Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Fleet] Use new Fleet Secrets ES APIs instead of reading/writing secrets index #163075

Merged
merged 3 commits into from
Aug 8, 2023

Conversation

criamico
Copy link
Contributor

@criamico criamico commented Aug 3, 2023

Closes #162915

Summary

Replace direct calls to Fleet Secrets index with new API calls introduced with elastic/elasticsearch#97728

New ES secrets APIs:

POST /_fleet/secret/
{
  "value": "<secret value>"
}

// Returns the id of the created secret
{
  "id": "<secret_id>"
}

DELETE /_fleet/secret/<secret_id>

// returns 
{
  "deleted": true
}

NOTE: I tried running the secrets integration tests in #162732 but there is some ES error that I'm not sure how to address. I think that the test can be worked on separately

Testing

Testing steps are the exact same as #157176:

  • Start EPR locally loading the Secrets test package from Kibana:
docker run -p 8080:8080 -v /Users/<YOUR_PATH>/kibana/x-pack/test/fleet_api_integration/apis/fixtures/test_packages:/packages/test-packages -v /Users/<YOUR_PATH>/kibana/x-pack/test/fleet_api_integration/apis/fixtures/package_registry_config.yml:/package-registry/config.yml docker.elastic.co/package-registry/package-registry:main
  • Point kibana.dev.yml to local EPR:
  xpack.fleet.registryUrl: http://localhost:8080
  • Enable the secrets feature flag secretsStorage
  • Start kibana and navigate to integrations, install Secrets package.
  • It should create and edit the package policy successfully
Screenshot 2023-08-08 at 16 26 52
  • The yml policy should have the redacted secrets and secrets ids:
Screenshot 2023-08-08 at 15 43 22

@criamico criamico added Team:Fleet Team label for Observability Data Collection Fleet team v8.10.0 labels Aug 3, 2023
@apmmachine
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • /oblt-deploy-serverless : Deploy a serverless Kibana instance using the Observability test environments.
  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@criamico
Copy link
Contributor Author

criamico commented Aug 8, 2023

@elasticmachine merge upstream

@criamico criamico self-assigned this Aug 8, 2023
@criamico criamico marked this pull request as ready for review August 8, 2023 14:55
@criamico criamico requested a review from a team as a code owner August 8, 2023 14:55
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@criamico criamico added the release_note:skip Skip the PR/issue when compiling release notes label Aug 8, 2023
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @criamico

Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I'm ok with fixing the integration tests in a follow up pr.

@criamico criamico merged commit c249c30 into elastic:main Aug 8, 2023
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Aug 8, 2023
@criamico criamico deleted the 162915_Use_new_secrets_api branch August 8, 2023 16:05
bryce-b pushed a commit to bryce-b/kibana that referenced this pull request Aug 9, 2023
…ets index (elastic#163075)

Closes elastic#162915

## Summary
Replace direct calls to Fleet Secrets index with new API calls
introduced with elastic/elasticsearch#97728

### New ES secrets APIs:
```
POST /_fleet/secret/
{
  "value": "<secret value>"
}

// Returns the id of the created secret
{
  "id": "<secret_id>"
}

DELETE /_fleet/secret/<secret_id>

// returns 
{
  "deleted": true
}
```

NOTE: I tried running the secrets integration tests in
elastic#162732 but there is some ES
error that I'm not sure how to address. I think that the test can be
worked on separately

### Testing

Testing steps are the exact same as
elastic#157176:
- Start EPR locally loading the `Secrets` test package from Kibana:

```
docker run -p 8080:8080 -v /Users/<YOUR_PATH>/kibana/x-pack/test/fleet_api_integration/apis/fixtures/test_packages:/packages/test-packages -v /Users/<YOUR_PATH>/kibana/x-pack/test/fleet_api_integration/apis/fixtures/package_registry_config.yml:/package-registry/config.yml docker.elastic.co/package-registry/package-registry:main
```
- Point `kibana.dev.yml` to local EPR:
```
  xpack.fleet.registryUrl: http://localhost:8080
```
- Enable the secrets feature flag `secretsStorage`
- Start kibana and navigate to `integrations`, install `Secrets`
package.
- It should create and edit the package policy successfully

<img width="1800" alt="Screenshot 2023-08-08 at 16 26 52"
src="https://github.com/elastic/kibana/assets/16084106/5e2b77d9-71a9-4c5f-8b3b-5fc6546d562f">

- The yml policy should have the redacted secrets and secrets ids:

<img width="771" alt="Screenshot 2023-08-08 at 15 43 22"
src="https://github.com/elastic/kibana/assets/16084106/7db22c6b-b0db-4eb6-bc68-7174374c9c74">

---------

Co-authored-by: Kibana Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v8.10.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Fleet] Replace .fleet-secrets create/delete calls with API
6 participants