Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] Support preconfigured output secrets (scrypt edition) #172041

Merged
merged 9 commits into from Nov 30, 2023
Merged

[Fleet] Support preconfigured output secrets (scrypt edition) #172041

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
30766a3
[Fleet] Support preconfigured output secrets
hop-dev Nov 23, 2023
d975741
Replace argon2 with scrypt
jillguyonnet Nov 28, 2023
c81c2aa
Fix type check
jillguyonnet Nov 28, 2023
0184a8d
Improve hashing functions
jillguyonnet Nov 28, 2023
beadeac
Merge branch 'main' into fleet/166360-preconfigured-output-secrets-sc…
kibanamachine Nov 28, 2023
a28b1cb
Fix types
jillguyonnet Nov 29, 2023
c86a212
Add unit tests for remote ES output type
jillguyonnet Nov 29, 2023
992ee79
Fix type casting
jillguyonnet Nov 30, 2023
1fac829
Merge branch 'main' into fleet/166360-preconfigured-output-secrets-sc…
kibanamachine Nov 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
31 changes: 10 additions & 21 deletions x-pack/plugins/fleet/common/types/models/output.ts
View file
Open in desktop
Expand Up @@ -23,7 +23,12 @@ export type KafkaPartitionType = typeof kafkaPartitionType;
export type KafkaTopicWhenType = typeof kafkaTopicWhenType;
export type KafkaAcknowledgeReliabilityLevel = typeof kafkaAcknowledgeReliabilityLevel;
export type KafkaVerificationMode = typeof kafkaVerificationModes;

export type OutputSecret =
| string
| {
id: string;
hash?: string;
};
interface NewBaseOutput {
is_default: boolean;
is_default_monitoring: boolean;
Expand Down Expand Up @@ -54,23 +59,15 @@ export interface NewRemoteElasticsearchOutput extends NewBaseOutput {
type: OutputType['RemoteElasticsearch'];
service_token?: string;
secrets?: {
service_token?:
| string
| {
id: string;
};
service_token?: OutputSecret;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@juliaElastic Does this look OK? I made this change after #171875 was merged.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it's good

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should test if a preconfigured remote_elasticsearch output works though

};
}

export interface NewLogstashOutput extends NewBaseOutput {
type: OutputType['Logstash'];
secrets?: {
ssl?: {
key?:
| string
| {
id: string;
};
key?: OutputSecret;
};
};
}
Expand Down Expand Up @@ -139,17 +136,9 @@ export interface KafkaOutput extends NewBaseOutput {
broker_timeout?: number;
required_acks?: ValueOf<KafkaAcknowledgeReliabilityLevel>;
secrets?: {
password?:
| string
| {
id: string;
};
password?: OutputSecret;
ssl?: {
key?:
| string
| {
id: string;
};
key?: OutputSecret;
};
};
}
14 changes: 12 additions & 2 deletions x-pack/plugins/fleet/server/services/output.ts
View file
Open in desktop
Expand Up @@ -419,7 +419,12 @@ class OutputService {
soClient: SavedObjectsClientContract,
esClient: ElasticsearchClient,
output: NewOutput,
options?: { id?: string; fromPreconfiguration?: boolean; overwrite?: boolean }
options?: {
id?: string;
fromPreconfiguration?: boolean;
overwrite?: boolean;
secretHashes?: Record<string, any>;
}
): Promise<Output> {
const data: OutputSOAttributes = { ...omit(output, ['ssl', 'secrets']) };
if (output.type === outputType.RemoteElasticsearch) {
Expand Down Expand Up @@ -555,6 +560,7 @@ class OutputService {
const { output: outputWithSecrets } = await extractAndWriteOutputSecrets({
output,
esClient,
secretHashes: output.is_preconfigured ? options?.secretHashes : undefined,
});

if (outputWithSecrets.secrets) data.secrets = outputWithSecrets.secrets;
Expand Down Expand Up @@ -716,7 +722,10 @@ class OutputService {
esClient: ElasticsearchClient,
id: string,
data: Partial<Output>,
{ fromPreconfiguration = false }: { fromPreconfiguration: boolean } = {
{
fromPreconfiguration = false,
secretHashes,
}: { fromPreconfiguration: boolean; secretHashes?: Record<string, any> } = {
fromPreconfiguration: false,
}
) {
Expand Down Expand Up @@ -747,6 +756,7 @@ class OutputService {
oldOutput: originalOutput,
outputUpdate: data,
esClient,
secretHashes: data.is_preconfigured ? secretHashes : undefined,
});

updateData.secrets = secretsRes.outputUpdate.secrets;
Expand Down