Check where SES is running before passing along service token (#165411)

## Summary If a user is running serverless ES in the cloud and serverless KBN locally, passing the token can trigger an invalid configuration error: `serviceAccountToken cannot be specified when "username" is also defined` Additionally, the token is likely invalid anyways because the SES instance was not seeded with it. This PR checks the `elasticsearch.hosts` configuration for non-localhost values before passing along the token. ## Testing Add something like the following to `config/kibana.dev.yml` and run `yarn serverless`. Should not get a configuration error. ```yml elasticsearch.hosts: https://xxxxxxxxxx.es.us-west2.gcp.elastic-cloud.com:443 elasticsearch.username: kibana_system_user elasticsearch.password: xxxxxxxxxxxxxx ``` --------- Co-authored-by: Kibana Machine <[email protected]>
elastic · Sep 1, 2023 · 6bbd3c6 · 6bbd3c6
1 parent eaee02f
commit 6bbd3c6
Showing 1 changed file with 25 additions and 3 deletions.
diff --git a/src/cli/serve/serve.js b/src/cli/serve/serve.js
@@ -44,8 +44,30 @@ const getBootstrapScript = (isDev) => {
   }
 };
 
-const setServerlessKibanaDevServiceAccountIfPossible = (set, opts) => {
-  if (!opts.dev || !opts.serverless || process.env.isDevCliChild === 'true') {
+const setServerlessKibanaDevServiceAccountIfPossible = (get, set, opts) => {
+  const esHosts = [].concat(
+    get('elasticsearch.hosts', []),
+    opts.elasticsearch ? opts.elasticsearch.split(',') : []
+  );
+
+  /*
+   * We only handle the service token if serverless ES is running locally.
+   * Example would be if the user is running SES in the cloud and KBN serverless
+   * locally, they would be expected to handle auth on their own and this token
+   * is likely invalid anyways.
+   */
+  const isESlocalhost = esHosts.length
+    ? esHosts.some((hostUrl) => {
+        const parsedUrl = url.parse(hostUrl);
+        return (
+          parsedUrl.hostname === 'localhost' ||
+          parsedUrl.hostname === '127.0.0.1' ||
+          parsedUrl.hostname === 'host.docker.internal'
+        );
+      })
+    : true; // default is localhost:9200
+
+  if (!opts.dev || !opts.serverless || !isESlocalhost) {
     return;
   }
 
@@ -86,7 +108,7 @@ export function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
 
   if (opts.dev) {
     if (opts.serverless) {
-      setServerlessKibanaDevServiceAccountIfPossible(set, opts);
+      setServerlessKibanaDevServiceAccountIfPossible(get, set, opts);
     }
 
     if (!has('elasticsearch.serviceAccountToken') && opts.devCredentials !== false) {