From cad38d6db31838ac7c60fac79f288dadc88aae1b Mon Sep 17 00:00:00 2001 From: Jen Huang Date: Thu, 24 Apr 2025 16:20:58 -0700 Subject: [PATCH] [UII] Make output and fleet server non-editable for agentless policies (#218905) ## Summary Resolves https://github.com/elastic/security-team/issues/10971. This PR makes it so that on Cloud, agentless policies cannot move off of the default managed Fleet Server host and ES output. This is done by: - Explicitly writing `fleet_server_host_id` and `data_output_id` fields to the agentless policy that is created when adding an agentless integration - On ECH, these are `fleet-default-fleet-server-host` and `fleet-default-output` respectively - On Serverless, these are `default-fleet-server` and `es-default-output` - During Fleet setup, agentless policies without these fields set up correctly will be backfilled to the correct values ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --- .../agent_policy_advanced_fields/index.tsx | 2 +- .../components/steps/components/hooks.tsx | 4 +- .../package_policy_input_panel.test.tsx | 4 + .../hooks/setup_technology.test.ts | 28 +++- .../hooks/setup_technology.ts | 51 ++++++- .../hooks/use_request/fleet_server_hosts.ts | 8 + .../fleet/public/hooks/use_request/outputs.ts | 8 + .../services/agentless_settings_ids.test.ts | 77 ++++++++++ .../server/services/agentless_settings_ids.ts | 140 ++++++++++++++++++ .../shared/fleet/server/services/setup.ts | 10 ++ ...config.cloud_security_posture.agentless.ts | 4 +- 11 files changed, 325 insertions(+), 11 deletions(-) create mode 100644 x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.test.ts create mode 100644 x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.ts diff --git a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_advanced_fields/index.tsx b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_advanced_fields/index.tsx index 09fdceb80232..a75f0685e871 100644 --- a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_advanced_fields/index.tsx +++ b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/components/agent_policy_advanced_fields/index.tsx @@ -657,7 +657,7 @@ export const AgentPolicyAdvancedOptionsContent: React.FunctionComponent = isDisabled={disabled} > { diff --git a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/package_policy_input_panel.test.tsx b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/package_policy_input_panel.test.tsx index f6a66933b16e..a1804a6ad7e6 100644 --- a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/package_policy_input_panel.test.tsx +++ b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/package_policy_input_panel.test.tsx @@ -363,6 +363,8 @@ describe('PackagePolicyInputPanel', () => { isAgentlessDefault: false, isAgentlessAgentPolicy: jest.fn(), isAgentlessIntegration: jest.fn(), + isServerless: false, + isCloud: true, }); }); @@ -396,6 +398,8 @@ describe('PackagePolicyInputPanel', () => { isAgentlessDefault: false, isAgentlessAgentPolicy: jest.fn(), isAgentlessIntegration: jest.fn(), + isServerless: false, + isCloud: false, }); }); diff --git a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts index cbe351173417..ab0da2f77d81 100644 --- a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts +++ b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.test.ts @@ -21,6 +21,8 @@ jest.mock('../../../../../services'); jest.mock('../../../../../hooks', () => ({ ...jest.requireActual('../../../../../hooks'), sendGetOneAgentPolicy: jest.fn(), + sendGetOneFleetServerHost: jest.fn().mockResolvedValue({}), + sendGetOneOutput: jest.fn().mockResolvedValue({}), useStartServices: jest.fn(), useConfig: jest.fn(), })); @@ -295,10 +297,13 @@ describe('useSetupTechnology', () => { }, }); - (generateNewAgentPolicyWithDefaults as MockFn).mockReturnValue({ - name: 'Agentless policy for endpoint-1', - supports_agentless: true, - inactivity_timeout: 3600, + (generateNewAgentPolicyWithDefaults as MockFn).mockImplementation((overrides: any) => { + return { + name: 'Agentless policy for endpoint-1', + supports_agentless: true, + inactivity_timeout: 