[Fleet] Add SSL options to fleet server hosts settings #208091

criamico · 2025-01-23T16:08:46Z

Fixes #207322

Summary

Show SSL options for fleet server host in Fleet server settings section and in add fleet server host flyout

Registered fleet server host as a encrypted save object and the new mappings added under ssl property, mirroring what's already existing for logstash and kafka outputs
The new options are displayed in the UI, both when adding a new fleet server host from the flyout and when editing an existing one.
The values are then added to the full agent policy
The values for ssh.key and ssh.es_key can additionally be saved as secrets but for now this option is not enabled until fleet server supports it - I used the feature flag enableSSLSecrets

Screenshots

Generated policy:

Checklist

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Documentation was added for features that require explanation or tutorials
Unit or functional tests were updated or added to match the most common scenarios

criamico · 2025-01-23T16:09:03Z

@elasticmachine merge upstream

criamico · 2025-01-27T09:20:14Z

@elasticmachine merge upstream

…apping'

…te --fix'

…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'

… src/core/server/integration_tests/ci_checks'

…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/fleet --include-path /api/dashboards --update'

criamico · 2025-02-28T12:18:34Z

@elasticmachine merge upstream

azasypkin

LGTM from the AppEx Security side - temporarily using dangerouslyExposeValue: true for a new field sounds tolerable.

criamico · 2025-02-28T16:13:50Z

@elasticmachine merge upstream

criamico · 2025-03-03T09:54:29Z

@elasticmachine merge upstream

elasticmachine · 2025-03-03T11:45:38Z

💚 Build Succeeded

Buildkite Build
Commit: 4850923

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
`fleet`	1200	1201	+1

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
`fleet`	1331	1332	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`fleet`	1.7MB	1.7MB	+11.9KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
`fleet`	85	86	+1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
`fleet`	156.8KB	156.9KB	+103.0B

Unknown metric groups

API count

id	before	after	diff
`fleet`	1458	1459	+1

History

💔 Build #280026 failed 9d12386
💔 Build #279945 failed 1c66d23
💔 Build #279761 failed 3435c9e
💔 Build #279747 failed 2f0cfc4
💚 Build #279495 succeeded 9d29a15

cc @criamico

kibanamachine · 2025-03-03T12:23:18Z

Starting backport for target branches: 8.18, 8.x, 9.0

https://github.com/elastic/kibana/actions/runs/13630799063

kibanamachine · 2025-03-03T12:29:20Z

💔 All backports failed

Status	Branch	Result
❌	8.18	Backport failed because of merge conflicts
❌	8.x	Backport failed because of merge conflicts
❌	9.0	Backport failed because of merge conflicts

Manual backport

To create the backport manually run:

node scripts/backport --pr 208091

Questions ?

Please refer to the Backport tool documentation

…212918) ## Summary Small follow up of #208091 The editor autocompletion added an incorrect import and so I'm removing it, plus a few comments that should have been removed. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

## Summary Follow up of #208091, #213211 and #213211 Small UI enhancements to the SSL options introduced with the mentioned PRs - All the forms are now nested under an accordion to avoid taking too much space <details> <summary>Fleet server hosts</summary> <img width="804" alt="Screenshot 2025-03-12 at 11 38 01" src="https://github.com/user-attachments/assets/5835811a-6a22-470e-9e74-6dfc78761d8b" /> <img width="806" alt="Screenshot 2025-03-12 at 11 38 11" src="https://github.com/user-attachments/assets/865f02b0-ec36-489f-904c-97c91a29ffca" /> <img width="787" alt="Screenshot 2025-03-12 at 11 51 39" src="https://github.com/user-attachments/assets/494e20b7-a44b-45e9-aead-c7d51260da72" /> <img width="795" alt="Screenshot 2025-03-12 at 11 51 51" src="https://github.com/user-attachments/assets/ba0abb37-0142-4ae1-ab5f-f2af96602c7a" /> </details> <details> <summary>Agent Binary source</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 39 38" src="https://github.com/user-attachments/assets/915b4ed9-d23d-4764-9805-aef5cce5798e" /> <img width="801" alt="Screenshot 2025-03-12 at 11 39 44" src="https://github.com/user-attachments/assets/ea0347fb-a1fa-4454-b296-a132dffe6611" /> </details> <details> <summary>ES Outputs</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 38 30" src="https://github.com/user-attachments/assets/7ae7fdd4-f693-4d12-bb7e-79ddee2c6c3b" /> <img width="803" alt="Screenshot 2025-03-12 at 11 38 36" src="https://github.com/user-attachments/assets/179463c2-9cbb-4dec-8f80-44c08a53073d" /> </details> <details> <summary>Remote ES Outputs</summary> <img width="802" alt="Screenshot 2025-03-12 at 11 46 39" src="https://github.com/user-attachments/assets/b1f151a9-433a-4699-8aec-79f8174d069f" /> </details> <details> <summary>Logstash Outputs</summary> <img width="803" alt="Screenshot 2025-03-12 at 11 39 25" src="https://github.com/user-attachments/assets/1f4da34c-ba2a-47e8-a258-61d943e9af7a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>

## Summary Follow up of elastic#208091, elastic#213211 and elastic#213211 Small UI enhancements to the SSL options introduced with the mentioned PRs - All the forms are now nested under an accordion to avoid taking too much space <details> <summary>Fleet server hosts</summary> <img width="804" alt="Screenshot 2025-03-12 at 11 38 01" src="https://github.com/user-attachments/assets/5835811a-6a22-470e-9e74-6dfc78761d8b" /> <img width="806" alt="Screenshot 2025-03-12 at 11 38 11" src="https://github.com/user-attachments/assets/865f02b0-ec36-489f-904c-97c91a29ffca" /> <img width="787" alt="Screenshot 2025-03-12 at 11 51 39" src="https://github.com/user-attachments/assets/494e20b7-a44b-45e9-aead-c7d51260da72" /> <img width="795" alt="Screenshot 2025-03-12 at 11 51 51" src="https://github.com/user-attachments/assets/ba0abb37-0142-4ae1-ab5f-f2af96602c7a" /> </details> <details> <summary>Agent Binary source</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 39 38" src="https://github.com/user-attachments/assets/915b4ed9-d23d-4764-9805-aef5cce5798e" /> <img width="801" alt="Screenshot 2025-03-12 at 11 39 44" src="https://github.com/user-attachments/assets/ea0347fb-a1fa-4454-b296-a132dffe6611" /> </details> <details> <summary>ES Outputs</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 38 30" src="https://github.com/user-attachments/assets/7ae7fdd4-f693-4d12-bb7e-79ddee2c6c3b" /> <img width="803" alt="Screenshot 2025-03-12 at 11 38 36" src="https://github.com/user-attachments/assets/179463c2-9cbb-4dec-8f80-44c08a53073d" /> </details> <details> <summary>Remote ES Outputs</summary> <img width="802" alt="Screenshot 2025-03-12 at 11 46 39" src="https://github.com/user-attachments/assets/b1f151a9-433a-4699-8aec-79f8174d069f" /> </details> <details> <summary>Logstash Outputs</summary> <img width="803" alt="Screenshot 2025-03-12 at 11 39 25" src="https://github.com/user-attachments/assets/1f4da34c-ba2a-47e8-a258-61d943e9af7a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>

