Validating monitoring hosts setting while parsing #47246

jasontedor · 2019-09-27T19:15:42Z

This commit lifts the validation of the monitoring hosts setting into the setting itself, rather than when the setting is used. This prevents a scenario where an invalid value for the setting is accepted, but then later fails while applying a cluster state with the invalid setting.

Closes #47125

This commit lifts the validation of the monitoring hosts setting into the setting itself, rather than when the setting is used. This prevents a scenario where an invalid value for the setting is accepted, but then later fails while applying a cluster state with the invalid setting.

elasticmachine · 2019-09-27T19:15:43Z

Pinging @elastic/es-core-features

jakelandis · 2019-09-27T21:10:32Z

@jasontedor - I missed that you were working on this too. I put up a quicker fix PR that prevents the major issue from occurring. #47249

I think a proper fix is more inline with what you have here (updates to the setting infrastructure). However it should be noted that this issue is not limited to just the host field. I put some notes in the PR.

jasontedor · 2019-09-27T21:35:27Z

@jakelandis I don't see the notes, did you click submit review? If you're referring to the other settings, for example xpack.monitoring.exporters.*.auth.username I was intending to pick these up in a follow-up.

jakelandis · 2019-09-27T21:57:38Z

@jasontedor the notes are just the commit message on #47249 (which i will close in favor of this).

If you're referring to the other settings, for example xpack.monitoring.exporters.*.auth.username I was intending to pick these up in a follow-up.

yup. thanks.

jasontedor · 2019-09-27T22:01:38Z

Oh, I see, you were referring to other PR. Thanks for clarifying!

Today when settings validate, they can only validate against settings that are of the same type. While this strong-type is convenient from a development perspective, it is too limiting in that some settings need to validate against settings of a different type. For example, the list setting xpack.monitoring.exporters.<namespace>.host wants to validate that it is non-empty if and only if the string setting xpack.monitoring.exporters.<namespace>.type is "http". Today this is impossible since the settings validation framework only allows that setting to validate against other list settings. This commit increases the flexibility here to validate against settings of arbitrary type, at the expense of losing strong-typing during development.

…-validation

This reverts commit 606d374.

This commit lifts the validation of the monitoring hosts setting into the setting itself, rather than when the setting is used. This prevents a scenario where an invalid value for the setting is accepted, but then later fails while applying a cluster state with the invalid setting.

Add validation for the following logfile audit settings: xpack.security.audit.logfile.events.include xpack.security.audit.logfile.events.exclude xpack.security.audit.logfile.events.ignore_filters.*.users xpack.security.audit.logfile.events.ignore_filters.*.realms xpack.security.audit.logfile.events.ignore_filters.*.roles xpack.security.audit.logfile.events.ignore_filters.*.indices Closes #52357 Relates #47711 #47038 Follows the example from #47246

Add validation for the following logfile audit settings: xpack.security.audit.logfile.events.include xpack.security.audit.logfile.events.exclude xpack.security.audit.logfile.events.ignore_filters.*.users xpack.security.audit.logfile.events.ignore_filters.*.realms xpack.security.audit.logfile.events.ignore_filters.*.roles xpack.security.audit.logfile.events.ignore_filters.*.indices Closes elastic#52357 Relates elastic#47711 elastic#47038 Follows the example from elastic#47246

Add validation for the following logfile audit settings: xpack.security.audit.logfile.events.include xpack.security.audit.logfile.events.exclude xpack.security.audit.logfile.events.ignore_filters.*.users xpack.security.audit.logfile.events.ignore_filters.*.realms xpack.security.audit.logfile.events.ignore_filters.*.roles xpack.security.audit.logfile.events.ignore_filters.*.indices Closes #52357 Relates #47711 #47038 Follows the example from #47246