3600, + ...overrides, + }; }); jest.clearAllMocks(); }); @@ -728,7 +733,9 @@ describe('useSetupTechnology', () => { expect(setNewAgentPolicy).toHaveBeenCalledWith({ name: 'Agentless policy for endpoint-1', supports_agentless: true, + global_data_tags: undefined, inactivity_timeout: 3600, + monitoring_enabled: ['logs', 'metrics'], }); }); }); @@ -768,9 +775,11 @@ describe('useSetupTechnology', () => { expect(generateNewAgentPolicyWithDefaults).toHaveBeenCalled(); expect(updatePackagePolicyMock).toHaveBeenCalledWith({ supports_agentless: true }); expect(setNewAgentPolicy).toHaveBeenCalledWith({ - inactivity_timeout: 3600, name: 'Agentless policy for endpoint-1', supports_agentless: true, + global_data_tags: undefined, + inactivity_timeout: 3600, + monitoring_enabled: ['logs', 'metrics'], }); rerender({ @@ -788,7 +797,9 @@ describe('useSetupTechnology', () => { expect(result.current.selectedSetupTechnology).toBe(SetupTechnology.AGENTLESS); expect(setNewAgentPolicy).toHaveBeenCalledWith({ name: 'Agentless policy for endpoint-2', + global_data_tags: undefined, inactivity_timeout: 3600, + monitoring_enabled: ['logs', 'metrics'], supports_agentless: true, }); }); @@ -934,6 +945,7 @@ describe('useSetupTechnology', () => { name: 'Agentless policy for endpoint-1', supports_agentless: true, inactivity_timeout: 3600, + monitoring_enabled: ['logs', 'metrics'], global_data_tags: [ { name: 'organization', value: 'org' }, { name: 'division', value: 'div' }, @@ -1192,7 +1204,9 @@ describe('useSetupTechnology', () => { expect(setNewAgentPolicy).toHaveBeenCalledWith({ name: 'Agentless policy for endpoint-1', supports_agentless: true, + global_data_tags: undefined, inactivity_timeout: 3600, + monitoring_enabled: ['logs', 'metrics'], }); expect(setNewAgentPolicy).not.toHaveBeenCalledWith({ global_data_tags: [ @@ -1266,7 +1280,9 @@ describe('useSetupTechnology', () => { expect(setNewAgentPolicy).toHaveBeenCalledWith({ name: 'Agentless policy for endpoint-1', supports_agentless: true, + global_data_tags: undefined, inactivity_timeout: 3600, + monitoring_enabled: ['logs', 'metrics'], }); expect(setNewAgentPolicy).not.toHaveBeenCalledWith({ global_data_tags: [ @@ -1311,7 +1327,9 @@ describe('useSetupTechnology', () => { expect(setNewAgentPolicy).toHaveBeenCalledWith({ name: 'Agentless policy for endpoint-1', supports_agentless: true, + global_data_tags: undefined, inactivity_timeout: 3600, + monitoring_enabled: ['logs', 'metrics'], }); expect(setNewAgentPolicy).not.toHaveBeenCalledWith({ global_data_tags: [ diff --git a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts index 3736475b7441..a7adf4df6890 100644 --- a/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts +++ b/x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.ts @@ -7,7 +7,7 @@ import { useCallback, useRef, useState, useEffect, useMemo } from 'react'; -import { useConfig } from '../../../../../hooks'; +import { useConfig, sendGetOneFleetServerHost, sendGetOneOutput } from '../../../../../hooks'; import { generateNewAgentPolicyWithDefaults } from '../../../../../../../../common/services/generate_new_agent_policy'; import type { AgentPolicy, @@ -24,6 +24,10 @@ import { AGENTLESS_GLOBAL_TAG_NAME_TEAM, AGENTLESS_AGENT_POLICY_INACTIVITY_TIMEOUT, AGENTLESS_AGENT_POLICY_MONITORING, + SERVERLESS_DEFAULT_OUTPUT_ID, + DEFAULT_OUTPUT_ID, + SERVERLESS_DEFAULT_FLEET_SERVER_HOST_ID, + DEFAULT_FLEET_SERVER_HOST_ID, } from '../../../../../../../../common/constants'; import { isAgentlessIntegration as isAgentlessIntegrationFn, @@ -58,6 +62,8 @@ export const useAgentless = () => { isAgentlessDefault, isAgentlessAgentPolicy, isAgentlessIntegration, + isServerless, + isCloud, }; }; @@ -82,7 +88,7 @@ export function useSetupTechnology({ agentPolicies?: AgentPolicy[]; integrationToEnable?: string; }) { - const { isAgentlessEnabled, isAgentlessDefault } = useAgentless(); + const { isAgentlessEnabled, isAgentlessDefault, isServerless, isCloud } = useAgentless(); // this is a placeholder for the new agent-BASED policy that will be used when the user switches from agentless to agent-based and back const orginalAgentPolicyRef = useRef({ ...newAgentPolicy }); @@ -112,6 +118,43 @@ export function useSetupTechnology({ }, [isAgentlessEnabled, isAgentlessDefault, packageInfo, integrationToEnable]); const agentlessPolicyName = getAgentlessAgentPolicyNameFromPackagePolicyName(packagePolicy.name); + const [agentlessPolicyOutputId, setAgentlessPolicyOutputId] = useState(); + const [agentlessPolicyFleetServerHostId, setAgentlessPolicyFleetServerHostId] = useState< + string | undefined + >(); + + useEffect(() => { + const fetchOutputId = async () => { + const outputId = isServerless + ? SERVERLESS_DEFAULT_OUTPUT_ID + : isCloud + ? DEFAULT_OUTPUT_ID + : undefined; + if (outputId) { + const outputData = await sendGetOneOutput(outputId); + setAgentlessPolicyOutputId(outputData.data?.item ? outputId : undefined); + } else { + setAgentlessPolicyOutputId(undefined); + } + }; + const fetchFleetServerHostId = async () => { + const hostId = isServerless + ? SERVERLESS_DEFAULT_FLEET_SERVER_HOST_ID + : isCloud + ? DEFAULT_FLEET_SERVER_HOST_ID + : undefined; + + if (hostId) { + const hostData = await sendGetOneFleetServerHost(hostId); + setAgentlessPolicyFleetServerHostId(hostData.data?.item ? hostId : undefined); + } else { + setAgentlessPolicyFleetServerHostId(undefined); + } + }; + + fetchOutputId(); + fetchFleetServerHostId(); + }, [isCloud, isServerless]); const handleSetupTechnologyChange = useCallback( (setupTechnology: SetupTechnology) => { @@ -145,6 +188,10 @@ export function useSetupTechnology({ inactivity_timeout: AGENTLESS_AGENT_POLICY_INACTIVITY_TIMEOUT, supports_agentless: true, monitoring_enabled: AGENTLESS_AGENT_POLICY_MONITORING, + ...(agentlessPolicyOutputId ? { data_output_id: agentlessPolicyOutputId } : {}), + ...(agentlessPolicyFleetServerHostId + ? { fleet_server_host_id: agentlessPolicyFleetServerHostId } + : {}), }), name: agentlessPolicyName, global_data_tags: getGlobaDataTags(packageInfo), diff --git a/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/fleet_server_hosts.ts b/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/fleet_server_hosts.ts index db1968332d6b..336c9f353d68 100644 --- a/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/fleet_server_hosts.ts +++ b/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/fleet_server_hosts.ts @@ -26,6 +26,14 @@ export function useGetFleetServerHosts() { }); } +export function sendGetOneFleetServerHost(itemId: string) { + return sendRequest({ + method: 'get', + path: fleetServerHostsRoutesService.getInfoPath(itemId), + version: API_VERSIONS.public.v1, + }); +} + export function sendDeleteFleetServerHost(itemId: string) { return sendRequest({ method: 'delete', diff --git a/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/outputs.ts b/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/outputs.ts index 7eff494fb298..480c029ebefb 100644 --- a/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/outputs.ts +++ b/x-pack/platform/plugins/shared/fleet/public/hooks/use_request/outputs.ts @@ -39,6 +39,14 @@ export function useDefaultOutput() { return { output, refresh: outputsRequest.resendRequest }; } +export function sendGetOneOutput(outputId: string) { + return sendRequest({ + method: 'get', + path: outputRoutesService.getInfoPath(outputId), + version: API_VERSIONS.public.v1, + }); +} + export function sendPutOutput(outputId: string, body: PutOutputRequest['body']) { return sendRequest({ method: 'put', diff --git a/x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.test.ts b/x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.test.ts new file mode 100644 index 000000000000..cc9204d6f34a --- /dev/null +++ b/x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.test.ts @@ -0,0 +1,77 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ensureCorrectAgentlessSettingsIds } from './agentless_settings_ids'; +import { agentPolicyService } from './agent_policy'; + +jest.mock('.', () => ({ + appContextService: { + getLogger: () => ({ + debug: jest.fn(), + }), + getCloud: () => ({ + isCloudEnabled: true, + isServerlessEnabled: true, + }), + getInternalUserSOClientWithoutSpaceExtension: () => ({ + find: jest.fn().mockImplementation(() => { + return { + saved_objects: [{ id: 'agent_policy_1' }, { id: 'agent_policy_2' }], + }; + }), + }), + }, +})); + +jest.mock('./agent_policy', () => ({ + agentPolicyService: { + find: jest.fn(), + update: jest.fn(), + }, + getAgentPolicySavedObjectType: jest.fn().mockResolvedValue('ingest-agent-policies'), +})); + +jest.mock('./output', () => ({ + outputService: { + get: jest.fn().mockResolvedValue({ + id: 'es-default-output', + }), + }, +})); + +jest.mock('./fleet_server_host', () => ({ + fleetServerHostService: { + get: jest.fn().mockResolvedValue({ + id: 'default-fleet-server', + }), + }, +})); + +describe('correct agentless policy settings', () => { + it('should correct agentless policy settings', async () => { + await ensureCorrectAgentlessSettingsIds(undefined as any); + + expect(agentPolicyService.update).toHaveBeenCalledWith( + expect.anything(), + undefined, + 'agent_policy_1', + { + data_output_id: 'es-default-output', + fleet_server_host_id: 'default-fleet-server', + } + ); + expect(agentPolicyService.update).toHaveBeenCalledWith( + expect.anything(), + undefined, + 'agent_policy_2', + { + data_output_id: 'es-default-output', + fleet_server_host_id: 'default-fleet-server', + } + ); + }); +}); diff --git a/x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.ts b/x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.ts new file mode 100644 index 000000000000..0c8247a69570 --- /dev/null +++ b/x-pack/platform/plugins/shared/fleet/server/services/agentless_settings_ids.ts @@ -0,0 +1,140 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ElasticsearchClient } from '@kbn/core/server'; + +import pMap from 'p-map'; + +import { + MAX_CONCURRENT_AGENT_POLICIES_OPERATIONS, + SO_SEARCH_LIMIT, + DEFAULT_OUTPUT_ID, + SERVERLESS_DEFAULT_OUTPUT_ID, + DEFAULT_FLEET_SERVER_HOST_ID, + SERVERLESS_DEFAULT_FLEET_SERVER_HOST_ID, +} from '../constants'; + +import type { AgentPolicySOAttributes } from '../types'; + +import { getAgentPolicySavedObjectType, agentPolicyService } from './agent_policy'; +import { fleetServerHostService } from './fleet_server_host'; +import { outputService } from './output'; + +import { appContextService } from '.'; + +export async function ensureCorrectAgentlessSettingsIds(esClient: ElasticsearchClient) { + const cloudSetup = appContextService.getCloud(); + const isCloud = cloudSetup?.isCloudEnabled; + const isServerless = cloudSetup?.isServerlessEnabled; + const correctOutputId = isServerless + ? SERVERLESS_DEFAULT_OUTPUT_ID + : isCloud + ? DEFAULT_OUTPUT_ID + : undefined; + const correctFleetServerId = isServerless + ? SERVERLESS_DEFAULT_FLEET_SERVER_HOST_ID + : isCloud + ? DEFAULT_FLEET_SERVER_HOST_ID + : undefined; + let fixOutput = false; + let fixFleetServer = false; + + if (!correctOutputId && !correctFleetServerId) { + return; + } + + const agentPolicySavedObjectType = await getAgentPolicySavedObjectType(); + const internalSoClientWithoutSpaceExtension = + appContextService.getInternalUserSOClientWithoutSpaceExtension(); + + const agentlessOutputIdsToFix = correctOutputId + ? ( + await internalSoClientWithoutSpaceExtension.find({ + type: agentPolicySavedObjectType, + page: 1, + perPage: SO_SEARCH_LIMIT, + filter: `${agentPolicySavedObjectType}.attributes.supports_agentless:true AND NOT ${agentPolicySavedObjectType}.attributes.data_output_id:${correctOutputId}`, + fields: [`id`], + namespaces: ['*'], + }) + )?.saved_objects.map((so) => so.id) + : []; + + const agentlessFleetServerIdsToFix = correctFleetServerId + ? ( + await internalSoClientWithoutSpaceExtension.find({ + type: agentPolicySavedObjectType, + page: 1, + perPage: SO_SEARCH_LIMIT, + filter: `${agentPolicySavedObjectType}.attributes.supports_agentless:true AND NOT ${agentPolicySavedObjectType}.attributes.fleet_server_host_id:${correctFleetServerId}`, + fields: [`id`], + namespaces: ['*'], + }) + )?.saved_objects.map((so) => so.id) + : []; + + try { + // Check that the output ID exists + if (correctOutputId && agentlessOutputIdsToFix?.length > 0) { + const output = await outputService.get( + internalSoClientWithoutSpaceExtension, + correctOutputId + ); + fixOutput = output != null; + } + } catch (e) { + // Silently swallow + } + + try { + // Check that the fleet server host ID exists + if (correctFleetServerId && agentlessFleetServerIdsToFix?.length > 0) { + const fleetServerHost = await fleetServerHostService.get( + internalSoClientWithoutSpaceExtension, + correctFleetServerId + ); + fixFleetServer = fleetServerHost != null; + } + } catch (e) { + // Silently swallow + } + + const allIdsToFix = Array.from( + new Set([ + ...