[8.8] Orchestrator additions for features coming in 8.8 (#2181) (#2204)

CHANGELOG.next.md

@@ -39,6 +39,7 @@ Thanks, you're awesome :-) -->
 #### Added
 
 * Add `access` as an allowed type for `event.type: file`. #2174
+* Add `orchestrator.resource.annotation` and `orchestrator.resource.label`. #2181
 * Add `event.kind: asset` as a beta category. #2191
 
 ### Tooling and Artifact Changes

docs/fields/field-details.asciidoc

@@ -6957,6 +6957,25 @@ example: `elastic`
 
 // ===============================================================
 
+|
+[[field-orchestrator-resource-annotation]]
+<<field-orchestrator-resource-annotation, orchestrator.resource.annotation>>
+
+a| The list of annotations added to the resource.
+
+type: keyword
+
+
+Note: this field should contain an array of values.
+
+
+
+example: `['key1:value1', 'key2:value2', 'key3:value3']`
+
+| extended
+
+// ===============================================================
+
 |
 [[field-orchestrator-resource-id]]
 <<field-orchestrator-resource-id, orchestrator.resource.id>>
@@ -6988,6 +7007,25 @@ Note: this field should contain an array of values.
 
 
 
+| extended
+
+// ===============================================================
+
+|
+[[field-orchestrator-resource-label]]
+<<field-orchestrator-resource-label, orchestrator.resource.label>>
+
+a| The list of labels added to the resource.
+
+type: keyword
+
+
+Note: this field should contain an array of values.
+
+
+
+example: `['key1:value1', 'key2:value2', 'key3:value3']`
+
 | extended
 
 // ===============================================================

experimental/generated/beats/fields.ecs.yml

@@ -5179,6 +5179,13 @@
         setups).
       example: elastic
       default_field: false
+    - name: resource.annotation
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The list of annotations added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      default_field: false
     - name: resource.id
       level: extended
       type: keyword
@@ -5193,6 +5200,13 @@
         only one element: the IP of the Pod (as opposed to the Node on which the Pod
         is running).'
       default_field: false
+    - name: resource.label
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The list of labels added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      default_field: false
     - name: resource.name
       level: extended
       type: keyword

experimental/generated/csv/fields.csv

@@ -559,8 +559,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.8.0-dev+exp,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster.
 8.8.0-dev+exp,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place.
 8.8.0-dev+exp,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups).
+8.8.0-dev+exp,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource.
 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon.
 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed.
+8.8.0-dev+exp,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource.
 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon.
 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed.
 8.8.0-dev+exp,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon.

experimental/generated/ecs/ecs_flat.yml

@@ -7379,6 +7379,18 @@ orchestrator.organization:
   normalize: []
   short: Organization affected by the event (for multi-tenant orchestrator setups).
   type: keyword
+orchestrator.resource.annotation:
+  dashed_name: orchestrator-resource-annotation
+  description: The list of annotations added to the resource.
+  example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+  flat_name: orchestrator.resource.annotation
+  ignore_above: 1024
+  level: extended
+  name: resource.annotation
+  normalize:
+  - array
+  short: The list of annotations added to the resource.
+  type: keyword
 orchestrator.resource.id:
   dashed_name: orchestrator-resource-id
   description: Unique ID of the resource being acted upon.
@@ -7401,6 +7413,18 @@ orchestrator.resource.ip:
   - array
   short: IP address assigned to the resource associated with the event being observed.
   type: ip
+orchestrator.resource.label:
+  dashed_name: orchestrator-resource-label
+  description: The list of labels added to the resource.
+  example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+  flat_name: orchestrator.resource.label
+  ignore_above: 1024
+  level: extended
+  name: resource.label
+  normalize:
+  - array
+  short: The list of labels added to the resource.
+  type: keyword
 orchestrator.resource.name:
   dashed_name: orchestrator-resource-name
   description: Name of the resource being acted upon.

