[Fleet] Add ssl fields to agent binary source settings#213211
Merged
criamico merged 23 commits intoelastic:mainfrom Mar 12, 2025
Merged
[Fleet] Add ssl fields to agent binary source settings#213211criamico merged 23 commits intoelastic:mainfrom
criamico merged 23 commits intoelastic:mainfrom
Conversation
criamico
added
the
Team:Fleet
Contributor
Author
|
@elasticmachine merge upstream |
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'
… src/core/server/integration_tests/ci_checks'
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'
criamico
added
v9.1.0
release_note:feature
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
|
Pinging @elastic/fleet (Team:Fleet) |
criamico
commented
Mar 10, 2025
| changes: [ | ||
| { | ||
| type: 'mappings_addition', | ||
| addedMappings: {}, |
Contributor
Author
There was a problem hiding this comment.
explanation of this field can be found in a previous PR: https://github.com/elastic/kibana/pull/208091/files#r1971649339
criamico
commented
Mar 10, 2025
| }); | ||
| encryptedSavedObjects.registerType({ | ||
| type: DOWNLOAD_SOURCE_SAVED_OBJECT_TYPE, | ||
| attributesToEncrypt: new Set([{ key: 'ssl', dangerouslyExposeValue: true }]), |
Contributor
Author
There was a problem hiding this comment.
Had a discussion about the attributes on this encrypted object in the previuos PR, it applies the same here : https://github.com/elastic/kibana/pull/208091/files#r1971664328
criamico
commented
Mar 10, 2025
| type: DOWNLOAD_SOURCE_SAVED_OBJECT_TYPE, | ||
| attributesToEncrypt: new Set([{ key: 'ssl', dangerouslyExposeValue: true }]), | ||
| // enforceRandomId allows to create an SO with an arbitrary id | ||
| enforceRandomId: false, |
Contributor
Author
There was a problem hiding this comment.
Explanation of the need for this parameter: https://github.com/elastic/kibana/pull/208091/files#r1948774730
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
|
There are no new commits on the base branch. |
afharo
approved these changes
Mar 11, 2025
| schema.object({ | ||
| certificate_authorities: schema.maybe(schema.arrayOf(schema.string())), | ||
| certificate: schema.maybe(schema.string()), | ||
| key: schema.maybe(schema.string()), |
Contributor
There was a problem hiding this comment.
should we allow null here?
Contributor
Author
There was a problem hiding this comment.
Good question, I was going with the same basic schema as the other ssl.key values that I added recently. neither fleet server host nor outputs have it nullable, but maybe they should all be nullable instead?
I think it makes sense to keep their behavior aligned as they work the same way.
Contributor
There was a problem hiding this comment.
maybe we don't need it, tested locally and works fine when updating a plain text ssl.key to a secret
| verification_mode: schema.maybe(schema.string()), | ||
| certificate_authorities: schema.maybe(schema.arrayOf(schema.string())), | ||
| certificate: schema.maybe(schema.string()), | ||
| key: schema.maybe(schema.string()), |
Contributor
There was a problem hiding this comment.
same here, should we allow null here?
| label={i18n.translate( | ||
| 'xpack.fleet.settings.editDownloadSourcesFlyout.sslCertificateAuthoritiesInputLabel', | ||
| { | ||
| defaultMessage: 'Server SSL certificate authorities (optional)', |
Contributor
There was a problem hiding this comment.
do we need (optional) here, all fields seems optional?
Contributor
Author
There was a problem hiding this comment.
I'm going to open a follow up PR to address some small UX changes across the whole feature. I think it can be addressed there.
juliaElastic
approved these changes
Mar 11, 2025
Contributor
juliaElastic
left a comment
juliaElastic
left a comment
There was a problem hiding this comment.
