[Alerts] whitelist configuration settings for cloud

[peterschretlen]

We have a few configuration settings for actions

• xpack.actions.enabled
• xpack.actions.whitelistedHosts

and alerts has

• xpack.alerting.enabled

These will need to be whitelisted in order to be configurable in products like Elasticsearch Service. #50209 will enable the plugins by default so I don't think we need to expose those settings, but xpack.actions.WhitelistedHosts seems like it should be whitelisted and tested in ESS.

[elasticmachine]

Pinging @elastic/kibana-stack-services (Team:Stack Services)

[pmuellr]

xpack.actions.enabled and xpack.alerting.enabled are now enabled by default via PR #51254, so we don't need them whitelisted unless we want users to disable them.

[pmuellr]

Now that email does whitelisting via PR #52221, we'll need to get xpack.actions.whitelistedHosts whitelisted for cloud use, in order to test using the email action with the cloud-supplied email relay.

[peterschretlen]

I'm wondering if we should also expose and whitelist flags for each of the built in action types, like was discussed in #51784

xpack.actions.webhook.enabled
xpack.actions.email.enabled
xpack.actions.slack.enabled
xpack.actions.pagerduty.enabled
xpack.actions.index.enabled
xpack.actions.serverlog.enabled

Specifically I think webhook is something we may want to disable on cloud and not whitelist (at least for now) because of SSRF concerns. I'll open that as a separate issue, but wanted to mention it here as it would affect the list of configs to whitelist.

[pmuellr]

The way the function was eventually implemented was with a single, new config value, xpack.actions.enabledActionTypes, which is an array of strings, which are the enabled action types, where an entry of '*' indicates all actions should be enabled. The default value of the config is ["*"].

Cloud whitelisting of this property was done in PR https://github.com/elastic/cloud/pull/46815