github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.6] [Synthetics] Omit or include ssl keys when appropriate for project monitors and private locations (#149298) (#149447)

Browse source 
# Backport

This will backport the following commits from `main` to `8.6`:
- [[Synthetics] Omit or include `ssl` keys when appropriate for project
monitors and private locations
(#149298)](https://github.com/elastic/kibana/pull/149298)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Dominique
Clarke","email":"dominique.clarke@elastic.co"},"sourceCommit":{"committedDate":"2023-01-24T19:56:38Z","message":"[Synthetics]
Omit or include `ssl` keys when appropriate for project monitors and
private locations (#149298)\n\n## Summary\r\n\r\nResolves
https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls
fields from
being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non
the Synthetics Integration policy when `is_tls_enabled` is false\r\n2.
Ensures `is_tls_enabled` is set properly for project
monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis
ensures that when a monitor is sent to a public location or a\r\nprivate
location, the `ssl` fields are sent or stripped
appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private
location\r\n2. Create 2 lightweight project monitors using the
following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id:
'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n
ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n
id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts:
[\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a
private and public location\r\nvia the `monitor` key in your
`synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n
privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations:
[\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4.
Navigate to the agent policy for the private location and inspect
the\r\nfull policy. Ensure the Synthetics policy on the agent package
policy\r\ndoes not have `ssl` fields set for ssl disabled monitor.
Ensure the\r\n`ssl` fields are set for the ssl enabled
monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:uptime","v8.7.0","v8.6.1"],"number":149298,"url":"https://github.com/elastic/kibana/pull/149298","mergeCommit":{"message":"[Synthetics]
Omit or include `ssl` keys when appropriate for project monitors and
private locations (#149298)\n\n## Summary\r\n\r\nResolves
https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls
fields from
being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non
the Synthetics Integration policy when `is_tls_enabled` is false\r\n2.
Ensures `is_tls_enabled` is set properly for project
monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis
ensures that when a monitor is sent to a public location or a\r\nprivate
location, the `ssl` fields are sent or stripped
appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private
location\r\n2. Create 2 lightweight project monitors using the
following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id:
'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n
ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n
id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts:
[\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a
private and public location\r\nvia the `monitor` key in your
`synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n
privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations:
[\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4.
Navigate to the agent policy for the private location and inspect
the\r\nfull policy. Ensure the Synthetics policy on the agent package
policy\r\ndoes not have `ssl` fields set for ssl disabled monitor.
Ensure the\r\n`ssl` fields are set for the ssl enabled
monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149298","number":149298,"mergeCommit":{"message":"[Synthetics]
Omit or include `ssl` keys when appropriate for project monitors and
private locations (#149298)\n\n## Summary\r\n\r\nResolves
https://github.com/elastic/kibana/issues/149083\r\n\r\n1. [Prevents tls
fields from
being\r\nsaved](https://github.com/elastic/kibana/pull/149298/files#diff-56296f634bf379eb71629f426c670cd030d2a15263a59964847c0d10af09a767R14)\r\non
the Synthetics Integration policy when `is_tls_enabled` is false\r\n2.
Ensures `is_tls_enabled` is set properly for project
monitors\r\n([http](https://github.com/elastic/kibana/pull/149298/files#diff-0f42bb3b11a6ab864dee3488d5e9f7282adc009a261b3caee743a880b825c766R73)\r\nand\r\n[tcp](https://github.com/elastic/kibana/pull/149298/files#diff-3ad87e629abc6f17c395e8435c94f0f1a6274c9efea7d24ab81b7635ef0e43dfR69)).\r\nThis
ensures that when a monitor is sent to a public location or a\r\nprivate
location, the `ssl` fields are sent or stripped
appropriately.\r\n\r\n### Testing\r\n\r\n1. Create a private
location\r\n2. Create 2 lightweight project monitors using the
following\r\nconfiguration\r\n```\r\n- type: tcp\r\n id:
'tls-enabled'\r\n name: 'TLS-Enabled'\r\n hosts: [\"8.8.8.8:80\"]\r\n
ssl:\r\n verification_mode: 'strict'\r\n```\r\n```\r\n- type: tcp\r\n
id: 'tls-disabled'\r\n name: 'TLS-Disabled'\r\n hosts:
[\"8.8.8.8:80\"]\r\n```\r\n3. Set these monitors to execute from both a
private and public location\r\nvia the `monitor` key in your
`synthetics.config.ts` file.\r\n```\r\n monitor: {\r\n schedule: 3,\r\n
privateLocations: [\"YOUR PRIVATE LOCATION\"],\r\n locations:
[\"us_central\"], // to test against dev environment\r\n },\r\n```\r\n4.
Navigate to the agent policy for the private location and inspect
the\r\nfull policy. Ensure the Synthetics policy on the agent package
policy\r\ndoes not have `ssl` fields set for ssl disabled monitor.
Ensure the\r\n`ssl` fields are set for the ssl enabled
monitor.","sha":"0592abdab5c2d074468465380066b3dbeea89f4a"}},{"branch":"8.6","label":"v8.6.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Dominique Clarke 2023-01-24 20:17:37 -05:00 committed by GitHub
parent e62d092461
commit 22383ac3e0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 1841 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