#47711 and #47246 helped to validate that monitoring settings are rejected at time of setting the monitoring settings. Else an invalid monitoring setting can find it's way into the cluster state and result in an exception thrown [1] on the cluster state application (there by causing significant issues). Some additional monitoring settings have been identified that can result in invalid cluster state that also result in exceptions thrown on cluster state application. All settings require a type of either http or local to be applicable. When a setting is changed, the exporters are automatically updated with the new settings. However, if the old or new settings lack of a type setting an exception will be thrown (since exporters are always of type 'http' or 'local'). Arguably we shouldn't blindly create and destroy new exporters on each monitoring setting update, but the lifecycle of the exporters is abit out the scope this PR is trying to address. This commit introduces a similar methodology to check for validity as #47711 and #47246 but this time for ALL (including non-http) settings. Monitoring settings are not useful unless there an exporter with a type defined. The type is used as dependent setting, such that it must exist to set the value. This ensures that when any monitoring settings changes that they can only get added to cluster state if the type exists. If the type exists (and the other validations pass) then the exporters will get re-built and the cluster state remains valid. Tests have been included to ensure that all dynamic monitoring settings have the type as dependent settings. [1] org.elasticsearch.common.settings.SettingsException: missing exporter type for [found-user-defined] exporter at org.elasticsearch.xpack.monitoring.exporter.Exporters.initExporters(Exporters.java:126) ~[?:?]

elastic#47711 and elastic#47246 helped to validate that monitoring settings are rejected at time of setting the monitoring settings. Else an invalid monitoring setting can find it's way into the cluster state and result in an exception thrown [1] on the cluster state application (there by causing significant issues). Some additional monitoring settings have been identified that can result in invalid cluster state that also result in exceptions thrown on cluster state application. All settings require a type of either http or local to be applicable. When a setting is changed, the exporters are automatically updated with the new settings. However, if the old or new settings lack of a type setting an exception will be thrown (since exporters are always of type 'http' or 'local'). Arguably we shouldn't blindly create and destroy new exporters on each monitoring setting update, but the lifecycle of the exporters is abit out the scope this PR is trying to address. This commit introduces a similar methodology to check for validity as elastic#47711 and elastic#47246 but this time for ALL (including non-http) settings. Monitoring settings are not useful unless there an exporter with a type defined. The type is used as dependent setting, such that it must exist to set the value. This ensures that when any monitoring settings changes that they can only get added to cluster state if the type exists. If the type exists (and the other validations pass) then the exporters will get re-built and the cluster state remains valid. Tests have been included to ensure that all dynamic monitoring settings have the type as dependent settings. [1] org.elasticsearch.common.settings.SettingsException: missing exporter type for [found-user-defined] exporter at org.elasticsearch.xpack.monitoring.exporter.Exporters.initExporters(Exporters.java:126) ~[?:?]

…57704) #47711 and #47246 helped to validate that monitoring settings are rejected at time of setting the monitoring settings. Else an invalid monitoring setting can find it's way into the cluster state and result in an exception thrown [1] on the cluster state application (there by causing significant issues). Some additional monitoring settings have been identified that can result in invalid cluster state that also result in exceptions thrown on cluster state application. All settings require a type of either http or local to be applicable. When a setting is changed, the exporters are automatically updated with the new settings. However, if the old or new settings lack of a type setting an exception will be thrown (since exporters are always of type 'http' or 'local'). Arguably we shouldn't blindly create and destroy new exporters on each monitoring setting update, but the lifecycle of the exporters is abit out the scope this PR is trying to address. This commit introduces a similar methodology to check for validity as #47711 and #47246 but this time for ALL (including non-http) settings. Monitoring settings are not useful unless there an exporter with a type defined. The type is used as dependent setting, such that it must exist to set the value. This ensures that when any monitoring settings changes that they can only get added to cluster state if the type exists. If the type exists (and the other validations pass) then the exporters will get re-built and the cluster state remains valid. Tests have been included to ensure that all dynamic monitoring settings have the type as dependent settings. [1] org.elasticsearch.common.settings.SettingsException: missing exporter type for [found-user-defined] exporter at org.elasticsearch.xpack.monitoring.exporter.Exporters.initExporters(Exporters.java:126) ~[?:?]

…57703) #47711 and #47246 helped to validate that monitoring settings are rejected at time of setting the monitoring settings. Else an invalid monitoring setting can find it's way into the cluster state and result in an exception thrown [1] on the cluster state application (there by causing significant issues). Some additional monitoring settings have been identified that can result in invalid cluster state that also result in exceptions thrown on cluster state application. All settings require a type of either http or local to be applicable. When a setting is changed, the exporters are automatically updated with the new settings. However, if the old or new settings lack of a type setting an exception will be thrown (since exporters are always of type 'http' or 'local'). Arguably we shouldn't blindly create and destroy new exporters on each monitoring setting update, but the lifecycle of the exporters is abit out the scope this PR is trying to address. This commit introduces a similar methodology to check for validity as #47711 and #47246 but this time for ALL (including non-http) settings. Monitoring settings are not useful unless there an exporter with a type defined. The type is used as dependent setting, such that it must exist to set the value. This ensures that when any monitoring settings changes that they can only get added to cluster state if the type exists. If the type exists (and the other validations pass) then the exporters will get re-built and the cluster state remains valid. Tests have been included to ensure that all dynamic monitoring settings have the type as dependent settings. [1] org.elasticsearch.common.settings.SettingsException: missing exporter type for [found-user-defined] exporter at org.elasticsearch.xpack.monitoring.exporter.Exporters.initExporters(Exporters.java:126) ~[?:?]