experimental/generated/ecs/ecs_nested.yml

@@ -9144,6 +9144,18 @@ orchestrator:
       normalize: []
       short: Organization affected by the event (for multi-tenant orchestrator setups).
       type: keyword
+    orchestrator.resource.annotation:
+      dashed_name: orchestrator-resource-annotation
+      description: The list of annotations added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      flat_name: orchestrator.resource.annotation
+      ignore_above: 1024
+      level: extended
+      name: resource.annotation
+      normalize:
+      - array
+      short: The list of annotations added to the resource.
+      type: keyword
     orchestrator.resource.id:
       dashed_name: orchestrator-resource-id
       description: Unique ID of the resource being acted upon.
@@ -9167,6 +9179,18 @@ orchestrator:
       - array
       short: IP address assigned to the resource associated with the event being observed.
       type: ip
+    orchestrator.resource.label:
+      dashed_name: orchestrator-resource-label
+      description: The list of labels added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      flat_name: orchestrator.resource.label
+      ignore_above: 1024
+      level: extended
+      name: resource.label
+      normalize:
+      - array
+      short: The list of labels added to the resource.
+      type: keyword
     orchestrator.resource.name:
       dashed_name: orchestrator-resource-name
       description: Name of the resource being acted upon.

experimental/generated/elasticsearch/composable/component/orchestrator.json

@@ -42,13 +42,21 @@
             },
             "resource": {
               "properties": {
+                "annotation": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
                 "id": {
                   "ignore_above": 1024,
                   "type": "keyword"
                 },
                 "ip": {
                   "type": "ip"
                 },
+                "label": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
                 "name": {
                   "ignore_above": 1024,
                   "type": "keyword"

experimental/generated/elasticsearch/legacy/template.json

@@ -2611,13 +2611,21 @@
           },
           "resource": {
             "properties": {
+              "annotation": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
               "id": {
                 "ignore_above": 1024,
                 "type": "keyword"
               },
               "ip": {
                 "type": "ip"
               },
+              "label": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
               "name": {
                 "ignore_above": 1024,
                 "type": "keyword"

generated/beats/fields.ecs.yml

@@ -5129,6 +5129,13 @@
         setups).
       example: elastic
       default_field: false
+    - name: resource.annotation
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The list of annotations added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      default_field: false
     - name: resource.id
       level: extended
       type: keyword
@@ -5143,6 +5150,13 @@
         only one element: the IP of the Pod (as opposed to the Node on which the Pod
         is running).'
       default_field: false
+    - name: resource.label
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: The list of labels added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      default_field: false
     - name: resource.name
       level: extended
       type: keyword

generated/csv/fields.csv

@@ -552,8 +552,10 @@ ECS_Version,Indexed,Field_Set,Field,Type,Level,Normalization,Example,Description
 8.8.0-dev,true,orchestrator,orchestrator.cluster.version,keyword,extended,,,The version of the cluster.
 8.8.0-dev,true,orchestrator,orchestrator.namespace,keyword,extended,,kube-system,Namespace in which the action is taking place.
 8.8.0-dev,true,orchestrator,orchestrator.organization,keyword,extended,,elastic,Organization affected by the event (for multi-tenant orchestrator setups).
+8.8.0-dev,true,orchestrator,orchestrator.resource.annotation,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of annotations added to the resource.
 8.8.0-dev,true,orchestrator,orchestrator.resource.id,keyword,extended,,,Unique ID of the resource being acted upon.
 8.8.0-dev,true,orchestrator,orchestrator.resource.ip,ip,extended,array,,IP address assigned to the resource associated with the event being observed.
+8.8.0-dev,true,orchestrator,orchestrator.resource.label,keyword,extended,array,"['key1:value1', 'key2:value2', 'key3:value3']",The list of labels added to the resource.
 8.8.0-dev,true,orchestrator,orchestrator.resource.name,keyword,extended,,test-pod-cdcws,Name of the resource being acted upon.
 8.8.0-dev,true,orchestrator,orchestrator.resource.parent.type,keyword,extended,,DaemonSet,Type or kind of the parent resource associated with the event being observed.
 8.8.0-dev,true,orchestrator,orchestrator.resource.type,keyword,extended,,service,Type of resource being acted upon.

