synthetics - omit tls fields from private location package policies

elastic · Jan 23, 2023 · 727c554 · 727c554
1 parent 188009f
commit 727c554
Show file tree

Hide file tree

Showing 4 changed files with 147 additions and 38 deletions.
diff --git a/x-pack/plugins/synthetics/common/formatters/tls/formatters.ts b/x-pack/plugins/synthetics/common/formatters/tls/formatters.ts
@@ -4,29 +4,43 @@
  * 2.0; you may not use this file except in compliance with the Elastic License
  * 2.0.
  */
-import { TLSFields, ConfigKey } from '../../runtime_types/monitor_management';
+import { TLSFields, TLSVersion, ConfigKey } from '../../runtime_types/monitor_management';
 import { Formatter } from '../common/formatters';
 
 type TLSFormatMap = Record<keyof TLSFields, Formatter>;
 
 export const tlsFormatters: TLSFormatMap = {
   [ConfigKey.TLS_CERTIFICATE_AUTHORITIES]: (fields) =>
-    tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE_AUTHORITIES]),
+    fields[ConfigKey.METADATA]?.is_tls_enabled
+      ? tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE_AUTHORITIES])
+      : null,
   [ConfigKey.TLS_CERTIFICATE]: (fields) =>
-    tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE]),
-  [ConfigKey.TLS_KEY]: (fields) => tlsValueToYamlFormatter(fields[ConfigKey.TLS_KEY]),
+    fields[ConfigKey.METADATA]?.is_tls_enabled
+      ? tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE])
+      : null,
+  [ConfigKey.TLS_KEY]: (fields) =>
+    fields[ConfigKey.METADATA]?.is_tls_enabled
+      ? tlsValueToYamlFormatter(fields[ConfigKey.TLS_KEY])
+      : null,
   [ConfigKey.TLS_KEY_PASSPHRASE]: (fields) =>
-    tlsValueToStringFormatter(fields[ConfigKey.TLS_KEY_PASSPHRASE]),
+    fields[ConfigKey.METADATA]?.is_tls_enabled
+      ? tlsValueToStringFormatter(fields[ConfigKey.TLS_KEY_PASSPHRASE])
+      : null,
   [ConfigKey.TLS_VERIFICATION_MODE]: (fields) =>
-    tlsValueToStringFormatter(fields[ConfigKey.TLS_VERIFICATION_MODE]),
-  [ConfigKey.TLS_VERSION]: (fields) => tlsArrayToYamlFormatter(fields[ConfigKey.TLS_VERSION]),
+    fields[ConfigKey.METADATA]?.is_tls_enabled
+      ? tlsValueToStringFormatter(fields[ConfigKey.TLS_VERIFICATION_MODE])
+      : null,
+  [ConfigKey.TLS_VERSION]: (fields) =>
+    fields[ConfigKey.METADATA]?.is_tls_enabled
+      ? tlsArrayToYamlFormatter(fields[ConfigKey.TLS_VERSION])
+      : null,
 };
 
 // only add tls settings if they are enabled by the user and isEnabled is true
-export const tlsValueToYamlFormatter = (tlsValue: string = '') =>
+export const tlsValueToYamlFormatter = (tlsValue: string | null = '') =>
   tlsValue ? JSON.stringify(tlsValue) : null;
 
-export const tlsValueToStringFormatter = (tlsValue: string = '') => tlsValue || null;
+export const tlsValueToStringFormatter = (tlsValue: string | null = '') => tlsValue || null;
 
-export const tlsArrayToYamlFormatter = (tlsValue: string[] = []) =>
-  tlsValue.length ? JSON.stringify(tlsValue) : null;
+export const tlsArrayToYamlFormatter = (tlsValue: TLSVersion[] | null = []) =>
+  tlsValue?.length ? JSON.stringify(tlsValue) : null;
diff --git a/x-pack/test/api_integration/apis/synthetics/add_monitor_private_location.ts b/x-pack/test/api_integration/apis/synthetics/add_monitor_private_location.ts
@@ -99,7 +99,8 @@ export default function ({ getService }: FtrProviderContext) {
       const apiResponse = await supertestAPI
         .post(API_URLS.SYNTHETICS_MONITORS)
         .set('kbn-xsrf', 'true')
-        .send(newMonitor);
+        .send(newMonitor)
+        .expect(200);
 
       expect(apiResponse.body.attributes).eql(
         omit(
@@ -330,6 +331,97 @@ export default function ({ getService }: FtrProviderContext) {
       }
     });
 
