forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Fleet] Only enable output secrets if all Fleet servers are compatible (
elastic#173398) ## Summary Closes elastic#173041 Output secret storage requires that all Fleet servers are on version 8.12.0 or above. The implementation is similar to package policy secrets: elastic#163627: this PR adds the new `output_secret_storage_requirements_met` flag on the `ingest_manager_settings` saved object. ### Testing 1. Define a preconfigured output wit a secret value in your `kibana.dev.yml` file, e.g.: ```yml xpack.fleet.outputs: - id: my-logstash-output-with-a-secret name: preconfigured logstash output with a secret type: logstash hosts: ['localhost:9999'] ssl: certificate: xxxxxxxxxx secrets: ssl: key: secretLogstashKey ``` 3. Start ES and Kibana. Do not start a Fleet server. 4. Go to Fleet settings and inspect the preconfigured output: it should have been created and the secret value should not have been set (optionally, you can check in the Console with `GET .fleet-secrets/_search` that the secret was not created). However, a plain text equivalent should have been created (in the example above, `ssl.key` should be set to `secretLogstashKey`). 5. Start a Fleet server on version less than 8.12.0. Kibana should update the output. Again, check that the secret value was not set and that the plain text equivalent is set. 6. Stop the Fleet server and start another one on version 8.12.0 or higher. Kibana should update the output. This time, the secret value should have been set. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Julia Bardi <[email protected]>
- Loading branch information
1 parent
6a7166c
commit 70508b9
Showing
15 changed files
with
859 additions
and
518 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
x-pack/plugins/fleet/server/saved_objects/model_versions/v1.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { SavedObjectsModelVersion } from '@kbn/core-saved-objects-server'; | ||
|
||
export const settingsV1: SavedObjectsModelVersion = { | ||
changes: [ | ||
{ | ||
type: 'mappings_addition', | ||
addedMappings: { | ||
output_secret_storage_requirements_met: { type: 'boolean' }, | ||
}, | ||
}, | ||
], | ||
}; |
Oops, something went wrong.