Skip to content

CSPM: add cloud connectors support#11663

Merged
moukoublen merged 0 commit intoelastic:mainfrom
moukoublen:cspm_cloud_connectors
Nov 18, 2024
Merged

CSPM: add cloud connectors support#11663
moukoublen merged 0 commit intoelastic:mainfrom
moukoublen:cspm_cloud_connectors

Conversation

@moukoublen
Copy link
Member

@moukoublen moukoublen commented Nov 7, 2024
edited
Loading

Proposed commit message

Add new template URL for cloudformation creates the cloud connectors remote role.
Add a new bool variable indicating that cloud connectors are used in the integration. Cloudbeat should parse this boolean.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@moukoublen moukoublen self-assigned this Nov 7, 2024
@moukoublen moukoublen added the Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] label Nov 7, 2024
@andrewkroh andrewkroh added the Integration:cloud_security_posture Security Posture Management label Nov 7, 2024
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 7, 2024

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@moukoublen moukoublen force-pushed the cspm_cloud_connectors branch 2 times, most recently from 6c2edb5 to ba48abd Compare November 8, 2024 09:55
@moukoublen moukoublen marked this pull request as ready for review November 8, 2024 10:01
@moukoublen moukoublen requested a review from a team as a code owner November 8, 2024 10:01
maxcold
maxcold reviewed Nov 8, 2024
View reviewed changes
packages/cloud_security_posture/changelog.yml Outdated
Copy link
Contributor

@maxcold maxcold Nov 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we want this change in 8.16 ? as we didn't test 8.16 with this change, maybe it would be safer to have in in 1.12.x?

Copy link
Member Author

@moukoublen moukoublen Nov 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right; I forgot we still need to bump to 8.17.
This means I should merge after we bump the stable 1.11.0 to create the 1.12.0-preview1. (otherwise, it would be a bit more complicated to produce the stable 1.11.0 release with a backport branch).

@andrewkroh andrewkroh added the enhancement New feature or request label Nov 8, 2024
@Omolola-Akinleye Omolola-Akinleye self-requested a review November 11, 2024 14:20
Omolola-Akinleye
Omolola-Akinleye reviewed Nov 11, 2024
View reviewed changes
packages/cloud_security_posture/manifest.yml Outdated
Copy link
Contributor

@Omolola-Akinleye Omolola-Akinleye Nov 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PROJECT_ID refers to the id of a Serverless Project. This maybe a confusing name to include the deployment id. Perhaps another slightly more generic name ELASTIC_SERVICE_ID? Wdyt?

Copy link
Member Author

@moukoublen moukoublen Nov 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure I will update accordingly.

@moukoublen moukoublen force-pushed the cspm_cloud_connectors branch from ba48abd to 52dc54a Compare November 13, 2024 12:01
Omolola-Akinleye
Omolola-Akinleye reviewed Nov 13, 2024
View reviewed changes
packages/cloud_security_posture/data_stream/findings/manifest.yml Outdated
Copy link
Contributor

@Omolola-Akinleye Omolola-Akinleye Nov 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we prefix aws.support_cloud_connectors here?

Copy link
Member Author

@moukoublen moukoublen Nov 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good question; I am not entirely sure. I thought that since, hierarchy-wise, we are under the input: cloud beat/cis_aws object, it's not really needed. But I will try to find out why we have the aws. prefix in the aws.credentials.type and in aws.account_type.

Copy link
Member

@kubasobon kubasobon Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For consistency. All other providers have been using prefixes, so we use them for AWS as well. Technically, it also helps avoid mistakes when creating policy via API.

Copy link
Member Author

@moukoublen moukoublen Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kubasobon! I added aws. prefix in supports_cloud_connectors as well.

@moukoublen moukoublen force-pushed the cspm_cloud_connectors branch from 52dc54a to 1479acd Compare November 18, 2024 12:15
orestisfl
orestisfl requested changes Nov 18, 2024
View reviewed changes
@moukoublen
Copy link
Member Author

moukoublen commented Nov 18, 2024

@Omolola-Akinleye: note that the ELASTIC_SERVICE_ID changed to RESOURCE_ID based on @orestisfl comment.

@moukoublen moukoublen requested a review from orestisfl November 18, 2024 14:33
@elasticmachine
Copy link

elasticmachine commented Nov 18, 2024

💚 Build Succeeded

History

  • 💚 Build #18398 succeeded 1479acdc7472d02401d66b99b6def281d3099848
  • 💚 Build #18274 succeeded 52dc54afa792252b9546e180db950fa174e657c5
  • 💚 Build #18055 succeeded ba48abd8738f6100f9d5219f12117ff717c0deb9
  • 💚 Build #18024 succeeded 68981ecd3d215174caf182c083d18990b62528a7

cc @moukoublen

@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Nov 18, 2024

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

kubasobon
kubasobon approved these changes Nov 18, 2024
View reviewed changes
Copy link
Member

@kubasobon kubasobon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the prefixes

@moukoublen moukoublen merged commit f87f02e into elastic:main Nov 18, 2024
@moukoublen moukoublen deleted the cspm_cloud_connectors branch November 18, 2024 15:45
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 18, 2024

Package cloud_security_posture - 1.12.0-preview01 containing this change is available at https://epr.elastic.co/package/cloud_security_posture/1.12.0-preview01/

harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 4, 2025
@moukoublen @orestisfl
CSPM: add cloud connectors support (elastic#11663)
d945001 
* CSPM: add cloud connectors support

* renames

* pre release bump

* Update packages/cloud_security_posture/manifest.yml

Co-authored-by: Orestis Floros <orestisflo@gmail.com>

* rename ELASTIC_SERVICE_ID to RESOURCE_ID

* add aws. prefix in supports_cloud_connectors

---------

Co-authored-by: Orestis Floros <orestisflo@gmail.com>
harnish-crest-data pushed a commit to chavdaharnish/integrations that referenced this pull request Feb 5, 2025
@moukoublen @orestisfl
CSPM: add cloud connectors support (elastic#11663)
e656427 
* CSPM: add cloud connectors support

* renames

* pre release bump

* Update packages/cloud_security_posture/manifest.yml

Co-authored-by: Orestis Floros <orestisflo@gmail.com>

* rename ELASTIC_SERVICE_ID to RESOURCE_ID

* add aws. prefix in supports_cloud_connectors

---------

Co-authored-by: Orestis Floros <orestisflo@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxcold maxcold maxcold left review comments

@Omolola-Akinleye Omolola-Akinleye Omolola-Akinleye approved these changes

@kubasobon kubasobon kubasobon approved these changes

@orestisfl orestisfl orestisfl approved these changes

Assignees

@moukoublen moukoublen

Labels

enhancement New feature or request Integration:cloud_security_posture Security Posture Management Team:Cloud Security Cloud Security team [elastic/cloud-security-posture]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@moukoublen @elasticmachine @maxcold @kubasobon @orestisfl @Omolola-Akinleye @andrewkroh