Add additional integrations to the CDR workflow#4084
Merged
gurevichdmitry merged 21 commits intomainfrom Mar 31, 2026
Merged
Conversation
|
This pull request does not have a backport label. Could you fix it @gurevichdmitry? 🙏
|
…ic/cloudbeat into dg-cdr-wf-add-integrations
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends the CDR test-environment provisioning workflow to preinstall additional Fleet integrations (Elastic Defend for Linux/Windows, Okta, Okta Entity Analytics), and adds workflow-level toggles for enabling Security Solution experimental flags and Entity Store v2 setup.
Changes:
- Add Elastic Defend Fleet setup + install artifacts, plus WinRM-based enrollment flow for a Windows Defend host.
- Add Okta + Okta Entity Analytics integrations attached to the Wiz CDR agent policy via shared context.
- Add support for Security Solution experimental flags in Kibana and an Entity Store v2 enable/install/init flow (with a workflow toggle).
Reviewed changes
Copilot reviewed 39 out of 41 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/pyproject.toml | Add pywinrm dependency for WinRM enrollment script. |
| tests/poetry.lock | Lockfile updates for new Python dependencies. |
| tests/integrations_setup/install_wiz_integration.py | Persist Wiz agent policy ID for reuse by other CDR integrations. |
| tests/integrations_setup/install_okta_integration.py | New installer for Okta Fleet integration on Wiz agent policy. |
| tests/integrations_setup/install_entityanalytics_okta_integration.py | New installer for Okta Entity Analytics Fleet integration on Wiz agent policy. |
| tests/integrations_setup/install_elastic_defend_integration.py | New installer for Elastic Defend agent policy + integration + artifacts. |
| tests/integrations_setup/enroll_elastic_defend_winrm.py | New WinRM-based Windows enrollment runner for Elastic Defend install script. |
| tests/integrations_setup/enable_entity_store_v2.py | New script to enable/install/init Entity Store v2 and poll status. |
| tests/integrations_setup/data/package-policy-elastic-defend.json | New endpoint package policy template for Elastic Defend. |
| tests/integrations_setup/data/okta-pkg.json | New Okta package policy template. |
| tests/integrations_setup/data/entityanalytics_okta-pkg.json | New entityanalytics_okta package policy template. |
| tests/integrations_setup/data/elastic-defend-windows.j2 | New PowerShell installer template for Windows Elastic Agent. |
| tests/integrations_setup/data/elastic-defend-linux.j2 | New Bash installer template for Linux Elastic Agent. |
| tests/integrations_setup/data/agent-policy-elastic-defend.json | New agent policy template for Elastic Defend hosts. |
| tests/integrations_setup/configuration_fleet.py | Add Okta-related environment configuration. |
| tests/integrations_setup/cdr_wiz_fleet_helpers.py | Shared helpers for “use Wiz agent policy” integrations + prerelease detection. |
| tests/fleet_api/utils.py | Add write_json() helper for sharing context via JSON file. |
| tests/fleet_api/entity_store_api.py | Add internal APIs and polling to enable/install/init Entity Store v2. |
| tests/fleet_api/endpoint_package_policy.py | Add helper to flip endpoint malware/ransomware modes to detect and persist policy. |
| tests/fleet_api/base_call_api.py | Extend perform_api_call to accept ok_statuses and handle empty/204 responses. |
| tests/commonlib/framework/reporting.py | Add pylint suppression for allure.link member detection. |
| deploy/test-environments/upload_state.sh | Make key uploads conditional; add Elastic Defend keys + WinRM creds upload. |
| deploy/test-environments/modules/ec/variables.tf | Add toggle for Kibana Security Solution experimental feature flags. |
| deploy/test-environments/modules/ec/main.tf | Merge Kibana docker image override + experimental user_settings_yaml. |
| deploy/test-environments/modules/aws/ec2-windows/variables.tf | New Windows EC2 module variables (incl. WinRM ingress CIDR). |
| deploy/test-environments/modules/aws/ec2-windows/terraform.tf | New module provider constraints. |
| deploy/test-environments/modules/aws/ec2-windows/output.tf | Outputs for Windows host IP/key/instance_id. |
| deploy/test-environments/modules/aws/ec2-windows/main.tf | Provision Windows EC2 with WinRM enabled and supporting bootstrap. |
| deploy/test-environments/elk-stack/variables.tf | Add top-level variable to control Kibana experimental flags. |
| deploy/test-environments/elk-stack/main.tf | Pass Kibana experimental toggle into EC deployment module. |
| deploy/test-environments/cdr/variables.tf | Add variables to enable/parameterize Elastic Defend Linux/Windows hosts. |
| deploy/test-environments/cdr/terraform.tf | Add providers needed for new Windows module (tls/local). |
| deploy/test-environments/cdr/output.tf | Export Elastic Defend Linux/Windows IPs/keys/instance_id outputs. |
| deploy/test-environments/cdr/main.tf | Wire in Elastic Defend Linux EC2 + new Windows EC2 module. |
| deploy/test-environments/cdr/export_terraform_outputs.sh | New helper to export Terraform outputs null-safely to GITHUB_OUTPUT. |
| .gitignore | Ignore generated integration artifacts and connection/metadata JSON files. |
| .github/workflows/test-environment.yml | Add inputs for Kibana experimental flags + entity store v2 toggle; pass Okta secrets. |
| .github/workflows/cdr-infra.yml | Add inputs for Kibana experimental flags + entity store v2 toggle. |
| .github/actions/elk-stack/action.yml | Pass Kibana experimental toggle into Terraform via TF_VAR. |
| .github/actions/cdr/action.yml | Add Okta installers, Elastic Defend provisioning/enrollment steps, and entity store v2 toggle; switch to export helper. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Collaborator
|
@coderabbitai full review |
uri-weisman
approved these changes
Mar 31, 2026
Collaborator
uri-weisman
left a comment
uri-weisman
left a comment
There was a problem hiding this comment.
Great work! approve with some comments
|
|
||
| def main() -> None: | ||
| """Create Fleet policies and write Elastic Defend install artifacts for CDR.""" | ||
| package_version = get_package_version(cfg=cnfg.elk_config, package_name="endpoint", prerelease=True) |
Collaborator
There was a problem hiding this comment.
can you use stack_version_uses_epm_prerelease for pre-release versions?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of your changes
This PR extends the environment by adding preinstalled integrations:
It also adds support for: