Skip to content

Adding var_groups spec #1059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
seanrathier wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Adding var_groups spec #1059

seanrathier wants to merge 8 commits into from

Conversation

@seanrathier
Copy link
Contributor

@seanrathier seanrathier commented Jan 14, 2026
edited
Loading

What does this PR do?

Add a new var_groups field to the package manifest schema that:

  • Defines mutually exclusive groups of variables
  • Controls variable visibility based on the selected option
  • Stores the selection in the policy for backend processing
  • Uses additionalProperties: true on options to allow feature-specific extensions

Why is it important?

Current Limitation

Fleet's generic UI renders all integration variables in a flat list, regardless of authentication method or configuration context. Users see fields that don't apply to their chosen setup (e.g., showing access_key_id when using Assume Role authentication), creating confusion and a poor user experience.

Specific Use Cases

  1. Cloud Connector Integration: The Cloud Connector feature (for agentless AWS/GCP/Azure data collection) is currently only available in CSPM and Cloud Asset Inventory, which use custom UIs. Scaling this to other integrations (AWS GuardDuty, Security Hub, etc.) requires a manifest-driven approach.
  2. Authentication Method Selection: AWS integrations support 5+ authentication methods (Direct Keys, Temporary Keys, Assume Role, Shared Credentials, Cloud Connector), each with different required variables.
  3. Generic Conditional Groups: Other use cases exist beyond authentication, such as selecting compression methods where each method has different configuration options.

Checklist

Related issues

@seanrathier seanrathier self-assigned this Jan 14, 2026
@seanrathier seanrathier added the enhancement New feature or request label Jan 14, 2026
@seanrathier seanrathier linked an issue Jan 14, 2026 that may be closed by this pull request
[Change Proposal] Add var_groups to support Cloud Connector integration with Fleet #1054
Open
28 tasks
@seanrathier seanrathier mentioned this pull request Jan 16, 2026
Open
5 tasks
@seanrathier seanrathier marked this pull request as ready for review January 19, 2026 18:49
@seanrathier seanrathier requested a review from a team as a code owner January 19, 2026 18:49
@seanrathier seanrathier requested a review from Copilot January 19, 2026 18:52
Copilot AI reviewed Jan 19, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a new var_groups schema to the package manifest specification, enabling conditional variable groups that control which authentication variables are visible based on user selection. This addresses the limitation where Fleet's generic UI currently displays all integration variables in a flat list regardless of their context.

Changes:

  • Introduces var_groups field with mutually exclusive options for organizing related variables
  • Adds validation rules to ensure var_groups reference valid variables and maintain naming uniqueness
  • Supports deployment mode filtering and input-level option hiding for advanced use cases

Reviewed changes

Copilot reviewed 30 out of 40 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
spec/integration/manifest.spec.yml Adds var_groups schema definition with options, deployment mode filtering, and hide_in_var_group_options for inputs
spec/integration/data_stream/manifest.spec.yml Adds var_groups support at stream level with version patch to remove from pre-3.6.0
spec/changelog.yml Documents the var_groups enhancement for Cloud Connector integration
code/go/internal/validator/spec.go Registers ValidateVarGroups semantic validation rule for format_version >= 3.6.0
code/go/internal/validator/semantic/validate_var_groups.go Implements validation logic for var_groups including duplicate detection and required field checking
code/go/internal/validator/semantic/validate_var_groups_test.go Adds comprehensive test coverage for var_groups validation scenarios
code/go/pkg/validator/validator_test.go Registers test packages for good and bad var_groups validation cases
test/packages/good_var_groups/* Complete test package demonstrating valid var_groups usage with Cloud Connector extensions
test/packages/bad_var_groups_/ Test packages for invalid scenarios (missing vars, duplicate names, required conflicts)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@seanrathier seanrathier mentioned this pull request Jan 19, 2026
Open
7 tasks
teresaromero
teresaromero previously approved these changes Jan 22, 2026
View reviewed changes
Copy link
Contributor

@teresaromero teresaromero left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, please update branch with conflicts

seanrathier and others added 6 commits January 22, 2026 09:24
@seanrathier
var-group: initial build
c2ee96e
@seanrathier
var-group: required validation
eff35b7
@seanrathier
Update code/go/internal/validator/semantic/validate_var_groups.go
9ffe071 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@seanrathier
Update test/packages/good_var_groups/data_stream/findings/manifest.yml
4d407e3 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@seanrathier
Update test/packages/good_var_groups/manifest.yml
45185dd 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@seanrathier
var-groups: fix tests
ea13144
@seanrathier
Copy link
Contributor Author

seanrathier commented Jan 22, 2026

/test

teresaromero
teresaromero previously approved these changes Jan 23, 2026
View reviewed changes
mrodm
mrodm reviewed Jan 23, 2026
View reviewed changes
spec/changelog.yml
link: https://github.com/elastic/package-spec/pull/1053
- description: Add var_groups schema to support conditional variable groups for Cloud Connector integration.
type: enhancement
link: https://github.com/elastic/package-spec/issues/1054
Copy link
Contributor

@mrodm mrodm Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit. Could it be added the kibana issue that adds the support in Kibana as a comment ? As in the other changelog entries. Is this one ? elastic/kibana#249449

code/go/internal/validator/semantic/validate_var_groups.go

// ValidateVarGroups validates var_groups definitions in manifests.
// It checks that:
// - vars referenced in options[].vars exist in the manifest vars array
Copy link
Contributor

@mrodm mrodm Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@elasticmachine
Copy link

elasticmachine commented Jan 23, 2026

💚 Build Succeeded

History

cc @seanrathier

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrodm mrodm mrodm left review comments

Copilot code review Copilot Copilot left review comments

@teresaromero teresaromero teresaromero left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@seanrathier seanrathier

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Change Proposal] Add var_groups to support Cloud Connector integration with Fleet

5 participants

@seanrathier @elasticmachine @mrodm @teresaromero