Add agentless CSPM AWS findings assertion in serverless mode #1664

amirbenun · 2023-12-14T17:00:29Z

Summary of your changes

Our sanity tests has already a serverless mode.
On this PR, the sanity tests install CSPM AWS integration on the agentless policy and verify it produces findings.

Screenshot/Data

Related Issues

Resolves: Agentless CSPM sanity test #1602

Checklist

I have added tests that prove my fix is effective or that my feature works
I have added the necessary README/documentation (if appropriate)

Introducing a new rule?

Generate rule metadata using this script
Add relevant unit tests
Generate relevant rule templates using this script, and open a PR in elastic/packages/cloud_security_posture

mergify · 2023-12-14T17:01:07Z

This pull request does not have a backport label. Could you fix it @amirbenun? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
NOTE: backport-skip has been added to this pull request.

deploy/test-environments/fleet_api/src/install_agentless_integrations.py

gurevichdmitry · 2023-12-18T13:37:56Z

deploy/test-environments/fleet_api/src/install_agentless_integrations.py

+        logger.info(f"Create {NAME} integration for policy {AGENT_POLICY_ID}")
+        package_policy = generate_package_policy(cspm_template, integration_data)
+
+        logger.info(f"Created {package_policy}")
+
+        create_cspm_integration(
+            cfg=cnfg.elk_config,
+            pkg_policy=package_policy,
+            agent_policy_id=AGENT_POLICY_ID,
+            cspm_data={},
+        )
+        logger.info(f"Installation of {NAME} integration is done")


create-environment workflow supports different elastic versions installation, and the main branch is always used for deployment. To prevent some misconfigurations, such as policy field discrepancies, and ensure integration availability, logic based on the package version has been implemented for each integration. It might be better to retrieve the current package version and prevent the installation of integrations if the version is less than required.

With serverless it is a bit different, you will always deploy the latest elastic stack so this check is redundant.

tests/agents_map.py

deploy/test-environments/fleet_api/src/install_agentless_integrations.py

tests/commonlib/agents_map.py

tests/integration/tests/test_sanity_checks.py

gurevichdmitry

@amirbenun great work, LGTM.
Could you please verify that running the regular workflow (not agentless) is also functioning correctly?

amirbenun added 9 commits December 10, 2023 18:31

install agentless cspm

6c59b1f

parameterize agents

1e66592

Merge branch 'main' into agentless-sanity

b67a838

explicit get agents

964d259

rename

1b265ff

remove parts

9405fc6

remove agentless

9ef634c

logger

ac01a0f

lint

2c1c0fe

amirbenun requested a review from a team as a code owner December 14, 2023 17:00

mergify bot assigned amirbenun Dec 14, 2023

mergify bot added the backport-skip label Dec 14, 2023

amirbenun added 9 commits December 14, 2023 19:09

remove duplicated code

6970446

lint

7782c12

Merge branch 'main' into agentless-sanity

5b41317

wrong-import-position

39f43c3

remove agentless

c55ab3e

Merge branch 'main' into agentless-sanity

b1b8a8a

lint

4b80749

agent_version

f128b98

Merge branch 'main' into agentless-sanity

4312f17