[Cloud Security] [Fleet] Add var_group components and validation#249449
Merged
seanrathier merged 15 commits intoelastic:mainfrom Jan 28, 2026
Merged
[Cloud Security] [Fleet] Add var_group components and validation#249449seanrathier merged 15 commits intoelastic:mainfrom
seanrathier merged 15 commits intoelastic:mainfrom
Conversation
This was referenced Jan 19, 2026
seanrathier
added
release_note:skip
Contributor
|
Pinging @elastic/contextual-security-apps (Team:Cloud Security) |
botelastic
Bot
added
the
Team:Fleet
Contributor
|
Pinging @elastic/fleet (Team:Fleet) |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements persistence and validation for var_group_selections in Fleet package policies. Variable groups enable package authors to define mutually exclusive sets of variables, allowing users to select between different configuration options (e.g., API Key vs OAuth authentication). The implementation includes both package-level and stream-level selections, UI components for selection, and enhanced validation logic.
Changes:
- Added
var_group_selectionsfield to package policy types and schemas at both package and stream levels - Implemented UI components (
VarGroupSelector) and state management hooks (useVarGroupSelections) for selecting and persisting var group options - Enhanced validation to skip hidden variables and treat variables in required var groups as required
- Added comprehensive test coverage for var group functionality including selection, validation, and visibility logic
Reviewed changes
Copilot reviewed 37 out of 37 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
server/types/so_attributes.ts |
Added var_group_selections field to package policy saved object attributes |
server/types/rest_spec/epm.ts |
Added schema validation for var_groups in package manifest |
server/services/package_policy.ts |
Persisted var_group_selections during package policy updates |
server/services/epm/archive/parse.ts |
Added var_groups as optional package property for parsing |
server/routes/package_policy/handlers.ts |
Updated handlers to preserve var_group_selections during updates |
public/types/index.ts |
Exported var group types for public use |
public/applications/.../edit_package_policy_page/index.tsx |
Computed default var group selections for edit mode |
public/applications/.../single_page_layout/index.tsx |
Integrated var group selections into create flow |
public/applications/.../has_invalid_but_required_var.ts |
Enhanced validation to support var group required logic |
public/applications/.../step_define_package_policy.tsx |
Added var group selector UI and filtered variables by selection |
public/applications/.../step_configure_package.tsx |
Added input compatibility filtering based on var group selections |
public/applications/.../var_group_selector.tsx |
New component implementing var group selection UI and logic |
public/applications/.../package_policy_input_var_field.tsx |
Added support for var group required indicator |
public/applications/.../package_policy_input_stream.tsx |
Implemented stream-level var group selections and filtering |
public/applications/.../package_policy_input_panel.tsx |
Passed var group selections to input streams |
public/applications/.../hooks.tsx |
Added useVarGroupSelections hook for state management |
common/types/models/package_spec.ts |
Defined var group type interfaces |
common/types/models/package_policy_schema.ts |
Added schema for var group selections |
common/types/models/package_policy.ts |
Added var group selections to package policy types |
common/types/models/epm.ts |
Added var group support to registry types |
common/services/validate_package_policy.ts |
Enhanced validation to handle var group visibility and requirements |
common/services/simplified_package_policy_helper.ts |
Preserved var group selections in simplified format |
oas_docs/bundle.serverless.json |
Updated OpenAPI schema with var group selections |
oas_docs/bundle.json |
Updated OpenAPI schema with var group selections |
elastic-vault-github-plugin-prod
Bot
requested a review
from a team
as a code owner
seanrathier
force-pushed
the
var_groups
branch
from
e829ce7 to
194636a
Compare
Contributor
There was a problem hiding this comment.
These bundle files were removed on main, should merge upstream: #249907
Should be ignored by git: https://github.com/elastic/kibana/pull/249907/files#diff-bc37d034bad564583790a46f19d807abfe519c5671395fd494d8cce506c42947
Contributor
|
Code changes look good, could you share some screenshots or steps to verify how var groups look like on the UI? |
seanrathier
force-pushed
the
var_groups
branch
from
816dc01 to
c545d19
Compare
seanrathier
force-pushed
the
var_groups
branch
from
e876b6f to
c537143
Compare
seanrathier
removed request for
a team,
Omolola-Akinleye,
ashokaditya and
parkiino
# Conflicts: # oas_docs/bundle.json # oas_docs/bundle.serverless.json
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
History
cc @seanrathier |
hannahbrooks
pushed a commit
to hannahbrooks/kibana
that referenced
this pull request
Jan 30, 2026
2 tasks
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Parent: https://github.com/elastic/security-team/issues/15396
Summary
This PR implements
var_groupsrecognition, add theVarGroupsSelectorcomponent, and persistence forvar_group_selectionsat both the package level and stream level in Fleet package policies. Variable groups (var_groups) allow package authors to define mutually exclusive sets of variables, enabling users to choose between different configuration options (e.g., API Key vs OAuth authentication).Blocked to merge by
Integration manifest example
Fleet UI example
Screen.Recording.2026-01-23.at.10.06.07.AM.mov
Key changes:
var_group_selectionsfield toNewPackagePolicyandNewPackagePolicyInputStreamtypespackagePolicy.var_group_selectionspackagePolicyInputStream.var_group_selectionsuseVarGroupSelectionshook for consistent state management across both levelscomputeDefaultVarGroupSelectionsto initialize defaults based on deployment modeVarGroupSelectorcomponent for UI rendering of var_group optionsvar_groupsfrom package manifestsValidation enhancements (form validation):
required?: booleanfield toRegistryVarGrouptypeisVarRequiredByVarGrouphelper functionvalidatePackagePolicyto skip validation for hidden vars and treat vars in required var_groups as requiredhasInvalidButRequiredVarto support var_groups contextPackagePolicyInputVarFieldto show required indicator for var_group required fieldsRelated Issues
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:breakinglabel should be applied in these situations.release_note:*label is applied per the guidelinesbackport:*labels.Identify risks
Low - Medium