Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Load fleet.ssl.certificate_authorities from agent policy #2247

Closed
joshdover opened this issue Feb 9, 2023 · 5 comments · Fixed by #4770
Closed

Load fleet.ssl.certificate_authorities from agent policy #2247

joshdover opened this issue Feb 9, 2023 · 5 comments · Fixed by #4770
Assignees
@pchila
Labels
bug Something isn't working Team:Elastic-Agent Label for the Agent team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team v8.8.0

Comments

@joshdover
Copy link
Contributor

joshdover commented Feb 9, 2023
edited
Loading

Similar to #2172 we need to support respecting the certificate authority provided in an agent policy from Fleet:

key: my-cert-key
fleet:
  hosts:
    - 'https://test-fs.com:8220/'
  proxy_url: 'https://my-proxy'
  ssl:
    certificate_authorities:
      - my-ca

This is already provided by Fleet in 8.7, so marking this as a bug on the agent side. Backporting to 8.7 is preferable. See the parent (private) issue for more details.
@joshdover joshdover added bug Something isn't working Team:Elastic-Agent Label for the Agent team v8.7.0 labels Feb 9, 2023
@jlind23 jlind23 added v8.8.0 and removed v8.7.0 labels Mar 22, 2023
@cmacknz
Copy link
Member

cmacknz commented Sep 20, 2023

We will need to use the same precedence rules defined in #2304 (comment) to avoid problems, we need to ensure that if the certificate_authorities received from Fleet are empty or invalid we fall back to the ones used at enrollment if possible.

This was referenced Mar 11, 2024
Merged
Closed
@AndersonQ AndersonQ mentioned this issue Mar 18, 2024
Closed
3 tasks
@AndersonQ AndersonQ mentioned this issue Mar 28, 2024
Closed
@AndersonQ AndersonQ mentioned this issue Apr 10, 2024
Open
@pierrehilbert pierrehilbert assigned pchila and unassigned AndersonQ Apr 25, 2024
@ycombinator ycombinator added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Apr 26, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@ycombinator
Copy link
Contributor

The PR that might resolve this issue is currently blocked on #4497.

@pchila pchila mentioned this issue May 16, 2024
Merged
5 tasks
@nimarezainia
Copy link
Contributor

Looks like this is all blocked due to #4770 and we can close once merged.

@ycombinator
Copy link
Contributor

@nimarezainia Correct, merging #4770 will close #2247 and #2248.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pchila pchila

Labels
bug Something isn't working Team:Elastic-Agent Label for the Agent team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team v8.8.0
Projects
None yet
Milestone
No milestone
8 participants
@ycombinator @AndersonQ @joshdover @cmacknz @nimarezainia @elasticmachine @jlind23 @pchila