1319
x-pack/plugins/synthetics/common/formatters/format_synthetics_policy.test.ts Normal file
View file

File diff suppressed because it is too large Load diff

36
x-pack/plugins/synthetics/common/formatters/tls/formatters.ts
View file

@ -4,29 +4,43 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { TLSFields, ConfigKey } from '../../runtime_types/monitor_management';
import { TLSFields, TLSVersion, ConfigKey } from '../../runtime_types/monitor_management';
import { Formatter } from '../common/formatters';
type TLSFormatMap = Record<keyof TLSFields, Formatter>;
export const tlsFormatters: TLSFormatMap = {
[ConfigKey.TLS_CERTIFICATE_AUTHORITIES]: (fields) =>
tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE_AUTHORITIES]),
fields[ConfigKey.METADATA]?.is_tls_enabled
? tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE_AUTHORITIES])
: null,
[ConfigKey.TLS_CERTIFICATE]: (fields) =>
tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE]),
[ConfigKey.TLS_KEY]: (fields) => tlsValueToYamlFormatter(fields[ConfigKey.TLS_KEY]),
fields[ConfigKey.METADATA]?.is_tls_enabled
? tlsValueToYamlFormatter(fields[ConfigKey.TLS_CERTIFICATE])
: null,
[ConfigKey.TLS_KEY]: (fields) =>
fields[ConfigKey.METADATA]?.is_tls_enabled
? tlsValueToYamlFormatter(fields[ConfigKey.TLS_KEY])
: null,
[ConfigKey.TLS_KEY_PASSPHRASE]: (fields) =>
tlsValueToStringFormatter(fields[ConfigKey.TLS_KEY_PASSPHRASE]),
fields[ConfigKey.METADATA]?.is_tls_enabled
? tlsValueToStringFormatter(fields[ConfigKey.TLS_KEY_PASSPHRASE])
: null,
[ConfigKey.TLS_VERIFICATION_MODE]: (fields) =>
tlsValueToStringFormatter(fields[ConfigKey.TLS_VERIFICATION_MODE]),
[ConfigKey.TLS_VERSION]: (fields) => tlsArrayToYamlFormatter(fields[ConfigKey.TLS_VERSION]),
fields[ConfigKey.METADATA]?.is_tls_enabled
? tlsValueToStringFormatter(fields[ConfigKey.TLS_VERIFICATION_MODE])
: null,
[ConfigKey.TLS_VERSION]: (fields) =>
fields[ConfigKey.METADATA]?.is_tls_enabled
? tlsArrayToYamlFormatter(fields[ConfigKey.TLS_VERSION])
: null,
};
// only add tls settings if they are enabled by the user and isEnabled is true
export const tlsValueToYamlFormatter = (tlsValue: string = '') =>
export const tlsValueToYamlFormatter = (tlsValue: string | null = '') =>
tlsValue ? JSON.stringify(tlsValue) : null;
export const tlsValueToStringFormatter = (tlsValue: string = '') => tlsValue || null;
export const tlsValueToStringFormatter = (tlsValue: string | null = '') => tlsValue || null;
export const tlsArrayToYamlFormatter = (tlsValue: string[] = []) =>
tlsValue.length ? JSON.stringify(tlsValue) : null;
export const tlsArrayToYamlFormatter = (tlsValue: TLSVersion[] | null = []) =>
tlsValue?.length ? JSON.stringify(tlsValue) : null;

5
x-pack/plugins/synthetics/public/legacy_uptime/components/fleet_package/hooks/use_update_policy.test.tsx
View file

@ -23,7 +23,7 @@ import {
} from '../types';
import { defaultConfig } from '../synthetics_policy_create_extension';
describe('useBarChartsHooks', () => {
describe('useUpdatePolicy', () => {
const newPolicy: NewPackagePolicy = {
name: '',
description: '',
@ -433,6 +433,9 @@ describe('useBarChartsHooks', () => {
...initialProps,
config: {
...defaultConfig[DataStream.HTTP],
[ConfigKey.METADATA]: {
is_tls_enabled: true,
},
[ConfigKey.RESPONSE_BODY_CHECK_POSITIVE]: ['test'],
[ConfigKey.RESPONSE_BODY_CHECK_NEGATIVE]: ['test'],
[ConfigKey.RESPONSE_STATUS_CHECK]: ['test'],

5
x-pack/plugins/synthetics/server/synthetics_service/project_monitor/normalizers/common_fields.ts
View file

