Add support for release field in agentless deployment mode

[MichelLosier]

What does this PR do?

• Adds support for a release field in the agentless deployment mode. This is to help indicate a different maturity level than that of the package semver. Accepts values beta, preview.

Why is it important?

Agentless deployment modes for an integration can be at a different level of functional maturity than the default deployment of an integration. This will help communicate that expectation to users downstream in Kibana.

Checklist

• I have added test packages to test/packages that prove my change is effective.
• I have added an entry in spec/changelog.yml.

Related issues

• Closes: [Change Proposal] Allow to declare a maturity level in the agentless deployment mode #1098

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds an optional release string (enum: beta, preview) to deployment_modes.agentless in the manifest schema and records it in the changelog for version 3.6.1-next. Validation now performs an early check: if a manifest has exactly one policy_template with deployment_modes.default explicitly disabled and deployment_modes.agentless enabled, any non-empty deployment_modes.agentless.release is rejected with a structured validation error. A new unexported helper implements this check; unit tests (three valid, one invalid) and a test package/fixtures were added.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	PR adds release field to agentless deployment mode schema, validates against invalid configurations, and includes tests and documentation as specified in issue #1098.
Out of Scope Changes check	✅ Passed	All changes align with issue #1098 objectives: schema update, validation logic, tests, and test package for agentless release field support.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

• 🛠️ Update Documentation: Commit on current branch
• 🛠️ Update Documentation: Create PR

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@spec/integration/manifest.spec.yml`:
- Around line 298-312: The new YAML schema property
deployment_modes.agentless.release was added without a version patch; add a
version patch that removes this property for spec versions < 3.6.1 so older
manifests cannot accept deployment_modes.agentless.release. Update the
manifest.spec.yml version-patch section (also mirror the change for the related
block noted around the 947-1073 region) to explicitly delete or disallow the
agentless.release key for pre-3.6.1 schemas, ensuring the enum/type entries for
release only exist in the 3.6.1+ schema.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d7107b47-2c92-4504-9934-141a3ba94d17

📥 Commits

Reviewing files that changed from the base of the PR and between 06b46cb and 6b7538c.

📒 Files selected for processing (4)

• code/go/internal/validator/semantic/validate_deployment_modes.go
• code/go/internal/validator/semantic/validate_deployment_modes_test.go
• spec/changelog.yml
• spec/integration/manifest.spec.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Missing version patch for newly introduced agentless.release field.

The new field added at Line 298 is not removed for older spec versions, so pre-3.6.1 manifests can incorrectly accept deployment_modes.agentless.release.

Proposed patch

 versions:
+  - before: 3.6.1
+    patch:
+      - op: remove
+        path: "/definitions/deployment_modes/properties/agentless/properties/release"
   - before: 3.6.0
     patch:
       # Support for otelcol and dynamic_signal_types in integration packages.
       - op: add
         path: "/properties/policy_templates/items/properties/inputs/items/properties/type"
         value:
           not:
             const: otelcol

As per coding guidelines: "Version patches enable backward compatibility by removing features from older spec versions."

Also applies to: 947-1073

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@spec/integration/manifest.spec.yml` around lines 298 - 312, The new YAML
schema property deployment_modes.agentless.release was added without a version
patch; add a version patch that removes this property for spec versions < 3.6.1
so older manifests cannot accept deployment_modes.agentless.release. Update the
manifest.spec.yml version-patch section (also mirror the change for the related
block noted around the 947-1073 region) to explicitly delete or disallow the
agentless.release key for pre-3.6.1 schemas, ensuring the enum/type entries for
release only exist in the 3.6.1+ schema.

[MichelLosier]

Given the issue we are trying to support, I think its permissible to allow this addition to backport to older spec versions. It's a non-breaking change (to my thinking), and allowing it wont force other packages to adopt latest spec to use it. WDYT @elastic/ecosystem ?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[teresaromero]

i think its okay to allow this without version constraint

[coderabbitai]

♻️ Duplicate comments (1)

spec/integration/manifest.spec.yml (1)

298-310: ⚠️ Potential issue | 🟠 Major

Missing backward-compat patch for deployment_modes.agentless.release.

Line 298 introduces a new field, but there is no versions patch removing it for before: 3.6.1. Without that, older format_version schemas can incorrectly accept policy_templates[].deployment_modes.agentless.release.

Proposed fix

 versions:
+  - before: 3.6.1
+    patch:
+      - op: remove
+        path: "/definitions/deployment_modes/properties/agentless/properties/release"
   - before: 3.6.0
     patch:
       # Support for otelcol and dynamic_signal_types in integration packages.
       - op: add

As per coding guidelines: "Version patches enable backward compatibility by removing features from older spec versions."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@spec/integration/manifest.spec.yml` around lines 298 - 310, Add a
backward-compatibility version patch that removes the new field
deployment_modes.agentless.release for older schema versions (before: 3.6.1);
specifically create a patch under the manifest schema's versions array that
targets before: 3.6.1 and deletes the
policy_templates[*].deployment_modes.agentless.release entry so older
format_version values will not accept this new field. Ensure the patch
references the exact path policy_templates[].deployment_modes.agentless.release
and follows existing patch structure used for other removed fields.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@spec/integration/manifest.spec.yml`:
- Around line 298-310: Add a backward-compatibility version patch that removes
the new field deployment_modes.agentless.release for older schema versions
(before: 3.6.1); specifically create a patch under the manifest schema's
versions array that targets before: 3.6.1 and deletes the
policy_templates[*].deployment_modes.agentless.release entry so older
format_version values will not accept this new field. Ensure the patch
references the exact path policy_templates[].deployment_modes.agentless.release
and follows existing patch structure used for other removed fields.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7851cc51-f971-4bee-83b9-859483422622

📥 Commits

Reviewing files that changed from the base of the PR and between 18ad1df and 26d9b88.

📒 Files selected for processing (1)

• spec/integration/manifest.spec.yml

[teresaromero]

will it be single too if Default.Enabled == nil ?

maybe we can extract this to a smaller helper validateAgentlessReleaseDeployment so the main function is cleaner? we could just add unit tests based on the input (manifest struct), and then add test under the validation tests packages with fixtures, wdyt?

[MichelLosier]

Good idea! Added this in 789b7d3

will it be single too if Default.Enabled == nil ?

From my understanding if Default.Enabled == nil then absence get translated into implicitly supporting "agent" deployment, which means we have more than 1 deployment mode with agentless.

[MichelLosier]

@teresaromero Changed the direction here a little bit, to just accept ga and beta as values for release, with beta` as the implied default as to the comment here: #1098 (comment)

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: f506cbc

History

• 💚 Build #2025 succeeded dc1b1dc
• 💔 Build #2024 failed 20f5f3e
• 💚 Build #2020 succeeded c5fd750
• 💔 Build #2019 failed 789b7d3
• 💚 Build #2018 succeeded 26d9b88

[MichelLosier]

test integrations

[elastic-vault-github-plugin-prod]

Created or updated PR in integrations repository to test this version. Check elastic/integrations#18315