Fix honoring deployment mode restrictions#231679
Merged
MichelLosier merged 14 commits intoelastic:mainfrom Aug 19, 2025
Merged
Conversation
MichelLosier
added
release_note:fix
backport:all-open
Contributor
Author
|
Noticing in the add integration form while excluding unsupported agentless policy templates: Your integration policy has errors. Please fix them before saving. No form errors present though. May have to examine the form state. |
botelastic
bot
added
the
Team:Fleet
Contributor
|
Pinging @elastic/fleet (Team:Fleet) |
Contributor
Author
|
/ci |
jen-huang
reviewed
Aug 15, 2025
x-pack/platform/plugins/shared/fleet/common/services/agentless_policy_helper.ts
Show resolved
Hide resolved
…icy when in edit mode
Contributor
💚 Build Succeeded
Metrics [docs]Async chunks
History
|
jen-huang
approved these changes
Aug 19, 2025
MichelLosier
added
v8.18.6
backport:current-major
and removed
backport:prev-minor
labels
Contributor
|
Starting backport for target branches: 8.18, 8.19, 9.0, 9.1 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
MichelLosier
added a commit
to MichelLosier/kibana
that referenced
this pull request
Aug 19, 2025
Resolves: elastic#231621 This makes sure that when creating package policies the `deployment_modes` definition, if available, on policy templates are evaluated as such: * When agentless mode is selected, inputs of policy templates are only included if the deployment mode explicitly declares agentless enabled * When default mode (agent-based) is selected, inputs are included if policy template deployment mode is not declared, or if declared only if default.enabled is true ## Release note: Fixes the `deployment_modes` evaluation for policy templates when creating a package policy. When deploying in agentless mode this ensures we don't allow inputs from policy templates that are not opted into the agentless mode at the template level. (cherry picked from commit 99bed97) # Conflicts: # x-pack/platform/plugins/shared/fleet/common/services/agentless_policy_helper.test.ts # x-pack/platform/plugins/shared/fleet/common/services/agentless_policy_helper.ts # x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_configure_package.tsx # x-pack/platform/plugins/shared/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/form.test.tsx # x-pack/platform/test/fleet_api_integration/apis/fixtures/test_packages/deployment_modes_test/1.0.0/manifest.yml
MichelLosier
added a commit
to MichelLosier/kibana
that referenced
this pull request
Aug 19, 2025
Resolves: elastic#231621 This makes sure that when creating package policies the `deployment_modes` definition, if available, on policy templates are evaluated as such: * When agentless mode is selected, inputs of policy templates are only included if the deployment mode explicitly declares agentless enabled * When default mode (agent-based) is selected, inputs are included if policy template deployment mode is not declared, or if declared only if default.enabled is true ## Release note: Fixes the `deployment_modes` evaluation for policy templates when creating a package policy. When deploying in agentless mode this ensures we don't allow inputs from policy templates that are not opted into the agentless mode at the template level. (cherry picked from commit 99bed97)
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
MichelLosier
added a commit
that referenced
this pull request
Aug 19, 2025
# Backport This will backport the following commits from `main` to `9.1`: - [Fix honoring deployment mode restrictions (#231679)](#231679) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Michel Losier","email":"michel.losier@elastic.co"},"sourceCommit":{"committedDate":"2025-08-19T13:37:21Z","message":"Fix honoring deployment mode restrictions (#231679)\n\nResolves: https://github.com/elastic/kibana/issues/231621\n\nThis makes sure that when creating package policies the\n`deployment_modes` definition, if available, on policy templates are\nevaluated as such:\n\n* When agentless mode is selected, inputs of policy templates are only included if the deployment mode\nexplicitly declares agentless enabled\n* When default mode (agent-based) is selected, inputs are included if policy template deployment mode is not\ndeclared, or if declared only if default.enabled is true\n\n## Release note:\n\nFixes the `deployment_modes` evaluation for policy templates when creating a\npackage policy. When deploying in agentless mode this ensures we don't\nallow inputs from policy templates that are not opted into the agentless\nmode at the template level.","sha":"99bed97a5a347ad30ba5f3fe289c4c64f85f01b4","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Fleet","backport:current-major","v9.2.0"],"title":"Fix honoring deployment mode restrictions","number":231679,"url":"https://github.com/elastic/kibana/pull/231679","mergeCommit":{"message":"Fix honoring deployment mode restrictions (#231679)\n\nResolves: https://github.com/elastic/kibana/issues/231621\n\nThis makes sure that when creating package policies the\n`deployment_modes` definition, if available, on policy templates are\nevaluated as such:\n\n* When agentless mode is selected, inputs of policy templates are only included if the deployment mode\nexplicitly declares agentless enabled\n* When default mode (agent-based) is selected, inputs are included if policy template deployment mode is not\ndeclared, or if declared only if default.enabled is true\n\n## Release note:\n\nFixes the `deployment_modes` evaluation for policy templates when creating a\npackage policy. When deploying in agentless mode this ensures we don't\nallow inputs from policy templates that are not opted into the agentless\nmode at the template level.","sha":"99bed97a5a347ad30ba5f3fe289c4c64f85f01b4"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/231679","number":231679,"mergeCommit":{"message":"Fix honoring deployment mode restrictions (#231679)\n\nResolves: https://github.com/elastic/kibana/issues/231621\n\nThis makes sure that when creating package policies the\n`deployment_modes` definition, if available, on policy templates are\nevaluated as such:\n\n* When agentless mode is selected, inputs of policy templates are only included if the deployment mode\nexplicitly declares agentless enabled\n* When default mode (agent-based) is selected, inputs are included if policy template deployment mode is not\ndeclared, or if declared only if default.enabled is true\n\n## Release note:\n\nFixes the `deployment_modes` evaluation for policy templates when creating a\npackage policy. When deploying in agentless mode this ensures we don't\nallow inputs from policy templates that are not opted into the agentless\nmode at the template level.","sha":"99bed97a5a347ad30ba5f3fe289c4c64f85f01b4"}}]}] BACKPORT-->
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Aug 26, 2025
Resolves: elastic#231621 This makes sure that when creating package policies the `deployment_modes` definition, if available, on policy templates are evaluated as such: * When agentless mode is selected, inputs of policy templates are only included if the deployment mode explicitly declares agentless enabled * When default mode (agent-based) is selected, inputs are included if policy template deployment mode is not declared, or if declared only if default.enabled is true ## Release note: Fixes the `deployment_modes` evaluation for policy templates when creating a package policy. When deploying in agentless mode this ensures we don't allow inputs from policy templates that are not opted into the agentless mode at the template level.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Resolves: #231621
This makes sure that when creating package policies the
deployment_modesdefinition, if available, on policy templates are evaluated as such:Screen.Recording.2025-08-15.at.8.45.39.AM.mov
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:*label is applied per the guidelinesbackport:*labels.Identify risks
Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging.
Release note:
Fixes the
deployment_modesevaluation for policy templates when creating a package policy. When deploying in agentless mode this ensures we don't allow inputs from policy templates that are not opted into the agentless mode at the template level.