@ -51,7 +51,6 @@ export const getNormalizeCommonFields = ({
namespace,
}: NormalizedProjectProps): Partial<CommonFields> => {
const defaultFields = DEFAULT_COMMON_FIELDS;
const normalizedFields = {
[ConfigKey.JOURNEY_ID]: monitor.id || defaultFields[ConfigKey.JOURNEY_ID],
[ConfigKey.MONITOR_SOURCE_TYPE]: SourceType.PROJECT,
@ -231,3 +230,7 @@ export const normalizeYamlConfig = (monitor: NormalizedProjectProps['monitor'])
unsupportedKeys,
};
};
// returns true when any ssl fields are defined
export const getHasTLSFields = (monitor: ProjectMonitor) =>
Object.keys(monitor).some((key) => key.includes('ssl'));

146
x-pack/plugins/synthetics/server/synthetics_service/project_monitor/normalizers/http_monitor.test.ts
View file

@ -4,7 +4,7 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { omit } from 'lodash';
import {
DataStream,
Locations,
@ -144,7 +144,147 @@ describe('http normalizers', () => {
normalizedFields: {
...DEFAULT_FIELDS[DataStream.HTTP],
__ui: {
is_tls_enabled: false,
is_tls_enabled: true,
},
'check.request.body': {
type: 'json',
value: '{"json":"body"}',
},
'check.request.headers': {
'a-header': 'a-header-value',
},
'check.request.method': 'POST',
'check.response.body.negative': [],
'check.response.body.positive': [],
'check.response.headers': {},
'check.response.status': ['200'],
config_id: '',
custom_heartbeat_id: 'my-monitor-2-test-project-id-test-space',
enabled: false,
form_monitor_type: 'http',
journey_id: 'my-monitor-2',
locations: [],
max_redirects: '0',
name: 'My Monitor 2',
namespace: 'test_space',
origin: 'project',
original_space: 'test-space',
password: '',
project_id: 'test-project-id',
proxy_url: '',
'response.include_body': 'always',
'response.include_headers': false,
schedule: {
number: '60',
unit: 'm',
},
'service.name': 'test service',
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.key': '',
'ssl.key_passphrase': '',
'ssl.supported_protocols': ['TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
tags: [],
timeout: '80',
type: 'http',
urls: 'http://localhost:9200',
'url.port': null,
username: '',
id: '',
hash: testHash,
},
unsupportedKeys: ['check.response.body', 'unsupportedKey.nestedUnsupportedKey'],
},
{
errors: [],
normalizedFields: {
...DEFAULT_FIELDS[DataStream.HTTP],
__ui: {
is_tls_enabled: true,
},
'check.request.body': {
type: 'text',
value: 'sometextbody',
},
'check.request.headers': {
'a-header': 'a-header-value',
},
'check.request.method': 'POST',
'check.response.body.negative': [],
'check.response.body.positive': ['Saved', 'saved'],
'check.response.headers': {},
'check.response.status': ['200'],
config_id: '',
custom_heartbeat_id: 'my-monitor-3-test-project-id-test-space',
enabled: false,
form_monitor_type: 'http',
journey_id: 'my-monitor-3',
locations: [],
max_redirects: '0',
name: 'My Monitor 3',
namespace: 'test_space',
origin: 'project',
original_space: 'test-space',
password: '',
project_id: 'test-project-id',
proxy_url: '',
'response.include_body': 'always',
'response.include_headers': false,
schedule: {
number: '60',
unit: 'm',
},
'service.name': 'test service',
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.key': '',
'ssl.key_passphrase': '',
'ssl.supported_protocols': ['TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
tags: ['tag2', 'tag2'],
timeout: '80',
type: 'http',
urls: 'http://localhost:9200',
'url.port': null,
username: '',
id: '',
hash: testHash,
},
unsupportedKeys: [],
},
]);
});
it('sets is_tls_enabled appropriately', () => {
const actual = normalizeProjectMonitors({
locations,
privateLocations,
monitors: [monitors[0], { ...omit(monitors[1], ['ssl.supported_protocols']) }],
projectId,
namespace: 'test-space',
version: '8.5.0',
});
expect(actual).toEqual([
{
errors: [
{
details:
'Multiple urls are not supported for http project monitors in 8.5.0. Please set only 1 url per monitor. You monitor was not created or updated.',
id: 'my-monitor-2',
reason: 'Unsupported Heartbeat option',
},
{
details:
'The following Heartbeat options are not supported for http project monitors in 8.5.0: check.response.body|unsupportedKey.nestedUnsupportedKey. You monitor was not created or updated.',
id: 'my-monitor-2',
reason: 'Unsupported Heartbeat option',
},
],
normalizedFields: {
...DEFAULT_FIELDS[DataStream.HTTP],
__ui: {
is_tls_enabled: true,
},
'check.request.body': {
type: 'json',
@ -240,7 +380,7 @@ describe('http normalizers', () => {
'ssl.certificate_authorities': '',
'ssl.key': '',
'ssl.key_passphrase': '',
'ssl.supported_protocols': ['TLSv1.2', 'TLSv1.3'],
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
tags: ['tag2', 'tag2'],
timeout: '80',

6
x-pack/plugins/synthetics/server/synthetics_service/project_monitor/normalizers/http_monitor.ts
View file

@ -23,6 +23,7 @@ import {
getOptionalArrayField,
getUnsupportedKeysError,
getMultipleUrlsOrHostsError,
getHasTLSFields,
} from './common_fields';
export const getNormalizeHTTPFields = ({
@ -70,7 +71,12 @@ export const getNormalizeHTTPFields = ({
[ConfigKey.TLS_VERSION]: get(monitor, ConfigKey.TLS_VERSION)
? (getOptionalListField(get(monitor, ConfigKey.TLS_VERSION)) as TLSVersion[])
: defaultFields[ConfigKey.TLS_VERSION],
[ConfigKey.METADATA]: {
...DEFAULT_FIELDS[DataStream.HTTP][ConfigKey.METADATA],
is_tls_enabled: getHasTLSFields(monitor),
},
};
return {
normalizedFields: {
...defaultFields,

192
x-pack/plugins/synthetics/server/synthetics_service/project_monitor/normalizers/tcp_monitor.test.ts
View file

@ -4,7 +4,7 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { omit } from 'lodash';
import {
DataStream,
Locations,
@ -108,7 +108,7 @@ describe('tcp normalizers', () => {
normalizedFields: {
...DEFAULT_FIELDS[DataStream.TCP],
__ui: {
is_tls_enabled: false,
is_tls_enabled: true,
},
'check.receive': '',
'check.send': '',
@ -159,6 +159,73 @@ describe('tcp normalizers', () => {
},
{
errors: [],
normalizedFields: {
...DEFAULT_FIELDS[DataStream.TCP],
__ui: {
is_tls_enabled: true,
},
'check.receive': '',
'check.send': '',
config_id: '',
custom_heartbeat_id: 'always-down-test-project-id-test-space',
enabled: true,
form_monitor_type: 'tcp',
hosts: 'localhost:18278',
'url.port': null,
journey_id: 'always-down',
locations: [
{
geo: {
lat: 33.333,
lon: 73.333,
},
id: 'us_central',
isServiceManaged: true,
label: 'Test Location',
},
],
name: 'Always Down',
namespace: 'test_space',
origin: 'project',
original_space: 'test-space',
project_id: 'test-project-id',
proxy_url: '',
proxy_use_local_resolver: false,
schedule: {
number: '1',
unit: 'm',
},
'service.name': 'test service',
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.key': '',
'ssl.key_passphrase': '',
'ssl.supported_protocols': ['TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
tags: ['tag1', 'tag2'],
timeout: '16',
type: 'tcp',
id: '',
urls: '',
hash: testHash,
},
unsupportedKeys: [],
},
{
errors: [
{
details:
'Multiple hosts are not supported for tcp project monitors in 8.5.0. Please set only 1 host per monitor. You monitor was not created or updated.',
id: 'always-down',
reason: 'Unsupported Heartbeat option',
},
{
details:
'The following Heartbeat options are not supported for tcp project monitors in 8.5.0: ports|unsupportedKey.nestedUnsupportedKey. You monitor was not created or updated.',
id: 'always-down',
reason: 'Unsupported Heartbeat option',
},
],
normalizedFields: {
...DEFAULT_FIELDS[DataStream.TCP],
__ui: {
@ -170,6 +237,127 @@ describe('tcp normalizers', () => {
custom_heartbeat_id: 'always-down-test-project-id-test-space',
enabled: true,
form_monitor_type: 'tcp',
hosts: 'localhost',
'url.port': null,
journey_id: 'always-down',
locations: [
{
geo: {
lat: 33.333,
lon: 73.333,
},
id: 'us_central',
isServiceManaged: true,
label: 'Test Location',
},
],
name: 'Always Down',
namespace: 'test_space',
origin: 'project',
original_space: 'test-space',
project_id: 'test-project-id',
proxy_url: '',
proxy_use_local_resolver: false,
schedule: {
number: '1',
unit: 'm',
},
'service.name': '',
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.key': '',
'ssl.key_passphrase': '',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
tags: ['tag1', 'tag2'],
timeout: '16',
type: 'tcp',
id: '',
urls: '',
hash: testHash,
},
unsupportedKeys: ['ports', 'unsupportedKey.nestedUnsupportedKey'],
},
]);
});
it('sets is_tls_enabled appropriately', () => {
const actual = normalizeProjectMonitors({
locations,
privateLocations,
monitors: [monitors[0], monitors[1], { ...omit(monitors[2], ['ssl.supported_protocols']) }],
projectId,
namespace: 'test-space',
version: '8.5.0',
});
expect(actual).toEqual([
{
errors: [],
normalizedFields: {
...DEFAULT_FIELDS[DataStream.TCP],
__ui: {
is_tls_enabled: true,
},
'check.receive': '',
'check.send': '',
config_id: '',
custom_heartbeat_id: 'gmail-smtp-test-project-id-test-space',
enabled: true,
form_monitor_type: 'tcp',
hosts: 'smtp.gmail.com:587',
'url.port': null,
journey_id: 'gmail-smtp',
locations: [
{
geo: {
lat: 33.333,
lon: 73.333,
},
id: 'us_central',
isServiceManaged: true,
label: 'Test Location',
},
],
name: 'GMail SMTP',
namespace: 'test_space',
origin: 'project',
original_space: 'test-space',
project_id: 'test-project-id',
proxy_url: '',
proxy_use_local_resolver: false,
schedule: {
number: '1',
unit: 'm',
},
'service.name': 'test service',
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.key': '',
'ssl.key_passphrase': '',
'ssl.supported_protocols': ['TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
tags: ['service:smtp', 'org:google'],
timeout: '16',
type: 'tcp',
id: '',
urls: '',
hash: testHash,
},
unsupportedKeys: [],
},
{
errors: [],
normalizedFields: {
...DEFAULT_FIELDS[DataStream.TCP],
__ui: {
is_tls_enabled: true,
},
'check.receive': '',
'check.send': '',
config_id: '',
custom_heartbeat_id: 'always-down-test-project-id-test-space',
enabled: true,
form_monitor_type: 'tcp',
hosts: 'localhost:18278',
'url.port': null,
journey_id: 'always-down',

