[Feature] [terraform] Elastic Defend integration configuration

[3kt]

Is your feature request related to a problem? Please describe. Using elasticstack_fleet_integration_policy works well for standard TCP / logs integration, as showcased in the documentation, but for the Elastic Defend integration no custom configuration can be applied because of its structure.

Describe the resource you would like to have implemented. We'd need some extension of the capabilities of the /api/fleet/package_policies/[integration ID] endpoint. We basically need an extension from the capabilities of https://github.com/elastic/terraform-provider-elasticstack/blob/main/internal/fleet/integration_policy_resource.go to support customization for Elastic Defend integration.

Describe the solution you'd like I'd like to be able to customize the Elastic Defend integration with the elasticstack_fleet_integration_policy resource, the same way the UI offers:

Describe alternatives you've considered There is currently no workaround with pure Terraform, as the API endpoint are simply not instrumented in the provider.

Additional context Looking at what Kibana does when saving the integration through the UI, the custom settings of the Defend Integration look like this:

{
  "version": "WzU0NTAsMV0=",
  "name": "Defend integration",
  "namespace": "default",
  "description": "A sample integration policy",
  "package": {
    "name": "endpoint",
    "title": "Elastic Defend",
    "version": "8.13.0"
  },
  "enabled": true,
  "policy_id": "85ea0949-8d7b-4da0-bf2c-bbff166bbb72",
  "vars": {},
  "inputs": [
    {
      "type": "endpoint",
      "enabled": true,
      "config": {
        "integration_config": {},
        "artifact_manifest": {[some stuff]},
        "policy": {[some other stuff]}
      },
      "streams": []
    }
  ]
}

We don't currently have support for artifact_manifest and policy, but only the streams bit which is unused by the Defend integration.

[nimarezainia]

@andrewkroh would you be able to help route this request. I believe your team developed the terraform provider. TIA

cc: @cmacknz

[andrewkroh]

Looking at the API^1 in Kibana, config is listed as an object so it would make sense for the elasticstack_fleet_integration_policy^2 resource to support config_json as a parameter for the input blocks.

The API doesn't have a description for config and apart from this one use-case for Endpoint, I have never seen it. So we need someone from Fleet to describe it for the Terraform documentation.

Adding it to the code here is probably not a big task.

[ryanturner-cd]

Any plans to implement this in the near term? @henurah

[nimarezainia]

Any plans to implement this in the near term? @henurah

Unfortunately at the moment there's no target delivery of this enhancement

[Oddly]

+1, we would like to see this as well.

[msecpim]

+1, we were part of the original request and are still very much interested.

[sbaas-hcs]

+1 this would help if with reducing manual work

[msecrbl]

+1 from me too

[msecdsu]

+1 would be awesome to have this.

[msecjmu]

+1 would help a lot

[msecdst]

+1, this would be a very helpful feature.

[msecrve]

+1 would be nice to have this

[icefish-creativ]

+1 absolutely necessary in big automated environments

[aleks-ivk]

Same issue applies if you want to add an Elastic APM integration policy, which is a rather crucial component, so please priorities this enhancement.