From 9efe20e1e1c25e707d21baf33a6d8fd861697f75 Mon Sep 17 00:00:00 2001 From: Alexi Doak <109488926+doakalexi@users.noreply.github.com> Date: Mon, 4 Nov 2024 11:47:52 -0800 Subject: [PATCH] [ResponseOps] Remove 7.x deprecated kibana.yml settings (#198435) Resolves https://github.com/elastic/kibana/issues/194622 ## Summary Removes the following deprecated configuration settings: - `xpack.actions.customHostSettings.ssl.rejectUnauthorized` - `xpack.actions.whitelistedHosts` - `xpack.actions.rejectUnauthorized` - `xpack.actions.proxyRejectUnauthorizedCertificates` - `xpack.alerts.healthCheck` - `xpack.alerts.invalidateApiKeysTask.interval` - `xpack.alerts.invalidateApiKeysTask.removalDelay` - `xpack.alerting.defaultRuleTaskTimeout` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- docs/settings/alert-action-settings.asciidoc | 14 --- .../resources/base/bin/kibana-docker | 6 -- .../actions_client/actions_client.test.ts | 2 - .../actions/server/actions_config.test.ts | 21 ---- .../plugins/actions/server/actions_config.ts | 8 +- x-pack/plugins/actions/server/config.test.ts | 8 -- x-pack/plugins/actions/server/config.ts | 12 --- x-pack/plugins/actions/server/index.test.ts | 61 ----------- x-pack/plugins/actions/server/index.ts | 100 +----------------- .../axios_utils_connection.test.ts | 3 - .../axios_utils_proxy.test.ts | 3 - .../server/lib/custom_host_settings.test.ts | 13 --- .../actions/server/lib/get_custom_agents.ts | 5 +- x-pack/plugins/actions/server/plugin.test.ts | 6 -- x-pack/plugins/actions/tsconfig.json | 1 - x-pack/plugins/alerting/server/index.ts | 14 --- .../connector_types/email/send_email.test.ts | 5 +- .../connector_types/email/send_email.ts | 5 +- .../alerting_api_integration/common/config.ts | 3 - .../actions/connector_types/stack/webhook.ts | 18 ---- .../actions/connector_types/stack/webhook.ts | 18 ---- 21 files changed, 6 insertions(+), 320 deletions(-) delete mode 100644 x-pack/plugins/actions/server/index.test.ts diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc index db36248ef194f..e0fa3f0aab860 100644 --- a/docs/settings/alert-action-settings.asciidoc +++ b/docs/settings/alert-action-settings.asciidoc @@ -112,11 +112,6 @@ A boolean value indicating that TLS must be used for this connection. The options `smtp.ignoreTLS` and `smtp.requireTLS` can not both be set to true. Default: `false`. -`xpack.actions.customHostSettings[n].ssl.rejectUnauthorized`:: -deprecated:[8.0.0] Use <> instead. A boolean value indicating whether to bypass server certificate validation. -Overrides the general `xpack.actions.rejectUnauthorized` configuration -for requests made for this hostname/port. - [[action-config-custom-host-verification-mode]] `xpack.actions.customHostSettings[n].ssl.verificationMode` {ess-icon}:: Controls the verification of the server certificate that {kib} receives when making an outbound SSL/TLS connection to the host server. Valid values are `full`, `certificate`, and `none`. Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. Overrides the general `xpack.actions.ssl.verificationMode` configuration @@ -198,19 +193,10 @@ By default, no hosts will use the proxy, but if an action's hostname is in this `xpack.actions.proxyHeaders` {ess-icon}:: Specifies HTTP headers for the proxy, if using a proxy for actions. Default: {}. -`xpack.actions.proxyRejectUnauthorizedCertificates` {ess-icon}:: -deprecated:[8.0.0] Use <> instead. Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Default: `true`. - [[action-config-proxy-verification-mode]]`xpack.actions.ssl.proxyVerificationMode` {ess-icon}:: Controls the verification for the proxy server certificate that Kibana receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`. Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. -`xpack.actions.rejectUnauthorized` {ess-icon}:: -deprecated:[8.0.0] Use <> instead. Set to `false` to bypass certificate validation for actions. Default: `true`. -+ -As an alternative to setting `xpack.actions.rejectUnauthorized`, you can use the setting -`xpack.actions.customHostSettings` to set SSL options for specific servers. - [[action-config-verification-mode]] `xpack.actions.ssl.verificationMode` {ess-icon}:: Controls the verification for the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`. Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <>. diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker index fbe64258a5704..b814538466d73 100755 --- a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker +++ b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker @@ -221,16 +221,13 @@ kibana_vars=( xpack.actions.proxyBypassHosts xpack.actions.proxyHeaders xpack.actions.proxyOnlyHosts - xpack.actions.proxyRejectUnauthorizedCertificates xpack.actions.proxyUrl - xpack.actions.rejectUnauthorized xpack.actions.responseTimeout xpack.actions.ssl.proxyVerificationMode xpack.actions.ssl.verificationMode xpack.alerting.healthCheck.interval xpack.alerting.invalidateApiKeysTask.interval xpack.alerting.invalidateApiKeysTask.removalDelay - xpack.alerting.defaultRuleTaskTimeout xpack.alerting.rules.run.timeout xpack.alerting.rules.run.ruleTypeOverrides xpack.alerting.cancelAlertsOnRuleTimeout @@ -240,9 +237,6 @@ kibana_vars=( xpack.alerting.rules.run.alerts.max xpack.alerting.rules.run.actions.connectorTypeOverrides xpack.alerting.maxScheduledPerMinute - xpack.alerts.healthCheck.interval - xpack.alerts.invalidateApiKeysTask.interval - xpack.alerts.invalidateApiKeysTask.removalDelay xpack.apm.indices.error xpack.apm.indices.metric xpack.apm.indices.onboarding diff --git a/x-pack/plugins/actions/server/actions_client/actions_client.test.ts b/x-pack/plugins/actions/server/actions_client/actions_client.test.ts index 3421e381d07b6..99bcbf15ecfb9 100644 --- a/x-pack/plugins/actions/server/actions_client/actions_client.test.ts +++ b/x-pack/plugins/actions/server/actions_client/actions_client.test.ts @@ -575,8 +575,6 @@ describe('create()', () => { allowedHosts: ['*'], preconfiguredAlertHistoryEsIndex: false, preconfigured: {}, - proxyRejectUnauthorizedCertificates: true, // legacy - rejectUnauthorized: true, // legacy proxyBypassHosts: undefined, proxyOnlyHosts: undefined, maxResponseContentLength: new ByteSizeValue(1000000), diff --git a/x-pack/plugins/actions/server/actions_config.test.ts b/x-pack/plugins/actions/server/actions_config.test.ts index 2b5c4efc283b6..ce16aca508af6 100644 --- a/x-pack/plugins/actions/server/actions_config.test.ts +++ b/x-pack/plugins/actions/server/actions_config.test.ts @@ -30,8 +30,6 @@ const defaultActionsConfig: ActionsConfig = { enabledActionTypes: [], preconfiguredAlertHistoryEsIndex: false, preconfigured: {}, - proxyRejectUnauthorizedCertificates: true, // legacy - rejectUnauthorized: true, // legacy maxResponseContentLength: new ByteSizeValue(1000000), responseTimeout: moment.duration(60000), ssl: { @@ -318,25 +316,6 @@ describe('getProxySettings', () => { expect(proxySettings?.proxyUrl).toBe(config.proxyUrl); }); - test('returns proper verificationMode values, beased on the legacy config option proxyRejectUnauthorizedCertificates', () => { - const configTrue: ActionsConfig = { - ...defaultActionsConfig, - proxyUrl: 'https://proxy.elastic.co', - proxyRejectUnauthorizedCertificates: true, - }; - let proxySettings = getActionsConfigurationUtilities(configTrue).getProxySettings(); - expect(proxySettings?.proxySSLSettings.verificationMode).toBe('full'); - - const configFalse: ActionsConfig = { - ...defaultActionsConfig, - proxyUrl: 'https://proxy.elastic.co', - proxyRejectUnauthorizedCertificates: false, - ssl: {}, - }; - proxySettings = getActionsConfigurationUtilities(configFalse).getProxySettings(); - expect(proxySettings?.proxySSLSettings.verificationMode).toBe('none'); - }); - test('returns proper verificationMode value, based on the SSL