP ORG Account Launch Cloud Shell', () => { | |||
| describe.skip('Agentless CIS_GCP ORG Account Launch Cloud Shell', () => { | |||
There was a problem hiding this comment.
criamico
added
v8.18.0
backport:prev-minor
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/12912546497 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
criamico
added a commit
that referenced
this pull request
Jan 23, 2025
…grations (#206074) (#208004) # Backport This will backport the following commits from `main` to `8.x`: - [[Fleet] Disallow some egress-specific inputs for agentless integrations (#206074)](#206074) <!--- Backport version: 9.6.4 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Cristina Amico","email":"criamico@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-01-22T16:21:54Z","message":"[Fleet] Disallow some egress-specific inputs for agentless integrations (#206074)\n\nCloses https://github.com/elastic/kibana/issues/202091\r\n\r\n## Summary\r\n\r\nDisallow some egress-specific inputs for agentless integrations. \r\n- In the policy editor, when Setup technology dropdown is set to\r\nAgentless, hide the rendering of configuration for inputs that have type\r\nmatching the blocklist and ensure that these inputs are set to `enabled:\r\nfalse`\r\n- `tcp, udp, winlog, http_endpoint, filestream` should be disabled when\r\n`supports_agentless: true`\r\n- At the API level, throw an error if attempting to enable a disallowed\r\ninput type\r\n\r\n\r\n### Testing\r\nSimulate agentless env with following setup in `kibana.dev.yml`:\r\n```\r\nxpack.cloud.id: 'anything-to-pass-cloud-validation-checks'\r\nxpack.fleet.agentless.enabled: true\r\nxpack.fleet.agentless.api.url: 'https://localhost:8443'\r\nxpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt'\r\nxpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key'\r\nxpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt'\r\n```\r\n-Apply [this\r\npatch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4)\r\nto prevent attempt to create agentless pod (the agentless policy\r\ncreation fails without the patch)\r\n- Install the following test integration, that has a bunch of different\r\ninputs to simulate this specific case and is enabled for agentless (it\r\nshows the setup technology as well)\r\n\r\n[agentless_package_links-0.0.2.zip](https://github.com/user-attachments/files/18425895/agentless_package_links-0.0.2.zip)\r\n\r\n```\r\ncurl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOUR_PATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.2.zip\r\n```\r\n- Navigate to the integrations page, find the above integration and test\r\nthat switching between agent-based/agentless the enabled inputs change\r\nas follows:\r\n\r\n<img width=\"1288\" alt=\"Screenshot 2025-01-15 at 15 30 28\"\r\nsrc=\"https://github.com/user-attachments/assets/6abd45d7-1bd8-465a-af29-4c34940b32e3\"\r\n/>\r\n<img width=\"1072\" alt=\"Screenshot 2025-01-15 at 15 31 18\"\r\nsrc=\"https://github.com/user-attachments/assets/6957562f-08a6-403a-8725-1a654e443537\"\r\n/>\r\n\r\n\r\n- Verify that the preview flyout has the correct inputs based on the\r\nselected deployment mode\r\n\r\n<img width=\"863\" alt=\"Screenshot 2025-01-15 at 15 32 19\"\r\nsrc=\"https://github.com/user-attachments/assets/ceca1f5d-249c-4ee1-9295-6f01ae21fdb4\"\r\n/>\r\n<img width=\"862\" alt=\"Screenshot 2025-01-15 at 15 33 33\"\r\nsrc=\"https://github.com/user-attachments/assets/f43562d7-633e-4f0a-bfc1-19e89aef7659\"\r\n/>\r\n\r\n\r\n- Verify that the api throws an error when attempting to enable any of\r\nthe disallowed types\r\n<img width=\"1774\" alt=\"Screenshot 2025-01-15 at 15 36 03\"\r\nsrc=\"https://github.com/user-attachments/assets/2b4d24a3-5adc-4ab2-bbad-83b44d348763\"\r\n/>\r\n\r\n\r\n\r\n### Checklist\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"59e81ee2be5b8b9082dfc9ac06898cbe6cc8e011","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","backport:prev-minor","ci:project-deploy-security","v8.18.0"],"title":"[Fleet] Disallow some egress-specific inputs for agentless