[Feature] [terraform] Elastic Defend integration configuration #601
Description
Is your feature request related to a problem? Please describe.
Using elasticstack_fleet_integration_policy works well for standard TCP / logs integration, as showcased in the documentation, but for the Elastic Defend integration no custom configuration can be applied because of its structure.
Describe the resource you would like to have implemented.
We'd need some extension of the capabilities of the /api/fleet/package_policies/[integration ID] endpoint. We basically need an extension from the capabilities of https://github.com/elastic/terraform-provider-elasticstack/blob/main/internal/fleet/integration_policy_resource.go to support customization for Elastic Defend integration.
Describe the solution you'd like
I'd like to be able to customize the Elastic Defend integration with the elasticstack_fleet_integration_policy resource, the same way the UI offers:
Describe alternatives you've considered
There is currently no workaround with pure Terraform, as the API endpoint are simply not instrumented in the provider.
Additional context
Looking at what Kibana does when saving the integration through the UI, the custom settings of the Defend Integration look like this:
{
"version": "WzU0NTAsMV0=",
"name": "Defend integration",
"namespace": "default",
"description": "A sample integration policy",
"package": {
"name": "endpoint",
"title": "Elastic Defend",
"version": "8.13.0"
},
"enabled": true,
"policy_id": "85ea0949-8d7b-4da0-bf2c-bbff166bbb72",
"vars": {},
"inputs": [
{
"type": "endpoint",
"enabled": true,
"config": {
"integration_config": {},
"artifact_manifest": {[some stuff]},
"policy": {[some other stuff]}
},
"streams": []
}
]
}
We don't currently have support for artifact_manifest and policy, but only the streams bit which is unused by the Defend integration.