proxy configuration', () => { const configTrue: ActionsConfig = { ...defaultActionsConfig, diff --git a/x-pack/plugins/actions/server/actions_config.ts b/x-pack/plugins/actions/server/actions_config.ts index e77c0528d16a1..30c96b4b6a998 100644 --- a/x-pack/plugins/actions/server/actions_config.ts +++ b/x-pack/plugins/actions/server/actions_config.ts @@ -122,10 +122,7 @@ function getProxySettingsFromConfig(config: ActionsConfig): undefined | ProxySet proxyBypassHosts: arrayAsSet(config.proxyBypassHosts), proxyOnlyHosts: arrayAsSet(config.proxyOnlyHosts), proxyHeaders: config.proxyHeaders, - proxySSLSettings: getSSLSettingsFromConfig( - config.ssl?.proxyVerificationMode, - config.proxyRejectUnauthorizedCertificates - ), + proxySSLSettings: getSSLSettingsFromConfig(config.ssl?.proxyVerificationMode), }; } @@ -200,8 +197,7 @@ export function getActionsConfigurationUtilities( isActionTypeEnabled, getProxySettings: () => getProxySettingsFromConfig(config), getResponseSettings: () => getResponseSettingsFromConfig(config), - getSSLSettings: () => - getSSLSettingsFromConfig(config.ssl?.verificationMode, config.rejectUnauthorized), + getSSLSettings: () => getSSLSettingsFromConfig(config.ssl?.verificationMode), ensureUriAllowed(uri: string) { if (!isUriAllowed(uri)) { throw new Error(allowListErrorMessage(AllowListingField.URL, uri)); diff --git a/x-pack/plugins/actions/server/config.test.ts b/x-pack/plugins/actions/server/config.test.ts index 4034fc5cb50b5..01bcd867fda53 100644 --- a/x-pack/plugins/actions/server/config.test.ts +++ b/x-pack/plugins/actions/server/config.test.ts @@ -35,8 +35,6 @@ describe('config validation', () => { "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0", "preconfigured": Object {}, "preconfiguredAlertHistoryEsIndex": false, - "proxyRejectUnauthorizedCertificates": true, - "rejectUnauthorized": true, "responseTimeout": "PT1M", "usage": Object { "url": "https://usage-api.usage-api/api/v1/usage", @@ -56,8 +54,6 @@ describe('config validation', () => { }, }, }, - proxyRejectUnauthorizedCertificates: false, - rejectUnauthorized: false, }; expect(configSchema.validate(config)).toMatchInlineSnapshot(` Object { @@ -85,8 +81,6 @@ describe('config validation', () => { }, }, "preconfiguredAlertHistoryEsIndex": false, - "proxyRejectUnauthorizedCertificates": false, - "rejectUnauthorized": false, "responseTimeout": "PT1M", "usage": Object { "url": "https://usage-api.usage-api/api/v1/usage", @@ -224,8 +218,6 @@ describe('config validation', () => { "microsoftGraphApiUrl": "https://graph.microsoft.com/v1.0", "preconfigured": Object {}, "preconfiguredAlertHistoryEsIndex": false, - "proxyRejectUnauthorizedCertificates": true, - "rejectUnauthorized": true, "responseTimeout": "PT1M", "ssl": Object { "proxyVerificationMode": "none", diff --git a/x-pack/plugins/actions/server/config.ts b/x-pack/plugins/actions/server/config.ts index f475c05424df4..f16a9830678cd 100644 --- a/x-pack/plugins/actions/server/config.ts +++ b/x-pack/plugins/actions/server/config.ts @@ -44,10 +44,6 @@ const customHostSettingsSchema = schema.object({ ), ssl: schema.maybe( schema.object({ - /** - * @deprecated in favor of `verificationMode` - **/ - rejectUnauthorized: schema.maybe(schema.boolean()), verificationMode: schema.maybe( schema.oneOf( [schema.literal('none'), schema.literal('certificate'), schema.literal('full')], @@ -98,16 +94,8 @@ export const configSchema = schema.object({ }), proxyUrl: schema.maybe(schema.string()), proxyHeaders: schema.maybe(schema.recordOf(schema.string(), schema.string())), - /** - * @deprecated in favor of `ssl.proxyVerificationMode` - **/ - proxyRejectUnauthorizedCertificates: schema.boolean({ defaultValue: true }), proxyBypassHosts: schema.maybe(schema.arrayOf(schema.string({ hostname: true }))), proxyOnlyHosts: schema.maybe(schema.arrayOf(schema.string({ hostname: true }))), - /** - * @deprecated in favor of `ssl.verificationMode` - **/ - rejectUnauthorized: schema.boolean({ defaultValue: true }), ssl: schema.maybe( schema.object({ verificationMode: schema.maybe( diff --git a/x-pack/plugins/actions/server/index.test.ts b/x-pack/plugins/actions/server/index.test.ts deleted file mode 100644 index 43f69da15de2f..0000000000000 --- a/x-pack/plugins/actions/server/index.test.ts +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import { config } from '.'; -import { applyDeprecations, configDeprecationFactory } from '@kbn/config'; -import { configDeprecationsMock } from '@kbn/core/server/mocks'; - -const CONFIG_PATH = 'xpack.actions'; -const applyStackAlertDeprecations = (settings: Record = {}) => { - const deprecations = config.deprecations!(configDeprecationFactory); - const deprecationMessages: string[] = []; - const _config = { - [CONFIG_PATH]: settings, - }; - const { config: migrated, changedPaths } = applyDeprecations( - _config, - deprecations.map((deprecation) => ({ - deprecation, - path: CONFIG_PATH, - context: configDeprecationsMock.createContext(), - })), - () => - ({ message }) => - deprecationMessages.push(message) - ); - return { - messages: deprecationMessages, - migrated, - changedPaths, - }; -}; - -describe('index', () => { - describe('deprecations', () => { - it('should properly unset deprecated configs', () => { - const { messages, changedPaths } = applyStackAlertDeprecations({ - customHostSettings: [{ ssl: { rejectUnauthorized: false } }], - rejectUnauthorized: false, - proxyRejectUnauthorizedCertificates: false, - }); - expect(changedPaths.unset).toStrictEqual([ - 'xpack.actions.customHostSettings.ssl.rejectUnauthorized', - 'xpack.actions.rejectUnauthorized', - 'xpack.actions.proxyRejectUnauthorizedCertificates', - ]); - expect(messages.length).toBe(3); - expect(messages[0]).toBe( - '"xpack.actions.customHostSettings[].ssl.rejectUnauthorized" is deprecated.Use "xpack.actions.customHostSettings[].ssl.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' - ); - expect(messages[1]).toBe( - '"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.ssl.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' - ); - expect(messages[2]).toBe( - '"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.ssl.proxyVerificationMode" instead, with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".' - ); - }); - }); -}); diff --git a/x-pack/plugins/actions/server/index.ts b/x-pack/plugins/actions/server/index.ts index 1d5aa22ba07cf..d391911ff0fc3 100644 --- a/x-pack/plugins/actions/server/index.ts +++ b/x-pack/plugins/actions/server/index.ts @@ -4,10 +4,9 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { get } from 'lodash'; import type { PublicMethodsOf } from '@kbn/utility-types'; import { PluginInitializerContext, PluginConfigDescriptor } from '@kbn/core/server'; -import { configSchema, ActionsConfig, CustomHostSettings } from './config'; +import { configSchema, ActionsConfig } from './config'; import { ActionsClient as ActionsClientClass } from './actions_client'; import { ActionsAuthorization as ActionsAuthorizationClass } from './authorization/actions_authorization'; @@ -51,103 +50,6 @@ export const config: PluginConfigDescriptor = { exposeToBrowser: { email: { domain_allowlist: true }, }, - deprecations: ({ renameFromRoot, unused }) => [ - renameFromRoot('xpack.actions.whitelistedHosts', 'xpack.actions.allowedHosts', { - level: 'warning', - }), - (settings, fromPath, addDeprecation) => { - const actions = get(settings, fromPath); - const customHostSettings = actions?.customHostSettings ?? []; - if ( - customHostSettings.find( - (customHostSchema: CustomHostSettings) => - Object.hasOwn(customHostSchema, 'ssl') && - Object.hasOwn(customHostSchema.ssl ?? {}, 'rejectUnauthorized') - ) - ) { - addDeprecation({ - level: 'warning', - configPath: 'xpack.actions.customHostSettings.ssl.rejectUnauthorized', - message: - `"xpack.actions.customHostSettings[].ssl.rejectUnauthorized" is deprecated.