5
x-pack/plugins/synthetics/server/synthetics_service/project_monitor/normalizers/tcp_monitor.ts
View file

@ -22,6 +22,7 @@ import {
getOptionalListField,
getMultipleUrlsOrHostsError,
getUnsupportedKeysError,
getHasTLSFields,
} from './common_fields';
export const getNormalizeTCPFields = ({
@ -65,6 +66,10 @@ export const getNormalizeTCPFields = ({
[ConfigKey.TLS_VERSION]: get(monitor, ConfigKey.TLS_VERSION)
? (getOptionalListField(get(monitor, ConfigKey.TLS_VERSION)) as TLSVersion[])
: defaultFields[ConfigKey.TLS_VERSION],
[ConfigKey.METADATA]: {
...DEFAULT_FIELDS[DataStream.TCP][ConfigKey.METADATA],
is_tls_enabled: getHasTLSFields(monitor),
},
};
return {
normalizedFields: {

99
x-pack/test/api_integration/apis/synthetics/add_monitor_private_location.ts
View file

@ -34,6 +34,7 @@ export default function ({ getService }: FtrProviderContext) {
const security = getService('security');
before(async () => {
await supertestAPI.post(API_URLS.SYNTHETICS_ENABLEMENT).set('kbn-xsrf', 'true').expect(200);
await supertestAPI.post('/api/fleet/setup').set('kbn-xsrf', 'true').send().expect(200);
await supertestAPI
.post('/api/fleet/epm/packages/synthetics/0.10.3')
@ -99,7 +100,8 @@ export default function ({ getService }: FtrProviderContext) {
const apiResponse = await supertestAPI
.post(API_URLS.SYNTHETICS_MONITORS)
.set('kbn-xsrf', 'true')
.send(newMonitor);
.send(newMonitor)
.expect(200);
expect(apiResponse.body.attributes).eql(
omit(
@ -329,6 +331,97 @@ export default function ({ getService }: FtrProviderContext) {
}
});
it('handles is_tls_enabled true', async () => {
let monitorId = '';
const monitor = {
...httpMonitorJson,
locations: [
{
id: testFleetPolicyID,
label: 'Test private location 0',
isServiceManaged: false,
},
],
[ConfigKey.METADATA]: {
is_tls_enabled: true,
},
};
try {
const apiResponse = await supertestAPI
.post(API_URLS.SYNTHETICS_MONITORS)
.set('kbn-xsrf', 'true')
.send(monitor)
.expect(200);
monitorId = apiResponse.body.id;
const policyResponse = await supertestAPI.get(
'/api/fleet/package_policies?page=1&perPage=2000&kuery=ingest-package-policies.package.name%3A%20synthetics'
);
const packagePolicy = policyResponse.body.items.find(
(pkgPolicy: PackagePolicy) =>
pkgPolicy.id === monitorId + '-' + testFleetPolicyID + `-default`
);
comparePolicies(
packagePolicy,
getTestSyntheticsPolicy(monitor.name, monitorId, undefined, undefined, true)
);
} finally {
await supertestAPI
.delete(API_URLS.SYNTHETICS_MONITORS + '/' + monitorId)
.set('kbn-xsrf', 'true')
.send()
.expect(200);
}
});
it('handles is_tls_enabled false', async () => {
let monitorId = '';
const monitor = {
...httpMonitorJson,
locations: [
{
id: testFleetPolicyID,
label: 'Test private location 0',
isServiceManaged: false,
},
],
[ConfigKey.METADATA]: {
is_tls_enabled: false,
},
};
try {
const apiResponse = await supertestAPI
.post(API_URLS.SYNTHETICS_MONITORS)
.set('kbn-xsrf', 'true')
.send(monitor)
.expect(200);
monitorId = apiResponse.body.id;
const policyResponse = await supertestAPI.get(
'/api/fleet/package_policies?page=1&perPage=2000&kuery=ingest-package-policies.package.name%3A%20synthetics'
);
const packagePolicy = policyResponse.body.items.find(
(pkgPolicy: PackagePolicy) =>
pkgPolicy.id === monitorId + '-' + testFleetPolicyID + `-default`
);
comparePolicies(packagePolicy, getTestSyntheticsPolicy(monitor.name, monitorId));
} finally {
await supertestAPI
.delete(API_URLS.SYNTHETICS_MONITORS + '/' + monitorId)
.set('kbn-xsrf', 'true')
.send()
.expect(200);
}
});
it('handles auto upgrading policies', async () => {
let monitorId = '';
@ -349,8 +442,8 @@ export default function ({ getService }: FtrProviderContext) {
const apiResponse = await supertestAPI
.post(API_URLS.SYNTHETICS_MONITORS)
.set('kbn-xsrf', 'true')
.send(monitor);
.send(monitor)
.expect(200);
monitorId = apiResponse.body.id;
const policyResponse = await supertestAPI.get(

