Create and modify fleet policy using kibana.yml

Elastic Stack Kibana
1

Elastic/Kibana/Fleet version 8.2.0

I'm trying to manage our fleet policies using kibana.yml, but have issues on getting the correct syntax for vars of type "yaml" (gist:0c91b495d1539ae93584da73052f1679 · GitHub)

Here is an example of a policy which is successfully deployed:

xpack.fleet.agentPolicies:
  - name: Synthetics Agent Policy Test1
    namespace: default
    package_policies:
      - name: synthetics-test1
        package:
          name: synthetics
        id: my-monitor-test1
        inputs:
          - type: synthetics/http
            enabled: true
            streams:
              - data_stream:
                  type: synthetics
                  dataset: http
                enabled: true
                vars:
                  - name: type
                    value: http
                  - name: urls
                    value: 'http://www.httpvshttps.com/'
                  - name: schedule
                    value: '"@every 5m"'
                  - name: ssl.verification_mode
                    value: none

However if I try to add one of the following vars,

  • ssl.supported_protocols
  • tags
    I get the following JSON error when looking at the policy in Kibana UI

agentpolicy_error
agentpolicy_error740×448 127 KB

I have tried different variants of the syntax for this var, but so far have been unsuccessful and have not been able to find any good resources on internet on how this should be formatted.

Examples of the syntaxes I've attempted:

                  - name: tags
                    value: 
                      - mytagtest1
#
                  - name: tags
                    value:  |
                      - mytagtest1
#
                  - name: tags
                    value:  |
                      - 'mytagtest1'

Does anyone have a suggestion on how the syntax should be and where one can find any documentation on this?

2

Hi @greibrokka,

I've spent some time reverse engineering what the Synthetics integration is expecting in these fields, and I've landed on a syntax that's working as expected here:

  - name: ssl.supported_protocols
    value: '["TLSv1.1", "TLSv1.2", "TLSv1.3"]'
  - name: tags
    value: '["test1", "test2", "test3"]'

In essence, the Synthetics policy editor is expecting a string value that parses successfully to a JavaScript object via JSON.parse here.

I've created a public issue for the team that manages the logic around the policy editor for the Synthetics integration here, because I do think the ergonomics for these fields could certainly be improved.

3

Hi @kpollich
Works perfectly, thank you :smiley:.

The documentation and examples I found when Googling was not really clear,
hopefully this will be fixed.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.