kibana icon indicating copy to clipboard operation
kibana copied to clipboard

Published 20 hours ago verified publisher icon elastic

[Cloud Security] Allow deleting integration from Agentless policy

Open maxcold opened this issue 1 year ago • 10 comments

User story

As a user I don't want CSP integrations I don't need anymore lingering around in my environment so that I'm not confused which ones are active and which ones are not and don't pay for the integrations I don't need

Motivation

After we made the "agentless" agent policy managed, we allowed to force install CSP integration to it. But a user can't remove installed CSP integrations. While deletion of the integration is not strictly necessary for any use case, it's not a nice UX, confusing for users. Why they might want to remove an integration:

  • don't need an integration anymore, eg. no more cloud workload to monitor
  • was playing with the settings and want to do the final clean setup
  • have incorrectly working integration and want to start from scratch
  • concerned that will need to pay for more integrations

For some concerns, there is a workaround of just editing an integration and specifying incorrect credentials, but overall we need to give users the option to delete a CSP integration from Agentless.

We need to investigate if there is a way to "force" delete an integration from a managed policy or if it works somehow differently compare to adding an integration

Open Questions:

  • Investigate agentless deployment, agent policy, and package policy deletions
  • Does deletion support Serverless and Ess?

Definition of done

  • [x] It is possible for users to remove CSP integration from Agentless
### Tasks
- [x] Delete the agentless agent via Agentless API
- [x] Delete the agentless policie(s) connected to the deleted integration policy via Fleet API
- [x] Show Delete Action in ESS using Agentless API ESS flag
- [x] Replace is_manage flag checks in code to use `support_agentless` flag
- [ ] Disable Fleet actions with `support_agentless` except for the delete action
- [ ] Update the agentless agent creation FTR to clean up the created agentless policies (or delete them as part of the FTR)

Out of scope

Related tasks/epics

  • https://github.com/elastic/security-team/issues/7943
  • https://github.com/elastic/security-team/issues/8118
  • https://github.com/elastic/security-team/issues/8117

Team tag

@elastic/kibana-cloud-security-posture

maxcold avatar Jan 10 '24 13:01 maxcold