[Cloud Security] Add Cloud Connectors credential option for Cloud Asset Inventory and CSPM for Azure

[seanrathier]

Proposed commit message

• Adds Cloud Connector credential type for Cloud Asset Inventory Azure input type.
• Adds Cloud Connector credential type for CSPM Azure input type.
• Changed Azure client-id and tenant-id to be secret.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

• Pull this branch locally
• Build using elastic-package
• Deploy the package to ESS or Serverless
• Navigate to Cloud Asset Discovery integration with the version 1.1.1-preview in the URL
• Select Azure provider
• The Cloud Connector option should be a credential type

Related issues

• https://github.com/elastic/security-team/issues/12603

Screenshots

[Copilot]

Pull Request Overview

This PR adds Cloud Connectors as a credential option for the Azure provider in the Cloud Asset Inventory integration. This enhancement allows users to configure Azure asset discovery using Cloud Connectors authentication alongside existing methods like Service Principal and Managed Identity.

• Add "Cloud Connectors" as a new credential type option in the Azure configuration
• Include required input variables and configuration template for Cloud Connectors authentication
• Update package version to 1.1.1-preview to reflect the new functionality

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
packages/cloud_asset_inventory/manifest.yml	Bumps package version to 1.1.1-preview
packages/cloud_asset_inventory/data_stream/asset_inventory/manifest.yml	Adds Cloud Connectors credential type, input variables, and configuration template for Azure
packages/cloud_asset_inventory/changelog.yml	Documents the enhancement in the changelog

Comments suppressed due to low confidence (1)

packages/cloud_asset_inventory/data_stream/asset_inventory/manifest.yml:1

• The description should be updated to include Cloud Connectors since the Client ID field is now also required for the new Cloud Connectors credential type.

title: Cloud Assets Discovery

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[elastic-vault-github-plugin-prod]

🚀 Benchmarks report

Package cloud_security_posture 👍(0) 💚(1) 💔(1)

Expand to view

Data stream	Previous EPS	New EPS	Diff (%)	Result
findings	55555.56	40000	-15555.56 (-28%)	💔

To see the full report comment with /test benchmark fullreport

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 3d1d5b8

History

• 💚 Build #31048 succeeded 35adef8
• 💔 Build #31046 failed d5a8dd2
• 💔 Build #31045 failed 2e93973
• 💚 Build #31029 succeeded 508ef90
• 💚 Build #30974 succeeded e47d0c8

cc @seanrathier

[elastic-sonarqube]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube

[elastic-vault-github-plugin-prod]

Package cloud_asset_inventory - 1.1.3 containing this change is available at https://epr.elastic.co/package/cloud_asset_inventory/1.1.3/

[opauloh]

Shouldn't it been 1.1.1-preview02? to follow the same CSP strategy of bumping the version only after Feature Freeze.

The reason we follow the process is that since we have a custom UI, some of the times the integration will rely on Kibana to be updated in order to work properly with the updated integration, then for those cases then we need to wait for Kibana to be released in Serverless before making it available.