12
x-pack/test/api_integration/apis/synthetics/add_monitor_project.ts
View file

@ -72,6 +72,7 @@ export default function ({ getService }: FtrProviderContext) {
};
before(async () => {
await supertest.post(API_URLS.SYNTHETICS_ENABLEMENT).set('kbn-xsrf', 'true').expect(200);
await supertest.post('/api/fleet/setup').set('kbn-xsrf', 'true').send().expect(200);
await supertest
.post('/api/fleet/epm/packages/synthetics/0.10.3')
@ -283,6 +284,7 @@ export default function ({ getService }: FtrProviderContext) {
for (const monitor of successfulMonitors) {
const journeyId = monitor.id;
const isTLSEnabled = Object.keys(monitor).some((key) => key.includes('ssl'));
const createdMonitorsResponse = await supertest
.get(API_URLS.SYNTHETICS_MONITORS)
.query({ filter: `${syntheticsMonitorType}.attributes.journey_id: ${journeyId}` })
@ -296,7 +298,7 @@ export default function ({ getService }: FtrProviderContext) {
expect(decryptedCreatedMonitor.body.attributes).to.eql({
__ui: {
is_tls_enabled: false,
is_tls_enabled: isTLSEnabled,
},
'check.request.method': 'POST',
'check.response.status': ['200'],
@ -346,7 +348,7 @@ export default function ({ getService }: FtrProviderContext) {
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
'ssl.verification_mode': isTLSEnabled ? 'strict' : 'full',
'ssl.key': '',
'ssl.key_passphrase': '',
tags: Array.isArray(monitor.tags) ? monitor.tags : monitor.tags?.split(','),
@ -398,6 +400,7 @@ export default function ({ getService }: FtrProviderContext) {
for (const monitor of successfulMonitors) {
const journeyId = monitor.id;
const isTLSEnabled = Object.keys(monitor).some((key) => key.includes('ssl'));
const createdMonitorsResponse = await supertest
.get(API_URLS.SYNTHETICS_MONITORS)
.query({ filter: `${syntheticsMonitorType}.attributes.journey_id: ${journeyId}` })
@ -411,7 +414,7 @@ export default function ({ getService }: FtrProviderContext) {
expect(decryptedCreatedMonitor.body.attributes).to.eql({
__ui: {
is_tls_enabled: false,
is_tls_enabled: isTLSEnabled,
},
config_id: decryptedCreatedMonitor.body.id,
custom_heartbeat_id: `${journeyId}-${project}-default`,
@ -447,7 +450,7 @@ export default function ({ getService }: FtrProviderContext) {
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
'ssl.verification_mode': isTLSEnabled ? 'strict' : 'full',
'ssl.key': '',
'ssl.key_passphrase': '',
tags: Array.isArray(monitor.tags) ? monitor.tags : monitor.tags?.split(','),
@ -1543,6 +1546,7 @@ export default function ({ getService }: FtrProviderContext) {
type: 'http',
tags: 'tag2,tag2',
urls: ['http://localhost:9200'],
'ssl.verification_mode': 'strict',
},
reason: 'Cannot update monitor to different type.',
},