` + - `Use "xpack.actions.customHostSettings[].ssl.verificationMode" instead, ` + - `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + - `and "verificationMode:none" eql to "rejectUnauthorized:false".`, - correctiveActions: { - manualSteps: [ - `Remove "xpack.actions.customHostSettings[].ssl.rejectUnauthorized" from your kibana configs.`, - `Use "xpack.actions.customHostSettings[].ssl.verificationMode" ` + - `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + - `and "verificationMode:none" eql to "rejectUnauthorized:false".`, - ], - }, - }); - return { - unset: [ - { - path: `xpack.actions.customHostSettings.ssl.rejectUnauthorized`, - }, - ], - }; - } - }, - (settings, fromPath, addDeprecation) => { - const actions = get(settings, fromPath); - if (Object.hasOwn(actions ?? {}, 'rejectUnauthorized')) { - addDeprecation({ - level: 'warning', - configPath: `${fromPath}.rejectUnauthorized`, - message: - `"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.ssl.verificationMode" instead, ` + - `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + - `and "verificationMode:none" eql to "rejectUnauthorized:false".`, - correctiveActions: { - manualSteps: [ - `Remove "xpack.actions.rejectUnauthorized" from your kibana configs.`, - `Use "xpack.actions.ssl.verificationMode" ` + - `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + - `and "verificationMode:none" eql to "rejectUnauthorized:false".`, - ], - }, - }); - return { - unset: [ - { - path: `xpack.actions.rejectUnauthorized`, - }, - ], - }; - } - }, - (settings, fromPath, addDeprecation) => { - const actions = get(settings, fromPath); - if (Object.hasOwn(actions ?? {}, 'proxyRejectUnauthorizedCertificates')) { - addDeprecation({ - level: 'warning', - configPath: `${fromPath}.proxyRejectUnauthorizedCertificates`, - message: - `"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.ssl.proxyVerificationMode" instead, ` + - `with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",` + - `and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".`, - correctiveActions: { - manualSteps: [ - `Remove "xpack.actions.proxyRejectUnauthorizedCertificates" from your kibana configs.`, - `Use "xpack.actions.ssl.proxyVerificationMode" ` + - `with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",` + - `and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".`, - ], - }, - }); - return { - unset: [ - { - path: `xpack.actions.proxyRejectUnauthorizedCertificates`, - }, - ], - }; - } - }, - ], }; export { urlAllowListValidator } from './sub_action_framework/helpers'; diff --git a/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts b/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts index 3a4101bb9f152..a0454cb2bbc18 100644 --- a/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts +++ b/x-pack/plugins/actions/server/integration_tests/axios_utils_connection.test.ts @@ -461,7 +461,6 @@ async function rejectUnauthorizedTargetProxyTest(opts: RunTestOptions) { await runWithSetup(opts, async (target, proxyInstance, axiosDefaults) => { const acu = getACUfromConfig({ proxyUrl: proxyInstance.url, - rejectUnauthorized: false, customHostSettings: [{ url: target.url, ssl: { verificationMode: 'none' } }], }); @@ -676,14 +675,12 @@ const BaseActionsConfig: ActionsConfig = { preconfigured: {}, proxyUrl: undefined, proxyHeaders: undefined, - proxyRejectUnauthorizedCertificates: true, ssl: { proxyVerificationMode: 'full', verificationMode: 'full', }, proxyBypassHosts: undefined, proxyOnlyHosts: undefined, - rejectUnauthorized: true, maxResponseContentLength: ByteSizeValue.parse('1mb'), responseTimeout: momentDuration(1000 * 30), customHostSettings: undefined, diff --git a/x-pack/plugins/actions/server/integration_tests/axios_utils_proxy.test.ts b/x-pack/plugins/actions/server/integration_tests/axios_utils_proxy.test.ts index 1c1d411111253..97a917d6b6893 