Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Ingest Manager] Agent includes pgp file #19480

Merged
merged 15 commits into from
Sep 22, 2020
Merged

[Ingest Manager] Agent includes pgp file #19480

merged 15 commits into from
Sep 22, 2020

Conversation

michalpristas
Copy link
Contributor

@michalpristas michalpristas commented Jun 29, 2020
edited
Loading

What does this PR do?

This PR introduces baked in PGP file with a flag.
If DEV=true is specified during mage build PGP is not included and checks are omitted .
Otherwise PGP is provided and passing check is required.

The solution works well with connected agent to internet, but locally baked in packages are a bit tricky as we need to find a way of including asc files into agent package so they can be checked.

Why is it important?

More security running external binaries

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@michalpristas michalpristas self-assigned this Jun 29, 2020
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 29, 2020
@michalpristas michalpristas changed the title pgp file [Ingest Manager] Agent includes pgp file Jun 29, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 29, 2020
edited by jenkins-beats-ci bot
Loading

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #19480 updated]

  • Start Time: 2020-09-22T12:33:12.261+0000

  • Duration: 79 min 42 sec

Test stats 🧪

Test Results
Failed 9
Passed 20148
Skipped 1833
Total 21990

Test errors

Expand to view the tests failures

  • Name: Build and Test / Filebeat oss / test_default_settings – filebeat.tests.system.test_autodiscover.TestAutodiscover

    • Age: 1
    • Duration: 90.003
    • Error Details: Failed: Timeout >90.0s

  • Name: Build and Test / Filebeat x-pack Mac OS X / test_http_endpoint_correct_auth_header – x-pack.filebeat.tests.system.test_http_endpoint.Test

    • Age: 1
    • Duration: 10.193
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build and Test / Filebeat x-pack Mac OS X / test_http_endpoint_empty_body – x-pack.filebeat.tests.system.test_http_endpoint.Test

    • Age: 1
    • Duration: 2.596
    • Error Details: AssertionError: assert 401 == 406 + where 401 = <Response [401]>.status_code

  • Name: Build and Test / Filebeat x-pack Mac OS X / test_http_endpoint_get_request – x-pack.filebeat.tests.system.test_http_endpoint.Test

    • Age: 1
    • Duration: 1.86
    • Error Details: AssertionError: assert 401 == 405 + where 401 = <Response [401]>.status_code

  • Name: Build and Test / Filebeat x-pack Mac OS X / test_http_endpoint_malformed_json – x-pack.filebeat.tests.system.test_http_endpoint.Test

    • Age: 1
    • Duration: 1.759
    • Error Details: AssertionError: assert 401 == 400 + where 401 = <Response [401]>.status_code

  • Name: Build and Test / Filebeat x-pack Mac OS X / test_http_endpoint_request – x-pack.filebeat.tests.system.test_http_endpoint.Test

    • Age: 1
    • Duration: 10.457
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build and Test / Filebeat x-pack Mac OS X / test_http_endpoint_wrong_auth_value – x-pack.filebeat.tests.system.test_http_endpoint.Test

    • Age: 1
    • Duration: 1.825
    • Error Details: AssertionError: assert '{"message": ...ader secret"}' == '{"message": ...or password"}' - {"message": "Incorrect username or password"} + {"message": "Incorrect header or header secret"}

  • Name: Build and Test / Filebeat x-pack Mac OS X / test_http_endpoint_wrong_content_header – x-pack.filebeat.tests.system.test_http_endpoint.Test

    • Age: 1
    • Duration: 1.806
    • Error Details: AssertionError: assert 401 == 415 + where 401 = <Response [401]>.status_code

  • Name: Build and Test / Libbeat / Libbeat oss / TestClientPublishEventKerberosAware – elasticsearch

