Allow to define custom agents in system test configuration files

[mrodm]

Relates #787

In this PR, it is added into the system test configuration files first fields in order to run custom agents with different parameters (capabilities, pid mode, user...). This is just taken into account when independent agents are enabled.

A new test package has been added to test this auditd_manager_independent_agent.

[mrodm]

Failed CI Steps
:go: Integration test: with-custom-agent

Currently, the error in this step is caused because the previous Elastic Agent created by the previous package tested has not been unenrolled and removed from Fleet.

This could be solved by forcefully removing those agents after each test (without waiting to be acknowledge it by the agent itself). This is done in #1771

[mrodm]

Added this new step in the pipeline to detect if there is just one warning (string)

Adding this would make fail this test package when ELASTIC_PACKAGE_TEST_ENABLE_INDEPENDENT_AGENT is false, since this will use the Elastic Agent from the stack that does not have the required capabilities.

Should we skip this test package in the CI scripts ? @jsoriano

[jsoriano]

Should we skip this test package in the CI scripts ? @jsoriano

Yeah, we will need to find a way to test this package only when independent agents are enabled.

[mrodm]

Added an exception in the test script to not test auditd_manager_independent_agent when using the Elastic Agent from the stack.

[mrodm]

Currently, this file allows additional properties. However, it probably would be better to at least add agent field as an object in this file. WDYT ?

[jsoriano]

Yes please.

[mrodm]

Created PR for this : elastic/package-spec#739

[mrodm]

This setting looks like that it is more related to docker runtime.

It is needed to specify somehow this setting for auditd_manager package to keep the same behavior. That setting is present in the current configuration:

elastic-package/test/packages/with-custom-agent/auditd_manager/data_stream/auditd/_dev/deploy/agent/custom-agent.yml

Lines 4 to 8 in 052cfc8

	pid: host
	cap_add:
	- AUDIT_CONTROL
	- AUDIT_READ
	user: root

Should it be added here even if it is more docker related ? or maybe do we need to add a map for docker specific settings ?

agent:
  user: root
  runtime: docker
  capabilities:
    - AUDIT_CONTROL
    - AUDIT_READ
  docker:
    pid_mode: host

Maybe it can be changed the name of this field to use_host_pid_namespace: true

WDYT @jsoriano ?

[jsoriano]

PID namespacing is not specific of docker, so I would not use an specific docker variable. Not sure about the variable name to use but I wouldn't use a boolean because there can be more than one option.

[jsoriano]

👍

[jsoriano]

Nit. Maybe we can call this LinuxCapabilities to avoid confusion with other capabilities.

Suggested change

	// Capabilities is a list of the capabilities needed to run the Elastic Agent process
	Capabilities []string
	// LinuxCapabilities is a list of the capabilities needed to run the Elastic Agent process
	LinuxCapabilities []string

[mrodm]

Agreed, do you think it should be updated that naming in the configuration file for system tests ? @jsoriano

Currently, those settings in the configuration file looks like:

agent:
  runtime: docker
  user: "root"
  pid_mode: "host"
  capabilities:
    - AUDIT_CONTROL
    - AUDIT_READ

   runtime: docker
   user: "root"
   pid_mode: "host"
-  capabilities:
+  linux_capabilities:
     - AUDIT_CONTROL
     - AUDIT_READ

[jsoriano]

Yes, call them linux_capabilities in the config.

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 6b0c5b7

History

• 💚 Build #2851 succeeded 990c33b
• 💚 Build #2849 succeeded f7d69d9
• 💚 Build #2845 succeeded 3d6e846
• 💔 Build #2844 failed 2138890
• 💔 Build #2841 failed c52d7da
• 💔 Build #2833 failed 22d0abd

cc @mrodm