[Actions] Rename tls.* configs to ssl.*

docs/settings/alert-action-settings.asciidoc

@@ -69,7 +69,7 @@ You can configure the following settings in the `kibana.yml` file.
 --
 xpack.actions.customHostSettings:
   - url: smtp://mail.example.com:465
-    tls: 
+    ssl: 
       verificationMode: 'full'
       certificateAuthoritiesFiles: [ 'one.crt' ]
       certificateAuthoritiesData: |
@@ -79,7 +79,7 @@ xpack.actions.customHostSettings:
     smtp:
       requireTLS: true
   - url: https://webhook.example.com
-    tls: 
+    ssl: 
       // legacy
       rejectUnauthorized: false
       verificationMode: 'none'
@@ -97,8 +97,8 @@ xpack.actions.customHostSettings:
   server, and the `https` URLs are used for actions which use `https` to
   connect to services. +
   +
-  Entries with `https` URLs can use the `tls` options, and entries with `smtp`
-  URLs can use both the `tls` and `smtp` options. +
+  Entries with `https` URLs can use the `ssl` options, and entries with `smtp`
+  URLs can use both the `ssl` and `smtp` options. +
   +
   No other URL values should be part of this URL, including paths,
   query strings, and authentication information.  When an http or smtp request
@@ -117,24 +117,24 @@ xpack.actions.customHostSettings:
   The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true.
 
 | `xpack.actions.customHostSettings[n]`
-`.tls.rejectUnauthorized` {ess-icon}
-  | Deprecated. Use <<action-config-custom-host-verification-mode,`xpack.actions.customHostSettings.tls.verificationMode`>> instead. A boolean value indicating whether to bypass server certificate validation.
+`.ssl.rejectUnauthorized` {ess-icon}
+  | Deprecated. Use <<action-config-custom-host-verification-mode,`xpack.actions.customHostSettings.ssl.verificationMode`>> instead. A boolean value indicating whether to bypass server certificate validation.
   Overrides the general `xpack.actions.rejectUnauthorized` configuration
   for requests made for this hostname/port.
 
 |[[action-config-custom-host-verification-mode]] `xpack.actions.customHostSettings[n]`
-`.tls.verificationMode`
+`.ssl.verificationMode`
   | Controls the verification of the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection to the host server. Valid values are `full`, `certificate`, and `none`. 
- Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>. Overrides the general `xpack.actions.tls.verificationMode` configuration
+ Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>. Overrides the general `xpack.actions.ssl.verificationMode` configuration
   for requests made for this hostname/port.
 
 | `xpack.actions.customHostSettings[n]`
-`.tls.certificateAuthoritiesFiles`
+`.ssl.certificateAuthoritiesFiles`
   | A file name or list of file names of PEM-encoded certificate files to use
   to validate the server.
 
 | `xpack.actions.customHostSettings[n]`
-`.tls.certificateAuthoritiesData` {ess-icon}
+`.ssl.certificateAuthoritiesData` {ess-icon}
   | The contents of a PEM-encoded certificate file, or multiple files appended
   into a single string.  This configuration can be used for environments where
   the files cannot be made available.  
@@ -165,28 +165,28 @@ xpack.actions.customHostSettings:
 
 a|`xpack.actions.`
 `proxyRejectUnauthorizedCertificates` {ess-icon}
-  | Deprecated. Use <<action-config-proxy-verification-mode,`xpack.actions.tls.proxyVerificationMode`>> instead. Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Default: `true`.
+  | Deprecated. Use <<action-config-proxy-verification-mode,`xpack.actions.ssl.proxyVerificationMode`>> instead. Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Default: `true`.
 
 |[[action-config-proxy-verification-mode]]
 `xpack.actions[n]`
-`.tls.proxyVerificationMode` {ess-icon}
+`.ssl.proxyVerificationMode` {ess-icon}
 | Controls the verification for the proxy server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`. 
 Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>.
 
