[UII] Restrict agentless integrations to deployments with agentless enabled #194885
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…gentless deployment mode is not available
jen-huang
added
release_note:skip
|
Pinging @elastic/fleet (Team:Fleet) |
This comment was marked as outdated.
This comment was marked as outdated.
juliaElastic
reviewed
Oct 7, 2024
.../public/applications/integrations/sections/epm/screens/home/hooks/use_available_packages.tsx
Outdated
Show resolved
Hide resolved
maxcold
approved these changes
Oct 15, 2024
| (policyTemplate) => policyTemplate?.deployment_modes?.agentless.enabled === true | ||
| ) | ||
| ) { | ||
| if (isAgentlessEnabled && isAgentlessIntegrationFn(packageInfo)) { |
There was a problem hiding this comment.
nit: the fact that the rename was needed shows that probably isAgentlessIntegration in this file does too much. I wonder if it should check isAgentlessEnabled inside. I'd rather move this check to the consumers but I think it's out of the scope of this PR. cc @seanrathier @opauloh
There was a problem hiding this comment.
I agree with @max that isAgentlessIntegration in this hook does not do much, however, I am trying to find another place where the helper function is imported (other than tests) and cannot find one. I think it would be better to keep it on the hook.
💔 Build Failed
Failed CI StepsMetrics [docs]Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
cc @jen-huang |
seanrathier
reviewed
Oct 15, 2024
| (policyTemplate) => policyTemplate?.deployment_modes?.agentless.enabled === true | ||
| ) | ||
| ) { | ||
| if (isAgentlessEnabled && isAgentlessIntegrationFn(packageInfo)) { |
There was a problem hiding this comment.
I agree with @max that isAgentlessIntegration in this hook does not do much, however, I am trying to find another place where the helper function is imported (other than tests) and cannot find one. I think it would be better to keep it on the hook.
| @@ -5,6 +5,47 @@ | |||
| * 2.0. | |||
| */ | |||
|
|
|||
| import type { PackageInfo, RegistryPolicyTemplate } from '../types'; | |||
|
|
|||
| export const isAgentlessIntegration = ( | |||
There was a problem hiding this comment.
It recently came up that we don't have a way to specify which policy template to check. For example, the CSPM integration has multiple policy templates (KSPM, CSPM, CNVM) however only CSPM supports agentless.
Would it be possible to have an optional parameter that we can pass cspm and check individual policy templates?
There was a problem hiding this comment.
This comment is not for you to fix now but rather something we should discuss. This hook is starting to get complicated. I see the hook being used in many places and we are prop drilling the results from this to components and child components.
We should consider using a React.Context for Agentless and the components and custom extensions can pull this information from the Context.
|
Starting backport for target branches: 8.x |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 16, 2024
…nabled (elastic#194885) ## Summary Resolves elastic#192486. This PR makes it so that on deployments without agentless enabled: 1. Agentless-only integrations are hidden from the browse integration UI 2. Agentless-only integrations cannot be installed via API (unless force flag is used)⚠️ elastic/package-registry#1238 needs to be completed for the below testing steps to work. Currently EPR does not return `deployment_modes` property which is necessary for Fleet to know which packages are agentless. ## How to test 1. Simulate agentless being available by adding the following to kibana.yml: ``` xpack.fleet.agentless.enabled: true # Simulate cloud xpack.cloud.id: "foo" xpack.cloud.base_url: "https://cloud.elastic.co" xpack.cloud.organization_url: "/account/" xpack.cloud.billing_url: "/billing/" xpack.cloud.profile_url: "/user/settings/" ``` 2. Go to `Integrations > Browse` and enable showing Beta integrations, search for `connector` and you should see the agentless integrations: Elastic Connectors, GitHub & GitHub Enterprise Server Connector, Google Drive Connector 3. Install any one of them (they all come from the same package), it should be successful 4. Uninstall them 5. Remove config changes to go back to a non-agentless deployment 6. Refresh Integrations list, the three integrations should no longer appear 7. Try installing via API, an error should appear ``` POST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2 ``` 8. Try installing via API again with force flag, it should be successful: ``` POST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2 { "force": true } ``` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 8cadf88)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 16, 2024
…less enabled (#194885) (#196459) # Backport This will backport the following commits from `main` to `8.x`: - [[UII] Restrict agentless integrations to deployments with agentless enabled (#194885)](#194885) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jen Huang","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-15T23:57:32Z","message":"[UII] Restrict agentless integrations to deployments with agentless enabled (#194885)\n\n## Summary\r\n\r\nResolves #192486. This PR makes it so that on deployments without\r\nagentless enabled:\r\n1. Agentless-only integrations are hidden from the browse integration UI\r\n2. Agentless-only integrations cannot be installed via API (unless force\r\nflag is used)\r\n\r\n⚠️ elastic/package-registry#1238 needs to be\r\ncompleted for the below testing steps to work. Currently EPR does not\r\nreturn `deployment_modes` property which is necessary for Fleet to know\r\nwhich packages are agentless.