integrations","number":206074,"url":"https://github.com/elastic/kibana/pull/206074","mergeCommit":{"message":"[Fleet] Disallow some egress-specific inputs for agentless integrations (#206074)\n\nCloses https://github.com/elastic/kibana/issues/202091\r\n\r\n## Summary\r\n\r\nDisallow some egress-specific inputs for agentless integrations. \r\n- In the policy editor, when Setup technology dropdown is set to\r\nAgentless, hide the rendering of configuration for inputs that have type\r\nmatching the blocklist and ensure that these inputs are set to `enabled:\r\nfalse`\r\n- `tcp, udp, winlog, http_endpoint, filestream` should be disabled when\r\n`supports_agentless: true`\r\n- At the API level, throw an error if attempting to enable a disallowed\r\ninput type\r\n\r\n\r\n### Testing\r\nSimulate agentless env with following setup in `kibana.dev.yml`:\r\n```\r\nxpack.cloud.id: 'anything-to-pass-cloud-validation-checks'\r\nxpack.fleet.agentless.enabled: true\r\nxpack.fleet.agentless.api.url: 'https://localhost:8443'\r\nxpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt'\r\nxpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key'\r\nxpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt'\r\n```\r\n-Apply [this\r\npatch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4)\r\nto prevent attempt to create agentless pod (the agentless policy\r\ncreation fails without the patch)\r\n- Install the following test integration, that has a bunch of different\r\ninputs to simulate this specific case and is enabled for agentless (it\r\nshows the setup technology as well)\r\n\r\n[agentless_package_links-0.0.2.zip](https://github.com/user-attachments/files/18425895/agentless_package_links-0.0.2.zip)\r\n\r\n```\r\ncurl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOUR_PATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.2.zip\r\n```\r\n- Navigate to the integrations page, find the above integration and test\r\nthat switching between agent-based/agentless the enabled inputs change\r\nas follows:\r\n\r\n<img width=\"1288\" alt=\"Screenshot 2025-01-15 at 15 30 28\"\r\nsrc=\"https://github.com/user-attachments/assets/6abd45d7-1bd8-465a-af29-4c34940b32e3\"\r\n/>\r\n<img width=\"1072\" alt=\"Screenshot 2025-01-15 at 15 31 18\"\r\nsrc=\"https://github.com/user-attachments/assets/6957562f-08a6-403a-8725-1a654e443537\"\r\n/>\r\n\r\n\r\n- Verify that the preview flyout has the correct inputs based on the\r\nselected deployment mode\r\n\r\n<img width=\"863\" alt=\"Screenshot 2025-01-15 at 15 32 19\"\r\nsrc=\"https://github.com/user-attachments/assets/ceca1f5d-249c-4ee1-9295-6f01ae21fdb4\"\r\n/>\r\n<img width=\"862\" alt=\"Screenshot 2025-01-15 at 15 33 33\"\r\nsrc=\"https://github.com/user-attachments/assets/f43562d7-633e-4f0a-bfc1-19e89aef7659\"\r\n/>\r\n\r\n\r\n- Verify that the api throws an error when attempting to enable any of\r\nthe disallowed types\r\n<img width=\"1774\" alt=\"Screenshot 2025-01-15 at 15 36 03\"\r\nsrc=\"https://github.com/user-attachments/assets/2b4d24a3-5adc-4ab2-bbad-83b44d348763\"\r\n/>\r\n\r\n\r\n\r\n### Checklist\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"59e81ee2be5b8b9082dfc9ac06898cbe6cc8e011"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206074","number":206074,"mergeCommit":{"message":"[Fleet] Disallow some egress-specific inputs for agentless integrations (#206074)\n\nCloses https://github.com/elastic/kibana/issues/202091\r\n\r\n## Summary\r\n\r\nDisallow some egress-specific inputs for agentless integrations. \r\n- In the policy editor, when Setup technology dropdown is set to\r\nAgentless, hide the rendering of configuration for inputs that have type\r\nmatching the blocklist and ensure that these inputs are set to `enabled:\r\nfalse`\r\n- `tcp, udp, winlog, http_endpoint, filestream` should be disabled when\r\n`supports_agentless: true`\r\n- At the API level, throw an error if attempting to enable a disallowed\r\ninput type\r\n\r\n\r\n### Testing\r\nSimulate agentless env with following setup in `kibana.dev.yml`:\r\n```\r\nxpack.cloud.id: 