[Cloud Security] Updating the CSPM integration with deployment_mode and secrets #11271

seanrathier · 2024-09-27T20:24:23Z

Proposed commit message

We added deployment_modes to the CSPM integration and the secret attribute for the inputs that the linting thought should have that set.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

In Kibana pull this PR locally
- [Cloud Security] Render Setup Technology Selector based on deployment mode kibana#194347
Start elastic-package and Kibana
- https://docs.elastic.dev/security-solution/cloud-security/qa/test-integration-package#build-and-test-with-the-local-elasticsearch-and-kibana
In your browser navigate to
- http://localhost:5601/kbn/app/integrations/detail/cloud_security_posture-1.11.0-preview10/add-integration

Related issues

[Cloud Security] Render Setup Technology Selector based on deployment mode kibana#194347

elastic-vault-github-plugin-prod · 2024-09-27T20:39:55Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

elasticmachine · 2024-10-01T15:04:41Z

💚 Build Succeeded

Buildkite Build
Commit: 3de17ca

History

💔 Build #16668 failed 01fbfe3
💚 Build #16551 succeeded cb068924cc691b9ede7d98f50d46578b8446985c

elastic-sonarqube · 2024-10-01T15:04:45Z

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

elasticmachine · 2024-10-02T13:21:24Z

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

Omolola-Akinleye

Looks good just want to confirm if we should secrets as false

Omolola-Akinleye · 2024-10-02T16:57:12Z

packages/cloud_security_posture/data_stream/findings/manifest.yml

@@ -113,6 +116,7 @@ streams:
        multi: false
        required: false
        show_user: true
+        secret: false


Should secret access key be true? Security concern regards of exposing secret access keys

The lint for the integration identified these fields as needing the secret attributes, likely because they have the name access_key and session_key.

Since we already have other fields with the secret attribute set to true, I assumed these were not meant to be masked like a password.

okay got it! Thanks!

Omolola-Akinleye · 2024-10-02T16:57:37Z

packages/cloud_security_posture/data_stream/findings/manifest.yml

@@ -55,6 +56,7 @@ streams:
        multi: false
        required: false
        show_user: true


Should secret access key be true? We don't want to expose secret?

Omolola-Akinleye · 2024-10-02T16:58:47Z

packages/cloud_security_posture/data_stream/findings/manifest.yml

@@ -100,6 +102,7 @@ streams:
        multi: false
        required: false
        show_user: true
+        secret: false


Should shared credentials file secret be true?

https://github.com/elastic/integrations/pull/11271/files#r1784954363

Omolola-Akinleye · 2024-10-02T17:00:33Z

packages/cloud_security_posture/data_stream/findings/manifest.yml

@@ -42,6 +42,7 @@ streams:
        multi: false
        required: false
        show_user: true
+        secret: false


Any security concern regards adding secret as false?

https://github.com/elastic/integrations/pull/11271/files#r1784954363

I missed secrets change and want to address security concerns

elastic-vault-github-plugin-prod · 2024-10-07T13:56:24Z

Package cloud_security_posture - 1.11.0-preview10 containing this change is available at https://epr.elastic.co/search?package=cloud_security_posture

elastic-vault-github-plugin-prod · 2024-11-12T14:52:33Z

Package cloud_security_posture - 1.11.0 containing this change is available at https://epr.elastic.co/package/cloud_security_posture/1.11.0/

…nd secrets (elastic#11271) * Updating the CSPM integration with deployment_mode and secrets * buming version * changelog

seanrathier linked an issue Sep 27, 2024 that may be closed by this pull request

Update integration to include deployment mode #10847

Closed

3 tasks

seanrathier mentioned this pull request Sep 27, 2024

[Cloud Security] Render Setup Technology Selector based on deployment mode elastic/kibana#194347

Merged

2 tasks

andrewkroh added the Integration:cloud_security_posture Security Posture Management label Sep 27, 2024

seanrathier added 2 commits October 1, 2024 09:28

Updating the CSPM integration with deployment_mode and secrets

95c248e

buming version

01fbfe3

seanrathier force-pushed the 10847-update-cspm-deployment-mode branch from cb06892 to 01fbfe3 Compare October 1, 2024 13:29

changelog

3de17ca

andrewkroh added the enhancement New feature or request label Oct 1, 2024

seanrathier self-assigned this Oct 1, 2024

seanrathier marked this pull request as ready for review October 1, 2024 21:42

seanrathier requested a review from a team as a code owner October 1, 2024 21:42

seanrathier requested a review from a team October 1, 2024 21:43

andrewkroh added the Team:Cloud Security Cloud Security team [elastic/cloud-security-posture] label Oct 1, 2024

seanrathier added the Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] label Oct 2, 2024

Omolola-Akinleye previously approved these changes Oct 2, 2024

View reviewed changes

Omolola-Akinleye reviewed Oct 2, 2024

View reviewed changes

Omolola-Akinleye self-requested a review October 2, 2024 17:01

Omolola-Akinleye approved these changes Oct 3, 2024

View reviewed changes

seanrathier merged commit 477593e into elastic:main Oct 7, 2024
5 checks passed

seanrathier deleted the 10847-update-cspm-deployment-mode branch February 6, 2025 22:46

[Cloud Security] Updating the CSPM integration with deployment_mode and secrets #11271

[Cloud Security] Updating the CSPM integration with deployment_mode and secrets #11271

Uh oh!

Conversation

seanrathier commented Sep 27, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed commit message

Checklist

How to test this PR locally

Related issues

Uh oh!

elastic-vault-github-plugin-prod bot commented Sep 27, 2024

🚀 Benchmarks report

Uh oh!

elasticmachine commented Oct 1, 2024

💚 Build Succeeded

History

Uh oh!

elastic-sonarqube bot commented Oct 1, 2024

Quality Gate passed

Uh oh!

elasticmachine commented Oct 2, 2024

Uh oh!

Omolola-Akinleye left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Omolola-Akinleye Oct 2, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

seanrathier Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

Omolola-Akinleye Oct 3, 2024

Choose a reason for hiding this comment

Uh oh!

Omolola-Akinleye Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

Omolola-Akinleye Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

seanrathier Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

Omolola-Akinleye Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

seanrathier Oct 2, 2024

Choose a reason for hiding this comment

Uh oh!

Uh oh!

elastic-vault-github-plugin-prod bot commented Oct 7, 2024

Uh oh!

elastic-vault-github-plugin-prod bot commented Nov 12, 2024

Uh oh!

Uh oh!

seanrathier commented Sep 27, 2024 •

edited

Loading

Omolola-Akinleye left a comment •

edited

Loading

Omolola-Akinleye Oct 2, 2024 •

edited

Loading