Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #19900 to 7.x: [Elastic Agent] Require --insecure on enroll for connection to Kibana #19910

Merged
merged 2 commits into from
Jul 15, 2020
Merged

Cherry-pick #19900 to 7.x: [Elastic Agent] Require --insecure on enroll for connection to Kibana #19910

merged 2 commits into from
Jul 15, 2020

Conversation

blakerouse
Copy link
Contributor

@blakerouse blakerouse commented Jul 14, 2020
edited
Loading

Cherry-pick of PR #19900 to 7.x branch. Original message:

What does this PR do?

Adds a --insecure option to enroll command to allow enrollment to Kibana with SSL that is insecure. Adds the requirement of using --insecure when using the HTTP protocol.

This also includes a rename of --ca_sha256 to --ca-sha256 and --certificate_authorities to --certificate-authorities. From a command line standpoint I think its best to standardize on - versus a mix of - and _.

Why is it important?

To strongly require users to use secure connection to Kibana.

Checklist

  • My code follows the style guidelines of this project
  • [ ] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

$ ./elastic-agent enroll http://localhost:5601 abcd
The Elastic Agent is currently in BETA and should not be used in production
Error: connection to Kibana is insecure, strongly recommended to use a secure connection (override with --insecure)

Related issues

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 14, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/ingest-management (Team:Ingest Management)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 14, 2020
@blakerouse blakerouse self-assigned this Jul 14, 2020
@ph
Copy link
Contributor

ph commented Jul 14, 2020

backport LGTM

@ph
Copy link
Contributor

ph commented Jul 14, 2020

@blakerouse I think this PR is missing a few commits the failures are related?

@blakerouse
[Elastic Agent] Require --insecure on enroll for connection to Kibana (
0876631 
…elastic#19900)

* Add insecure option to enroll.

* Set TLS to not verify on --insecure.

* Run mage fmt

* Add changelog.

* Update enroll for certificate-authorities and ca-sha256.

* Update changelog.

* Update docstring.

(cherry picked from commit 55c4534)
@blakerouse blakerouse force-pushed the backport_19900_7.x branch from 92dd977 to 0876631 Compare July 15, 2020 03:39
@blakerouse blakerouse mentioned this pull request Jul 15, 2020
Merged
2 tasks
@blakerouse blakerouse merged commit 76c29fa into elastic:7.x Jul 15, 2020
@blakerouse blakerouse deleted the backport_19900_7.x branch July 15, 2020 04:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ph ph ph approved these changes

Assignees

@blakerouse blakerouse

Labels
backport [zube]: In Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blakerouse @elasticmachine @ph