+    it('handles is_tls_enabled true', async () => {
+      let monitorId = '';
+
+      const monitor = {
+        ...httpMonitorJson,
+        locations: [
+          {
+            id: testFleetPolicyID,
+            label: 'Test private location 0',
+            isServiceManaged: false,
+          },
+        ],
+        [ConfigKey.METADATA]: {
+          is_tls_enabled: true,
+        },
+      };
+
+      try {
+        const apiResponse = await supertestAPI
+          .post(API_URLS.SYNTHETICS_MONITORS)
+          .set('kbn-xsrf', 'true')
+          .send(monitor)
+          .expect(200);
+
+        monitorId = apiResponse.body.id;
+
+        const policyResponse = await supertestAPI.get(
+          '/api/fleet/package_policies?page=1&perPage=2000&kuery=ingest-package-policies.package.name%3A%20synthetics'
+        );
+
+        const packagePolicy = policyResponse.body.items.find(
+          (pkgPolicy: PackagePolicy) =>
+            pkgPolicy.id === monitorId + '-' + testFleetPolicyID + `-default`
+        );
+        comparePolicies(
+          packagePolicy,
+          getTestSyntheticsPolicy(monitor.name, monitorId, undefined, undefined, true)
+        );
+      } finally {
+        await supertestAPI
+          .delete(API_URLS.SYNTHETICS_MONITORS + '/' + monitorId)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+      }
+    });
+
+    it('handles is_tls_enabled false', async () => {
+      let monitorId = '';
+
+      const monitor = {
+        ...httpMonitorJson,
+        locations: [
+          {
+            id: testFleetPolicyID,
+            label: 'Test private location 0',
+            isServiceManaged: false,
+          },
+        ],
+        [ConfigKey.METADATA]: {
+          is_tls_enabled: false,
+        },
+      };
+
+      try {
+        const apiResponse = await supertestAPI
+          .post(API_URLS.SYNTHETICS_MONITORS)
+          .set('kbn-xsrf', 'true')
+          .send(monitor)
+          .expect(200);
+
+        monitorId = apiResponse.body.id;
+
+        const policyResponse = await supertestAPI.get(
+          '/api/fleet/package_policies?page=1&perPage=2000&kuery=ingest-package-policies.package.name%3A%20synthetics'
+        );
+
+        const packagePolicy = policyResponse.body.items.find(
+          (pkgPolicy: PackagePolicy) =>
+            pkgPolicy.id === monitorId + '-' + testFleetPolicyID + `-default`
+        );
+        comparePolicies(packagePolicy, getTestSyntheticsPolicy(monitor.name, monitorId));
+      } finally {
+        await supertestAPI
+          .delete(API_URLS.SYNTHETICS_MONITORS + '/' + monitorId)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+      }
+    });
+
     it('handles auto upgrading policies', async () => {
       let monitorId = '';
 
@@ -350,8 +442,8 @@ export default function ({ getService }: FtrProviderContext) {
         const apiResponse = await supertestAPI
           .post(API_URLS.SYNTHETICS_MONITORS)
           .set('kbn-xsrf', 'true')
-          .send(monitor);
-
+          .send(monitor)
+          .expect(200);
         monitorId = apiResponse.body.id;
 
