From b5bcdbc13e617286b86a68f9c75846703d4df754 Mon Sep 17 00:00:00 2001
From: Oliver Gupte <oliver.gupte@elastic.co>
Date: Mon, 28 Mar 2022 21:21:23 -0400
Subject: [PATCH] [APM] ensure rum_allow_origins setting only saves valid YAML
 strings (#128703)

---
 .../fleet/create_cloud_apm_package_policy.ts  |  3 ++-
 .../get_apm_package_policy_definition.ts      | 23 +++++++++++++++++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/x-pack/plugins/apm/server/routes/fleet/create_cloud_apm_package_policy.ts b/x-pack/plugins/apm/server/routes/fleet/create_cloud_apm_package_policy.ts
index 797bce77facdb..670932ea6dbbd 100644
--- a/x-pack/plugins/apm/server/routes/fleet/create_cloud_apm_package_policy.ts
+++ b/x-pack/plugins/apm/server/routes/fleet/create_cloud_apm_package_policy.ts
@@ -23,6 +23,7 @@ import {
 import { getApmPackagePolicyDefinition } from './get_apm_package_policy_definition';
 import { Setup } from '../../lib/helpers/setup_request';
 import { mergePackagePolicyWithApm } from './merge_package_policy_with_apm';
+import { ELASTIC_CLOUD_APM_AGENT_POLICY_ID } from '../../../common/fleet';
 
 export async function createCloudApmPackgePolicy({
   cloudPluginSetup,
@@ -65,7 +66,7 @@ export async function createCloudApmPackgePolicy({
     savedObjectsClient,
     esClient,
     mergedAPMPackagePolicy,
-    { force: true, bumpRevision: true }
+    { id: ELASTIC_CLOUD_APM_AGENT_POLICY_ID, force: true, bumpRevision: true }
   );
   logger.info(`Fleet migration on Cloud - apmPackagePolicy create end`);
   return apmPackagePolicy;
diff --git a/x-pack/plugins/apm/server/routes/fleet/get_apm_package_policy_definition.ts b/x-pack/plugins/apm/server/routes/fleet/get_apm_package_policy_definition.ts
index 85ac03697019c..28b40447136ce 100644
--- a/x-pack/plugins/apm/server/routes/fleet/get_apm_package_policy_definition.ts
+++ b/x-pack/plugins/apm/server/routes/fleet/get_apm_package_policy_definition.ts
@@ -5,12 +5,12 @@
  * 2.0.
  */
 
+import yaml from 'js-yaml';
 import { KibanaRequest } from 'kibana/server';
 import { RegistryVarsEntry } from '../../../../fleet/common';
 import {
   POLICY_ELASTIC_AGENT_ON_CLOUD,
   INPUT_VAR_NAME_TO_SCHEMA_PATH,
-  ELASTIC_CLOUD_APM_AGENT_POLICY_ID,
 } from '../../../common/fleet';
 import {
   APMPluginSetupDependencies,
@@ -36,7 +36,6 @@ export async function getApmPackagePolicyDefinition({
   });
 
   return {
-    id: ELASTIC_CLOUD_APM_AGENT_POLICY_ID,
     name: 'Elastic APM',
     namespace: 'default',
     enabled: true,
@@ -73,6 +72,9 @@ function getApmPackageInputVars({
 }): Record<string, { type: string; value: any }> {
   const overrideValues: Record<string, any> = {
     url: cloudPluginSetup?.apm?.url, // overrides 'apm-server.url' to be the cloud APM host
+    rum_allow_origins: ensureValidMultiText(
+      apmServerSchema[INPUT_VAR_NAME_TO_SCHEMA_PATH.rum_allow_origins]
+    ), // fixes issue where "*" needs to be wrapped in quotes to be parsed as a YAML string
   };
 
   return policyTemplateInputVars.reduce((acc, registryVarsEntry) => {
@@ -90,3 +92,20 @@ function getApmPackageInputVars({
     };
   }, {});
 }
+
+function ensureValidMultiText(textMultiValue: string[] | undefined) {
+  if (!textMultiValue) {
+    return undefined;
+  }
+  return textMultiValue.map(escapeInvalidYamlString);
+}
+function escapeInvalidYamlString(yamlString: string) {
+  try {
+    yaml.load(yamlString);
+  } catch (error) {
+    if (error instanceof yaml.YAMLException) {
+      return `"${yamlString}"`;
+    }
+  }
+  return yamlString;
+}