search

elastic / terraform-provider-elasticstack

Terraform provider for Elastic Stack
https://registry.terraform.io/providers/elastic/elasticstack/latest/docs
Apache License 2.0
170 stars 92 forks source link

[Feature] [terraform] Elastic Defend integration configuration #601

Open 3kt opened 7 months ago

3kt commented 7 months ago

Is your feature request related to a problem? Please describe. Using elasticstack_fleet_integration_policy works well for standard TCP / logs integration, as showcased in the documentation, but for the Elastic Defend integration no custom configuration can be applied because of its structure.

Describe the resource you would like to have implemented. We'd need some extension of the capabilities of the /api/fleet/package_policies/[integration ID] endpoint. We basically need an extension from the capabilities of https://github.com/elastic/terraform-provider-elasticstack/blob/main/internal/fleet/integration_policy_resource.go to support customization for Elastic Defend integration.

Describe the solution you'd like I'd like to be able to customize the Elastic Defend integration with the elasticstack_fleet_integration_policy resource, the same way the UI offers:

image

Describe alternatives you've considered There is currently no workaround with pure Terraform, as the API endpoint are simply not instrumented in the provider.

Additional context Looking at what Kibana does when saving the integration through the UI, the custom settings of the Defend Integration look like this:

{
  "version": "WzU0NTAsMV0=",
  "name": "Defend integration",
  "namespace": "default",
  "description": "A sample integration policy",
  "package": {
    "name": "endpoint",
    "title": "Elastic Defend",
    "version": "8.13.0"
  },
  "enabled": true,
  "policy_id": "85ea0949-8d7b-4da0-bf2c-bbff166bbb72",
  "vars": {},
  "inputs": [
    {
      "type": "endpoint",
      "enabled": true,
      "config": {
        "integration_config": {},
        "artifact_manifest": {[some stuff]},
        "policy": {[some other stuff]}
      },
      "streams": []
    }
  ]
}

We don't currently have support for artifact_manifest and policy, but only the streams bit which is unused by the Defend integration.

nimarezainia commented 5 months ago

@andrewkroh would you be able to help route this request. I believe your team developed the terraform provider. TIA

cc: @cmacknz

andrewkroh commented 5 months ago

Looking at the API^1 in Kibana, config is listed as an object so it would make sense for the elasticstack_fleet_integration_policy^2 resource to support config_json as a parameter for the input blocks.

The API doesn't have a description for config and apart from this one use-case for Endpoint, I have never seen it. So we need someone from Fleet to describe it for the Terraform documentation.

Adding it to the code here is probably not a big task.

ryanturner-cd commented 3 weeks ago

Any plans to implement this in the near term? @henurah

nimarezainia commented 2 weeks ago

Any plans to implement this in the near term? @henurah

Unfortunately at the moment there's no target delivery of this enhancement