    • Age: 3
    • Duration: 2.82
    • Error Details: Failed

Steps errors

Expand to view the steps failures

  • Name: Mage build test

    • Description: mage build test

    • Duration: 27 min 15 sec

    • Start Time: 2020-09-22T12:58:27.660+0000

    • log

  • Name: Mage build unitTest

    • Description: mage build unitTest

    • Duration: 5 min 46 sec

    • Start Time: 2020-09-22T12:57:56.221+0000

    • log

  • Name: Recursively delete the current directory from the workspace

    • Description: script returned exit code 1

    • Duration: 0 min 15 sec

    • Start Time: 2020-09-22T13:02:52.622+0000

    • log

  • Name: Mage build test

    • Description: mage build test

    • Duration: 20 min 14 sec

    • Start Time: 2020-09-22T12:58:32.389+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-09-22T13:51:14.556Z] + tar --version
[2020-09-22T13:51:14.859Z] + tar -xpf source.tgz
[2020-09-22T13:51:25.316Z] + rm source.tgz
[2020-09-22T13:51:25.332Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats
[2020-09-22T13:51:25.356Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Lint
[2020-09-22T13:51:25.509Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-09-22T13:51:25.612Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Auditbeat-oss-Mac-OS-X
[2020-09-22T13:51:25.706Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Heartbeat-Mac-OS-X
[2020-09-22T13:51:25.803Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Winlogbeat-oss
[2020-09-22T13:51:25.897Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-09-22T13:51:25.999Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Auditbeat-crosscompile
[2020-09-22T13:51:26.094Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/dockerlogbeat
[2020-09-22T13:51:26.196Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Journalbeat
[2020-09-22T13:51:26.316Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-09-22T13:51:26.413Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-09-22T13:51:26.513Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-09-22T13:51:26.643Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-09-22T13:51:26.738Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Functionbeat-Mac-OS-X-x-pack
[2020-09-22T13:51:26.833Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Packetbeat-Linux
[2020-09-22T13:51:26.966Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack-Mac-OS-X
[2020-09-22T13:51:27.070Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-09-22T13:51:27.182Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-09-22T13:51:27.281Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Packetbeat-Mac-OS-X
[2020-09-22T13:51:27.396Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Auditbeat-x-pack-Mac-OS-X
[2020-09-22T13:51:27.483Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Auditbeat-oss-Windows
[2020-09-22T13:51:27.573Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-09-22T13:51:27.665Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Heartbeat-oss
[2020-09-22T13:51:27.769Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-09-22T13:51:27.903Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-09-22T13:51:27.997Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Generators-Beat-Mac-OS-X
[2020-09-22T13:51:28.103Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Heartbeat-Windows
[2020-09-22T13:51:28.205Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-09-22T13:51:28.324Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Generators-Metricbeat-Mac-OS-X
[2020-09-22T13:51:28.417Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Auditbeat-oss-Linux
[2020-09-22T13:51:28.516Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-09-22T13:51:28.609Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Filebeat-Windows
[2020-09-22T13:51:28.704Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-09-22T13:51:28.797Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Libbeat-x-pack
[2020-09-22T13:51:28.894Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Packetbeat-Windows
[2020-09-22T13:51:28.989Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Functionbeat-Windows
[2020-09-22T13:51:29.093Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack-Windows
[2020-09-22T13:51:29.193Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-Windows
[2020-09-22T13:51:29.286Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Generators-Beat-Linux
[2020-09-22T13:51:29.381Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Libbeat-oss
[2020-09-22T13:51:29.503Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Filebeat-oss
[2020-09-22T13:51:29.611Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Filebeat-x-pack
[2020-09-22T13:51:29.715Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-Mac-OS-X
[2020-09-22T13:51:29.822Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-OSS-Go-Integration-tests
[2020-09-22T13:51:29.912Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-OSS-Python-Integration-tests
[2020-09-22T13:51:30.008Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-09-22T13:51:30.434Z] + cat
[2020-09-22T13:51:30.435Z] + /usr/local/bin/runbld ./runbld-script --job-name elastic+beats+pull-request
[2020-09-22T13:51:30.435Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-09-22T13:51:37.035Z] runbld>>> runbld started
[2020-09-22T13:51:37.035Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-09-22T13:51:37.985Z] runbld>>> The following profiles matched the job 'elastic+beats+pull-request' in order of occurrence in the config (last value wins).
[2020-09-22T13:51:37.985Z] runbld>>> Matches in the system config:
[2020-09-22T13:51:37.985Z] runbld>>> - Matched ^elastic\+beats
[2020-09-22T13:51:37.985Z] runbld>>> - Matched ^elastic\+beats\+pull-request
[2020-09-22T13:51:39.371Z] runbld>>> Debug logging enabled.
[2020-09-22T13:51:39.371Z] runbld>>> Storing result
[2020-09-22T13:51:39.633Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-09-22T13:51:39.633Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20200922135139-7E249A11
[2020-09-22T13:51:39.633Z] runbld>>> Adding system facts.
[2020-09-22T13:51:40.577Z] runbld>>> Adding vcs info for the latest commit:  8958d1efddad8256311fd1af7c618bb7e6d30c39
[2020-09-22T13:51:40.577Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-09-22T13:51:40.577Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-09-22T13:51:40.577Z] Processing JUnit reports with runbld...
[2020-09-22T13:51:40.577Z] + echo 'Processing JUnit reports with runbld...'
[2020-09-22T13:51:40.839Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-09-22T13:51:40.839Z] runbld>>> DURATION: 34ms
[2020-09-22T13:51:40.839Z] runbld>>> STDOUT: 40 bytes
[2020-09-22T13:51:40.839Z] runbld>>> STDERR: 49 bytes
[2020-09-22T13:51:40.839Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-09-22T13:51:40.839Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-19480
[2020-09-22T13:51:41.785Z] runbld>>> Storing build metadata: 
[2020-09-22T13:51:41.785Z] runbld>>> Adding test report.
[2020-09-22T13:51:41.785Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats
[2020-09-22T13:51:42.732Z] runbld>>> Found 139 test output files
[2020-09-22T13:51:42.995Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-09-22T13:51:42.995Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-09-22T13:51:42.995Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-09-22T13:51:42.995Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-09-22T13:51:42.995Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-09-22T13:51:44.390Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-OSS-Go-Integration-tests/metricbeat/build/TEST-go-integration-graphite.xml
[2020-09-22T13:51:44.390Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats_PR-19480/src/github.com/elastic/beats/Metricbeat-OSS-Go-Integration-tests/metricbeat/build/TEST-go-integration-windows.xml
[2020-09-22T13:51:46.310Z] runbld>>> Test output logs contained: Errors: 0 Failures: 9 Tests: 21833 Skipped: 1560
[2020-09-22T13:51:46.310Z] runbld>>> Storing result
[2020-09-22T13:51:46.310Z] runbld>>> FAILURES: 9
[2020-09-22T13:51:48.226Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-09-22T13:51:48.226Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20200922135139-7E249A11
[2020-09-22T13:51:48.226Z] runbld>>> Email notification disabled by environment variable.
[2020-09-22T13:51:48.226Z] runbld>>> Slack notification disabled by environment variable.
[2020-09-22T13:51:53.754Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-19480
[2020-09-22T13:51:53.897Z] [INFO] getVaultSecret: Getting secrets
[2020-09-22T13:51:53.995Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-09-22T13:51:54.981Z] + chmod 755 generate-build-data.sh
[2020-09-22T13:51:54.981Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19480/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19480/runs/7 FAILURE 4722453
[2020-09-22T13:51:54.981Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19480/runs/7/steps/?limit=10000 -o steps-info.json
[2020-09-22T13:51:59.105Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-19480/runs/7/tests/?status=FAILED -o tests-errors.json

