[Fleet] handle multiple policies in edit package policy extension view

[juliaElastic]

Summary

Related to #75867

Handling multiple policies in package policy edit extension view, made changes in CSP.

@elastic/kibana-cloud-security-posture Hey, could you help me how can I create an agentless policy to test with?

Checklist

• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[obltmachine]

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

• /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[criamico]

@julia To run agentless I followed this guide https://docs.elastic.dev/security-solution/cloud-security/serverless/develop-for-kibana#agentless-local-set-up

The agentless policy can be preconfigured with

xpack.fleet.agentPolicies: [
  {
    "name": "Agentless CSPM",
    "id": "agentless",
    "is_managed": true,
    "supports_agentless": true,
    "namespace": "default",
    "fleet_server_host_id": "cloudbeat-fleet-internal-output",
    "data_output_id": "cloudbeat-es-internal-output",
    "monitoring_enabled": [],
    "package_policies": [],
  },
]

and feature flag is agentless, you need to install cspm integration and it will go directly to that policy.

[criamico]

Fleet code LGTM

[juliaElastic]

Thanks, I managed to test with agentless policy by creating the policy with preconfiguration and go to Add integration from the agentless policy.
The CSPM form shows the Agentless option.

On the Edit form, I'm able to share the integration with another policy, though I'm not sure if it makes sense to allow it. Do we expect a CSPM integration to be shared both by an agentless and agent based policy?

[juliaElastic]

I'm trying to debug the failing test locally, but it doesn't seem to start kibana.
Using this command:

yarn test:ftr:server --config x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts

   │ info es02 is running.
   │        Container Name: es02
   │        Container Id:   0cdbf4cc1b2f1775f17bb879302cfde4a7c760921704d69dd3050362b2db8cad
   │
   │        View logs:            docker logs -f es02
   │        Shell access:         docker exec -it es02 /bin/bash
   │
   │ info es03 is running.
   │        Container Name: es03
   │        Container Id:   243615fbc5e29b245b2deef6a2f815f03745afd5c660b3cfeef8c8e728ef67a7
   │
   │        View logs:            docker logs -f es03
   │        Shell access:         docker exec -it es03 /bin/bash

It logs something about not finding es01, is this test supposed to start es01 container too?

[maxcold]

@juliaElastic Thanks for taking care of agentless in CSPM! Couple of notes:

1. In serverless I noticed one regression - the Agentless option in CSPM is not selected by default anymore. I ran the current master locally and the Agentless option is the default one there, so it looks like the PR changes lead to it.
2. As for On the Edit form, I'm able to share the integration with another policy, though I'm not sure if it makes sense to allow it., as far as I'm aware we didn't plan to support sharing agentless integration policies with other agent policies, I'm not sure how that would work either. With Agentless API in ESS and later in serverless we plan to create Agentless Agent policy per Integration when the Agentless setup method is selected. But @seanrathier might be better equipped to answer this as he is working closely on the agentless in ESS
3. On the es01 issue you have - I had a similar when I had es01 hanging for some reason from the previous runs. After deleting the container manually, the local ES set up started to work again. Did you check the list of running or hanging containers?

[juliaElastic]

Thanks for the response, I think I found the cause of the failing tests.

I think it's probably best to hide the ability to change agent policies on the agentless CSPM integration policies.

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 174d84d

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cloudSecurityPosture	452.8KB	452.8KB	+45.0B
fleet	1.8MB	1.8MB	+9.0B
total			+54.0B

History

• 💔 Build #219036 failed dee3e20

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @juliaElastic

[maxcold]

one nit comment, otherwise lgtm! tested, works as expected, though I found what it seems like a bug, but it's not related to this PR as I can reproduce it on main branch as well. Checking if it's actually the same on the real serverless env

screencast-localhost_5601-2024.07.03-09_52_35.webm

[maxcold]

nit: the condition becomes a bit cluttered, wdyt about moving the parts to own vars and have smth like hasAgentPolicies && agentlessPolicyIsAbsent in the condition?

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 08a7fd4

Failed CI Steps

• FTR Configs #17

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cloudSecurityPosture	452.8KB	452.9KB	+62.0B
fleet	1.8MB	1.8MB	+9.0B
total			+71.0B

cc @juliaElastic