Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Agentless API certificates path for security projects #191248

Merged
merged 1 commit into from
Aug 26, 2024
Merged

Agentless API certificates path for security projects #191248

merged 1 commit into from
Aug 26, 2024

Conversation

amirbenun
Copy link
Contributor

@amirbenun amirbenun commented Aug 25, 2024
edited
Loading

Summary

Change the default configuration for security projects to contain the certificates that are required for mTLS auth with the agentless-api.
Kibana also expects xpack.fleet.agentless.enabled: true in order to allow agentless deployment creation which will be provided via the project-controller.

Checklist

Delete any items that are not applicable to this PR.

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

Risk Probability Severity Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space. Low High Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. High Low Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled. Medium High Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

For maintainers

@amirbenun amirbenun requested review from a team as code owners August 25, 2024 15:06
kfirpeled
kfirpeled approved these changes Aug 25, 2024
View reviewed changes
Copy link
Contributor

@kfirpeled kfirpeled left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kfirpeled kfirpeled added the release_note:skip Skip the PR/issue when compiling release notes label Aug 25, 2024
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #16 / Cloud Security Posture Test adding Cloud Security Posture Integrations CSPM AWS CIS_AWS Organization Manual Direct Access CIS_AWS Organization Manual Direct Access Workflow

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@amirbenun amirbenun merged commit 7559e60 into main Aug 26, 2024
23 checks passed
@amirbenun amirbenun deleted the agentless-api-certs-security branch August 26, 2024 16:10
@kibanamachine kibanamachine added v8.16.0 backport:skip This commit does not require backporting labels Aug 26, 2024
amirbenun added a commit that referenced this pull request Aug 27, 2024
@amirbenun
Revert "Agentless API certificates path for security projects (#191248)"
1043a6b 
This reverts commit 7559e60.
@amirbenun amirbenun mentioned this pull request Aug 28, 2024
Merged
amirbenun added a commit that referenced this pull request Aug 28, 2024
@amirbenun
Revert "Agentless API certificates path for security projects" (#191571)
096c52f 
Reverts #191248

Reverting since this configuration will be set by kibana-controller
- Resolves: elastic/agentless-api#278
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elena-shostak elena-shostak elena-shostak approved these changes

@kfirpeled kfirpeled kfirpeled approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@amirbenun @kibana-ci @kfirpeled @elena-shostak @kibanamachine