 | `xpack.actions.rejectUnauthorized` {ess-icon}
-  | Deprecated. Use <<action-config-verification-mode,`xpack.actions.tls.verificationMode`>> instead. Set to `false` to bypass certificate validation for actions. Default: `true`. +
+  | Deprecated. Use <<action-config-verification-mode,`xpack.actions.ssl.verificationMode`>> instead. Set to `false` to bypass certificate validation for actions. Default: `true`. +
   +
   As an alternative to setting `xpack.actions.rejectUnauthorized`, you can use the setting
-  `xpack.actions.customHostSettings` to set TLS options for specific servers.
+  `xpack.actions.customHostSettings` to set SSL options for specific servers.
 
 |[[action-config-verification-mode]]
 `xpack.actions[n]`
-`.tls.verificationMode` {ess-icon}
+`.ssl.verificationMode` {ess-icon}
 | Controls the verification for the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`. 
   Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>. +
   +
-  As an alternative to setting `xpack.actions.tls.verificationMode`, you can use the setting
-  `xpack.actions.customHostSettings` to set TLS options for specific servers.
+  As an alternative to setting `xpack.actions.ssl.verificationMode`, you can use the setting
+  `xpack.actions.customHostSettings` to set SSL options for specific servers.
 
 
 

src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker

@@ -204,8 +204,8 @@ kibana_vars=(
     xpack.actions.proxyUrl
     xpack.actions.rejectUnauthorized
     xpack.actions.responseTimeout
-    xpack.actions.tls.proxyVerificationMode
-    xpack.actions.tls.verificationMode
+    xpack.actions.ssl.proxyVerificationMode
+    xpack.actions.ssl.verificationMode
     xpack.alerting.healthCheck.interval
     xpack.alerting.invalidateApiKeysTask.interval
     xpack.alerting.invalidateApiKeysTask.removalDelay

x-pack/plugins/actions/server/actions_client.test.ts

@@ -429,7 +429,7 @@ describe('create()', () => {
         idleInterval: schema.duration().validate('1h'),
         pageSize: 100,
       },
-      tls: {
+      ssl: {
         verificationMode: 'full',
         proxyVerificationMode: 'full',
       },

x-pack/plugins/actions/server/actions_config.mock.ts

@@ -15,7 +15,7 @@ const createActionsConfigMock = () => {
     ensureHostnameAllowed: jest.fn().mockReturnValue({}),
     ensureUriAllowed: jest.fn().mockReturnValue({}),
     ensureActionTypeEnabled: jest.fn().mockReturnValue({}),
-    getTLSSettings: jest.fn().mockReturnValue({
+    getSSLSettings: jest.fn().mockReturnValue({
       verificationMode: 'full',
     }),
     getProxySettings: jest.fn().mockReturnValue(undefined),

x-pack/plugins/actions/server/actions_config.test.ts

@@ -37,7 +37,7 @@ const defaultActionsConfig: ActionsConfig = {
     idleInterval: schema.duration().validate('1h'),
     pageSize: 100,
   },
-  tls: {
+  ssl: {
     proxyVerificationMode: 'full',
     verificationMode: 'full',
   },
@@ -316,38 +316,38 @@ describe('getProxySettings', () => {
       proxyRejectUnauthorizedCertificates: true,
     };
     let proxySettings = getActionsConfigurationUtilities(configTrue).getProxySettings();
-    expect(proxySettings?.proxyTLSSettings.verificationMode).toBe('full');
+    expect(proxySettings?.proxySSLSettings.verificationMode).toBe('full');
 
     const configFalse: ActionsConfig = {
       ...defaultActionsConfig,
       proxyUrl: 'https://proxy.elastic.co',
       proxyRejectUnauthorizedCertificates: false,
-      tls: {},
+      ssl: {},
     };
     proxySettings = getActionsConfigurationUtilities(configFalse).getProxySettings();
-    expect(proxySettings?.proxyTLSSettings.verificationMode).toBe('none');
+    expect(proxySettings?.proxySSLSettings.verificationMode).toBe('none');
   });
 