Fixes elastic#207322 ## Summary Show SSL options for fleet server host in Fleet server settings section and in add fleet server host flyout - Registered fleet server host as a encrypted save object and the new mappings added under `ssl` property, mirroring what's already existing for `logstash` and `kafka` outputs - The new options are displayed in the UI, both when adding a new fleet server host from the flyout and when editing an existing one. - The values are then added to the full agent policy - The values for `ssh.key` and `ssh.es_key` can additionally be saved as secrets but for now this option is not enabled until [fleet server supports it](elastic/fleet-server#4470) - I used the feature flag `enableSSLSecrets` <details> <summary>Screenshots</summary> <img width="803" alt="Screenshot 2025-02-14 at 10 23 41" src="https://github.com/user-attachments/assets/e1bf8c93-e8c0-4351-b86b-a7f8a8b0ec72" /> <img width="801" alt="Screenshot 2025-02-14 at 10 23 36" src="https://github.com/user-attachments/assets/f96d2a5c-0285-41d1-953b-e662ccdcd514" /> <img width="780" alt="Screenshot 2025-02-04 at 14 34 52" src="https://github.com/user-attachments/assets/e854fc28-d4aa-4b01-8634-e1f37f70419b" /> <img width="804" alt="Screenshot 2025-02-04 at 14 35 00" src="https://github.com/user-attachments/assets/f507c34a-774e-4aa1-94b2-b912539d6143" /> <img width="791" alt="Screenshot 2025-02-04 at 09 25 28" src="https://github.com/user-attachments/assets/82c1f761-7ee5-42d0-8b8f-23848cfc0391" /> Generated policy: <img width="795" alt="Screenshot 2025-02-24 at 16 43 58" src="https://github.com/user-attachments/assets/5ef4e34f-5850-4449-8a70-7de10750bb84" /> <img width="796" alt="Screenshot 2025-02-24 at 16 44 15" src="https://github.com/user-attachments/assets/bdcf70fe-72f0-4df0-9a9e-40346407a1df" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

…lastic#212918) ## Summary Small follow up of elastic#208091 The editor autocompletion added an incorrect import and so I'm removing it, plus a few comments that should have been removed. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

## Summary Follow up of elastic#208091, elastic#213211 and elastic#213211 Small UI enhancements to the SSL options introduced with the mentioned PRs - All the forms are now nested under an accordion to avoid taking too much space <details> <summary>Fleet server hosts</summary> <img width="804" alt="Screenshot 2025-03-12 at 11 38 01" src="https://github.com/user-attachments/assets/5835811a-6a22-470e-9e74-6dfc78761d8b" /> <img width="806" alt="Screenshot 2025-03-12 at 11 38 11" src="https://github.com/user-attachments/assets/865f02b0-ec36-489f-904c-97c91a29ffca" /> <img width="787" alt="Screenshot 2025-03-12 at 11 51 39" src="https://github.com/user-attachments/assets/494e20b7-a44b-45e9-aead-c7d51260da72" /> <img width="795" alt="Screenshot 2025-03-12 at 11 51 51" src="https://github.com/user-attachments/assets/ba0abb37-0142-4ae1-ab5f-f2af96602c7a" /> </details> <details> <summary>Agent Binary source</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 39 38" src="https://github.com/user-attachments/assets/915b4ed9-d23d-4764-9805-aef5cce5798e" /> <img width="801" alt="Screenshot 2025-03-12 at 11 39 44" src="https://github.com/user-attachments/assets/ea0347fb-a1fa-4454-b296-a132dffe6611" /> </details> <details> <summary>ES Outputs</summary> <img width="801" alt="Screenshot 2025-03-12 at 11 38 30" src="https://github.com/user-attachments/assets/7ae7fdd4-f693-4d12-bb7e-79ddee2c6c3b" /> <img width="803" alt="Screenshot 2025-03-12 at 11 38 36" src="https://github.com/user-attachments/assets/179463c2-9cbb-4dec-8f80-44c08a53073d" /> </details> <details> <summary>Remote ES Outputs</summary> <img width="802" alt="Screenshot 2025-03-12 at 11 46 39" src="https://github.com/user-attachments/assets/b1f151a9-433a-4699-8aec-79f8174d069f" /> </details> <details> <summary>Logstash Outputs</summary> <img width="803" alt="Screenshot 2025-03-12 at 11 39 25" src="https://github.com/user-attachments/assets/1f4da34c-ba2a-47e8-a258-61d943e9af7a" /> </details> ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>

criamico added 4 commits January 22, 2025 11:15

[Fleet] Add SSL options to fleet server hosts settings

853a544

Use EuiFieldText instead of textInput and fix preconfiguration

056188f

Add ssl fields to add fleet server flyout

2f417ca

Merge branch 'main' into 207322_fleetserver_ssl_options

4766db1

elasticmachine and others added 2 commits January 23, 2025 16:09

Merge branch 'main' into 207322_fleetserver_ssl_options

9e31a3b

Replace SSL placeholders in command box

54c0f2f

Merge branch 'main' into 207322_fleetserver_ssl_options

61a39a6

criamico self-assigned this Jan 27, 2025

criamico added v9.0.0 Team:Fleet Team label for Observability Data Collection Fleet team release_note:feature Makes this part of the condensed release notes labels Jan 27, 2025

kibanamachine added 3 commits January 27, 2025 09:38

[CI] Auto-commit changed files from 'node scripts/styled_components_m…

da0e6b4

…apping'