jasontedor added >bug :Data Management/Monitoring v8.0.0 v6.8.3 v7.5.0 v7.4.1 labels Sep 27, 2019

jasontedor added 2 commits September 27, 2019 17:27

Add tests

e800b73

Remove redundant tests

461ba46

jasontedor marked this pull request as ready for review September 27, 2019 21:44

jasontedor requested a review from jakelandis September 27, 2019 21:44

jakelandis mentioned this pull request Sep 27, 2019

Address invalid monitoring configuration that prevents Elasticsearch from starting #47249

Closed

jasontedor added 13 commits September 28, 2019 12:03

wip

4f075ba

Fix imports

2ad080e

Revert accidental change

0e2420d

Fix test compilation

14a3ffc

Fix more test compilation

b6dbce2

Missing final

20731a0

Merge remote-tracking branch 'elastic/master' into arbitrary-settings…

29c6763

…-validation

Fix formatting

65046de

Merge remote-tracking branch 'elastic/master' into arbitrary-settings…

d3e74f8

…-validation

More formatting fixes

abbec9b

Add strong typing through Settings

606d374

Revert "Add strong typing through Settings"

1f544a3

This reverts commit 606d374.

elasticmachine and others added 3 commits October 3, 2019 04:04

Merge branch 'master' into monitoring-hosts-validation

7f1e646

Remove unused monitoring settings

a51c057

Migrate test

3fe810d

jasontedor merged commit fbd4ec5 into elastic:master Oct 4, 2019

jasontedor mentioned this pull request Oct 4, 2019

Validating monitoring hosts setting while parsing #47571

Merged

jasontedor removed v6.8.3 v7.4.1 labels Oct 4, 2019

jasontedor deleted the monitoring-hosts-validation branch October 4, 2019 21:32

rjernst mentioned this pull request Oct 7, 2019

Settings should be validated at parse time #47711

Closed

jasontedor mentioned this pull request Dec 9, 2019

Validate exporter type is HTTP for HTTP exporter #49992

Merged

This was referenced Feb 3, 2020

[meta] 7.6 release elastic/elasticsearch-net#4340

Closed

[meta] 7.6 release elastic/elasticsearch-net#4341

Closed

albertzaharovits mentioned this pull request Feb 19, 2020

Logfile audit settings validation #52537

Merged

albertzaharovits mentioned this pull request Feb 24, 2020

BACKPORT Logfile audit settings validation (#52537) #52699

Merged

albertzaharovits mentioned this pull request Feb 24, 2020

BACKPORT 7.6 Logfile audit settings validation #52700

Merged

albertzaharovits mentioned this pull request Feb 24, 2020

BACKPORT 6.8 Logfile audit settings validation (#52537) #52702

Closed

jakelandis mentioned this pull request May 31, 2020

Ensure type exists for all monitoring configuration #57399

Merged

jakelandis added v8.0.0-alpha1 and removed v8.0.0 labels Jul 26, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Validating monitoring hosts setting while parsing #47246

Validating monitoring hosts setting while parsing #47246

jasontedor commented Sep 27, 2019

elasticmachine commented Sep 27, 2019

jakelandis commented Sep 27, 2019

jasontedor commented Sep 27, 2019

jakelandis commented Sep 27, 2019

jasontedor commented Sep 27, 2019

Validating monitoring hosts setting while parsing #47246

Validating monitoring hosts setting while parsing #47246

Conversation

jasontedor commented Sep 27, 2019

elasticmachine commented Sep 27, 2019

jakelandis commented Sep 27, 2019

jasontedor commented Sep 27, 2019

jakelandis commented Sep 27, 2019

jasontedor commented Sep 27, 2019