Tested locally, LGTM
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Public APIs missing exports
History
cc @criamico |
This was referenced Mar 12, 2025
criamico
added a commit
that referenced
this pull request
Mar 14, 2025
## Summary Follow up of #208091, #213211 and #213211 Small UI enhancements to the SSL options introduced with the mentioned PRs - All the forms are now nested under an accordion to avoid taking too much space <details> <summary>Fleet server hosts</summary> <img width="804" alt="Screenshot 2025-03-12 at 11 38 01" src="https://github.com/user-attachments/assets/5835811a-6a22-470e-9e74-6dfc78761d8b" /> <img width="806" alt="Screenshot 2025-03-12 at 11 38 11" src="https://github.com/user-attachments/assets/865f02b0-ec36-489f-904c-97c91a29ffca" /> <img width="787" alt="Screenshot 2025-03-12 at 11 51 39" src="https://github.com/user-attachments/assets/494e20b7-a44b-45e9-aead-c7d51260da72" /> <img width="795" alt="Screenshot 2025-03-12 at 11 51 51" src="https://github.com/user-attachments/assets/ba0abb37-0142-4ae1-ab5f-f2af96602c7a" /> </details> <details> <summary>Agent Binary source</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 39 38" src="https://github.com/user-attachments/assets/915b4ed9-d23d-4764-9805-aef5cce5798e" /> <img width="801" alt="Screenshot 2025-03-12 at 11 39 44" src="https://github.com/user-attachments/assets/ea0347fb-a1fa-4454-b296-a132dffe6611" /> </details> <details> <summary>ES Outputs</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 38 30" src="https://github.com/user-attachments/assets/7ae7fdd4-f693-4d12-bb7e-79ddee2c6c3b" /> <img width="803" alt="Screenshot 2025-03-12 at 11 38 36" src="https://github.com/user-attachments/assets/179463c2-9cbb-4dec-8f80-44c08a53073d" /> </details> <details> <summary>Remote ES Outputs</summary> <img width="802" alt="Screenshot 2025-03-12 at 11 46 39" src="https://github.com/user-attachments/assets/b1f151a9-433a-4699-8aec-79f8174d069f" /> </details> <details> <summary>Logstash Outputs</summary> <img width="803" alt="Screenshot 2025-03-12 at 11 39 25" src="https://github.com/user-attachments/assets/1f4da34c-ba2a-47e8-a258-61d943e9af7a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
clintandrewhall
pushed a commit
to clintandrewhall/kibana
that referenced
this pull request
Mar 20, 2025
## Summary Follow up of elastic#208091, elastic#213211 and elastic#213211 Small UI enhancements to the SSL options introduced with the mentioned PRs - All the forms are now nested under an accordion to avoid taking too much space <details> <summary>Fleet server hosts</summary> <img width="804" alt="Screenshot 2025-03-12 at 11 38 01" src="https://github.com/user-attachments/assets/5835811a-6a22-470e-9e74-6dfc78761d8b" /> <img width="806" alt="Screenshot 2025-03-12 at 11 38 11" src="https://github.com/user-attachments/assets/865f02b0-ec36-489f-904c-97c91a29ffca" /> <img width="787" alt="Screenshot 2025-03-12 at 11 51 39" src="https://github.com/user-attachments/assets/494e20b7-a44b-45e9-aead-c7d51260da72" /> <img width="795" alt="Screenshot 2025-03-12 at 11 51 51" src="https://github.com/user-attachments/assets/ba0abb37-0142-4ae1-ab5f-f2af96602c7a" /> </details> <details> <summary>Agent Binary source</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 39 38" src="https://github.com/user-attachments/assets/915b4ed9-d23d-4764-9805-aef5cce5798e" /> <img width="801" alt="Screenshot 2025-03-12 at 11 39 44" src="https://github.com/user-attachments/assets/ea0347fb-a1fa-4454-b296-a132dffe6611" /> </details> <details> <summary>ES Outputs</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 38 30" src="https://github.com/user-attachments/assets/7ae7fdd4-f693-4d12-bb7e-79ddee2c6c3b" /> <img width="803" alt="Screenshot 2025-03-12 at 11 38 36" src="https://github.com/user-attachments/assets/179463c2-9cbb-4dec-8f80-44c08a53073d" /> </details> <details> <summary>Remote ES