[Cloud Security] [Agentless] Add the creation of an agentless agent via Agentless API in the GHA Create Environment (new) #2493
Conversation
seanrathier
force-pushed
the
10463-create-agentless-agent
branch
2 times, most recently
from
cad275c to
3febb2e
Compare
| logger.info(f"Starting installation of agentless-agent {INTEGRATION_NAME} integration.") | ||
| agent_data, package_data = load_data( | ||
| cfg=cnfg.elk_config, | ||
| agent_input=AGENTLESS_INPUT, | ||
| package_input=integration_data, | ||
| stream_name="cloud_security_posture.findings", | ||
| ) | ||
| package_policy["force"] = True | ||
|
|
||
| logger.info(f"Creating {package_policy}") | ||
| logger.info("Create agentless-agent policy") | ||
| agent_policy_id = create_agent_policy(cfg=cnfg.elk_config, json_policy=agent_data) |
There was a problem hiding this comment.
Since creating an agentless-agent policy is a new feature, we need to handle both cases: when an agentless policy already exists and when it needs to be installed (as is the case for you now).
There are a couple of options for this:
- We could rely on an environment variable to determine if the agentless-agent policy should be installed.
- Alternatively, we could retrieve all installed agent policies from the Fleet and check if any are already agentless.
There was a problem hiding this comment.
I believe I understand what you are saying, if I am not then please correct me.
By the time this PR gets merged, Serverless production we should not be using the older preconfigured Agentless policy solution so I don't think we need check for either solution.
When ESS production has the new Agentless API configuration we should only need to set TEST_AGENTLESS to true
seanrathier
requested review from
kubasobon,
orestisfl,
amirbenun and
a team
and removed request for
kubasobon,
orestisfl and
amirbenun
| @@ -135,15 +135,15 @@ jobs: | |||
| TF_VAR_ess_region: ${{ inputs.ess-region }} | |||
| DEPLOYMENT_NAME: ${{ inputs.deployment_name }} | |||
| TF_VAR_serverless_mode: ${{ inputs.serverless_mode }} | |||
| TEST_AGENTLESS: ${{ inputs.serverless_mode }} | |||
There was a problem hiding this comment.
I could be missing something, but this seems to be committed by mistake. We should keep it conditional based on the workflow input value.
There was a problem hiding this comment.
We want to deploy agentless for both ESS and Serverless now. I left the environment variable there in case we disable it a briefly (bugs, changes, etc).
seanrathier
force-pushed
the
10463-create-agentless-agent
branch
from
de0969c to
993a139
Compare
|
This pull request is now in conflicts. Could you fix it? 🙏 |
…f an agentless agent via Agentless API in the GHA Create Environment (new) (#2827) [Cloud Security] [Agentless] Add the creation of an agentless agent via Agentless API in the GHA Create Environment (new) (#2493) (cherry picked from commit cd0feeb) Co-authored-by: seanrathier <[email protected]>
Summary of your changes
This change refactors the CreateEnvironment workflow to create an
agentless-agentusing the Agentless-API.This should only be merged when production Serverless projects in the test region have the Agentless-API configuration in Kibana.
We enable this for ESS by simply setting the TEST_AGENTLESS to true.
Testing
To test this run the CreateEnvironment workflow with the following parameters
Run UI sanity tests after provisioncheckbox(First time doing Python, be gentle 😄 )
Related Issues
Checklist