         const policyResponse = await supertestAPI.get(

diff --git a/x-pack/test/api_integration/apis/synthetics/sample_data/test_policy.ts b/x-pack/test/api_integration/apis/synthetics/sample_data/test_policy.ts
@@ -13,7 +13,8 @@ export const getTestSyntheticsPolicy = (
   name: string,
   id: string,
   locationName?: string,
-  namespace?: string
+  namespace?: string,
+  isTLSEnabled?: boolean
 ): PackagePolicy => ({
   id: '2bfd7da0-22ed-11ed-8c6b-09a2d21dfbc3-27337270-22ed-11ed-8c6b-09a2d21dfbc3-default',
   version: 'WzE2MjYsMV0=',
@@ -41,8 +42,7 @@ export const getTestSyntheticsPolicy = (
           },
           vars: {
             __ui: {
-              value:
-                '{"is_tls_enabled":false,"is_zip_url_tls_enabled":false,"script_source":{"is_generated_script":false,"file_name":"test-file.name"}}',
+              value: `{"is_tls_enabled":${isTLSEnabled || false}}`,
               type: 'yaml',
             },
             enabled: { value: true, type: 'bool' },
@@ -69,12 +69,18 @@ export const getTestSyntheticsPolicy = (
             'check.response.headers': { value: null, type: 'yaml' },
             'check.response.body.positive': { value: null, type: 'yaml' },
             'check.response.body.negative': { value: null, type: 'yaml' },
-            'ssl.certificate_authorities': { value: '"t.string"', type: 'yaml' },
-            'ssl.certificate': { value: '"t.string"', type: 'yaml' },
-            'ssl.key': { value: '"t.string"', type: 'yaml' },
-            'ssl.key_passphrase': { value: 't.string', type: 'text' },
-            'ssl.verification_mode': { value: 'certificate', type: 'text' },
-            'ssl.supported_protocols': { value: '["TLSv1.1","TLSv1.2"]', type: 'yaml' },
+            'ssl.certificate_authorities': {
+              value: isTLSEnabled ? '"t.string"' : null,
+              type: 'yaml',
+            },
+            'ssl.certificate': { value: isTLSEnabled ? '"t.string"' : null, type: 'yaml' },
+            'ssl.key': { value: isTLSEnabled ? '"t.string"' : null, type: 'yaml' },
+            'ssl.key_passphrase': { value: isTLSEnabled ? 't.string' : null, type: 'text' },
+            'ssl.verification_mode': { value: isTLSEnabled ? 'certificate' : null, type: 'text' },
+            'ssl.supported_protocols': {
+              value: isTLSEnabled ? '["TLSv1.1","TLSv1.2"]' : null,
+              type: 'yaml',
+            },
             location_name: { value: locationName ?? 'Test private location 0', type: 'text' },
             id: { value: id, type: 'text' },
             config_id: { value: id, type: 'text' },
@@ -86,9 +92,7 @@ export const getTestSyntheticsPolicy = (
           id: 'synthetics/http-http-2bfd7da0-22ed-11ed-8c6b-09a2d21dfbc3-27337270-22ed-11ed-8c6b-09a2d21dfbc3-default',
           compiled_stream: {
             __ui: {
-              is_tls_enabled: false,
-              is_zip_url_tls_enabled: false,
-              script_source: { is_generated_script: false, file_name: 'test-file.name' },
+              is_tls_enabled: isTLSEnabled || false,
             },
             type: 'http',
             name,
@@ -111,12 +115,16 @@ export const getTestSyntheticsPolicy = (
             'check.request.headers': { sampleHeader: 'sampleHeaderValue' },
             'check.request.body': 'testValue',
             'check.response.status': ['200', '201'],
-            'ssl.certificate': 't.string',
-            'ssl.certificate_authorities': 't.string',
-            'ssl.key': 't.string',
-            'ssl.key_passphrase': 't.string',
-            'ssl.verification_mode': 'certificate',
-            'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2'],
+            ...(isTLSEnabled
+              ? {
+                  'ssl.certificate': 't.string',
+                  'ssl.certificate_authorities': 't.string',
+                  'ssl.key': 't.string',
+                  'ssl.key_passphrase': 't.string',
+                  'ssl.verification_mode': 'certificate',
+                  'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2'],
+                }
+              : {}),
             processors: [
               {
                 add_fields: {

diff --git a/x-pack/test/api_integration/apis/uptime/rest/fixtures/http_monitor.json b/x-pack/test/api_integration/apis/uptime/rest/fixtures/http_monitor.json
@@ -18,12 +18,7 @@
   "config_id": "",
   "timeout": "3m",
   "__ui": {
-    "is_tls_enabled": false,
-    "is_zip_url_tls_enabled": false,
-    "script_source": {
-      "is_generated_script": false,
-      "file_name": "test-file.name"
-    }
+    "is_tls_enabled": false
   },
   "max_redirects": "3",
   "password": "test",