18
x-pack/test/api_integration/apis/synthetics/add_monitor_project_legacy.ts
View file

@ -237,6 +237,7 @@ export default function ({ getService }: FtrProviderContext) {
for (const monitor of successfulMonitors) {
const journeyId = monitor.id;
const isTLSEnabled = Object.keys(monitor).some((key) => key.includes('ssl'));
const createdMonitorsResponse = await supertest
.get(API_URLS.SYNTHETICS_MONITORS)
.query({ filter: `${syntheticsMonitorType}.attributes.journey_id: ${journeyId}` })
@ -250,7 +251,7 @@ export default function ({ getService }: FtrProviderContext) {
expect(decryptedCreatedMonitor.body.attributes).to.eql({
__ui: {
is_tls_enabled: false,
is_tls_enabled: isTLSEnabled,
},
'check.request.method': 'POST',
'check.response.status': ['200'],
@ -300,7 +301,7 @@ export default function ({ getService }: FtrProviderContext) {
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
'ssl.verification_mode': isTLSEnabled ? 'strict' : 'full',
'ssl.key': '',
'ssl.key_passphrase': '',
tags: Array.isArray(monitor.tags) ? monitor.tags : monitor.tags?.split(','),
@ -349,6 +350,7 @@ export default function ({ getService }: FtrProviderContext) {
for (const monitor of successfulMonitors) {
const journeyId = monitor.id;
const isTLSEnabled = Object.keys(monitor).some((key) => key.includes('ssl'));
const createdMonitorsResponse = await supertest
.get(API_URLS.SYNTHETICS_MONITORS)
.query({ filter: `${syntheticsMonitorType}.attributes.journey_id: ${journeyId}` })
@ -362,7 +364,7 @@ export default function ({ getService }: FtrProviderContext) {
expect(decryptedCreatedMonitor.body.attributes).to.eql({
__ui: {
is_tls_enabled: false,
is_tls_enabled: isTLSEnabled,
},
config_id: decryptedCreatedMonitor.body.id,
custom_heartbeat_id: `${journeyId}-test-suite-default`,
@ -398,7 +400,7 @@ export default function ({ getService }: FtrProviderContext) {
'ssl.certificate': '',
'ssl.certificate_authorities': '',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'],
'ssl.verification_mode': 'full',
'ssl.verification_mode': isTLSEnabled ? 'strict' : 'full',
'ssl.key': '',
'ssl.key_passphrase': '',
tags: Array.isArray(monitor.tags) ? monitor.tags : monitor.tags?.split(','),
@ -1755,7 +1757,7 @@ export default function ({ getService }: FtrProviderContext) {
data_stream: { type: 'synthetics', dataset: 'http' },
release: 'experimental',
vars: {
__ui: { value: '{"is_tls_enabled":false}', type: 'yaml' },
__ui: { value: '{"is_tls_enabled":true}', type: 'yaml' },
enabled: { value: false, type: 'bool' },
type: { value: 'http', type: 'text' },
name: { value: 'My Monitor 3', type: 'text' },
@ -1784,7 +1786,7 @@ export default function ({ getService }: FtrProviderContext) {
'ssl.certificate': { value: null, type: 'yaml' },
'ssl.key': { value: null, type: 'yaml' },
'ssl.key_passphrase': { value: null, type: 'text' },
'ssl.verification_mode': { value: 'full', type: 'text' },
'ssl.verification_mode': { value: 'strict', type: 'text' },
'ssl.supported_protocols': {
value: '["TLSv1.1","TLSv1.2","TLSv1.3"]',
type: 'yaml',
@ -1808,7 +1810,7 @@ export default function ({ getService }: FtrProviderContext) {
},
id: `synthetics/http-http-${id}-${testPolicyId}`,
compiled_stream: {
__ui: { is_tls_enabled: false },
__ui: { is_tls_enabled: true },
type: 'http',
name: 'My Monitor 3',
id,
@ -1825,7 +1827,7 @@ export default function ({ getService }: FtrProviderContext) {
'check.request.headers': { 'Content-Type': 'application/x-www-form-urlencoded' },
'check.response.status': ['200'],
'check.response.body.positive': ['Saved', 'saved'],
'ssl.verification_mode': 'full',
'ssl.verification_mode': 'strict',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2', 'TLSv1.3'],
processors: [
{ add_observer_metadata: { geo: { name: 'Test private location 0' } } },

7
x-pack/test/api_integration/apis/uptime/rest/fixtures/http_monitor.json
View file

@ -13,12 +13,7 @@
"config_id": "",
"timeout": "3m",
"__ui": {
"is_tls_enabled": false,
"is_zip_url_tls_enabled": false,
"script_source": {
"is_generated_script": false,
"file_name": "test-file.name"
}
"is_tls_enabled": false
},
"max_redirects": "3",
"password": "test",

