[Cloud Security] Add Cloud Connectors CSPM Support

[Omolola-Akinleye]

Summary

Summarize your PR. If it involves visual changes include a screenshot or gif.
This PR adds support to Cloud Connector for CSPM.

• Adds Cloud Connector Option for Credentials type

• Cloud Formation UI opens an external Link to run Cloud Formation template which will generate the Role_ARN and External ID.

• User will copy and paste those fields to input fields

• Updates Agentless Policy to include cloud connector enabled support and the target cloud server provider

• Locally, xpack.cloudSecurityPosture.enableExperimental: ['cloudConnectorsEnabled'] will be set kibana.dev.yml

• In prod, xpack.cloudSecurityPosture.enableExperimental: ['cloudConnectorsEnabled'] will be set in kibana.yml and - Cloud Connector support is only available on AWS setup and AWS Deployed environment

How to run Locally:

E2E workflow is not supported yet for Cloud Connectors but we can see the updated UX with AgentPolicy being configured with cloud connector properties {enabled: true, target_csp: 'aws'} and Package Policy being configured
role_arn and external id

1. Search for `showCloudConnectors={showCloudConnectors}
2. Change property to true showCloudConnectors={true}
3. Select Cloud Connectors options and you should see the feature screenshot above

[Omolola-Akinleye]

/ci

[Omolola-Akinleye]

/ci

[Omolola-Akinleye]

/ci

[Omolola-Akinleye]

/ci

[Omolola-Akinleye]

/ci

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[juliaElastic]

Fleet change LGTM

[seanrathier]

Great work, just one comment but not blocking.

I was fixated on this section for a while trying to figure out what was happening. Might be good to add a comment if you can.

[seanrathier]

Since we are checking for other CSPs, should we be checking for gcp.supports_cloud_connectors and azure.supports_cloud_connectors?

[Omolola-Akinleye]

So for right now, Cloud Connectors is supported for aws. However, you raise a good point and maybe we should change the name field to be more generic support_cloud_connectors.

[seanrathier]

I've seen a similar pattern here and I quickly looked it up. While this is not wrong, but something to consider the following.

function findFirstInstanceCsp(inputType, pattern) {
    const regex = new RegExp("aws|gcp|azure", "i");
    const match = inputType.match(regex);
    return match ? match[0] : null;
}

const targetCsp = findFirstInstanceCsp(input?.type);

[seanrathier]

This makes sense, thanks!

[seanrathier]

Sorry, I approved by accident instead of commenting.

[Omolola-Akinleye]

@elasticmachine merge upstream

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 6c7e8cf
• Cloud Deployment

Failed CI Steps

• Fleet Cypress Tests #1

Test Failures

• [job] [logs] Fleet Cypress Tests #1 / View agents list Agent status filter should filter on healthy and unhealthy
• [job] [logs] Fleet Cypress Tests #1 / View agents list Bulk actions should allow to bulk upgrade agents and cancel that upgrade

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cloudSecurityPosture	518.4KB	524.4KB	+6.0KB
fleet	1.7MB	1.7MB	+783.0B
total			+6.7KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
cloudSecurityPosture	18.0KB	18.1KB	+101.0B

History

• 💚 Build #300165 succeeded 533496f
• 💔 Build #300128 failed 0b0c327
• 💔 Build #300099 failed 60b499d
• 💔 Build #299870 failed a73d9ee
• 💔 Build #298609 failed fc03452

cc @Omolola-Akinleye