100644 --- a/x-pack/plugins/actions/server/integration_tests/axios_utils_proxy.test.ts +++ b/x-pack/plugins/actions/server/integration_tests/axios_utils_proxy.test.ts @@ -366,7 +366,6 @@ async function rejectUnauthorizedTargetProxyTest(opts: RunTestOptions) { await runWithSetup(opts, async (target, proxyInstance, axiosDefaults) => { const acu = getACUfromConfig({ proxyUrl: proxyInstance.url, - rejectUnauthorized: false, customHostSettings: [{ url: target.url, ssl: { verificationMode: 'none' } }], }); @@ -582,14 +581,12 @@ const BaseActionsConfig: ActionsConfig = { preconfigured: {}, proxyUrl: undefined, proxyHeaders: undefined, - proxyRejectUnauthorizedCertificates: true, ssl: { proxyVerificationMode: 'full', verificationMode: 'full', }, proxyBypassHosts: undefined, proxyOnlyHosts: undefined, - rejectUnauthorized: true, maxResponseContentLength: ByteSizeValue.parse('1mb'), responseTimeout: momentDuration(1000 * 30), customHostSettings: undefined, diff --git a/x-pack/plugins/actions/server/lib/custom_host_settings.test.ts b/x-pack/plugins/actions/server/lib/custom_host_settings.test.ts index 0a9d9c6df31e7..f9173f5e007d0 100644 --- a/x-pack/plugins/actions/server/lib/custom_host_settings.test.ts +++ b/x-pack/plugins/actions/server/lib/custom_host_settings.test.ts @@ -74,8 +74,6 @@ describe('custom_host_settings', () => { enabledActionTypes: [], preconfiguredAlertHistoryEsIndex: false, preconfigured: {}, - proxyRejectUnauthorizedCertificates: true, - rejectUnauthorized: true, maxResponseContentLength: new ByteSizeValue(1000000), responseTimeout: moment.duration(60000), enableFooterInEmail: true, @@ -119,14 +117,12 @@ describe('custom_host_settings', () => { url: 'https://elastic.co:443', ssl: { certificateAuthoritiesData: 'xyz', - rejectUnauthorized: false, }, }, { url: 'smtp://mail.elastic.com:25', ssl: { certificateAuthoritiesData: 'abc', - rejectUnauthorized: true, }, smtp: { ignoreTLS: true, @@ -473,15 +469,9 @@ describe('custom_host_settings', () => { customHostSettings: [ { url: 'https://almost.purrfect.com/', - ssl: { - rejectUnauthorized: true, - }, }, { url: 'https://almost.purrfect.com:443', - ssl: { - rejectUnauthorized: false, - }, }, ], }; @@ -491,9 +481,6 @@ describe('custom_host_settings', () => { customHostSettings: [ { url: 'https://almost.purrfect.com:443', - ssl: { - rejectUnauthorized: true, - }, }, ], }; diff --git a/x-pack/plugins/actions/server/lib/get_custom_agents.ts b/x-pack/plugins/actions/server/lib/get_custom_agents.ts index 26b1495902eb1..c433bec18a54b 100644 --- a/x-pack/plugins/actions/server/lib/get_custom_agents.ts +++ b/x-pack/plugins/actions/server/lib/get_custom_agents.ts @@ -59,10 +59,7 @@ export function getCustomAgents( agentOptions.ca = sslSettings.certificateAuthoritiesData; } - const sslSettingsFromConfig = getSSLSettingsFromConfig( - sslSettings.verificationMode, - sslSettings.rejectUnauthorized - ); + const sslSettingsFromConfig = getSSLSettingsFromConfig(sslSettings.verificationMode); // see: src/core/server/elasticsearch/legacy/elasticsearch_client_config.ts // This is where the global rejectUnauthorized is overridden by a custom host const customHostNodeSSLOptions = getNodeSSLOptions( diff --git a/x-pack/plugins/actions/server/plugin.test.ts b/x-pack/plugins/actions/server/plugin.test.ts index 4ff87aa0459ef..f5de52810b162 100644 --- a/x-pack/plugins/actions/server/plugin.test.ts +++ b/x-pack/plugins/actions/server/plugin.test.ts @@ -50,10 +50,8 @@ function getConfig(overrides = {}) { secrets: {}, }, }, - proxyRejectUnauthorizedCertificates: true, proxyBypassHosts: undefined, proxyOnlyHosts: undefined, - rejectUnauthorized: true, maxResponseContentLength: new ByteSizeValue(1000000), responseTimeout: moment.duration('60s'), enableFooterInEmail: true, @@ -80,8 +78,6 @@ describe('Actions Plugin', () => { allowedHosts: ['*'], preconfiguredAlertHistoryEsIndex: false, preconfigured: {}, - proxyRejectUnauthorizedCertificates: true, - rejectUnauthorized: true, maxResponseContentLength: new ByteSizeValue(1000000), responseTimeout: moment.duration(60000), enableFooterInEmail: true, @@ -587,8 +583,6 @@ describe('Actions Plugin', () => { secrets: {}, }, }, - proxyRejectUnauthorizedCertificates: true, - rejectUnauthorized: true, maxResponseContentLength: new ByteSizeValue(1000000), responseTimeout: moment.duration(60000), enableFooterInEmail: true, diff --git a/x-pack/plugins/actions/tsconfig.json b/x-pack/plugins/actions/tsconfig.json index 384aba6a6b014..8a3c56a472064 100644 --- a/x-pack/plugins/actions/tsconfig.json +++ b/x-pack/plugins/actions/tsconfig.json @@ -24,7 +24,6 @@ "@kbn/i18n", "@kbn/utility-types", "@kbn/config-schema", - "@kbn/config", "@kbn/core-saved-objects-server", "@kbn/es-query", "@kbn/apm-utils", diff --git a/x-pack/plugins/alerting/server/index.ts b/x-pack/plugins/alerting/server/index.ts index 2f5cd3994e436..2cb2c212a91ba 100644 --- a/x-pack/plugins/alerting/server/index.ts +++ b/x-pack/plugins/alerting/server/index.ts @@ -84,20 +84,6 @@ export const config: PluginConfigDescriptor = { rules: { run: { alerts: { max: true } } }, }, deprecations: ({ renameFromRoot, deprecate }) => [ - renameFromRoot('xpack.alerts.healthCheck', 'xpack.alerting.healthCheck', { level: 'warning' }), - renameFromRoot( - 'xpack.alerts.invalidateApiKeysTask.interval', - 'xpack.alerting.invalidateApiKeysTask.interval', - { level: 'warning' } - ), - renameFromRoot( - 'xpack.alerts.invalidateApiKeysTask.removalDelay', - 'xpack.alerting.invalidateApiKeysTask.removalDelay', - { level: 'warning' } - ), - renameFromRoot('xpack.alerting.defaultRuleTaskTimeout', 'xpack.alerting.rules.run.timeout', { - level: 'warning', - }), deprecate('maxEphemeralActionsPerAlert', 'a future version', { level: 'warning', message: `Configuring "xpack.alerting.maxEphemeralActionsPerAlert" is deprecated and will be removed in a future version. Remove this setting to increase action execution resiliency.`, diff --git a/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.test.ts b/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.test.ts index 77de60660a975..de5a94a4c39c9 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.test.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.test.ts @@ -758,7 +758,6 @@ describe('send_email module', () => { url: 'smtp://example.com:1025', ssl: { certificateAuthoritiesData: 'ca cert data goes here', - rejectUnauthorized: true, }, smtp: { ignoreTLS: true, @@ -786,7 +785,7 @@ describe('send_email module', () => { "secure": false, "tls": Object { "ca": "ca cert data goes here", - "rejectUnauthorized": true, + "rejectUnauthorized": false, }, }, ] @@ -811,7 +810,6 @@ describe('send_email module', () => { url: 'smtp://example.com:1025', ssl: { certificateAuthoritiesData: 'ca cert data goes here', - rejectUnauthorized: true, }, smtp: { requireTLS: true, @@ -837,7 +835,6 @@ describe('send_email module', () => { "secure": false, "tls": Object { "ca": "ca cert data goes here", - "rejectUnauthorized": true, }, }, ] diff --git a/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.ts b/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.ts index 199d96f352389..06ae036f40b2c 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/email/send_email.ts @@ -289,10 +289,7 @@ function getTransportConfig( tlsConfig.ca = sslSettings?.certificateAuthoritiesData; } - const sslSettingsFromConfig = getSSLSettingsFromConfig( - sslSettings?.verificationMode, - sslSettings?.rejectUnauthorized - ); + const sslSettingsFromConfig = getSSLSettingsFromConfig(sslSettings?.verificationMode); const nodeTLSOptions = getNodeSSLOptions(logger, sslSettingsFromConfig.verificationMode); if (!transportConfig.tls) { transportConfig.tls = { ...tlsConfig, ...nodeTLSOptions }; diff --git a/x-pack/test/alerting_api_integration/common/config.ts