Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] Allow elasticstack_fleet_integration resource to install other versions than latest #858

Open
breml opened this issue Oct 18, 2024 · 2 comments
Labels
enhancement New feature or request fleet-improvements

Comments

@breml
Copy link

breml commented Oct 18, 2024

Is your feature request related to a problem? Please describe.

For our corporate setup, we run 3 Elasticsearch Cluster in Elastic Cloud:

  • DEV
  • QUAL
  • PROD

According to the internal guidelines, the Elasticsearch cluster for DEV is always on the most recent version, QUAL is at least one minor version behind and PROD again is at least one minor version behind QUAL.
When we test a setup, we would like to test the exact combination together with the respective version of the Fleet Integrations, that are installed. This means, that we want to test a certain combination of Elasticsearch + Versions of Fleet Intgrations first on DEV, then on QUAL and finally roll out the tested combination to PROD.
Currently, this is not possible with the Elastic Package Registry and with Terraform, since the elasticstack_fleet_integration ressource refuses to install an older version of a Terraform integration, if a more recent version is available. This is very unfortunate, since it basically forces us to update the Fleet Integrations whenever we update Elasticsearch and we end up in production with a combination of version, that we have never tested before.

Additional context

Related issue: #669

I first raised this issue with the Elastic support and they asked me to also raise the issue here.

@daemitus
Copy link
Contributor

Have you tried force=true? I know I've had issues with out of date integrations historically, but in a sandbox the old otx does install correctly with the flag set.

resource "elasticstack_fleet_integration" "threat_intel-AlienvaultOTX" {
  name    = "ti_otx"
  version = "1.24.1"
  force   = true
}
---[ REQUEST ]---------------------------------------
POST /api/fleet/epm/packages/ti_otx/1.24.1 HTTP/1.1
Host: localhost:5601
User-Agent: Go-http-client/1.1
Content-Length: 14
Authorization: *******************************
Content-Type: application/json
Kbn-Xsrf: true
Accept-Encoding: gzip

{
 "force": true
}

-----------------------------------------------------: 
2024-10-18T12:50:43.826-0400 [DEBUG] provider.terraform-provider-elasticstack_v0.11.9-pre1: Fleet API Response Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 200 OK
...the rest...

@breml
Copy link
Author

breml commented Oct 25, 2024

Have you tried force=true? I know I've had issues with out of date integrations historically, but in a sandbox the old otx does install correctly with the flag set.

@daemitus thanks for the hint, we will give this a try. Currently, we are blocked because of #820.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request fleet-improvements
Projects
None yet
Development

No branches or pull requests

3 participants