'anything-to-pass-cloud-validation-checks'\r\nxpack.fleet.agentless.enabled: true\r\nxpack.fleet.agentless.api.url: 'https://localhost:8443'\r\nxpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt'\r\nxpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key'\r\nxpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt'\r\n```\r\n-Apply [this\r\npatch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4)\r\nto prevent attempt to create agentless pod (the agentless policy\r\ncreation fails without the patch)\r\n- Install the following test integration, that has a bunch of different\r\ninputs to simulate this specific case and is enabled for agentless (it\r\nshows the setup technology as well)\r\n\r\n[agentless_package_links-0.0.2.zip](https://github.com/user-attachments/files/18425895/agentless_package_links-0.0.2.zip)\r\n\r\n```\r\ncurl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOUR_PATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.2.zip\r\n```\r\n- Navigate to the integrations page, find the above integration and test\r\nthat switching between agent-based/agentless the enabled inputs change\r\nas follows:\r\n\r\n<img width=\"1288\" alt=\"Screenshot 2025-01-15 at 15 30 28\"\r\nsrc=\"https://github.com/user-attachments/assets/6abd45d7-1bd8-465a-af29-4c34940b32e3\"\r\n/>\r\n<img width=\"1072\" alt=\"Screenshot 2025-01-15 at 15 31 18\"\r\nsrc=\"https://github.com/user-attachments/assets/6957562f-08a6-403a-8725-1a654e443537\"\r\n/>\r\n\r\n\r\n- Verify that the preview flyout has the correct inputs based on the\r\nselected deployment mode\r\n\r\n<img width=\"863\" alt=\"Screenshot 2025-01-15 at 15 32 19\"\r\nsrc=\"https://github.com/user-attachments/assets/ceca1f5d-249c-4ee1-9295-6f01ae21fdb4\"\r\n/>\r\n<img width=\"862\" alt=\"Screenshot 2025-01-15 at 15 33 33\"\r\nsrc=\"https://github.com/user-attachments/assets/f43562d7-633e-4f0a-bfc1-19e89aef7659\"\r\n/>\r\n\r\n\r\n- Verify that the api throws an error when attempting to enable any of\r\nthe disallowed types\r\n<img width=\"1774\" alt=\"Screenshot 2025-01-15 at 15 36 03\"\r\nsrc=\"https://github.com/user-attachments/assets/2b4d24a3-5adc-4ab2-bbad-83b44d348763\"\r\n/>\r\n\r\n\r\n\r\n### Checklist\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"59e81ee2be5b8b9082dfc9ac06898cbe6cc8e011"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
viduni94
pushed a commit
to viduni94/kibana
that referenced
this pull request
Jan 23, 2025
…ns (elastic#206074) Closes elastic#202091 ## Summary Disallow some egress-specific inputs for agentless integrations. - In the policy editor, when Setup technology dropdown is set to Agentless, hide the rendering of configuration for inputs that have type matching the blocklist and ensure that these inputs are set to `enabled: false` - `tcp, udp, winlog, http_endpoint, filestream` should be disabled when `supports_agentless: true` - At the API level, throw an error if attempting to enable a disallowed input type ### Testing Simulate agentless env with following setup in `kibana.dev.yml`: ``` xpack.cloud.id: 'anything-to-pass-cloud-validation-checks' xpack.fleet.agentless.enabled: true xpack.fleet.agentless.api.url: 'https://localhost:8443' xpack.fleet.agentless.api.tls.certificate: './config/certs/ess-client.crt' xpack.fleet.agentless.api.tls.key: './config/certs/ess-client.key' xpack.fleet.agentless.api.tls.ca: './config/certs/ca.crt' ``` -Apply [this patch](https://gist.github.com/jen-huang/dfc3e02ceb63976ad54bd1f50c524cb4) to prevent attempt to create agentless pod (the agentless policy creation fails without the patch) - Install the following test integration, that has a bunch of different inputs to simulate this specific case and is enabled for agentless (it shows the setup technology as well) [agentless_package_links-0.0.2.zip](https://github.com/user-attachments/files/18425895/agentless_package_links-0.0.2.zip) ``` curl -XPOST -H 'content-type: application/zip' -H 'kbn-xsrf: true' http://localhost:5601/YOUR_PATH/api/fleet/epm/packages -u elastic:changeme --data-binary @agentless_package_links-0.0.2.zip ``` - Navigate to the integrations