localhost/ssl support for scripts/synthtrace

elastic · Jun 18, 2024 · c7a009f · c7a009f
1 parent 20a066f
commit c7a009f
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 1 deletion.
diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_apm_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_apm_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { ApmSynthtraceEsClient } from '../../..';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getApmEsClient({
   target,
@@ -23,6 +24,7 @@ export function getApmEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   const apmEsClient = new ApmSynthtraceEsClient({

diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_assets_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_assets_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { AssetsSynthtraceEsClient } from '../../lib/assets/assets_synthtrace_es_client';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getAssetsEsClient({
   target,
@@ -21,6 +22,7 @@ export function getAssetsEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   return new AssetsSynthtraceEsClient({

diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_infra_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_infra_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { InfraSynthtraceEsClient } from '../../lib/infra/infra_synthtrace_es_client';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getInfraEsClient({
   target,
@@ -21,6 +22,7 @@ export function getInfraEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   return new InfraSynthtraceEsClient({

diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_logs_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_logs_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { LogsSynthtraceEsClient } from '../../lib/logs/logs_synthtrace_es_client';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getLogsEsClient({
   target,
@@ -21,6 +22,7 @@ export function getLogsEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   return new LogsSynthtraceEsClient({

diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts
@@ -10,6 +10,7 @@ import fetch from 'node-fetch';
 import { format, parse, Url } from 'url';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getFetchAgent } from './ssl';
 
 async function discoverAuth(parsedTarget: Url) {
   const possibleCredentials = [`admin:changeme`, `elastic:changeme`, `elastic_serverless:changeme`];
@@ -20,7 +21,9 @@ async function discoverAuth(parsedTarget: Url) {
     });
     let status: number;
     try {
-      const response = await fetch(url);
+      const response = await fetch(url, {
+        agent: getFetchAgent(url),
+      });
       status = response.status;
     } catch (err) {
       status = 0;
@@ -43,6 +46,7 @@ async function getKibanaUrl({ target, logger }: { target: string; logger: Logger
       method: 'HEAD',
       follow: 1,
       redirect: 'manual',
+      agent: getFetchAgent(target),
     });
 
     const discoveredKibanaUrl =
@@ -62,6 +66,7 @@ async function getKibanaUrl({ target, logger }: { target: string; logger: Logger
 
     const redirectedResponse = await fetch(discoveredKibanaUrlWithAuth, {
       method: 'HEAD',
+      agent: getFetchAgent(discoveredKibanaUrlWithAuth),
     });
 
     if (redirectedResponse.status !== 200) {

diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/ssl.ts b/packages/kbn-apm-synthtrace/src/cli/utils/ssl.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import * as Fs from 'fs';
+import { CA_CERT_PATH } from '@kbn/dev-utils';
+import https from 'https';
+
+export function getFetchAgent(url: string) {
+  const isHTTPS = new URL(url).protocol === 'https:';
+  const isLocalhost = new URL(url).hostname === 'localhost';
+  return isHTTPS && isLocalhost ? new https.Agent({ rejectUnauthorized: false }) : undefined;
+}
+
+export function getEsClientTlsSettings(url: string) {
+  const isHTTPS = new URL(url).protocol === 'https:';
+  // load the CA cert from disk if necessary
+  const caCert = isHTTPS ? Fs.readFileSync(CA_CERT_PATH) : null;
+  const isLocalhost = new URL(url).hostname === 'localhost';
+
+  return caCert && isLocalhost
+    ? {
+        ca: caCert,
+        rejectUnauthorized: true,
+      }
+    : undefined;
+}
diff --git a/packages/kbn-apm-synthtrace/src/lib/apm/client/apm_synthtrace_kibana_client.ts b/packages/kbn-apm-synthtrace/src/lib/apm/client/apm_synthtrace_kibana_client.ts
@@ -10,6 +10,7 @@ import fetch from 'node-fetch';
 import pRetry from 'p-retry';
 import { Logger } from '../../utils/create_logger';
 import { kibanaHeaders } from '../../shared/client_headers';
+import { getFetchAgent } from '../../../cli/utils/ssl';
 
 export class ApmSynthtraceKibanaClient {
   private readonly logger: Logger;
@@ -34,6 +35,7 @@ export class ApmSynthtraceKibanaClient {
     const response = await fetch(url, {
       method: 'GET',
       headers: kibanaHeaders(),
+      agent: getFetchAgent(url),
     });
 
     const responseJson = await response.json();
@@ -62,6 +64,7 @@ export class ApmSynthtraceKibanaClient {
           method: 'POST',
           headers: kibanaHeaders(),
           body: '{"force":true}',
+          agent: getFetchAgent(url),
         });
 
         if (!res.ok) {
@@ -109,6 +112,7 @@ export class ApmSynthtraceKibanaClient {
           method: 'DELETE',
           headers: kibanaHeaders(),
           body: '{"force":true}',
+          agent: getFetchAgent(url),
         });
 
         if (!res.ok) {

diff --git a/packages/kbn-apm-synthtrace/src/lib/infra/infra_synthtrace_kibana_client.ts b/packages/kbn-apm-synthtrace/src/lib/infra/infra_synthtrace_kibana_client.ts
@@ -11,6 +11,7 @@ import fetch from 'node-fetch';
 import pRetry from 'p-retry';
 import { Logger } from '../utils/create_logger';
 import { kibanaHeaders } from '../shared/client_headers';
+import { getFetchAgent } from '../../cli/utils/ssl';
 
 export class InfraSynthtraceKibanaClient {
   private readonly logger: Logger;
@@ -30,6 +31,7 @@ export class InfraSynthtraceKibanaClient {
     const response = await fetch(fleetPackageApiUrl, {
       method: 'GET',
       headers: kibanaHeaders(),
+      agent: getFetchAgent(fleetPackageApiUrl),
     });
 
     const responseJson = await response.json();
@@ -54,6 +56,7 @@ export class InfraSynthtraceKibanaClient {
         method: 'POST',
         headers: kibanaHeaders(),
         body: '{"force":true}',
+        agent: getFetchAgent(url),
       });
     });