Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add endpoint.spec that renders the endpoint program to be run by Agent #19171

Merged
merged 7 commits into from
Jun 18, 2020
Merged

Add endpoint.spec that renders the endpoint program to be run by Agent #19171

merged 7 commits into from
Jun 18, 2020

Conversation

blakerouse
Copy link
Contributor

What does this PR do?

Adds the spec/endpoint.yml that parses the elastic-agent.yml into a configuration that is passed to Endpoint. This passes the entire input definition into the Endpoint configuration, allowing Agent not need need to worry about new keys. Fleet and output is also passed through directly to Endpoint.

This does not include the code to actually perform the installation of Endpoint and run it, this is just step 1 of that process. Next branch will perform the installation, now that this branch instructs Elastic Agent that Endpoint should be ran.

Why is it important?

To support Elastic Agent running Endpoint.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • Results in a Endpoint Configuration:
fleet:
  kibana_url: https://kibana.mydomain.com:5601
  ca_hash: 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=
  checkin_interval: 5m

output:
  elasticsearch:
    hosts: [127.0.0.1:9200, 127.0.0.1:9300]
    username: elastic
    password: changeme
    api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSowb0kQ0HWoA
    ca_sha256: 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=

type: endpoint
enabled: true
streams: []
policy:
  linux:
    malware:
      mode: prevent
    advanced:
      elasticsearch:
        indices:
          logging: logging-index
          control: control-index
          event: event-index
        kernel:
          process: true
          connect: true
    logging:
      file: info
      stdout: debug
    events:
      registry: true
      process: true
      security: true
      file: true
      dns: false
      dll_and_driver_load: false
      network: true
  windows:
    malware:
      mode: prevent
    advanced:
      elasticsearch:
        indices:
          logging: logging-index
          control: control-index
          event: event-index
        kernel:
          process: true
          connect: true
    logging:
      file: info
      stdout: debug
    events:
      registry: true
      process: true
      security: true
      file: true
      dns: false
      dll_and_driver_load: false
      network: true
  mac:
    malware:
      mode: prevent
    advanced:
      elasticsearch:
        indices:
          logging: logging-index
          control: control-index
          event: event-index
        kernel:
          process: true
          connect: true
    logging:
      file: info
      stdout: debug
    events:
      registry: true
      process: true
      security: true
      file: true
      dns: false
      dll_and_driver_load: false
      network: true

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 12, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 12, 2020
edited
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #19171 updated]

  • Start Time: 2020-06-18T13:38:49.222+0000

  • Duration: 33 min 23 sec

Test stats 🧪

Test Results
Failed 0
Passed 538
Skipped 127
Total 665

@blakerouse blakerouse marked this pull request as draft June 14, 2020 13:59
@blakerouse
Copy link
Contributor Author

Converted to draft until the final endpoint configuration that Elastic Agent will send is complete.

@michalpristas michalpristas self-requested a review June 15, 2020 15:10
@blakerouse blakerouse marked this pull request as ready for review June 15, 2020 15:19
@blakerouse blakerouse mentioned this pull request Jun 15, 2020
Merged
4 tasks
ph
ph approved these changes Jun 18, 2020
View reviewed changes
Copy link
Contributor

@ph ph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@blakerouse blakerouse merged commit 7450d4e into elastic:master Jun 18, 2020
@blakerouse blakerouse deleted the agent-endpoint-spec branch June 18, 2020 14:29
@blakerouse blakerouse mentioned this pull request Jun 26, 2020
Merged
4 tasks
blakerouse added a commit to blakerouse/beats that referenced this pull request Jun 26, 2020
@blakerouse
Add endpoint.spec that renders the endpoint program to be run by Agent (
7781992 
elastic#19171)

* Initial spec parsing for endpoint.

* Update comment.

* Fix spec test.

* Update code so it copies the entire input.

* Fix ast test.

* Remove the code no longer needed because of newer config format.

(cherry picked from commit 7450d4e)
blakerouse added a commit that referenced this pull request Jun 26, 2020
@blakerouse
Cherry-pick #19171 to 7.x: Add endpoint.spec that renders the endpoin…
9a41c4a 
…t program to be run by Agent (#19448)

* Add endpoint.spec that renders the endpoint program to be run by Agent (#19171)

* Initial spec parsing for endpoint.

* Update comment.

* Fix spec test.

* Update code so it copies the entire input.

* Fix ast test.

* Remove the code no longer needed because of newer config format.

(cherry picked from commit 7450d4e)

* Fix logfile.
@blakerouse blakerouse mentioned this pull request Jun 29, 2020
Merged
4 tasks
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@blakerouse @melchiormoulin
Add endpoint.spec that renders the endpoint program to be run by Agent (
1928353 
elastic#19171)

* Initial spec parsing for endpoint.

* Update comment.

* Fix spec test.

* Update code so it copies the entire input.

* Fix ast test.

* Remove the code no longer needed because of newer config format.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ph ph ph approved these changes

@ruflin ruflin ruflin approved these changes

@michalpristas michalpristas Awaiting requested review from michalpristas

Assignees
No one assigned
Labels
v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Elastic Agent] Limit Endpoint usage
4 participants
@blakerouse @elasticmachine @ph @ruflin