-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Support for remote ES output #169252
Conversation
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
...et/public/applications/fleet/components/fleet_server_instructions/hooks/use_service_token.ts
Outdated
Show resolved
Hide resolved
serviceToken={serviceToken} | ||
generateServiceToken={generateServiceToken} | ||
isLoadingServiceToken={isLoadingServiceToken} | ||
/> | ||
), | ||
}; | ||
}; | ||
|
||
const ServiceTokenStepContent: React.FunctionComponent<{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved out and renamed this component to GenerateServiceTokenComponent
to reuse in generating remote token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the end I haven't used this component somewhere else, but I think the refactor can be left in.
@@ -42,28 +42,7 @@ export const FleetServerRequirementPage: React.FunctionComponent< | |||
const startService = useStartServices(); | |||
const deploymentUrl = startService.cloud?.deploymentUrl; | |||
|
|||
const [isPermissionsLoading, setIsPermissionsLoading] = useState<boolean>(false); | |||
const [permissionsError, setPermissionsError] = useState<string>(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
moved this to its own hook, useCheckPermissions
} | ||
> | ||
<EuiComboBox | ||
{isRemoteESOutput ? null : ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hiding the proxy for remote ES output
...outputsRequest.data.items.map((item) => { | ||
const isOutputTypeUnsupported = !allowedOutputTypes.includes(item.type); | ||
...outputsRequest.data.items | ||
.filter((item) => item.type !== outputType.RemoteElasticsearch) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remote ES can't be used as integrations data output:
- Do not allow remote elasticsearch output to be selected as integrations data output (should not be shown in dropdown)
if (output && output.type === outputType.Elasticsearch) { | ||
if ( | ||
output && | ||
(output.type === outputType.Elasticsearch || output.type === outputType.RemoteElasticsearch) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found output_permissions
are needed for remote-elasticsearch output, though it was not mentioned in the definition.
… src/core/server/integration_tests/ci_checks'
Pinging @elastic/fleet (Team:Fleet) |
… src/core/server/integration_tests/ci_checks'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
|
||
export const GenerateServiceTokenRequestSchema = { | ||
query: schema.object({ | ||
remote: schema.boolean({ defaultValue: false }), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I personally found the query parameter for POST request confusing and not consistent with our other endpoints, should we move this to a body parameter?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
x-pack/plugins/fleet/public/applications/fleet/hooks/use_check_permissions.ts
Outdated
Show resolved
Hide resolved
bb2f627
to
ea22138
Compare
ea22138
to
d9eb33f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your changes, I just tested the UI locally and works as expected 🚀
import { schema } from '@kbn/config-schema'; | ||
|
||
export const GenerateServiceTokenRequestSchema = { | ||
body: schema.object({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@juliaElastic looks like it break normal service tokens creation probably should be wrapped in a maybe
{
"error": "Bad Request",
"message": "[request body]: expected a plain object value, but found [null] instead.",
"statusCode": 400
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately maybe
didn't work, I tried a few more combinations (nullable, oneOf, literal
) but no luck. At the end I could solve it with a custom validator function.
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Public APIs missing exports
Page load bundle
History
To update your PR or re-run it, just comment with: |
## Summary Resolves elastic#104986 Opening up for review, the feature flag is off for now, and the TODO items can come in follow up prs. TODO: - make service_token a secret field in output - depends on elastic#157458 - should link to remote elasticsearch docs in UI - depends on elastic/ingest-docs#530 - remote es connection check and report on UI - depends on fleet-server to report unhealthy status if can't access the remote ES cluster - enable feature flag when feature is ready Added Remote ES output type, support to generate service token for `fleet-server-remote` account, support to create and edit remote es output. Added validation to disallow making remote ES output as default for integration data. ## How to test locally? Enable feature flag by adding this to `kibana.dev.yml`: ``` xpack.fleet.enableExperimental: ['remoteESOutput'] ``` See e2e test instructions here: elastic/fleet-server#3051 ## Generate service token Create remote service token API: ``` POST kbn:/api/fleet/service_tokens { "remote": true } // kibana logs out [2023-10-19T16:22:05.776+02:00][DEBUG][plugins.fleet] Creating service token for account elastic/fleet-server-remote ``` ## Add/Edit output flyout: Add output flyout: <img width="675" alt="image" src="https://github.com/elastic/kibana/assets/90178898/dafc7d0e-05be-467f-871c-c4256fc833f6"> Edd output flyout: <img width="660" alt="image" src="https://github.com/elastic/kibana/assets/90178898/0d58fcfb-8c22-4e27-8719-db86ecba2e8d"> Remote ES output not allowed to be set as integrations data output in agent policies, only as monitoring output: <img width="690" alt="image" src="https://github.com/elastic/kibana/assets/90178898/675279cd-1c89-4069-9e07-e448aa796885"> <img width="683" alt="image" src="https://github.com/elastic/kibana/assets/90178898/6f67179d-b971-497f-9b04-3d3db5a42976"> Example API call to create/update output: ``` POST kbn:/api/fleet/outputs {"name":"remote1","type":"remote-elasticsearch","hosts":["http://localhost:9200"],"is_default":false,"is_default_monitoring":false,"config_yaml":"","service_token":"token1","proxy_id":null} PUT kbn:/api/fleet/outputs/39168010-6db8-11ee-9bf3-ed5492034535 {"name":"remote2","type":"remote-elasticsearch","hosts":["http://localhost:9200"],"is_default":false,"is_default_monitoring":false,"config_yaml":"","service_token":"token2","proxy_id":null} ``` ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Summary
Resolves #104986
Opening up for review, the feature flag is off for now, and the TODO items can come in follow up prs.
TODO:
Added Remote ES output type, support to generate service token for
fleet-server-remote
account, support to create and edit remote es output.Added validation to disallow making remote ES output as default for integration data.
How to test locally?
Enable feature flag by adding this to
kibana.dev.yml
:See e2e test instructions here: elastic/fleet-server#3051
Generate service token
Create remote service token API:
Add/Edit output flyout:
Add output flyout:
Edd output flyout:
Remote ES output not allowed to be set as integrations data output in agent policies, only as monitoring output:
Example API call to create/update output:
Checklist