@michalpristas michalpristas mentioned this pull request Jun 30, 2020
Closed
@michalpristas
Copy link
Contributor Author

related to this is including ASC files for beats into our package.
these are generated during release process so we need to figure out how. therefore this is still a draft with commented out ASC checks. HTTP downloader/verifyier works ok. problem is only with prepared packages

I contacted Chris to figure this out and come up with feasible strategy which would also help us with including endpoint probably

@michalpristas michalpristas added the needs_backport PR is waiting to be backported to other branches. label Jun 30, 2020
@blakerouse
Copy link
Contributor

I think this looks good. By default PGP is used and required, only DEV=true at build time allows that to be removed.

@michalpristas michalpristas marked this pull request as ready for review July 2, 2020 06:07
@michalpristas
Copy link
Contributor Author

not activating FS verifier just yet as for: https://github.com/elastic/infra/issues/21487
i think we can keep HTTP one turned on

@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@michalpristas
Copy link
Contributor Author

talking to infra about including asc files not merging before then

@michalpristas michalpristas removed the Ingest Management:beta1 Group issues for ingest management beta1 label Jul 14, 2020
This was referenced Jul 23, 2020
Merged
Closed
@ph
Copy link
Contributor

ph commented Aug 17, 2020

@michalpristas I think everything is in place in infra to move this forward?

@ph ph requested a review from blakerouse September 2, 2020 14:53
@ph
Copy link
Contributor

ph commented Sep 2, 2020

@michalpristas This should work with nightly snapshot too correct? When this get in, we need to communicate it with the other teams.

@michalpristas
Copy link
Contributor Author

should work with snapshots yeah

@ph ph requested review from ruflin and scunningham September 3, 2020 12:42
scunningham
scunningham suggested changes Sep 3, 2020
View reviewed changes
Copy link

@scunningham scunningham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It appears this code pulls the PGP Key down from the CDN on the fly. It would be far safer to embed the key in the binary at build time. Unless I'm reading it wrong, this implementation fetches the PGP key dynamically via https and validates against it with no additional validation that we we received the proper key. A determined attacker may be able to man in the middle the HTTPS transaction and deliver an invalid key.

ruflin
ruflin reviewed Sep 4, 2020
View reviewed changes
x-pack/elastic-agent/magefile.go Outdated
fetchPgp = false
}
}
fmt.Println("fetching pgp", fetchPgp)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

leftover

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this whole section will get removed

blakerouse
blakerouse approved these changes Sep 14, 2020
View reviewed changes
Copy link
Contributor

@blakerouse blakerouse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

Really like the DEV env for development. Will actually be able to use that for the install/uninstall for self-upgrading, so in dev mode self-upgrading can be tested without it being installed in the correct paths. +1

@ph
Copy link
Contributor

ph commented Sep 14, 2020
edited
Loading

@michalpristas @blakerouse @ruflin we will need to document the DEV usage in the developper docs.

scunningham
scunningham approved these changes Sep 14, 2020
View reviewed changes
Copy link

@scunningham scunningham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Question; does the PGP Key pull down during each release build; or we do we used a checked-in PGP Key unless somebody explicitly runs the code that pulls down the key and embeds it?

