Hello all,
I am looking for better documentation about using the Fleet API in Elastic/Kibana 7.17.
I have looked at
https://github.com/elastic/kibana/blob/7.17/x-pack/plugins/fleet/common/openapi/README.md
https://petstore.swagger.io/?url=https://raw.githubusercontent.com/elastic/kibana/7.x/x-pack/plugins/fleet/common/openapi/bundled.json
I find these to be non-intuitive.
For instance, I am trying to automate adding an "integration" (UI terminology) to a policy. None of the API endpoints listed indicates to me that it is the one to use. There are endpoints for "package" and "package_policies", but not for "integration".
I have resorted to using the Chrome browser Developer Tools to look at the network traffic when interacting with the UI to add an integration to a policy. That lead me to try the api/fleet/package_policies endpoint. I took the payload reported through the browser developer tools and, in an environment where no changes had been made to the default policies, used that in my API call. I got back an error:
FAILED! => {"cache_control": "private, no-cache, no-store, must-revalidate", "changed": false, "connection": "close", "content": "{\"statusCode\":404,\"error\":\"Not Found\",\"message\":\"Saved object [ingest-agent-policies/['<value that matches the policy id to which I'm trying to add the integration>']] not found\"}"
I don't see anything in the API docs about saved objects or ingest agent policies. Since integrations include saved objects I hypothesized that maybe I needed to install the integration first. So, I did that through the UI, and then retried the package_policies endpoint again. I got the same response as above.
I don't see many posts in this forum concerning Fleet API usage. Is it just not being used much at this point? Or am simply not finding the posts (due to flawed post searching criteria)?
Is anybody working with the API to fully automate the set up of agent policies?