-  test('returns proper verificationMode value, based on the TLS proxy configuration', () => {
+  test('returns proper verificationMode value, based on the SSL proxy configuration', () => {
     const configTrue: ActionsConfig = {
       ...defaultActionsConfig,
       proxyUrl: 'https://proxy.elastic.co',
-      tls: {
+      ssl: {
         proxyVerificationMode: 'full',
       },
     };
     let proxySettings = getActionsConfigurationUtilities(configTrue).getProxySettings();
-    expect(proxySettings?.proxyTLSSettings.verificationMode).toBe('full');
+    expect(proxySettings?.proxySSLSettings.verificationMode).toBe('full');
 
     const configFalse: ActionsConfig = {
       ...defaultActionsConfig,
       proxyUrl: 'https://proxy.elastic.co',
-      tls: {
+      ssl: {
         proxyVerificationMode: 'none',
       },
     };
     proxySettings = getActionsConfigurationUtilities(configFalse).getProxySettings();
-    expect(proxySettings?.proxyTLSSettings.verificationMode).toBe('none');
+    expect(proxySettings?.proxySSLSettings.verificationMode).toBe('none');
   });
 
   test('returns proxy headers', () => {
@@ -432,13 +432,13 @@ describe('getProxySettings', () => {
       customHostSettings: [
         {
           url: 'https://elastic.co',
-          tls: {
+          ssl: {
             verificationMode: 'full',
           },
         },
         {
           url: 'smtp://elastic.co:123',
-          tls: {
+          ssl: {
             verificationMode: 'none',
           },
           smtp: {
@@ -465,24 +465,24 @@ describe('getProxySettings', () => {
   });
 });
 
-describe('getTLSSettings', () => {
-  test('returns proper verificationMode value, based on the TLS proxy configuration', () => {
+describe('getSSLSettings', () => {
+  test('returns proper verificationMode value, based on the SSL proxy configuration', () => {
     const configTrue: ActionsConfig = {
       ...defaultActionsConfig,
-      tls: {
+      ssl: {
         verificationMode: 'full',
       },
     };
-    let tlsSettings = getActionsConfigurationUtilities(configTrue).getTLSSettings();
-    expect(tlsSettings.verificationMode).toBe('full');
+    let sslSettings = getActionsConfigurationUtilities(configTrue).getSSLSettings();
+    expect(sslSettings.verificationMode).toBe('full');
 
     const configFalse: ActionsConfig = {
       ...defaultActionsConfig,
-      tls: {
+      ssl: {
         verificationMode: 'none',
       },
     };
-    tlsSettings = getActionsConfigurationUtilities(configFalse).getTLSSettings();
-    expect(tlsSettings.verificationMode).toBe('none');
+    sslSettings = getActionsConfigurationUtilities(configFalse).getSSLSettings();
+    expect(sslSettings.verificationMode).toBe('none');
   });
 });

x-pack/plugins/actions/server/actions_config.ts

@@ -14,8 +14,8 @@ import { pipe } from 'fp-ts/lib/pipeable';
 import { ActionsConfig, AllowedHosts, EnabledActionTypes, CustomHostSettings } from './config';
 import { getCanonicalCustomHostUrl } from './lib/custom_host_settings';
 import { ActionTypeDisabledError } from './lib';
-import { ProxySettings, ResponseSettings, TLSSettings } from './types';
-import { getTLSSettingsFromConfig } from './builtin_action_types/lib/get_node_tls_options';
+import { ProxySettings, ResponseSettings, SSLSettings } from './types';
+import { getSSLSettingsFromConfig } from './builtin_action_types/lib/get_node_ssl_options';
 
 export { AllowedHosts, EnabledActionTypes } from './config';
 
