[Cloud Security] Hide internal Fleet server host URL and ES Output #165251
Assignees
Labels
8.13 candidate
bug
Fixes for quality problems that affect the customer experience
Team:Cloud Security
Cloud Security team related
Comments
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
|
prioritizing https://github.com/elastic/security-team/issues/7557 vs this one as the incorrect agent version is blocking the Cloudformation (and probably other methods from working) while this one is mostly confusing UX. Plus @CohenIdo seems to have started working on https://github.com/elastic/security-team/issues/7482#top which covers more or less the same problem. If we introduce |
kfirpeled
added
the
bug
|
@maxcold recently @CohenIdo suggested a fix to https://github.com/elastic/security-team/issues/7482 Lets sync on that when you are available to understand what exactly is duplicated here |
|
These are not duplicate. This issue has to do with Fleet UX, unrelated to cloudformation or even cloudsecurity |
|
@kfirpeled @eyalkraft The issues are related in the sense that here we want to hide the internal host and in https://github.com/elastic/security-team/issues/7482 we want this internal host not to be picked up for Cloudformation/ Cloud Shell params. True that these are separate issues in two different parts of Kibana, but my thinking was that depending on the implementation the logic of "ignoring" the internal host could have been shared. I will check the PR @CohenIdo created to see if my thinking makes sense. Anyway hiding the internal fleet server seems less critical than the incorrect agent version on our Cloudformation/Cloud Shell (https://github.com/elastic/security-team/issues/7557) that's why I want to fix the agent version first |
|
moved to blocked - waiting for agentless epic planning |
maxcold
changed the title
3 tasks
maxcold
added a commit
that referenced
this issue
Jan 31, 2024
## Summary - part of #165251 introducing a new `is_internal` config option for `xpack.fleet.outputs`. The usage is currently to protect the internal outputs in the UI: - filter out internal outputs in the Settings UI - disable internal outputs in output select for an agent policy ### Screencast [screencast-github.com-2024.01.26-15_57_56.webm](https://github.com/elastic/kibana/assets/478762/917b4a76-a48f-4bdc-b3d8-5598f86febf8) ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Kyle Pollich <[email protected]>
3 tasks
maxcold
added a commit
that referenced
this issue
Feb 2, 2024
…tion (#175983) ## Summary - Follow up after #175546 - Part of #165251 introducing a new `is_internal` config option for `xpack.fleet.fleetServerHosts`. The usage is currently to protect the internal fleet server hosts in the UI: - filter them out in the Settings UI - disable internal hosts in the agent policy form ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: David Kilfoyle <[email protected]>
|
before we merge we need to wait till both
are deployed to all envs of kibana in serverless |
fkanout
pushed a commit
to fkanout/kibana
that referenced
this issue
Feb 7, 2024
…tion (elastic#175983) ## Summary - Follow up after elastic#175546 - Part of elastic#165251 introducing a new `is_internal` config option for `xpack.fleet.fleetServerHosts`. The usage is currently to protect the internal fleet server hosts in the UI: - filter them out in the Settings UI - disable internal hosts in the agent policy form ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: David Kilfoyle <[email protected]>
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this issue
Feb 15, 2024
…75546) ## Summary - part of elastic#165251 introducing a new `is_internal` config option for `xpack.fleet.outputs`. The usage is currently to protect the internal outputs in the UI: - filter out internal outputs in the Settings UI - disable internal outputs in output select for an agent policy ### Screencast [screencast-github.com-2024.01.26-15_57_56.webm](https://github.com/elastic/kibana/assets/478762/917b4a76-a48f-4bdc-b3d8-5598f86febf8) ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Kyle Pollich <[email protected]>
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this issue
Feb 15, 2024
…tion (elastic#175983) ## Summary - Follow up after elastic#175546 - Part of elastic#165251 introducing a new `is_internal` config option for `xpack.fleet.fleetServerHosts`. The usage is currently to protect the internal fleet server hosts in the UI: - filter them out in the Settings UI - disable internal hosts in the agent policy form ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: David Kilfoyle <[email protected]>
fkanout
pushed a commit
to fkanout/kibana
that referenced
this issue
Mar 4, 2024
…75546) ## Summary - part of elastic#165251 introducing a new `is_internal` config option for `xpack.fleet.outputs`. The usage is currently to protect the internal outputs in the UI: - filter out internal outputs in the Settings UI - disable internal outputs in output select for an agent policy ### Screencast [screencast-github.com-2024.01.26-15_57_56.webm](https://github.com/elastic/kibana/assets/478762/917b4a76-a48f-4bdc-b3d8-5598f86febf8) ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Kyle Pollich <[email protected]>
fkanout
pushed a commit
to fkanout/kibana
that referenced
this issue
Mar 4, 2024
…tion (elastic#175983) ## Summary - Follow up after elastic#175546 - Part of elastic#165251 introducing a new `is_internal` config option for `xpack.fleet.fleetServerHosts`. The usage is currently to protect the internal fleet server hosts in the UI: - filter them out in the Settings UI - disable internal hosts in the agent policy form ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: David Kilfoyle <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Motivation
As part of Agentless CSPM we introduced Internal fleet server host url and internal ES output on serverless projects.
This results with a confusing UX for serverless users using fleet.
Definition of done
Implementation Proposal:
is_internaloris_hiddenattribute to Fleet Server Host and Output, That can be preconfigured for Hosts/Outputs defined inkibana.yml./api/fleet/outputsand/api/fleet/fleet_server_hoststo filter out internal results. (Maybe filter here for outputs and here for Fleet Hosts)Out of scope
is_internalattribute. This will be taken care of by @olegsu.Related tasks/epics
The text was updated successfully, but these errors were encountered: