diff --git a/packages/verifier_otel/_dev/test/policy/test-eprcheck.expected b/packages/verifier_otel/_dev/test/policy/test-eprcheck.expected index d639754edbf..71f66de74a4 100644 --- a/packages/verifier_otel/_dev/test/policy/test-eprcheck.expected +++ b/packages/verifier_otel/_dev/test/policy/test-eprcheck.expected @@ -1,5 +1,5 @@ connectors: - forward: {} + forward/componentid-0: {} exporters: elasticsearch/componentid-0: endpoints: @@ -25,8 +25,8 @@ processors: - context: log statements: - set(attributes["data_stream.type"], "logs") - - set(attributes["data_stream.dataset"], "verifierreceiver") - - set(attributes["data_stream.namespace"], "ep") + - set(attributes["data_stream.dataset"], "verifierreceiver") where attributes["data_stream.dataset"] == nil + - set(attributes["data_stream.namespace"], "ep") where attributes["data_stream.namespace"] == nil receivers: verifier/componentid-0: account_type: single-account @@ -35,12 +35,15 @@ receivers: policies: - integrations: - package_name: aws - package_policy_id: test-pp-789 + package_policy_id: test-pp-cloudtrail package_title: AWS package_version: "2.17.0" policy_template: cloudtrail + policy_id: test-policy-123 + policy_name: Verifier-Policy-Test-Connector-abc12345 + - integrations: - package_name: aws - package_policy_id: test-pp-789 + package_policy_id: test-pp-guardduty package_title: AWS package_version: "2.17.0" policy_template: guardduty @@ -57,14 +60,14 @@ secret_references: - {} service: pipelines: - logs: + logs/componentid-0: exporters: - elasticsearch/componentid-0 receivers: - - forward - logs/componentid-0: + - forward/componentid-0 + logs/componentid-1: exporters: - - forward + - forward/componentid-0 processors: - transform/componentid-0 receivers: diff --git a/packages/verifier_otel/_dev/test/policy/test-eprcheck.yml b/packages/verifier_otel/_dev/test/policy/test-eprcheck.yml index 469f64149d0..1b3e8d6b26c 100644 --- a/packages/verifier_otel/_dev/test/policy/test-eprcheck.yml +++ b/packages/verifier_otel/_dev/test/policy/test-eprcheck.yml @@ -9,14 +9,26 @@ vars: # Credentials credentials_role_arn: arn:aws:iam::123456789012:role/TestRole credentials_external_id: test-external-id - # Policy - policy_id: test-policy-123 - policy_name: Verifier-Policy-Test-Connector-abc12345 - # Integrations (one entry per policy template; package metadata is shared) + # Per-target arrays (positionally aligned: index i describes target integration i). + # Both targets share the same agent policy; package_policy_id distinguishes them. + policy_id: + - test-policy-123 + - test-policy-123 + policy_name: + - Verifier-Policy-Test-Connector-abc12345 + - Verifier-Policy-Test-Connector-abc12345 policy_templates: - cloudtrail - guardduty - package_policy_id: test-pp-789 - package_name: aws - package_title: AWS - package_version: "2.17.0" + package_policy_id: + - test-pp-cloudtrail + - test-pp-guardduty + package_name: + - aws + - aws + package_title: + - AWS + - AWS + package_version: + - "2.17.0" + - "2.17.0" diff --git a/packages/verifier_otel/_dev/test/system/test-local-config.yml b/packages/verifier_otel/_dev/test/system/test-local-config.yml index 32691fd4712..9a38b15e62f 100644 --- a/packages/verifier_otel/_dev/test/system/test-local-config.yml +++ b/packages/verifier_otel/_dev/test/system/test-local-config.yml @@ -12,13 +12,18 @@ vars: # Credentials credentials_role_arn: arn:aws:iam::123456789012:role/SystemTestRole credentials_external_id: system-test-external-id - # Policy - policy_id: system-test-policy - policy_name: Verifier-Policy-System-Test-Connector-abc12345 - # Integrations (one entry per policy template; package metadata is shared) + # Per-target arrays (positionally aligned: index i describes target integration i). + policy_id: + - system-test-policy + policy_name: + - Verifier-Policy-System-Test-Connector-abc12345 policy_templates: - cloudtrail - package_policy_id: system-test-pp - package_name: aws - package_title: AWS - package_version: "2.17.0" + package_policy_id: + - system-test-pp + package_name: + - aws + package_title: + - AWS + package_version: + - "2.17.0" diff --git a/packages/verifier_otel/agent/input/input.yml.hbs b/packages/verifier_otel/agent/input/input.yml.hbs index 78472a7d015..1c04b40a5da 100644 --- a/packages/verifier_otel/agent/input/input.yml.hbs +++ b/packages/verifier_otel/agent/input/input.yml.hbs @@ -35,22 +35,22 @@ receivers: service_account_email: "{{credentials_service_account_email}}" {{/if}} policies: - - policy_id: "{{policy_id}}" -{{#if policy_name}} - policy_name: "{{policy_name}}" +{{#each policy_id}} + - policy_id: "{{this}}" +{{#if (lookup ../policy_name @index)}} + policy_name: "{{lookup ../policy_name @index}}" {{/if}} integrations: -{{#each