[Change Proposal] When the deployment_mode agentless is enabled we want the package to have additional fields populated.

[seanrathier]

Motivation

We would like to have additional fields required to be populated in an integration package when the deployment_mode agentless is enabled. These fields are for identifying the organization, division, and team responsible for the integration. This information will be used to tag the agentless agent deployed in MKI so that we know who to contact when support is needed and for the teams to monitor their agentless agents.

Some open questions

• Should these new fields be siblings of the deployment_mode.agentless?
• Can we require fields to be populated by the integration developer if parent or sibling fields are enabled?

For example....

format_version: 3.0.0
name: aws
title: AWS
version: 2.13.1
...
policy_templates:
  - name: billing
    title: AWS Billing
    description: Collect billing metrics with Elastic Agent
    deployment_modes: # <---
      default:
        enabled: false
      agentless:
        enabled: true
        organization: 'Security'
        division: 'Cloud Security'
        team:  'Cloud Security Posture Management'
    data_streams:
      - billing

Related Issues

• https://github.com/elastic/package-spec/issues/684
• https://github.com/elastic/security-team/issues/10448
• https://github.com/elastic/agentless-api/issues/254

[jsoriano]

This information will be used to tag the agentless agent deployed in MKI

What is the plan for these tags to reach MKI from the manifest? Will this be done by Fleet?

• Should these new fields be siblings of the deployment_mode.agentless?

This sounds like a reasonable option, yes.

• Can we require fields to be populated by the integration developer if parent or sibling fields are enabled?

We could add these fields as required, but only for new versions of the spec, to avoid breaking existing packages.

[eyalkraft]

What is the plan for these tags to reach MKI from the manifest? Will this be done by Fleet?

Agentless API & Controller will be doing this. Kibana will send those tags as part of the request to the Agentless API.

[jsoriano]

Ok, if Kibana/Fleet is the one reading the manifest the plan sounds good to me.

[seanrathier]

CC: @eyalkraft @oren-zohar @acorretti @orestisfl

[seanrathier]

Full disclosure this is my first time working in this area, I've started a PR here

• https://github.com/elastic/package-spec/pull/801