3
x-pack/test/api_integration/apis/uptime/rest/fixtures/project_http_monitor.json
View file

@ -71,7 +71,8 @@
]
}
},
"hash": "ekrjelkjrelkjre"
"hash": "ekrjelkjrelkjre",
"ssl.verification_mode": "strict"
}
]
}

3
x-pack/test/api_integration/apis/uptime/rest/fixtures/project_tcp_monitor.json
View file

@ -11,7 +11,8 @@
"schedule": 1,
"tags": [ "service:smtp", "org:google" ],
"privateLocations": [ "BEEP" ],
"hash": "ekrjelkjrelkjre"
"hash": "ekrjelkjrelkjre",
"ssl.verification_mode": "strict"
},
{
"locations": [ "localhost" ],

44
x-pack/test/api_integration/apis/uptime/rest/sample_data/test_policy.ts
View file

@ -13,7 +13,8 @@ export const getTestSyntheticsPolicy = (
name: string,
id: string,
locationName?: string,
namespace?: string
namespace?: string,
isTLSEnabled?: boolean
): PackagePolicy => ({
id: '2bfd7da0-22ed-11ed-8c6b-09a2d21dfbc3-27337270-22ed-11ed-8c6b-09a2d21dfbc3-default',
version: 'WzE2MjYsMV0=',
@ -34,8 +35,7 @@ export const getTestSyntheticsPolicy = (
release: 'experimental',
vars: {
__ui: {
value:
'{"is_tls_enabled":false,"is_zip_url_tls_enabled":false,"script_source":{"is_generated_script":false,"file_name":"test-file.name"}}',
value: `{"is_tls_enabled":${isTLSEnabled || false}}`,
type: 'yaml',
},
enabled: { value: true, type: 'bool' },
@ -62,12 +62,18 @@ export const getTestSyntheticsPolicy = (
'check.response.headers': { value: null, type: 'yaml' },
'check.response.body.positive': { value: null, type: 'yaml' },
'check.response.body.negative': { value: null, type: 'yaml' },
'ssl.certificate_authorities': { value: '"t.string"', type: 'yaml' },
'ssl.certificate': { value: '"t.string"', type: 'yaml' },
'ssl.key': { value: '"t.string"', type: 'yaml' },
'ssl.key_passphrase': { value: 't.string', type: 'text' },
'ssl.verification_mode': { value: 'certificate', type: 'text' },
'ssl.supported_protocols': { value: '["TLSv1.1","TLSv1.2"]', type: 'yaml' },
'ssl.certificate_authorities': {
value: isTLSEnabled ? '"t.string"' : null,
type: 'yaml',
},
'ssl.certificate': { value: isTLSEnabled ? '"t.string"' : null, type: 'yaml' },
'ssl.key': { value: isTLSEnabled ? '"t.string"' : null, type: 'yaml' },
'ssl.key_passphrase': { value: isTLSEnabled ? 't.string' : null, type: 'text' },
'ssl.verification_mode': { value: isTLSEnabled ? 'certificate' : null, type: 'text' },
'ssl.supported_protocols': {
value: isTLSEnabled ? '["TLSv1.1","TLSv1.2"]' : null,
type: 'yaml',
},
location_name: { value: locationName || 'Test private location 0', type: 'text' },
id: { value: id, type: 'text' },
config_id: { value: id, type: 'text' },
@ -79,9 +85,7 @@ export const getTestSyntheticsPolicy = (
id: 'synthetics/http-http-2bfd7da0-22ed-11ed-8c6b-09a2d21dfbc3-27337270-22ed-11ed-8c6b-09a2d21dfbc3-default',
compiled_stream: {
__ui: {
is_tls_enabled: false,
is_zip_url_tls_enabled: false,
script_source: { is_generated_script: false, file_name: 'test-file.name' },
is_tls_enabled: isTLSEnabled || false,
},
type: 'http',
name,
@ -102,12 +106,16 @@ export const getTestSyntheticsPolicy = (
'check.request.headers': { sampleHeader: 'sampleHeaderValue' },
'check.request.body': 'testValue',
'check.response.status': ['200', '201'],
'ssl.certificate': 't.string',
'ssl.certificate_authorities': 't.string',
'ssl.key': 't.string',
'ssl.key_passphrase': 't.string',
'ssl.verification_mode': 'certificate',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2'],
...(isTLSEnabled
? {
'ssl.certificate': 't.string',
'ssl.certificate_authorities': 't.string',
'ssl.key': 't.string',
'ssl.key_passphrase': 't.string',
'ssl.verification_mode': 'certificate',
'ssl.supported_protocols': ['TLSv1.1', 'TLSv1.2'],
}
: {}),
processors: [
{
add_observer_metadata: { geo: { name: locationName || 'Test private location 0' } },