Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable action plugin functionality when ESO plugin is using an ephemeral encryption key #56906

Merged

Conversation

mikecote
Copy link
Contributor

@mikecote mikecote commented Feb 5, 2020

Resolves the actions portion of #56420.

In this PR, the actions client will throw an error whenever trying to create an instance of the client (via getActionsClientWithRequest or routeHandlerContext in route handler context) and the encrypted saved objects plugin is using an ephemeral encryption key. Errors will also be thrown when calling the execute API or the execute function exposed by the plugin.

Sample error message:

Unable to create actions client due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml

@mikecote mikecote added Feature:Alerting v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.7.0 Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Feb 5, 2020
@mikecote mikecote self-assigned this Feb 5, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@mikecote
Copy link
Contributor Author

mikecote commented Feb 5, 2020

@elasticmachine merge upstream

@mikecote
Copy link
Contributor Author

mikecote commented Feb 6, 2020

@elasticmachine merge upstream

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@elastic elastic deleted a comment from kibanamachine Feb 7, 2020
@mikecote mikecote marked this pull request as ready for review February 10, 2020 19:35
@mikecote mikecote requested a review from a team February 10, 2020 19:35
Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but think we should add an error log message per comment, if we aren't already.

@@ -108,6 +109,9 @@ export class ActionsPlugin implements Plugin<Promise<PluginSetupContract>, Plugi
}

public async setup(core: CoreSetup, plugins: ActionsPluginsSetup): Promise<PluginSetupContract> {
this.isESOUsingEphemeralEncryptionKey =
plugins.encryptedSavedObjects.usingEphemeralEncryptionKey;

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like we should log an error message here, when isESOUsingEphemeralEncryptionKey is true. Will help folks looking at error logs caused by the exceptions we're now throwing. Something like the following, stolen from one of the other messages in this PR:

Unable to initialize the alerting plugin due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I went ahead with the message below. The changes are within this commit 1cf1cac and I went ahead and made the same for the alerting plugin 👍

APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml.

@mikecote
Copy link
Contributor Author

@elasticmachine merge upstream

@mikecote
Copy link
Contributor Author

@elasticmachine merge upstream

Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@mikecote mikecote merged commit 3da8a76 into elastic:master Feb 12, 2020
mikecote added a commit to mikecote/kibana that referenced this pull request Feb 12, 2020
…eral encryption key (elastic#56906)

* Disable actions client when ESO using generated key

* Add test for getActionsClientWithRequest

* Add other part to plugin.test.ts

* Cleanup tests a bit

* Cleanup tests

* plugin.test.ts cleanup

* Add warning logs on setup

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
mikecote added a commit that referenced this pull request Feb 12, 2020
…eral encryption key (#56906) (#57486)

* Disable actions client when ESO using generated key

* Add test for getActionsClientWithRequest

* Add other part to plugin.test.ts

* Cleanup tests a bit

* Cleanup tests

* plugin.test.ts cleanup

* Add warning logs on setup

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
@mikecote mikecote added release_note:fix and removed release_note:skip Skip the PR/issue when compiling release notes labels Apr 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Alerting release_note:fix review Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.7.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants