Skip to content

Commit

Permalink
add documentation links
Browse files Browse the repository at this point in the history
  • Loading branch information
jbudz committed Nov 16, 2020
1 parent 3874705 commit 9251ec6
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 24 deletions.
28 changes: 28 additions & 0 deletions src/cli_encryption_key/encryption_config.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,23 @@ export class EncryptionConfig {
'xpack.reporting.encryptionKey',
'xpack.security.encryptionKey',
];
#encryptionMeta = {
'xpack.encryptedSavedObjects.encryptionKey': {
docs:
'https://www.elastic.co/guide/en/kibana/current/xpack-security-secure-saved-objects.html#xpack-security-secure-saved-objects',
description: 'Used to encrypt stored objects such as dashboards and visualizations',
},
'xpack.reporting.encryptionKey': {
docs:
'https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-session-and-cookie-settings',
description: 'Used to encrypt saved reports',
},
'xpack.security.encryptionKey': {
docs:
'https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html#security-session-and-cookie-settings',
description: 'Used to encrypt session information',
},
};

_getEncryptionKey(key) {
return get(this.#config, key);
Expand All @@ -45,6 +62,17 @@ export class EncryptionConfig {
return crypto.randomBytes(16).toString('hex');
}

docs() {
let docs = '';
this.#encryptionKeyPaths.forEach((key) => {
docs += `${key}
${this.#encryptionMeta[key].description}
${this.#encryptionMeta[key].docs}
`;
});
return docs;
}

generate({ force = false }) {
const output = {};
this.#encryptionKeyPaths.forEach((key) => {
Expand Down
16 changes: 12 additions & 4 deletions src/cli_encryption_key/generate.js
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,24 @@ export async function generate(encryptionConfig, command) {
if (isEmpty(keys)) {
logger.log('No keys to write. Use the --force flag to generate new keys.');
} else {
if (!command.quiet) {
logger.log('## Kibana Encryption Key Generation Utility\n');
logger.log(
`The 'generate' command guides you through the process of setting encryption keys for: `
);
logger.log(encryptionConfig.docs());
logger.log(
'Already defined settings are ignored and can be regenerated using the --force flag. Check the documentation links for instructions on how to rotate encryption keys.'
);
logger.log('Definitions should be set in the kibana.yml used configure Kibana.\n');
}
if (command.interactive) {
await interactive(keys, logger);
} else {
if (!command.quiet) logger.log('Generating encryption keys.');
if (!command.quiet) logger.log('Settings:');
logger.log(safeDump(keys));
}
}
if (command.force && !command.quiet) {
logger.log('Any pre-existing keys in kibana.yml will need to be rotated manually.');
}
}

export function generateCli(program, encryptionConfig) {
Expand Down
15 changes: 1 addition & 14 deletions src/cli_encryption_key/generate.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,7 @@ describe('encryption key generation', () => {
quiet: false,
};
generate(encryptionConfig, command);
const keys = Logger.prototype.log.mock.calls[1][0];

const keys = Logger.prototype.log.mock.calls[6][0];
expect(keys.search('xpack.encryptedSavedObjects.encryptionKey')).toBeGreaterThanOrEqual(0);
expect(keys.search('xpack.reporting.encryptionKey')).toBeGreaterThanOrEqual(0);
expect(keys.search('xpack.security.encryptionKey')).toBeGreaterThanOrEqual(0);
Expand All @@ -51,18 +50,6 @@ describe('encryption key generation', () => {
expect(nextLog).toEqual(undefined);
});

it('should add a rotation warning if the force flag is set', () => {
generate(encryptionConfig, { force: true });
expect(Logger.prototype.log.mock.calls[2][0]).toEqual(
'Any pre-existing keys in kibana.yml will need to be rotated manually.'
);
});

it('should not add a rotation warning if the force flag is unset', () => {
generate(encryptionConfig, { force: false });
expect(Logger.prototype.log.mock.calls[2]).toBeUndefined();
});

afterEach(() => {
jest.restoreAllMocks();
});
Expand Down
6 changes: 0 additions & 6 deletions src/cli_encryption_key/interactive.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,6 @@ import { safeDump } from 'js-yaml';

export async function interactive(keys, logger) {
const settings = Object.keys(keys);
logger.log('## Kibana Encryption Key Generation Utility\n');
logger.log(
`The 'generate' command guides you through the process of generating encryption keys for: `
);
logger.log(settings.join('\n'));
logger.log('');
logger.log(
'This tool will ask you a number of questions in order to generate the right set of keys for your needs.\n'
);
Expand Down

0 comments on commit 9251ec6

Please sign in to comment.