-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Synthetics] Omit or include ssl
keys when appropriate for project monitors and private locations
#149298
[Synthetics] Omit or include ssl
keys when appropriate for project monitors and private locations
#149298
Conversation
ssl
keys when appropriate for project monitors and private locations
Pinging @elastic/uptime (Team:uptime) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
💔 All backports failed
Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…monitors and private locations (elastic#149298) ## Summary Resolves elastic#149083 1. [Prevents tls fields from being saved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14) on the Synthetics Integration policy when `is_tls_enabled` is false 2. Ensures `is_tls_enabled` is set properly for project monitors ([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73) and [tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)). This ensures that when a monitor is sent to a public location or a private location, the `ssl` fields are sent or stripped appropriately. ### Testing 1. Create a private location 2. Create 2 lightweight project monitors using the following configuration ``` - type: tcp id: 'tls-enabled' name: 'TLS-Enabled' hosts: ["8.8.8.8:80"] ssl: verification_mode: 'strict' ``` ``` - type: tcp id: 'tls-disabled' name: 'TLS-Disabled' hosts: ["8.8.8.8:80"] ``` 3. Set these monitors to execute from both a private and public location via the `monitor` key in your `synthetics.config.ts` file. ``` monitor: { schedule: 3, privateLocations: ["YOUR PRIVATE LOCATION"], locations: ["us_central"], // to test against dev environment }, ``` 4. Navigate to the agent policy for the private location and inspect the full policy. Ensure the Synthetics policy on the agent package policy does not have `ssl` fields set for ssl disabled monitor. Ensure the `ssl` fields are set for the ssl enabled monitor. (cherry picked from commit 0592abd) # Conflicts: # x-pack/plugins/synthetics/common/formatters/format_synthetics_policy.test.ts # x-pack/plugins/synthetics/server/synthetics_service/project_monitor/normalizers/http_monitor.ts # x-pack/test/api_integration/apis/synthetics/sample_data/test_policy.ts
…oject monitors and private locations (#149298) (#149447) # Backport This will backport the following commits from `main` to `8.6`: - [[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)](#149298) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Dominique Clarke","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-01-24T19:56:38Z","message":"[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)\n\n## Summary\r\n\r\nResolves https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls fields from being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non the Synthetics Integration policy when `is_tls_enabled` is false\r\n2. Ensures `is_tls_enabled` is set properly for project monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis ensures that when a monitor is sent to a public location or a\r\nprivate location, the `ssl` fields are sent or stripped appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private location\r\n2. Create 2 lightweight project monitors using the following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id: 'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a private and public location\r\nvia the `monitor` key in your `synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations: [\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4. Navigate to the agent policy for the private location and inspect the\r\nfull policy. Ensure the Synthetics policy on the agent package policy\r\ndoes not have `ssl` fields set for ssl disabled monitor. Ensure the\r\n`ssl` fields are set for the ssl enabled monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:uptime","v8.7.0","v8.6.1"],"number":149298,"url":"https://github.com/elastic/kibana/pull/149298","mergeCommit":{"message":"[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)\n\n## Summary\r\n\r\nResolves https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls fields from being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non the Synthetics Integration policy when `is_tls_enabled` is false\r\n2. Ensures `is_tls_enabled` is set properly for project monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis ensures that when a monitor is sent to a public location or a\r\nprivate location, the `ssl` fields are sent or stripped appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private location\r\n2. Create 2 lightweight project monitors using the following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id: 'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a private and public location\r\nvia the `monitor` key in your `synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations: [\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4. Navigate to the agent policy for the private location and inspect the\r\nfull policy. Ensure the Synthetics policy on the agent package policy\r\ndoes not have `ssl` fields set for ssl disabled monitor. Ensure the\r\n`ssl` fields are set for the ssl enabled monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149298","number":149298,"mergeCommit":{"message":"[Synthetics] Omit or include `ssl` keys when appropriate for project monitors and private locations (#149298)\n\n## Summary\r\n\r\nResolves https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls fields from being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non the Synthetics Integration policy when `is_tls_enabled` is false\r\n2. Ensures `is_tls_enabled` is set properly for project monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis ensures that when a monitor is sent to a public location or a\r\nprivate location, the `ssl` fields are sent or stripped appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private location\r\n2. Create 2 lightweight project monitors using the following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id: 'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a private and public location\r\nvia the `monitor` key in your `synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations: [\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4. Navigate to the agent policy for the private location and inspect the\r\nfull policy. Ensure the Synthetics policy on the agent package policy\r\ndoes not have `ssl` fields set for ssl disabled monitor. Ensure the\r\n`ssl` fields are set for the ssl enabled monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a"}},{"branch":"8.6","label":"v8.6.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: kibanamachine <[email protected]>
The backport for the |
Summary
Resolves #149083
is_tls_enabled
is falseis_tls_enabled
is set properly for project monitors (http and tcp). This ensures that when a monitor is sent to a public location or a private location, thessl
fields are sent or stripped appropriately.Testing
monitor
key in yoursynthetics.config.ts
file.ssl
fields set for ssl disabled monitor. Ensure thessl
fields are set for the ssl enabled monitor.