[Elastic Agent] Allowlist / Blocklist for inputs an Agent supports with Fleet

[ruflin]

When an Agent is run with Fleet, today any input that is supported by a package can be run. But there are cases where the administrator of the Agent itself would like to limit the type of inputs that can be run. Few examples:

• An agent should only be used for heartbeat pings
• An agent should not be allowed to run endpoint
• An endpoint should only be used to collect system metrics but not logs

The Agent needs a way to allow / block list certain inputs when it is run so Fleet cannot send down any configs which contain these inputs or the not allowed inputs are ignored. Which inputs are supported or not supported should also be sent up to Fleet to make Fleet smart around what can be configured and what not.

[elasticmachine]

Pinging @elastic/ingest-management (Team:Ingest Management)

[ph]

A few questions that need to be answered which will affect the design and implementation.

Agents:

• It is an enroll time only configuration
• It is part of the agent configuration
• Once set can a user change it?

Kibana side is elastic/kibana#76841

Looping PM @mostlyjason

[michalpristas]

we were talking with @ph about this feature and question arised, aside design where should implementation take place, would it be fleet server responsible for specifying these based on some metadata
or should it be implemented fleet side

[ruflin]

@michalpristas Not sure I follow, this should be an Elastic Agent. This feature should also work in standalone even though I don't see a use case there. When enrolled into fleet, the Elastic Agent must report its capabilities.

[michalpristas]

i think the question comes to what @ph said a comment above: at what point this should be defined?
should it be enroll time, part of config etc.
Eventually it will be stored as part of the configuration but what should be the source of these restrictions (system detection/user specified config locally/user configuration fleet side/generated based on metadata on fleet server-side).

[ruflin]

As this is a restriction that should be applied independent of how the agent is run, I don't think it should happen on enroll time. The config seems like a natural place but that becomes a challenge when enrolling as it is overwritten.

For designing the feature I would take fleet out of the equation to keep it an independent feature.

[ph]

Agree on decoupling the Fleet in elastic/kibana#76841 and Agent implementation.
When the Agent implementation would be more advance would be good to sync with @jfsiii to figure a plan to expose it in fleet.

@michalpristas Do you have a proposal how a user would configure the restriction in the YAML?

[mostlyjason]

If we put in the config that means its set when the agent is started (or restarted)? It could change more often than enrollment since its a runtime setting?

Also, we could put it in a section of agent config that is not overwritten by fleet. For example, it could be in elastic-agent.yml. I think a file should be fine at least for a first version since I imagine its the operator persona who needs this feature, and they'll have access to deploy to the filesystem. We could introduce it in Fleet later once we have RBAC but we don't have that today. Without RBAC a service owner could override these settings and that's not the behavior we want to allow on Elastic Cloud, again from an operator perspective.

Also, I imagine we'd want way to report whether inputs are disabled due to a blocklist, perhaps in our status information to ES? This could be similar to how we report input conditions.

[ph]

@mostlyjason what you are proposing I think this is exactly what Ruflin and I had in mind but not explained as good as you.

For reporting it could either be status information... or even metadata on the agent?

[ph]

Including @jfsiii for awareness.