(fixOutput ? agentlessOutputIdsToFix : []), + ...(fixFleetServer ? agentlessFleetServerIdsToFix : []), + ]) + ); + + if (allIdsToFix.length === 0) { + return; + } + + appContextService + .getLogger() + .debug( + `Fixing output and/or fleet server host IDs on agent policies: ${agentlessOutputIdsToFix}` + ); + + await pMap( + allIdsToFix, + (agentPolicyId) => { + return agentPolicyService.update( + internalSoClientWithoutSpaceExtension, + esClient, + agentPolicyId, + { + data_output_id: correctOutputId, + fleet_server_host_id: correctFleetServerId, + } + ); + }, + { + concurrency: MAX_CONCURRENT_AGENT_POLICIES_OPERATIONS, + } + ); +} diff --git a/x-pack/platform/plugins/shared/fleet/server/services/setup.ts b/x-pack/platform/plugins/shared/fleet/server/services/setup.ts index e8475b123c3a..bc04ac4ad778 100644 --- a/x-pack/platform/plugins/shared/fleet/server/services/setup.ts +++ b/x-pack/platform/plugins/shared/fleet/server/services/setup.ts @@ -65,6 +65,7 @@ import { import { backfillPackagePolicySupportsAgentless } from './backfill_agentless'; import { updateDeprecatedComponentTemplates } from './setup/update_deprecated_component_templates'; import { createOrUpdateFleetSyncedIntegrationsIndex } from './setup/fleet_synced_integrations'; +import { ensureCorrectAgentlessSettingsIds } from './agentless_settings_ids'; export interface SetupStatus { isInitialized: boolean; @@ -311,6 +312,14 @@ async function createSetupSideEffects( logger.debug('Backfilling package policy supports_agentless field'); await backfillPackagePolicySupportsAgentless(esClient); + let ensureCorrectAgentlessSettingsIdsError; + try { + logger.debug('Fix agentless policy settings'); + await ensureCorrectAgentlessSettingsIds(esClient); + } catch (error) { + ensureCorrectAgentlessSettingsIdsError = { error }; + } + logger.debug('Update deprecated _source.mode in component templates'); await updateDeprecatedComponentTemplates(esClient); @@ -320,6 +329,7 @@ async function createSetupSideEffects( const nonFatalErrors = [ ...preconfiguredPackagesNonFatalErrors, ...(messageSigningServiceNonFatalError ? [messageSigningServiceNonFatalError] : []), + ...(ensureCorrectAgentlessSettingsIdsError ? [ensureCorrectAgentlessSettingsIdsError] : []), ]; if (nonFatalErrors.length > 0) { diff --git a/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts index 54925cbcd92b..6d389c8bb99e 100644 --- a/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts +++ b/x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts @@ -8,6 +8,7 @@ import { CA_CERT_PATH, KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; import { CLOUD_SECURITY_POSTURE_PACKAGE_VERSION } from './constants'; import { createTestConfig } from '../../config.base'; +import { kbnServerArgs as fleetKbnServerArgs } from '../../../api_integration/test_suites/common/fleet/default_setup'; // TODO: Remove the agentless default config once Serverless API is merged and default policy is deleted export default createTestConfig({ @@ -16,12 +17,11 @@ export default createTestConfig({ reportName: 'Serverless Security Cloud Security Agentless Onboarding Functional Tests', }, kbnServerArgs: [ - `--xpack.cloud.serverless.project_id=some_fake_project_id`, + ...fleetKbnServerArgs, // Needed for correct serverless default Fleet Server and ES output `--xpack.fleet.packages.0.name=cloud_security_posture`, `--xpack.fleet.packages.0.version=${CLOUD_SECURITY_POSTURE_PACKAGE_VERSION}`, `--xpack.fleet.agentless.enabled=true`, - `--xpack.fleet.agents.fleet_server.hosts=["https://ftr.kibana:8220"]`, `--xpack.fleet.internal.fleetServerStandalone=true`, // Agentless Configuration based on Serverless Default policy`,