b/x-pack/test/alerting_api_integration/common/config.ts index 3ff3def3f4b70..b8a576f99b8d0 100644 --- a/x-pack/test/alerting_api_integration/common/config.ts +++ b/x-pack/test/alerting_api_integration/common/config.ts @@ -88,7 +88,6 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions) verificationMode = 'full', preconfiguredAlertHistoryEsIndex = false, customizeLocalHostSsl = false, - rejectUnauthorized = true, // legacy emailDomainsAllowed = undefined, testFiles = undefined, reportName = undefined, @@ -128,7 +127,6 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions) ? [ `--xpack.actions.proxyUrl=http://localhost:${proxyPort}`, `--xpack.actions.proxyOnlyHosts=${JSON.stringify(proxyHosts)}`, - '--xpack.actions.proxyRejectUnauthorizedCertificates=false', ] : [ `--xpack.actions.proxyUrl=http://elastic.co`, @@ -212,7 +210,6 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions) `--xpack.alerting.enableFrameworkAlerts=true`, `--xpack.alerting.rulesSettings.cacheInterval=10000`, `--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`, - `--xpack.actions.rejectUnauthorized=${rejectUnauthorized}`, `--xpack.actions.microsoftGraphApiUrl=${servers.kibana.protocol}://${servers.kibana.hostname}:${servers.kibana.port}/api/_actions-FTS-external-service-simulators/exchange/users/test@/sendMail`, `--xpack.actions.ssl.verificationMode=${verificationMode}`, ...actionsProxyUrl, diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/connector_types/stack/webhook.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/connector_types/stack/webhook.ts index 03cdc6b966a75..d25ac1a5f135f 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/actions/connector_types/stack/webhook.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/actions/connector_types/stack/webhook.ts @@ -100,24 +100,6 @@ export default function webhookTest({ getService }: FtrProviderContext) { }); describe('ssl customization', () => { - it('should handle the xpack.actions.rejectUnauthorized: false', async () => { - const connectorId = 'custom.ssl.noCustom'; - const port = await getPortOfConnector(connectorId); - const server = await createTlsWebhookServer(port); - const { status, body } = await supertest - .post(`/api/actions/connector/${connectorId}/_execute`) - .set('kbn-xsrf', 'test') - .send({ - params: { - body: 'foo', - }, - }); - expect(status).to.eql(200); - server.close(); - - expect(body.status).to.eql('ok'); - }); - it('should handle the customized rejectUnauthorized: false', async () => { const connectorId = 'custom.ssl.rejectUnauthorizedFalse'; const port = await getPortOfConnector(connectorId); diff --git a/x-pack/test/alerting_api_integration/spaces_only_legacy/tests/actions/connector_types/stack/webhook.ts b/x-pack/test/alerting_api_integration/spaces_only_legacy/tests/actions/connector_types/stack/webhook.ts index d0865e5160fe5..b1d56f600585d 100644 --- a/x-pack/test/alerting_api_integration/spaces_only_legacy/tests/actions/connector_types/stack/webhook.ts +++ b/x-pack/test/alerting_api_integration/spaces_only_legacy/tests/actions/connector_types/stack/webhook.ts @@ -126,24 +126,6 @@ export default function webhookTest({ getService }: FtrProviderContext) { }); describe('ssl customization', () => { - it('should handle the xpack.actions.rejectUnauthorized: false', async () => { - const connectorId = 'custom.ssl.noCustom'; - const port = await getPortOfConnector(connectorId); - const server = await createTlsWebhookServer(port); - const { status, body } = await supertest - .post(`/api/actions/connector/${connectorId}/_execute`) - .set('kbn-xsrf', 'test') - .send({ - params: { - body: 'foo', - }, - }); - expect(status).to.eql(200); - server.close(); - - expect(body.status).to.eql('ok'); - }); - it('should handle the customized rejectUnauthorized: false', async () => { const connectorId = 'custom.ssl.rejectUnauthorizedFalse'; const port = await getPortOfConnector(connectorId);