policy_templates}} - - policy_template: "{{this}}" - package_name: "{{../package_name}}" -{{#if ../package_policy_id}} - package_policy_id: "{{../package_policy_id}}" + - policy_template: "{{lookup ../policy_templates @index}}" + package_name: "{{lookup ../package_name @index}}" +{{#if (lookup ../package_policy_id @index)}} + package_policy_id: "{{lookup ../package_policy_id @index}}" {{/if}} -{{#if ../package_title}} - package_title: "{{../package_title}}" +{{#if (lookup ../package_title @index)}} + package_title: "{{lookup ../package_title @index}}" {{/if}} -{{#if ../package_version}} - package_version: "{{../package_version}}" +{{#if (lookup ../package_version @index)}} + package_version: "{{lookup ../package_version @index}}" {{/if}} {{/each}} diff --git a/packages/verifier_otel/changelog.yml b/packages/verifier_otel/changelog.yml index c0deb3645de..51e3ef203e0 100644 --- a/packages/verifier_otel/changelog.yml +++ b/packages/verifier_otel/changelog.yml @@ -1,4 +1,12 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: "Render one `policies[]` entry per target via parallel `multi: true` arrays (`policy_id`, `policy_name`, `policy_templates`, `package_policy_id`, `package_name`, `package_title`, `package_version`)." + type: enhancement + link: https://github.com/elastic/integrations/pull/19965 + - description: "Require Kibana 9.5.0+ (`conditions.kibana.version: ^9.5.0`) so multi-target policy compilation is available at install time." + type: breaking-change + link: https://github.com/elastic/integrations/pull/19965 - version: "0.1.0" changes: - description: Use new `release` field for agentless deployment mode to establish as beta. diff --git a/packages/verifier_otel/manifest.yml b/packages/verifier_otel/manifest.yml index 1174a82e377..52250bba0db 100644 --- a/packages/verifier_otel/manifest.yml +++ b/packages/verifier_otel/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.5.0 name: verifier_otel title: "Permission Verifier" -version: 0.1.0 +version: 0.2.0 source: license: "Elastic-2.0" description: "Verify identity federation based integration permissions and report results to Elasticsearch using the Verifier receiver of the OTel Collector." @@ -13,7 +13,7 @@ categories: - cloud conditions: kibana: - version: "^9.3.0" + version: "^9.5.0" elastic: subscription: "basic" icons: @@ -143,50 +143,50 @@ policy_templates: - name: policy_id type: text title: Policy ID - description: The agent policy ID for this set of integrations. - multi: false + description: The agent policy IDs, positionally aligned with `policy_name`, `policy_templates`, and `package_policy_id`. Entry `i` describes target integration `i`. + multi: true required: true show_user: true - name: policy_name type: text title: Policy Name - description: Human-readable name of the policy. - multi: false + description: Human-readable agent policy names, positionally aligned with `policy_id`. + multi: true required: false show_user: true - name: package_policy_id type: text title: Package Policy ID - description: Unique identifier for the package policy instance. - multi: false + description: Target package policy IDs, positionally aligned with `policy_id`. + multi: true required: false show_user: true - name: policy_templates type: text title: Policy Templates - description: "Policy template names from the integration package (for example, cloudtrail, guardduty, activitylogs). Multiple templates produce one integration entry each, all under the same policy. Combined with package_name to uniquely identify each integration." + description: Target policy template names, positionally aligned with `policy_id`. multi: true required: true show_user: true - name: package_name type: text title: Package Name - description: "Integration package name (for example, aws, azure, gcp, okta)." - multi: false + description: "Target package names (for example, aws, azure, gcp, okta), positionally aligned with `policy_id`." + multi: true required: true show_user: true - name: package_title type: text title: Package Title - description: "Human-readable title of the integration package (for example, AWS, Azure, GCP)." - multi: false + description: "Human-readable target package titles, positionally aligned with `policy_id`." + multi: true required: false show_user: true - name: package_version type: text title: Package Version - description: "Semantic version of the integration package (for example, 2.17.0). Different versions might require different permissions. When empty, the latest permission set is used." - multi: false + description: "Target package versions, positionally aligned with `policy_id`. When empty, the latest permission set is used." + multi: true required: false show_user: true owner: