Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.6] [Synthetics] Omit or include
ssl
keys when appropriate for pr…
…oject monitors and private locations (#149298) (#149447) # Backport This will backport the following commits from `main` to `8.6`: - [[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)](#149298) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Dominique Clarke","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-01-24T19:56:38Z","message":"[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)\n\n## Summary\r\n\r\nResolves https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls fields from being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non the Synthetics Integration policy when `is_tls_enabled` is false\r\n2. Ensures `is_tls_enabled` is set properly for project monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis ensures that when a monitor is sent to a public location or a\r\nprivate location, the `ssl` fields are sent or stripped appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private location\r\n2. Create 2 lightweight project monitors using the following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id: 'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a private and public location\r\nvia the `monitor` key in your `synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations: [\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4. Navigate to the agent policy for the private location and inspect the\r\nfull policy. Ensure the Synthetics policy on the agent package policy\r\ndoes not have `ssl` fields set for ssl disabled monitor. Ensure the\r\n`ssl` fields are set for the ssl enabled monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:uptime","v8.7.0","v8.6.1"],"number":149298,"url":"https://github.com/elastic/kibana/pull/149298","mergeCommit":{"message":"[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)\n\n## Summary\r\n\r\nResolves https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls fields from being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non the Synthetics Integration policy when `is_tls_enabled` is false\r\n2. Ensures `is_tls_enabled` is set properly for project monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis ensures that when a monitor is sent to a public location or a\r\nprivate location, the `ssl` fields are sent or stripped appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private location\r\n2. Create 2 lightweight project monitors using the following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id: 'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a private and public location\r\nvia the `monitor` key in your `synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations: [\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4. Navigate to the agent policy for the private location and inspect the\r\nfull policy. Ensure the Synthetics policy on the agent package policy\r\ndoes not have `ssl` fields set for ssl disabled monitor. Ensure the\r\n`ssl` fields are set for the ssl enabled monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149298","number":149298,"mergeCommit":{"message":"[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)\n\n## Summary\r\n\r\nResolves https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls fields from being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non the Synthetics Integration policy when `is_tls_enabled` is false\r\n2. Ensures `is_tls_enabled` is set properly for project monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis ensures that when a monitor is sent to a public location or a\r\nprivate location, the `ssl` fields are sent or stripped appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private location\r\n2. Create 2 lightweight project monitors using the following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id: 'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a private and public location\r\nvia the `monitor` key in your `synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations: [\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4. Navigate to the agent policy for the private location and inspect the\r\nfull policy. Ensure the Synthetics policy on the agent package policy\r\ndoes not have `ssl` fields set for ssl disabled monitor. Ensure the\r\n`ssl` fields are set for the ssl enabled monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a"}},{"branch":"8.6","label":"v8.6.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: kibanamachine <[email protected]>
- Loading branch information