From c7a009fc3fe7f551c4fb169cc9748671e2a48b5a Mon Sep 17 00:00:00 2001
From: Walter Rafelsberger <walter.rafelsberger@elastic.co>
Date: Mon, 17 Jun 2024 16:47:42 +0200
Subject: [PATCH] localhost/ssl support for scripts/synthtrace

---
 .../src/cli/utils/get_apm_es_client.ts        |  2 ++
 .../src/cli/utils/get_assets_es_client.ts     |  2 ++
 .../src/cli/utils/get_infra_es_client.ts      |  2 ++
 .../src/cli/utils/get_logs_es_client.ts       |  2 ++
 .../src/cli/utils/get_service_urls.ts         |  7 ++++-
 .../kbn-apm-synthtrace/src/cli/utils/ssl.ts   | 31 +++++++++++++++++++
 .../client/apm_synthtrace_kibana_client.ts    |  4 +++
 .../infra/infra_synthtrace_kibana_client.ts   |  3 ++
 8 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 packages/kbn-apm-synthtrace/src/cli/utils/ssl.ts

diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_apm_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_apm_es_client.ts
index ee350ab3c56d8e3..b876f89fa38e0bb 100644
--- a/packages/kbn-apm-synthtrace/src/cli/utils/get_apm_es_client.ts
+++ b/packages/kbn-apm-synthtrace/src/cli/utils/get_apm_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { ApmSynthtraceEsClient } from '../../..';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getApmEsClient({
   target,
@@ -23,6 +24,7 @@ export function getApmEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   const apmEsClient = new ApmSynthtraceEsClient({
diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_assets_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_assets_es_client.ts
index 059a837492699a0..fa44bcbe3b2dead 100644
--- a/packages/kbn-apm-synthtrace/src/cli/utils/get_assets_es_client.ts
+++ b/packages/kbn-apm-synthtrace/src/cli/utils/get_assets_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { AssetsSynthtraceEsClient } from '../../lib/assets/assets_synthtrace_es_client';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getAssetsEsClient({
   target,
@@ -21,6 +22,7 @@ export function getAssetsEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   return new AssetsSynthtraceEsClient({
diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_infra_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_infra_es_client.ts
index 82a714dc8f244c9..a0f651d8f3185a8 100644
--- a/packages/kbn-apm-synthtrace/src/cli/utils/get_infra_es_client.ts
+++ b/packages/kbn-apm-synthtrace/src/cli/utils/get_infra_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { InfraSynthtraceEsClient } from '../../lib/infra/infra_synthtrace_es_client';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getInfraEsClient({
   target,
@@ -21,6 +22,7 @@ export function getInfraEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   return new InfraSynthtraceEsClient({
diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_logs_es_client.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_logs_es_client.ts
index 8bfcdaef9083991..863cf2c9964d41b 100644
--- a/packages/kbn-apm-synthtrace/src/cli/utils/get_logs_es_client.ts
+++ b/packages/kbn-apm-synthtrace/src/cli/utils/get_logs_es_client.ts
@@ -10,6 +10,7 @@ import { Client } from '@elastic/elasticsearch';
 import { LogsSynthtraceEsClient } from '../../lib/logs/logs_synthtrace_es_client';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getEsClientTlsSettings } from './ssl';
 
 export function getLogsEsClient({
   target,
@@ -21,6 +22,7 @@ export function getLogsEsClient({
 }) {
   const client = new Client({
     node: target,
+    tls: getEsClientTlsSettings(target),
   });
 
   return new LogsSynthtraceEsClient({
diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts b/packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts
index 3967040a569af9b..d8c11af6b41a984 100644
--- a/packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts
+++ b/packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts
@@ -10,6 +10,7 @@ import fetch from 'node-fetch';
 import { format, parse, Url } from 'url';
 import { Logger } from '../../lib/utils/create_logger';
 import { RunOptions } from './parse_run_cli_flags';
+import { getFetchAgent } from './ssl';
 
 async function discoverAuth(parsedTarget: Url) {
   const possibleCredentials = [`admin:changeme`, `elastic:changeme`, `elastic_serverless:changeme`];
@@ -20,7 +21,9 @@ async function discoverAuth(parsedTarget: Url) {
     });
     let status: number;
     try {
-      const response = await fetch(url);
+      const response = await fetch(url, {
+        agent: getFetchAgent(url),
+      });
       status = response.status;
     } catch (err) {
       status = 0;
@@ -43,6 +46,7 @@ async function getKibanaUrl({ target, logger }: { target: string; logger: Logger
       method: 'HEAD',
       follow: 1,
       redirect: 'manual',
+      agent: getFetchAgent(target),
     });
 
     const discoveredKibanaUrl =
@@ -62,6 +66,7 @@ async function getKibanaUrl({ target, logger }: { target: string; logger: Logger
 