page, find the above integration and test that switching between agent-based/agentless the enabled inputs change as follows: <img width="1288" alt="Screenshot 2025-01-15 at 15 30 28" src="https://github.com/user-attachments/assets/6abd45d7-1bd8-465a-af29-4c34940b32e3" /> <img width="1072" alt="Screenshot 2025-01-15 at 15 31 18" src="https://github.com/user-attachments/assets/6957562f-08a6-403a-8725-1a654e443537" /> - Verify that the preview flyout has the correct inputs based on the selected deployment mode <img width="863" alt="Screenshot 2025-01-15 at 15 32 19" src="https://github.com/user-attachments/assets/ceca1f5d-249c-4ee1-9295-6f01ae21fdb4" /> <img width="862" alt="Screenshot 2025-01-15 at 15 33 33" src="https://github.com/user-attachments/assets/f43562d7-633e-4f0a-bfc1-19e89aef7659" /> - Verify that the api throws an error when attempting to enable any of the disallowed types <img width="1774" alt="Screenshot 2025-01-15 at 15 36 03" src="https://github.com/user-attachments/assets/2b4d24a3-5adc-4ab2-bbad-83b44d348763" /> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
|
Hi Team, Self-Managed: Cloud: Agents.-.Fleet.-.Elastic.-.Google.Chrome.2025-01-27.17-45-06.mp4Steps:
Please let us know if we are missing anything here. cc: @criamico Thanks!! |
2 tasks
criamico
added a commit
that referenced
this pull request
Jan 29, 2025
## Summary Fixes a bug introduced with #206074 When a user selected a single account and switched the deployment method to `agentless`, it reverted to the organization selection. This PR removes[ the code](https://github.com/elastic/kibana/pull/206074/files#diff-a169e222e1116859e05821170ab592903c2943613dfe0035c32a4b9d42e5634fR330) that was causing the bug. https://github.com/user-attachments/assets/9007c35b-8454-4f7f-8811-bd39ba7ac99e⚠️ **Important**⚠️ One side effect of this change is that when we switch back from agentless to agent-based, the inputs that were previously hidden and disabled are now visible but they are disabled. This is not ideal but offers the user the option to re enable them, but at least doesn't try to forcefully switch them to initial state, that was the cause of the current bug. https://github.com/user-attachments/assets/520e361b-2789-4081-bb91-c75db88d5431 ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 29, 2025
## Summary Fixes a bug introduced with elastic#206074 When a user selected a single account and switched the deployment method to `agentless`, it reverted to the organization selection. This PR removes[ the code](https://github.com/elastic/kibana/pull/206074/files#diff-a169e222e1116859e05821170ab592903c2943613dfe0035c32a4b9d42e5634fR330) that was causing the bug. https://github.com/user-attachments/assets/9007c35b-8454-4f7f-8811-bd39ba7ac99e⚠️ **Important**⚠️ One side effect of this change is that when we switch back from agentless to agent-based, the inputs that were previously hidden and disabled are now visible but they are disabled. This is not ideal but offers the user the option to re enable them, but at least doesn't try to forcefully switch them to initial state, that was the cause of the current bug. https://github.com/user-attachments/assets/520e361b-2789-4081-bb91-c75db88d5431 ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> (cherry picked from commit e758f32)
kibanamachine
added a commit
that referenced
this pull request
Jan 29, 2025
# Backport This will backport the following commits from `main` to `8.x`: - [[Fleet] Fix uncorrect override of cspm inputs (#208562)](#208562) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Cristina Amico","email":"criamico@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-01-29T15:02:48Z","message":"[Fleet] Fix uncorrect override of cspm inputs (#208562)\n\n## Summary\r\nFixes a bug introduced with\r\nhttps://github.com//pull/206074\r\n\r\nWhen a user selected a single account and switched the deployment method\r\nto `agentless`, it reverted to the organization selection. This PR\r\nremoves[ the\r\ncode](https://github.com/elastic/kibana/pull/206074/files#diff-a169e222e1116859e05821170ab592903c2943613dfe0035c32a4b9d42e5634fR330)\r\nthat was causing the bug.