[CI] Auto-commit changed files from 'node scripts/check_mappings_upda…

6c1624c

…te --fix'

criamico changed the title ~~207322 fleetserver ssl options~~ [Fleet] Add SSL options to fleet server hosts settings Jan 27, 2025

kibanamachine and others added 6 commits January 27, 2025 12:32

[CI] Auto-commit changed files from 'make api-docs'

1af9752

[CI] Auto-commit changed files from 'node scripts/jest_integration -u…

42f49d1

… src/core/server/integration_tests/ci_checks'

fix tests

af98bdd

fix put schema

7d983e9

criamico added backport:prev-minor Backport to (9.0) the previous minor version (i.e. one version back from main) v8.18.0 labels Jan 27, 2025

criamico marked this pull request as ready for review January 27, 2025 16:40

criamico requested review from a team as code owners January 27, 2025 16:40

fix tests

a5b3f31

Merge branch 'main' into 207322_fleetserver_ssl_options

1c66d23

azasypkin approved these changes Feb 28, 2025

View reviewed changes

Fix other tests

1641adf

elasticmachine and others added 2 commits February 28, 2025 16:13

Merge branch 'main' into 207322_fleetserver_ssl_options

9d12386

fix tests

99c19b5

Merge branch 'main' into 207322_fleetserver_ssl_options

4850923

criamico merged commit 151fa26 into elastic:main Mar 3, 2025
9 checks passed

kibanamachine added the v9.1.0 label Mar 3, 2025

criamico deleted the 207322_fleetserver_ssl_options branch March 3, 2025 12:23

criamico removed v9.0.0 backport:prev-minor Backport to (9.0) the previous minor version (i.e. one version back from main) v8.18.0 labels Mar 3, 2025

kibanamachine added backport:skip This commit does not require backporting labels Mar 3, 2025

criamico mentioned this pull request Mar 3, 2025

[Fleet] Remove wrong incorrect import from fleet server host service #212918

Merged

This was referenced Mar 10, 2025

[REQUEST]: Document new SSL options in Fleet settings elastic/ingest-docs#1727

Open

[Fleet] Tweak new SSL settings #214060

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Fleet] Add SSL options to fleet server hosts settings #208091

[Fleet] Add SSL options to fleet server hosts settings #208091

criamico commented Jan 23, 2025 •

edited by kibanamachine

Loading

criamico commented Jan 23, 2025

criamico commented Jan 27, 2025

criamico commented Feb 28, 2025

azasypkin left a comment

criamico commented Feb 28, 2025

criamico commented Mar 3, 2025

elasticmachine commented Mar 3, 2025

API count

kibanamachine commented Mar 3, 2025

kibanamachine commented Mar 3, 2025

[Fleet] Add SSL options to fleet server hosts settings #208091

[Fleet] Add SSL options to fleet server hosts settings #208091

Conversation

criamico commented Jan 23, 2025 • edited by kibanamachine Loading

Summary

Checklist

criamico commented Jan 23, 2025

criamico commented Jan 27, 2025

criamico commented Feb 28, 2025

azasypkin left a comment

Choose a reason for hiding this comment

criamico commented Feb 28, 2025

criamico commented Mar 3, 2025

elasticmachine commented Mar 3, 2025

💚 Build Succeeded

Metrics [docs]

Module Count

Public APIs missing comments

Async chunks

Public APIs missing exports

Page load bundle

API count

History

kibanamachine commented Mar 3, 2025

kibanamachine commented Mar 3, 2025

💔 All backports failed

Manual backport

Questions ?

criamico commented Jan 23, 2025 •

edited by kibanamachine

Loading