generated/ecs/ecs_flat.yml

@@ -7310,6 +7310,18 @@ orchestrator.organization:
   normalize: []
   short: Organization affected by the event (for multi-tenant orchestrator setups).
   type: keyword
+orchestrator.resource.annotation:
+  dashed_name: orchestrator-resource-annotation
+  description: The list of annotations added to the resource.
+  example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+  flat_name: orchestrator.resource.annotation
+  ignore_above: 1024
+  level: extended
+  name: resource.annotation
+  normalize:
+  - array
+  short: The list of annotations added to the resource.
+  type: keyword
 orchestrator.resource.id:
   dashed_name: orchestrator-resource-id
   description: Unique ID of the resource being acted upon.
@@ -7332,6 +7344,18 @@ orchestrator.resource.ip:
   - array
   short: IP address assigned to the resource associated with the event being observed.
   type: ip
+orchestrator.resource.label:
+  dashed_name: orchestrator-resource-label
+  description: The list of labels added to the resource.
+  example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+  flat_name: orchestrator.resource.label
+  ignore_above: 1024
+  level: extended
+  name: resource.label
+  normalize:
+  - array
+  short: The list of labels added to the resource.
+  type: keyword
 orchestrator.resource.name:
   dashed_name: orchestrator-resource-name
   description: Name of the resource being acted upon.

generated/ecs/ecs_nested.yml

@@ -9064,6 +9064,18 @@ orchestrator:
       normalize: []
       short: Organization affected by the event (for multi-tenant orchestrator setups).
       type: keyword
+    orchestrator.resource.annotation:
+      dashed_name: orchestrator-resource-annotation
+      description: The list of annotations added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      flat_name: orchestrator.resource.annotation
+      ignore_above: 1024
+      level: extended
+      name: resource.annotation
+      normalize:
+      - array
+      short: The list of annotations added to the resource.
+      type: keyword
     orchestrator.resource.id:
       dashed_name: orchestrator-resource-id
       description: Unique ID of the resource being acted upon.
@@ -9087,6 +9099,18 @@ orchestrator:
       - array
       short: IP address assigned to the resource associated with the event being observed.
       type: ip
+    orchestrator.resource.label:
+      dashed_name: orchestrator-resource-label
+      description: The list of labels added to the resource.
+      example: '[''key1:value1'', ''key2:value2'', ''key3:value3'']'
+      flat_name: orchestrator.resource.label
+      ignore_above: 1024
+      level: extended
+      name: resource.label
+      normalize:
+      - array
+      short: The list of labels added to the resource.
+      type: keyword
     orchestrator.resource.name:
       dashed_name: orchestrator-resource-name
       description: Name of the resource being acted upon.

generated/elasticsearch/composable/component/orchestrator.json

@@ -42,13 +42,21 @@
             },
             "resource": {
               "properties": {
+                "annotation": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
                 "id": {
                   "ignore_above": 1024,
                   "type": "keyword"
                 },
                 "ip": {
                   "type": "ip"
                 },
+                "label": {
+                  "ignore_above": 1024,
+                  "type": "keyword"
+                },
                 "name": {
                   "ignore_above": 1024,
                   "type": "keyword"

generated/elasticsearch/legacy/template.json

@@ -2569,13 +2569,21 @@
           },
           "resource": {
             "properties": {
+              "annotation": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
               "id": {
                 "ignore_above": 1024,
                 "type": "keyword"
               },
               "ip": {
                 "type": "ip"
               },
+              "label": {
+                "ignore_above": 1024,
+                "type": "keyword"
+              },
               "name": {
                 "ignore_above": 1024,
                 "type": "keyword"