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/9007c35b-8454-4f7f-8811-bd39ba7ac99e\r\n\r\n\r\n⚠️ **Important**⚠️ \r\nOne side effect of this change is that when we switch back from\r\nagentless to agent-based, the inputs that were previously hidden and\r\ndisabled are now visible but they are disabled. This is not ideal but\r\noffers the user the option to re enable them, but at least doesn't try\r\nto forcefully switch them to initial state, that was the cause of the\r\ncurrent bug.\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/520e361b-2789-4081-bb91-c75db88d5431\r\n\r\n\r\n### Checklist\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"e758f32cec09c7e16208d7a89947c9489462e237","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","backport:prev-minor","v8.18.0"],"title":"[Fleet] Fix uncorrect override of cspm inputs","number":208562,"url":"https://github.com/elastic/kibana/pull/208562","mergeCommit":{"message":"[Fleet] Fix uncorrect override of cspm inputs (#208562)\n\n## Summary\r\nFixes a bug introduced with\r\nhttps://github.com//pull/206074\r\n\r\nWhen a user selected a single account and switched the deployment method\r\nto `agentless`, it reverted to the organization selection. This PR\r\nremoves[ the\r\ncode](https://github.com/elastic/kibana/pull/206074/files#diff-a169e222e1116859e05821170ab592903c2943613dfe0035c32a4b9d42e5634fR330)\r\nthat was causing the bug.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/9007c35b-8454-4f7f-8811-bd39ba7ac99e\r\n\r\n\r\n⚠️ **Important**⚠️ \r\nOne side effect of this change is that when we switch back from\r\nagentless to agent-based, the inputs that were previously hidden and\r\ndisabled are now visible but they are disabled. This is not ideal but\r\noffers the user the option to re enable them, but at least doesn't try\r\nto forcefully switch them to initial state, that was the cause of the\r\ncurrent bug.\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/520e361b-2789-4081-bb91-c75db88d5431\r\n\r\n\r\n### Checklist\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"e758f32cec09c7e16208d7a89947c9489462e237"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/208562","number":208562,"mergeCommit":{"message":"[Fleet] Fix uncorrect override of cspm inputs (#208562)\n\n## Summary\r\nFixes a bug introduced with\r\nhttps://github.com//pull/206074\r\n\r\nWhen a user selected a single account and switched the deployment method\r\nto `agentless`, it reverted to the organization selection. This PR\r\nremoves[ the\r\ncode](https://github.com/elastic/kibana/pull/206074/files#diff-a169e222e1116859e05821170ab592903c2943613dfe0035c32a4b9d42e5634fR330)\r\nthat was causing the bug.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/9007c35b-8454-4f7f-8811-bd39ba7ac99e\r\n\r\n\r\n⚠️ **Important**⚠️ \r\nOne side effect of this change is that when we switch back from\r\nagentless to agent-based, the inputs that were previously hidden and\r\ndisabled are now visible but they are disabled. This is not ideal but\r\noffers the user the option to re enable them, but at least doesn't try\r\nto forcefully switch them to initial state, that was the cause of the\r\ncurrent bug.\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/520e361b-2789-4081-bb91-c75db88d5431\r\n\r\n\r\n### Checklist\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"e758f32cec09c7e16208d7a89947c9489462e237"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Cristina Amico <criamico@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #202091
Summary
Disallow some egress-specific inputs for agentless integrations.
enabled: falsetcp, udp, winlog, http_endpoint, filestreamshould be disabled whensupports_agentless: trueTesting
Simulate agentless env with following setup in
kibana.dev.yml:-Apply this patch to prevent attempt to create agentless pod (the agentless policy creation fails without the patch)
agentless_package_links-0.0.2.zip
Checklist
release_note:*label is applied per the guidelines