Fix credentials leak from synthtrace (#172294)

The PR fixes creds leaking in console logs when running Synth.
Synthtrace runs on CI as well where this is not secure to leak
credentials

## Before -

<img width="854" alt="image"
src="41aaeed7-6a2a-4cc6-aabd-d9f4261b861a">

## After

<img width="851" alt="image"
src="1da1392f-c6d3-4604-a802-c906ecd4de23">

packages/kbn-apm-synthtrace/src/cli/run_synthtrace.ts

@@ -52,10 +52,6 @@ function options(y: Argv) {
       number: true,
       default: 1,
     })
-    .option('versionOverride', {
-      describe: 'Package/observer version override',
-      string: true,
-    })
     .option('logLevel', {
       describe: 'Log level',
       default: 'info',
@@ -66,6 +62,10 @@ function options(y: Argv) {
         return arg as Record<string, any> | undefined;
       },
     })
+    .option('assume-package-version', {
+      describe: 'Assumes passed package version to avoid calling Fleet API to install',
+      string: true,
+    })
     .showHelpOnFail(false);
 }
 

packages/kbn-apm-synthtrace/src/cli/utils/bootstrap.ts

@@ -16,6 +16,8 @@ import { RunOptions } from './parse_run_cli_flags';
 export async function bootstrap(runOptions: RunOptions) {
   const logger = createLogger(runOptions.logLevel);
 
+  let version = runOptions['assume-package-version'];
+
   const { kibanaUrl, esUrl } = await getServiceUrls({ ...runOptions, logger });
 
   const kibanaClient = getKibanaClient({
@@ -23,9 +25,14 @@ export async function bootstrap(runOptions: RunOptions) {
     logger,
   });
 
-  const latestPackageVersion = await kibanaClient.fetchLatestApmPackageVersion();
+  if (!version) {
+    version = await kibanaClient.fetchLatestApmPackageVersion();
+    await kibanaClient.installApmPackage(version);
+  } else if (version === 'latest') {
+    version = await kibanaClient.fetchLatestApmPackageVersion();
+  }
 
-  const version = runOptions.versionOverride || latestPackageVersion;
+  logger.info(`Using package version: ${version}`);
 
   const apmEsClient = getApmEsClient({
     target: esUrl,
@@ -40,8 +47,6 @@ export async function bootstrap(runOptions: RunOptions) {
     concurrency: runOptions.concurrency,
   });
 
-  await kibanaClient.installApmPackage(latestPackageVersion);
-
   if (runOptions.clean) {
     await apmEsClient.clean();
     await logsEsClient.clean();

packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts

@@ -36,6 +36,7 @@ async function discoverAuth(parsedTarget: Url) {
 
 async function getKibanaUrl({ target, logger }: { target: string; logger: Logger }) {
   try {
+    const isCI = process.env.CI?.toLowerCase() === 'true';
     logger.debug(`Checking Kibana URL ${target} for a redirect`);
 
     const unredirectedResponse = await fetch(target, {
@@ -69,7 +70,16 @@ async function getKibanaUrl({ target, logger }: { target: string; logger: Logger
       );
     }
 
-    logger.info(`Discovered kibana running at: ${discoveredKibanaUrlWithAuth}`);
+    const discoveredKibanaUrlWithoutAuth = format({
+      ...parsedDiscoveredUrl,
+      auth: undefined,
+    });
+
+    logger.info(
+      `Discovered kibana running at: ${
+        isCI ? discoveredKibanaUrlWithoutAuth : discoveredKibanaUrlWithAuth
+      }`
+    );
 
     return discoveredKibanaUrlWithAuth.replace(/\/$/, '');
   } catch (error) {

packages/kbn-apm-synthtrace/src/cli/utils/parse_run_cli_flags.ts

@@ -38,7 +38,10 @@ function getParsedFile(flags: RunCliFlags) {
 }
 
 export function parseRunCliFlags(flags: RunCliFlags) {
-  const { logLevel } = flags;
+  const { logLevel, target } = flags;
+  if (target?.includes('.kb.')) {
+    throw new Error(`Target URL seems to be a Kibana URL, please provide Elasticsearch URL`);
+  }
   const parsedFile = getParsedFile(flags);
 
   let parsedLogLevel = LogLevel.info;
@@ -69,7 +72,8 @@ export function parseRunCliFlags(flags: RunCliFlags) {
       'kibana',
       'concurrency',
       'versionOverride',
-      'clean'
+      'clean',
+      'assume-package-version'
     ),
     logLevel: parsedLogLevel,
     file: parsedFile,