\r\n\r\n## How to test\r\n\r\n1. Simulate agentless being available by adding the following to\r\nkibana.yml:\r\n```\r\nxpack.fleet.agentless.enabled: true\r\n\r\n# Simulate cloud\r\nxpack.cloud.id: \"foo\"\r\nxpack.cloud.base_url: \"https://cloud.elastic.co\"\r\nxpack.cloud.organization_url: \"/account/\"\r\nxpack.cloud.billing_url: \"/billing/\"\r\nxpack.cloud.profile_url: \"/user/settings/\"\r\n```\r\n2. Go to `Integrations > Browse` and enable showing Beta integrations,\r\nsearch for `connector` and you should see the agentless integrations:\r\nElastic Connectors, GitHub & GitHub Enterprise Server Connector, Google\r\nDrive Connector\r\n3. Install any one of them (they all come from the same package), it\r\nshould be successful\r\n4. Uninstall them\r\n5. Remove config changes to go back to a non-agentless deployment\r\n6. Refresh Integrations list, the three integrations should no longer\r\nappear\r\n7. Try installing via API, an error should appear\r\n```\r\nPOST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2\r\n```\r\n8. Try installing via API again with force flag, it should be\r\nsuccessful:\r\n```\r\nPOST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2\r\n{\r\n \"force\": true\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"8cadf88c66a257c073279fa11572b089c32eb643","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","backport:prev-minor"],"title":"[UII] Restrict agentless integrations to deployments with agentless enabled","number":194885,"url":"https://github.com/elastic/kibana/pull/194885","mergeCommit":{"message":"[UII] Restrict agentless integrations to deployments with agentless enabled (#194885)\n\n## Summary\r\n\r\nResolves #192486. This PR makes it so that on deployments without\r\nagentless enabled:\r\n1. Agentless-only integrations are hidden from the browse integration UI\r\n2. Agentless-only integrations cannot be installed via API (unless force\r\nflag is used)\r\n\r\n⚠️ elastic/package-registry#1238 needs to be\r\ncompleted for the below testing steps to work. Currently EPR does not\r\nreturn `deployment_modes` property which is necessary for Fleet to know\r\nwhich packages are agentless.\r\n\r\n## How to test\r\n\r\n1. Simulate agentless being available by adding the following to\r\nkibana.yml:\r\n```\r\nxpack.fleet.agentless.enabled: true\r\n\r\n# Simulate cloud\r\nxpack.cloud.id: \"foo\"\r\nxpack.cloud.base_url: \"https://cloud.elastic.co\"\r\nxpack.cloud.organization_url: \"/account/\"\r\nxpack.cloud.billing_url: \"/billing/\"\r\nxpack.cloud.profile_url: \"/user/settings/\"\r\n```\r\n2. Go to `Integrations > Browse` and enable showing Beta integrations,\r\nsearch for `connector` and you should see the agentless integrations:\r\nElastic Connectors, GitHub & GitHub Enterprise Server Connector, Google\r\nDrive Connector\r\n3. Install any one of them (they all come from the same package), it\r\nshould be successful\r\n4. Uninstall them\r\n5. Remove config changes to go back to a non-agentless deployment\r\n6. Refresh Integrations list, the three integrations should no longer\r\nappear\r\n7. Try installing via API, an error should appear\r\n```\r\nPOST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2\r\n```\r\n8. Try installing via API again with force flag, it should be\r\nsuccessful:\r\n```\r\nPOST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2\r\n{\r\n \"force\": true\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"8cadf88c66a257c073279fa11572b089c32eb643"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194885","number":194885,"mergeCommit":{"message":"[UII] Restrict agentless integrations to deployments with agentless enabled (#194885)\n\n## Summary\r\n\r\nResolves #192486. This PR makes it so that on deployments without\r\nagentless enabled:\r\n1. Agentless-only integrations are hidden from the browse integration UI\r\n2. Agentless-only integrations cannot be installed via API (unless force\r\nflag is used)\r\n\r\n⚠️ elastic/package-registry#1238 needs to be\r\ncompleted for the below testing steps to work. Currently EPR does not\r\nreturn `deployment_modes` property which is necessary for Fleet to know\r\nwhich packages are agentless.\r\n\r\n## How to test\r\n\r\n1. Simulate agentless being available by adding the following to\r\nkibana.yml:\r\n```\r\nxpack.fleet.agentless.enabled: true\r\n\r\n# Simulate cloud\r\nxpack.cloud.id: \"foo\"\r\nxpack.cloud.base_url: \"https://cloud.elastic.co\"\r\nxpack.cloud.organization_url: \"/account/\"\r\nxpack.cloud.billing_url: \"/billing/\"\r\nxpack.cloud.profile_url: \"/user/settings/\"\r\n```\r\n2. Go to `Integrations > Browse` and enable showing Beta integrations,\r\nsearch for `connector` and you should see the agentless integrations:\r\nElastic Connectors, GitHub & GitHub Enterprise Server Connector, Google\r\nDrive Connector\r\n3. Install any one of them (they all come from the same package), it\r\nshould be successful\r\n4. Uninstall them\r\n5. Remove config changes to go back to a non-agentless deployment\r\n6. Refresh Integrations list, the three integrations should no longer\r\nappear\r\n7. Try installing via API, an error should appear\r\n```\r\nPOST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2\r\n```\r\n8. Try installing via API again with force flag, it should be\r\nsuccessful:\r\n```\r\nPOST kbn:/api/fleet/epm/packages/elastic_connectors/0.0.2\r\n{\r\n \"force\": true\r\n}\r\n```\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"8cadf88c66a257c073279fa11572b089c32eb643"}}]}] BACKPORT--> Co-authored-by: Jen Huang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Resolves #192486. This PR makes it so that on deployments without agentless enabled:
deployment_modesproperty which is necessary for Fleet to know which packages are agentless.How to test
Integrations > Browseand enable showing Beta integrations, search forconnectorand you should see the agentless integrations: Elastic Connectors, GitHub & GitHub Enterprise Server Connector, Google Drive ConnectorChecklist