Outputs</summary> <img width="802" alt="Screenshot 2025-03-12 at 11 46 39" src="https://github.com/user-attachments/assets/b1f151a9-433a-4699-8aec-79f8174d069f" /> </details> <details> <summary>Logstash Outputs</summary> <img width="803" alt="Screenshot 2025-03-12 at 11 39 25" src="https://github.com/user-attachments/assets/1f4da34c-ba2a-47e8-a258-61d943e9af7a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Mar 22, 2025
closes elastic#207324 follow up of elastic#207322 ## Summary Add ssl fields to agent binary source settings. The new fields allow users to set a TLS connection to the agent binary source uri. - The cert key will be stored either as an encrypted SO or a secret (latter option will be available once fleet server will have this functionality: elastic/fleet-server#4470). - The secret field is only available when the feature flag `enableSSLSecrets` is enabled, otherwise the cert key is saved as an encrypted SO. <details> <summary>Screenshots</summary> <img width="809" alt="Screenshot 2025-03-11 at 14 53 44" src="https://github.com/user-attachments/assets/e93a04cf-c699-4e13-8cb6-870986197f92" /> <img width="804" alt="Screenshot 2025-03-11 at 14 53 34" src="https://github.com/user-attachments/assets/c2c13c8f-e65c-4843-a538-d317e1359bf0" /> Generated policy: <img width="797" alt="Screenshot 2025-03-06 at 17 43 02" src="https://github.com/user-attachments/assets/12411fea-9a8b-4ee9-aa7c-123c6aefea4a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Mar 22, 2025
## Summary Follow up of elastic#208091, elastic#213211 and elastic#213211 Small UI enhancements to the SSL options introduced with the mentioned PRs - All the forms are now nested under an accordion to avoid taking too much space <details> <summary>Fleet server hosts</summary> <img width="804" alt="Screenshot 2025-03-12 at 11 38 01" src="https://github.com/user-attachments/assets/5835811a-6a22-470e-9e74-6dfc78761d8b" /> <img width="806" alt="Screenshot 2025-03-12 at 11 38 11" src="https://github.com/user-attachments/assets/865f02b0-ec36-489f-904c-97c91a29ffca" /> <img width="787" alt="Screenshot 2025-03-12 at 11 51 39" src="https://github.com/user-attachments/assets/494e20b7-a44b-45e9-aead-c7d51260da72" /> <img width="795" alt="Screenshot 2025-03-12 at 11 51 51" src="https://github.com/user-attachments/assets/ba0abb37-0142-4ae1-ab5f-f2af96602c7a" /> </details> <details> <summary>Agent Binary source</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 39 38" src="https://github.com/user-attachments/assets/915b4ed9-d23d-4764-9805-aef5cce5798e" /> <img width="801" alt="Screenshot 2025-03-12 at 11 39 44" src="https://github.com/user-attachments/assets/ea0347fb-a1fa-4454-b296-a132dffe6611" /> </details> <details> <summary>ES Outputs</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 38 30" src="https://github.com/user-attachments/assets/7ae7fdd4-f693-4d12-bb7e-79ddee2c6c3b" /> <img width="803" alt="Screenshot 2025-03-12 at 11 38 36" src="https://github.com/user-attachments/assets/179463c2-9cbb-4dec-8f80-44c08a53073d" /> </details> <details> <summary>Remote ES Outputs</summary> <img width="802" alt="Screenshot 2025-03-12 at 11 46 39" src="https://github.com/user-attachments/assets/b1f151a9-433a-4699-8aec-79f8174d069f" /> </details> <details> <summary>Logstash Outputs</summary> <img width="803" alt="Screenshot 2025-03-12 at 11 39 25" src="https://github.com/user-attachments/assets/1f4da34c-ba2a-47e8-a258-61d943e9af7a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
1 task
Contributor
|
Just commenting to leave a trail on use of |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes #207324
follow up of #207322
Summary
Add ssl fields to agent binary source settings. The new fields allow users to set a TLS connection to the agent binary source uri.
enableSSLSecretsis enabled, otherwise the cert key is saved as an encrypted SO.Screenshots
Generated policy:
Checklist