@@ -31,7 +31,7 @@ export interface ActionsConfigurationUtilities {
   ensureHostnameAllowed: (hostname: string) => void;
   ensureUriAllowed: (uri: string) => void;
   ensureActionTypeEnabled: (actionType: string) => void;
-  getTLSSettings: () => TLSSettings;
+  getSSLSettings: () => SSLSettings;
   getProxySettings: () => undefined | ProxySettings;
   getResponseSettings: () => ResponseSettings;
   getCustomHostSettings: (targetUrl: string) => CustomHostSettings | undefined;
@@ -94,8 +94,8 @@ function getProxySettingsFromConfig(config: ActionsConfig): undefined | ProxySet
     proxyBypassHosts: arrayAsSet(config.proxyBypassHosts),
     proxyOnlyHosts: arrayAsSet(config.proxyOnlyHosts),
     proxyHeaders: config.proxyHeaders,
-    proxyTLSSettings: getTLSSettingsFromConfig(
-      config.tls?.proxyVerificationMode,
+    proxySSLSettings: getSSLSettingsFromConfig(
+      config.ssl?.proxyVerificationMode,
       config.proxyRejectUnauthorizedCertificates
     ),
   };
@@ -146,8 +146,8 @@ export function getActionsConfigurationUtilities(
     isActionTypeEnabled,
     getProxySettings: () => getProxySettingsFromConfig(config),
     getResponseSettings: () => getResponseSettingsFromConfig(config),
-    getTLSSettings: () =>
-      getTLSSettingsFromConfig(config.tls?.verificationMode, config.rejectUnauthorized),
+    getSSLSettings: () =>
+      getSSLSettingsFromConfig(config.ssl?.verificationMode, config.rejectUnauthorized),
     ensureUriAllowed(uri: string) {
       if (!isUriAllowed(uri)) {
         throw new Error(allowListErrorMessage(AllowListingField.URL, uri));

x-pack/plugins/actions/server/builtin_action_types/email.test.ts

@@ -285,7 +285,7 @@ describe('execute()', () => {
           "getCustomHostSettings": [MockFunction],
           "getProxySettings": [MockFunction],
           "getResponseSettings": [MockFunction],
-          "getTLSSettings": [MockFunction],
+          "getSSLSettings": [MockFunction],
           "isActionTypeEnabled": [MockFunction],
           "isHostnameAllowed": [MockFunction],
           "isUriAllowed": [MockFunction],
@@ -346,7 +346,7 @@ describe('execute()', () => {
           "getCustomHostSettings": [MockFunction],
           "getProxySettings": [MockFunction],
           "getResponseSettings": [MockFunction],
-          "getTLSSettings": [MockFunction],
+          "getSSLSettings": [MockFunction],
           "isActionTypeEnabled": [MockFunction],
           "isHostnameAllowed": [MockFunction],
           "isUriAllowed": [MockFunction],

x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils.test.ts

@@ -75,7 +75,7 @@ describe('request', () => {
 
   test('it have been called with proper proxy agent for a valid url', async () => {
     configurationUtilities.getProxySettings.mockReturnValue({
-      proxyTLSSettings: {
+      proxySSLSettings: {
         verificationMode: 'full',
       },
       proxyUrl: 'https://localhost:1212',
@@ -110,7 +110,7 @@ describe('request', () => {
   test('it have been called with proper proxy agent for an invalid url', async () => {
     configurationUtilities.getProxySettings.mockReturnValue({
       proxyUrl: ':nope:',
-      proxyTLSSettings: {
+      proxySSLSettings: {
         verificationMode: 'none',
       },
       proxyBypassHosts: undefined,
@@ -141,7 +141,7 @@ describe('request', () => {
 
   test('it bypasses with proxyBypassHosts when expected', async () => {
     configurationUtilities.getProxySettings.mockReturnValue({
-      proxyTLSSettings: {
+      proxySSLSettings: {
         verificationMode: 'full',
       },
       proxyUrl: 'https://elastic.proxy.co',
@@ -164,7 +164,7 @@ describe('request', () => {
 
   test('it does not bypass with proxyBypassHosts when expected', async () => {
     configurationUtilities.getProxySettings.mockReturnValue({
-      proxyTLSSettings: {
+      proxySSLSettings: {
         verificationMode: 'full',
       },
       proxyUrl: 'https://elastic.proxy.co',
@@ -187,7 +187,7 @@ describe('request', () => {
 
   test('it proxies with proxyOnlyHosts when expected', async () => {
     configurationUtilities.getProxySettings.mockReturnValue({
-      proxyTLSSettings: {
+      proxySSLSettings: {
         verificationMode: 'full',
       },
       proxyUrl: 'https://elastic.proxy.co',
@@ -210,7 +210,7 @@ describe('request', () => {
 
   test('it does not proxy with proxyOnlyHosts when expected', async () => {
     configurationUtilities.getProxySettings.mockReturnValue({
-      proxyTLSSettings: {
+      proxySSLSettings: {
         verificationMode: 'full',
       },
       proxyUrl: 'https://elastic.proxy.co',