Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Output Secrets Backend #169221

Merged
merged 30 commits into from Oct 24, 2023
Merged

[Fleet] Output Secrets Backend #169221

merged 30 commits into from Oct 24, 2023

Conversation

hop-dev
Copy link
Contributor

@hop-dev hop-dev commented Oct 18, 2023

Summary

Had to recreate this after pinging the whole of Kibana accidentally on the last one :D

Part of #157458

Adds the ability to sepcify secrets in outputs. Currently the following secrets are supported:

  • kafka output SSL key
  • kafka output password
  • logstash output SSL key

The behaviour is as follows:

  • on create, secrets are created and the plain string is replaced with a secret reference on the output saved object
  • on update, if a secret is updated, the old secret is deleted and a new one is created, the new secret ref is added to the output
  • on delete, all secrets are deleted
  • behaviour is behind a feature flag as flee tserver does not support these yet

Secrets are only enabled if a fleet server of 8.10.0 or greater is connected.

Integration tests added for all scenarios.

hop-dev and others added 27 commits October 12, 2023 10:27
@hop-dev
Create validation working
6609527
@hop-dev
secrets being created correctly
4642f64
@hop-dev
password secret working
27bfcf9
@hop-dev
output secrets added to agent policy
3b4e09c
@hop-dev
update working
f5f5176
@hop-dev
delete secrets
de7358b
@hop-dev
put create behind feature flah
a16accf
@hop-dev
API docs
61ba7dc
@hop-dev
fix types
1224f2d
@hop-dev
add mock
975f39e
@hop-dev
update SO snapshot
0c183de
@hop-dev
fix deleted secrets test
8d9a3de
@hop-dev
remove console.log
d78b5ab
@hop-dev
do not throw if no settings object
8a12369
@hop-dev
add mock logger
5aac2fb
@hop-dev
renove assertion
21abb0b
@hop-dev
fix docs
47296cc
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/check_mappings_upda…
f3f275d 
…te --fix'
@hop-dev
fix types
68c8085
@hop-dev
remove unused res
8cf944b
@hop-dev
fix agent list resturn statement
3d64063
@kibanamachine
Merge branch 'main' into output-secrets
ae2f2a9
@hop-dev
Merge branch 'main' into output-secrets
512c863
@kibanamachine
Merge branch 'main' into output-secrets
e9c96f1
@hop-dev
add feature flag
73afbd1
@hop-dev
delete secrets after saved object
3f933f9
@hop-dev
Merge branch 'main' into output-secrets
239cf45
@hop-dev hop-dev requested review from a team as code owners October 18, 2023 11:35
@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Oct 18, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • /oblt-deploy-serverless : Deploy a serverless Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

juliaElastic
juliaElastic approved these changes Oct 18, 2023
View reviewed changes
Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, could we document what changes are needed to introduce a new output secret field? e.g. remote-elasticsearch service_token field

@juliaElastic juliaElastic added the release_note:feature Makes this part of the condensed release notes label Oct 19, 2023
@juliaElastic juliaElastic mentioned this pull request Oct 19, 2023
Merged
2 tasks
@kpollich kpollich self-requested a review October 19, 2023 15:25
@hop-dev
Copy link
Contributor Author

hop-dev commented Oct 24, 2023

@elasticmachine merge upstream

@hop-dev
Copy link
Contributor Author

hop-dev commented Oct 24, 2023

@elasticmachine merge upstream

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 147.5KB 147.6KB +24.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @hop-dev

@hop-dev hop-dev merged commit ce24d1a into elastic:main Oct 24, 2023
29 checks passed
@hop-dev hop-dev deleted the output-secrets branch October 24, 2023 12:22
@kibanamachine kibanamachine added v8.12.0 backport:skip This commit does not require backporting labels Oct 24, 2023
@hop-dev hop-dev mentioned this pull request Oct 24, 2023
Merged
hop-dev added a commit that referenced this pull request Oct 25, 2023
@hop-dev @kibanamachine
[Fleet] Output secrets UI (#169429)
eaddc54 
## Summary

Continuation of #169221. Part of
#157458

_Note: The experimental feature flag `outputSecretsStorage` must be
enabled to see these changes._

Introduces the UI components to create and edit output secrets,
currently there are only 3 output secrets:

- Kafka output password
- Kafka output SSL key
- Logstash output SSL key

Some key behaviours of the new UI:

- on creating an output, the user can opt to revert to using plain text
values if they want
- once an output has been created with a secret, when editing the
output, the secret values can only be replaced, never viewed
- If an output uses plain values, there currently isn't a way to convert
to using secrets.

**Create**
<img width="1639" alt="Screenshot 2023-10-24 at 14 48 49"
src="https://github.com/elastic/kibana/assets/3315046/4f1d6715-70bb-4a91-a619-78cbc37106d7">


**Edit**



https://github.com/elastic/kibana/assets/3315046/d8d44911-81d3-4a06-a0ff-ece981a36496

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jloleysens jloleysens jloleysens approved these changes

@jrodewig jrodewig jrodewig approved these changes

@juliaElastic juliaElastic juliaElastic approved these changes

@kpollich kpollich Awaiting requested review from kpollich

Assignees

@hop-dev hop-dev

Labels
backport:skip This commit does not require backporting release_note:feature Makes this part of the condensed release notes Team:Fleet Team label for Observability Data Collection Fleet team v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@hop-dev @elasticmachine @apmmachine @kibana-ci @jloleysens @jrodewig @juliaElastic @kibanamachine