     const redirectedResponse = await fetch(discoveredKibanaUrlWithAuth, {
       method: 'HEAD',
+      agent: getFetchAgent(discoveredKibanaUrlWithAuth),
     });
 
     if (redirectedResponse.status !== 200) {
diff --git a/packages/kbn-apm-synthtrace/src/cli/utils/ssl.ts b/packages/kbn-apm-synthtrace/src/cli/utils/ssl.ts
new file mode 100644
index 000000000000000..22ad438323e6b12
--- /dev/null
+++ b/packages/kbn-apm-synthtrace/src/cli/utils/ssl.ts
@@ -0,0 +1,31 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import * as Fs from 'fs';
+import { CA_CERT_PATH } from '@kbn/dev-utils';
+import https from 'https';
+
+export function getFetchAgent(url: string) {
+  const isHTTPS = new URL(url).protocol === 'https:';
+  const isLocalhost = new URL(url).hostname === 'localhost';
+  return isHTTPS && isLocalhost ? new https.Agent({ rejectUnauthorized: false }) : undefined;
+}
+
+export function getEsClientTlsSettings(url: string) {
+  const isHTTPS = new URL(url).protocol === 'https:';
+  // load the CA cert from disk if necessary
+  const caCert = isHTTPS ? Fs.readFileSync(CA_CERT_PATH) : null;
+  const isLocalhost = new URL(url).hostname === 'localhost';
+
+  return caCert && isLocalhost
+    ? {
+        ca: caCert,
+        rejectUnauthorized: true,
+      }
+    : undefined;
+}
diff --git a/packages/kbn-apm-synthtrace/src/lib/apm/client/apm_synthtrace_kibana_client.ts b/packages/kbn-apm-synthtrace/src/lib/apm/client/apm_synthtrace_kibana_client.ts
index caf6f47be45ce5a..56b3b92d287d46a 100644
--- a/packages/kbn-apm-synthtrace/src/lib/apm/client/apm_synthtrace_kibana_client.ts
+++ b/packages/kbn-apm-synthtrace/src/lib/apm/client/apm_synthtrace_kibana_client.ts
@@ -10,6 +10,7 @@ import fetch from 'node-fetch';
 import pRetry from 'p-retry';
 import { Logger } from '../../utils/create_logger';
 import { kibanaHeaders } from '../../shared/client_headers';
+import { getFetchAgent } from '../../../cli/utils/ssl';
 
 export class ApmSynthtraceKibanaClient {
   private readonly logger: Logger;
@@ -34,6 +35,7 @@ export class ApmSynthtraceKibanaClient {
     const response = await fetch(url, {
       method: 'GET',
       headers: kibanaHeaders(),
+      agent: getFetchAgent(url),
     });
 
     const responseJson = await response.json();
@@ -62,6 +64,7 @@ export class ApmSynthtraceKibanaClient {
           method: 'POST',
           headers: kibanaHeaders(),
           body: '{"force":true}',
+          agent: getFetchAgent(url),
         });
 
         if (!res.ok) {
@@ -109,6 +112,7 @@ export class ApmSynthtraceKibanaClient {
           method: 'DELETE',
           headers: kibanaHeaders(),
           body: '{"force":true}',
+          agent: getFetchAgent(url),
         });
 
         if (!res.ok) {
diff --git a/packages/kbn-apm-synthtrace/src/lib/infra/infra_synthtrace_kibana_client.ts b/packages/kbn-apm-synthtrace/src/lib/infra/infra_synthtrace_kibana_client.ts
index c1ac555276a66f6..b39efada2abff27 100644
--- a/packages/kbn-apm-synthtrace/src/lib/infra/infra_synthtrace_kibana_client.ts
+++ b/packages/kbn-apm-synthtrace/src/lib/infra/infra_synthtrace_kibana_client.ts
@@ -11,6 +11,7 @@ import fetch from 'node-fetch';
 import pRetry from 'p-retry';
 import { Logger } from '../utils/create_logger';
 import { kibanaHeaders } from '../shared/client_headers';
+import { getFetchAgent } from '../../cli/utils/ssl';
 
 export class InfraSynthtraceKibanaClient {
   private readonly logger: Logger;
@@ -30,6 +31,7 @@ export class InfraSynthtraceKibanaClient {
     const response = await fetch(fleetPackageApiUrl, {
       method: 'GET',
       headers: kibanaHeaders(),
+      agent: getFetchAgent(fleetPackageApiUrl),
     });
 
     const responseJson = await response.json();
@@ -54,6 +56,7 @@ export class InfraSynthtraceKibanaClient {
         method: 'POST',
         headers: kibanaHeaders(),
         body: '{"force":true}',
+        agent: getFetchAgent(url),
       });
     });