connecting package policy to cloud connector with api integrations tests

Author: Omolola-Akinleye

x-pack/platform/plugins/shared/fleet/common/types/models/cloud_connector.ts

@@ -32,6 +32,8 @@ export interface CloudConnectorVars {
   tenant_id?: CloudConnectorSecretVar;
 }
 
+export type CloudConnectorVarsRecord = Record<string, PackagePolicyConfigRecordEntry | string | CloudConnectorSecretVar>;
+
 export interface CloudConnectorSO {
   id: string;
   name: string;

x-pack/platform/plugins/shared/fleet/common/types/models/package_policy.ts

@@ -95,6 +95,8 @@ export interface NewPackagePolicy {
   };
   overrides?: { inputs?: { [key: string]: any } } | null;
   supports_agentless?: boolean | null;
+  supports_cloud_connector?: boolean | null;
+  cloud_connector_id?: string | null;
   additional_datastreams_permissions?: string[];
 }
 

x-pack/platform/plugins/shared/fleet/server/services/agent_policy_create.test.ts

@@ -313,4 +313,87 @@ describe('createAgentPolicyWithPackages', () => {
 
     expect(response.id).toEqual('new_fleet_server_policy');
   });
+
+  it('should create agent policy with cloud connector enabled', async () => {
+    const response = await createAgentPolicyWithPackages({
+      esClient: esClientMock,
+      soClient: soClientMock,
+      agentPolicyService: mockedAgentPolicyService,
+      newPolicy: { 
+        name: 'Agent policy with cloud connector', 
+        namespace: 'default',
+        agentless: {
+          cloud_connectors: {
+            enabled: true,
+          },
+        },
+      },
+      withSysMonitoring: false,
+      spaceId: 'default',
+      monitoringEnabled: [],
+    });
+
+    expect(response.id).toEqual('new_id');
+    expect(response.agentless?.cloud_connectors?.enabled).toBe(true);
+  });
+
+  it('should create agent policy with cloud connector disabled', async () => {
+    const response = await createAgentPolicyWithPackages({
+      esClient: esClientMock,
+      soClient: soClientMock,
+      agentPolicyService: mockedAgentPolicyService,
+      newPolicy: { 
+        name: 'Agent policy without cloud connector', 
+        namespace: 'default',
+        agentless: {
+          cloud_connectors: {
+            enabled: false,
+          },
+        },
+      },
+      withSysMonitoring: false,
+      spaceId: 'default',
+      monitoringEnabled: [],
+    });
+
+    expect(response.id).toEqual('new_id');
+    expect(response.agentless?.cloud_connectors?.enabled).toBe(false);
+  });
+
+  it('should create package policy with cloud connector support when agent policy has cloud connector enabled', async () => {
+    mockedPackagePolicyService.buildPackagePolicyFromPackage.mockImplementation(
+      (soClient, packageToInstall) => Promise.resolve({
+        ...getPackagePolicy(packageToInstall),
+        supports_cloud_connector: true,
+      })
+    );
+
+    const response = await createAgentPolicyWithPackages({
+      esClient: esClientMock,
+      soClient: soClientMock,
+      agentPolicyService: mockedAgentPolicyService,
+      newPolicy: { 
+        name: 'Agent policy with cloud connector', 
+        namespace: 'default',
+        agentless: {
+          cloud_connectors: {
+            enabled: true,
+          },
+        },
+      },
+      withSysMonitoring: false,
+      spaceId: 'default',
+      monitoringEnabled: [],
+    });
+
+    expect(response.id).toEqual('new_id');
+    expect(mockedPackagePolicyService.create).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.anything(),
+      expect.objectContaining({
+        supports_cloud_connector: true,
+      }),
+      expect.anything()
+    );
+  });
 });

x-pack/platform/plugins/shared/fleet/server/services/agent_policy_create.ts

@@ -93,6 +93,11 @@ async function createPackagePolicy(
   if (agentPolicy.supports_agentless) {
     newPackagePolicy.supports_agentless = agentPolicy.supports_agentless;
   }
+  
+  // Check if agent policy supports cloud connectors
+  if (agentPolicy.agentless?.cloud_connectors?.enabled) {
+    newPackagePolicy.supports_cloud_connector = true;
+  }
 
   await packagePolicyService.create(soClient, esClient, newPackagePolicy, {
     spaceId: options.spaceId,

x-pack/platform/plugins/shared/fleet/server/services/cloud_connector.test.ts

@@ -356,7 +356,7 @@ describe('CloudConnectorService', () => {
     });
   });
 
-  describe('extractCloudVars', () => {
+  describe('getCloudConnectorInfo', () => {
     it('should extract AWS variables correctly', () => {
       const request: CreateCloudConnectorRequest = {
         name: 'test-connector',
@@ -376,8 +376,8 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
-      const result = extractCloudVars(request);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
+      const result = getCloudConnectorInfo(request);
 
       expect(result).toEqual({
         cloudProvider: 'aws',
@@ -414,8 +414,8 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
-      const result = extractCloudVars(request);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
+      const result = getCloudConnectorInfo(request);
 
       expect(result.vars.external_id).toEqual({
         type: 'password',
@@ -445,8 +445,8 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
-      const result = extractCloudVars(request);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
+      const result = getCloudConnectorInfo(request);
 
       expect(result.vars.external_id).toEqual({
         type: 'password',
@@ -476,9 +476,9 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
 
-      expect(() => extractCloudVars(request)).toThrow(
+      expect(() => getCloudConnectorInfo(request)).toThrow(
         '[Cloud Connector API] External ID input var is not valid'
       );
     });
@@ -502,9 +502,9 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
 
-      expect(() => extractCloudVars(request)).toThrow(
+      expect(() => getCloudConnectorInfo(request)).toThrow(
         '[Cloud Connector API] External ID input var is not valid'
       );
     });
@@ -528,9 +528,9 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
 