Pulling down the key on the fly during a build slightly concerns me as it allows an admittedly narrow window for attack. Subsequent unit tests should catch an injection, but we should validate that.

@michalpristas
Copy link
Contributor Author

@scunningham nono key is prepacked in this PR and once we will need it updated we will update the file and run mage update for it to take effect

@scunningham
Copy link

@michalpristas Fantastic, thank you!

@michalpristas
Copy link
Contributor Author

Faliures not related

@michalpristas michalpristas merged commit aebddba into elastic:master Sep 22, 2020
michalpristas added a commit to michalpristas/beats that referenced this pull request Sep 22, 2020
@michalpristas
[Ingest Manager] Agent includes pgp file (elastic#19480)
a874bc2 
[Ingest Manager] Agent includes pgp file (elastic#19480)
@michalpristas michalpristas mentioned this pull request Sep 22, 2020
Merged
6 tasks
v1v added a commit to v1v/beats that referenced this pull request Sep 24, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/ci-pipeli…
c59bffe 
…ne-2.0-arm

* upstream/master: (29 commits)
  Fix librpm installation in auditbeat build (elastic#21239)
  Fix prometheus default config (elastic#21253)
  Fix dev guide test command (elastic#21254)
  Move aws lambda metricset to GA (elastic#21255)
  [Docs] Typo in table syntax (elastic#20227)
  [ECS] Adds related.hosts to capture all hostnames and host identifiers on an event. (elastic#21160)
  Add recursive split to httpjson (elastic#21214)
  [DOCS] Add beat specific start widgets (elastic#21217)
  Fix timestamp handling in remote_write (elastic#21166)
  Fix aws, azure and googlecloud compute dashboards (elastic#21098)
  Add acceptable event log keys to winlog (elastic#21205)
  Add elastic-agent to gitignore (elastic#21219)
  Add cloudfoundry tags to events (elastic#21177)
  [Ingest Manager] Agent includes pgp file (elastic#19480)
  Add compatibility note about ingress-controller-v0.34.1 (elastic#21209)
  [Ingest Manager] Support for UPGRADE_ACTION (elastic#21002)
  Fix libbeat.output.*.bytes metrics of Elasticsearch output (elastic#21197)
  [packaging] use docker.elastic.co/ubi8/ubi-minimal (elastic#21154)
  Add host inventory metrics to system module (elastic#20415)
  [Filebeat][Azure Module] Fixing event.outcome from result_type issue (elastic#20998)
  ...
v1v added a commit to v1v/beats that referenced this pull request Sep 24, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/ci-pipeli…
778c037 
…ne-2.0

* upstream/master: (33 commits)
  Stop running agent container as root by default (elastic#21213)
  Stop running auditbeat container as root by default (elastic#21202)
  Fix autodiscover flaky tests (elastic#21242)
  [Ingest Manager] Enabled dev builds (elastic#21241)
  Fix librpm installation in auditbeat build (elastic#21239)
  Fix prometheus default config (elastic#21253)
  Fix dev guide test command (elastic#21254)
  Move aws lambda metricset to GA (elastic#21255)
  [Docs] Typo in table syntax (elastic#20227)
  [ECS] Adds related.hosts to capture all hostnames and host identifiers on an event. (elastic#21160)
  Add recursive split to httpjson (elastic#21214)
  [DOCS] Add beat specific start widgets (elastic#21217)
  Fix timestamp handling in remote_write (elastic#21166)
  Fix aws, azure and googlecloud compute dashboards (elastic#21098)
  Add acceptable event log keys to winlog (elastic#21205)
  Add elastic-agent to gitignore (elastic#21219)
  Add cloudfoundry tags to events (elastic#21177)
  [Ingest Manager] Agent includes pgp file (elastic#19480)
  Add compatibility note about ingress-controller-v0.34.1 (elastic#21209)
  [Ingest Manager] Support for UPGRADE_ACTION (elastic#21002)
  ...
michalpristas added a commit that referenced this pull request Sep 29, 2020
@michalpristas
Cherry-pick #19480 to 7.x: Agent includes pgp file (#21222)
284c8c1 
Cherry-pick #19480 to 7.x:  Agent includes pgp file  (#21222)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin left review comments

@scunningham scunningham scunningham approved these changes

@blakerouse blakerouse blakerouse approved these changes

Assignees

@michalpristas michalpristas

Labels
enhancement needs_backport PR is waiting to be backported to other branches.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@michalpristas @elasticmachine @blakerouse @ph @scunningham @ruflin