From 698f7b99e5a26df9c2f311fec5ff792b4a11c4d6 Mon Sep 17 00:00:00 2001
From: Norrie Taylor <91171431+norrietaylor@users.noreply.github.com>
Date: Fri, 22 Sep 2023 08:06:39 -0700
Subject: [PATCH] Treat elastic-security container platforms as separate inputs
 (#3460)

---
 specs/endpoint-security.spec.yml | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/specs/endpoint-security.spec.yml b/specs/endpoint-security.spec.yml
index e34fe4a9931..9939fcbfa19 100644
--- a/specs/endpoint-security.spec.yml
+++ b/specs/endpoint-security.spec.yml
@@ -5,13 +5,11 @@ inputs:
     platforms:
       - linux/amd64
       - linux/arm64
-      - container/amd64
-      - container/arm64
-    outputs:
+    outputs: &outputs
       - elasticsearch
       - logstash
       - kafka
-    proxied_actions:
+    proxied_actions: &proxied_actions
       - UNENROLL
       - UPGRADE
     runtime:
@@ -22,7 +20,7 @@ inputs:
           message: "Elastic Agent must be running as root"
         - condition: ${install.in_default} == false
           message: "Elastic Defend requires Elastic Agent be installed at the default installation path"
-    service:
+    service: &service
       cport: 6788
       log:
         path: "/opt/Elastic/Endpoint/state/log/endpoint-*.log"
@@ -57,9 +55,7 @@ inputs:
     outputs:
       - elasticsearch
       - logstash
-    proxied_actions:
-      - UNENROLL
-      - UPGRADE
+    proxied_actions: *proxied_actions
     runtime:
       preventions:
         - condition: ${install.in_default} == false
@@ -76,9 +72,7 @@ inputs:
     outputs:
       - elasticsearch
       - logstash
-    proxied_actions:
-      - UNENROLL
-      - UPGRADE
+    proxied_actions: *proxied_actions
     runtime:
       preventions:
         - condition: ${user.root} == false
@@ -90,3 +84,17 @@ inputs:
       log:
         path: "C:\\Program Files\\Elastic\\Endpoint\\state\\log\\endpoint-*.log"
       operations: *operations
+  - name: endpoint
+    description: "Endpoint Security"
+    platforms:
+      - container/amd64
+      - container/arm64
+    outputs: *outputs
+    proxied_actions: *proxied_actions
+    runtime:
+      preventions:
+        - condition: ${runtime.arch} == 'arm64' and ${runtime.family} == 'redhat' and ${runtime.major} == '7'
+          message: "No support for RHEL7 on arm64"
+        - condition: ${user.root} == false
+          message: "Elastic Agent must be running as root"
+    service: *service