-      expect(() => extractCloudVars(request)).toThrow(
+      expect(() => getCloudConnectorInfo(request)).toThrow(
         '[Cloud Connector API] External ID input var is not valid'
       );
     });
@@ -554,9 +554,9 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
 
-      expect(() => extractCloudVars(request)).toThrow(
+      expect(() => getCloudConnectorInfo(request)).toThrow(
         '[Cloud Connector API] External ID input var is not valid'
       );
     });
@@ -580,8 +580,8 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
-      const result = extractCloudVars(request);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
+      const result = getCloudConnectorInfo(request);
 
       expect(result.vars.external_id).toEqual({
         type: 'password',
@@ -611,8 +611,8 @@ describe('CloudConnectorService', () => {
         },
       };
 
-      const extractCloudVars = (service as any).extractCloudVars.bind(service);
-      const result = extractCloudVars(request);
+      const getCloudConnectorInfo = (service as any).getCloudConnectorInfo.bind(service);
+      const result = getCloudConnectorInfo(request);
 
       expect(result.vars.external_id).toEqual({
         type: 'password',

x-pack/platform/plugins/shared/fleet/server/services/cloud_connector.ts

@@ -32,6 +32,7 @@ export interface CloudConnectorServiceInterface {
   ): Promise<CloudConnectorSO[]>;
 }
 
+
 export class CloudConnectorService implements CloudConnectorServiceInterface {
   private static readonly EXTERNAL_ID_REGEX = /^[a-zA-Z0-9]{20}$/;
 
@@ -52,7 +53,7 @@ export class CloudConnectorService implements CloudConnectorServiceInterface {
       logger.info('Creating cloud connector');
 
       // Extract cloud variables from package policy
-      const { cloudProvider, vars, name } = this.extractCloudVars(cloudConnector);
+      const { cloudProvider, vars, name } = this.getCloudConnectorInfo(cloudConnector);
 
       if (!vars || Object.keys(vars).length === 0) {
         logger.error(`Package policy must contain ${cloudProvider} input vars`);
@@ -130,7 +131,7 @@ export class CloudConnectorService implements CloudConnectorServiceInterface {
     }
   }
 
-  private extractCloudVars(cloudConnector: CreateCloudConnectorRequest): {
+  private getCloudConnectorInfo(cloudConnector: CreateCloudConnectorRequest): {
     cloudProvider: CloudProvider;
     vars: CloudConnectorVars;
     name: string;

x-pack/platform/plugins/shared/fleet/server/services/package_policy.test.ts

@@ -443,6 +443,101 @@ describe('Package policy service', () => {
         id: 'b684f590-feeb-11ed-b202-b7f403f1dee9',
       });
     });
+
+    it('should handle cloud connector variables when supports_cloud_connector is true', async () => {
+      const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
+      const soClient = createSavedObjectClientMock();
+
+      const packagePolicyWithCloudConnector = {
+        name: 'test-package-policy',
+        namespace: 'test',
+        enabled: true,
+        policy_id: 'test',
+        policy_ids: ['test'],
+        supports_cloud_connector: true,
+        inputs: [
+          {
+            type: 'aws',
+            enabled: true,
+            vars: {
+              'aws.role_arn': {
+                value: 'arn:aws:iam::123456789012:role/TestRole',
+                type: 'text',
+              },
+              'aws.credentials.external_id': {
+                value: {
+                  id: 'ABCDEFGHIJKLMNOPQRST',
+                  isSecretRef: true,
+                },
+                type: 'password',
+              },
+            },
+          },
+        ],
+      };
+
+      soClient.bulkCreate.mockResolvedValueOnce({
+        saved_objects: [
+          {
+            id: 'test-package-policy',
+            attributes: packagePolicyWithCloudConnector,
+            references: [],
+            type: LEGACY_PACKAGE_POLICY_SAVED_OBJECT_TYPE,
+          },
+        ],
+      });
+
+      mockAgentPolicyGet();
+
+      const result = await packagePolicyService.create(soClient, esClient, packagePolicyWithCloudConnector);
+
+      expect(result.supports_cloud_connector).toBe(true);
+      expect(result.inputs[0].vars).toHaveProperty('aws.role_arn');
+      expect(result.inputs[0].vars).toHaveProperty('aws.credentials.external_id');
+    });
+
+    it('should not process cloud connector variables when supports_cloud_connector is false', async () => {
+      const esClient = elasticsearchServiceMock.createClusterClient().asInternalUser;
+      const soClient = createSavedObjectClientMock();
+
+      const packagePolicyWithoutCloudConnector = {
+        name: 'test-package-policy',
+        namespace: 'test',
+        enabled: true,
+        policy_id: 'test',
+        policy_ids: ['test'],
+        supports_cloud_connector: false,
+        inputs: [
+          {
+            type: 'aws',
+            enabled: true,
+            vars: {
+              'aws.role_arn': {
+                value: 'arn:aws:iam::123456789012:role/TestRole',
+                type: 'text',
+              },
+            },
+          },
+        ],
+      };
+
+      soClient.bulkCreate.mockResolvedValueOnce({
+        saved_objects: [
+          {
+            id: 'test-package-policy',
+            attributes: packagePolicyWithoutCloudConnector,
+            references: [],
+            type: LEGACY_PACKAGE_POLICY_SAVED_OBJECT_TYPE,
+          },
+        ],
+      });
+
+      mockAgentPolicyGet();
+
+      const result = await packagePolicyService.create(soClient, esClient, packagePolicyWithoutCloudConnector);
+
+      expect(result.supports_cloud_connector).toBe(false);
+    });
   });
 
   describe('bulkCreate', () => {