Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce preboot lifecycle stage #103636

Merged
merged 21 commits into from
Jul 20, 2021
Merged

Introduce preboot lifecycle stage #103636

merged 21 commits into from
Jul 20, 2021

Conversation

azasypkin
Copy link
Member

@azasypkin azasypkin commented Jun 29, 2021
edited
Loading

Summary

Implementation of the "RFC: Kibana preboot lifecycle stage.".

How to test

$ yarn start --plugin-path examples/preboot_example/ --prebootExample.enabled=true

Note to reviewers

Real preboot plugin will be implemented in the scope of #104068 and #102538.

In this PR I tried to write and update as much tests as it was feasible, and I'm planning to introduce a set of API integration and functional tests once we have a real preboot plugin (interactive setup mode #104068).

RFC: #99318.

@azasypkin azasypkin added release_note:breaking Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc Feature:New Feature New feature not correlating to an existing feature label v8.0.0 backport:skip This commit does not require backporting labels Jun 29, 2021
@azasypkin azasypkin self-assigned this Jul 1, 2021
@azasypkin azasypkin mentioned this pull request Jul 1, 2021
Closed
15 tasks
@azasypkin azasypkin force-pushed the issue-xxx-preboot-poc branch 2 times, most recently from c1ac601 to a608397 Compare July 5, 2021 13:04
@azasypkin azasypkin force-pushed the issue-xxx-preboot-poc branch 11 times, most recently from 7962391 to af0a654 Compare July 9, 2021 09:29
@azasypkin azasypkin force-pushed the issue-xxx-preboot-poc branch from af0a654 to 6751a1c Compare July 12, 2021 05:21
@azasypkin azasypkin marked this pull request as ready for review July 12, 2021 07:37
@azasypkin azasypkin requested review from a team as code owners July 12, 2021 07:37
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-core (Team:Core)

@azasypkin
Copy link
Member Author

azasypkin commented Jul 15, 2021
edited
Loading

Okay, I think I've replied to all you comments and handled everything that we already agreed on @pgayvallet @mshustov. There are three major potential improvements left that I've put proposals for (for this PR or follow-ups if it's OK for you), let me know what you think.

Thanks!

@azasypkin azasypkin requested review from pgayvallet and mshustov July 15, 2021 14:24
joshdover
joshdover approved these changes Jul 16, 2021
View reviewed changes
Copy link
Contributor

@joshdover joshdover left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't given this a thorough review, but I will rely on Pierre and Mikhail here as I already reviewed the RFC. I do have one comment regarding the testing of PluginsService but otherwise, LGTM

src/core/server/plugins/plugins_service.test.ts Outdated Show resolved Hide resolved
legrego
legrego reviewed Jul 19, 2021
View reviewed changes
Copy link
Member

@legrego legrego left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security changes LGTM, core changes are well-aligned with RFC, and all works as expected when testing locally -- nice work!

src/core/server/plugins/plugins_service.ts Outdated Show resolved Hide resolved
src/core/server/preboot/types.ts Outdated Show resolved Hide resolved
src/core/server/preboot/types.ts Outdated Show resolved Hide resolved
src/core/server/elasticsearch/elasticsearch_service.ts
Comment on lines +71 to +74
credentialsSpecified:
config.username !== undefined ||
config.password !== undefined ||
config.serviceAccountToken !== undefined,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question should we check for a client certificate here? If Kibana is configured for PKI-based auth, then checking for username, password, and serviceAccountToken would miss this

Copy link
Member Author

@azasypkin azasypkin Jul 19, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking we could just do something like this to cover PKI case since for PKI we'd need https or I'm missing something?

const noPKI = core.elasticsearch.config.hosts.length === 1 
  && core.elasticsearch.config.hosts[0] === 'http://localhost:9200';

http://localhost:9200 is a default, and if we have anything in hosts except for this default I believe we'll have to skip user setup (including PKI case).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah something like that could work. I was thinking about this in isolation, not about the bigger picture of "interactive setup mode". Someone looking at this config option might not understand that PKI-based credentials aren't considered as part of credentialsSpecified. I'm happy to ignore this for now, as we don't have an explicit need for this.

nchaulet
nchaulet approved these changes Jul 19, 2021
View reviewed changes
Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fleet changes 🚀

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
core 1071 1079 +8
Unknown metric groups

API count

id before after diff
core 2328 2358 +30

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @azasypkin

@azasypkin azasypkin added auto-backport Deprecated - use backport:version if exact versions are needed v7.15.0 and removed backport:skip This commit does not require backporting labels Jul 20, 2021
@azasypkin azasypkin merged commit 237256a into elastic:master Jul 20, 2021
@azasypkin azasypkin deleted the issue-xxx-preboot-poc branch July 20, 2021 04:52
@kibanamachine
Copy link
Contributor

💔 Backport failed

Status Branch Result
7.x Commit could not be cherrypicked due to conflicts

To backport manually run:
node scripts/backport --pr 103636

@azasypkin azasypkin mentioned this pull request Jul 20, 2021
Merged
azasypkin added a commit that referenced this pull request Jul 20, 2021
@azasypkin
Introduce preboot lifecycle stage (#103636) (#106194)
9aa5c80 
# Conflicts:
#	.github/CODEOWNERS
#	src/core/server/ui_settings/ui_settings_service.ts
@azasypkin azasypkin mentioned this pull request Jul 20, 2021
Closed
jloleysens added a commit to jloleysens/kibana that referenced this pull request Jul 20, 2021
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into reporting/onl…
17cbcc0 
…y-show-migrate-to-authzd-users

* 'master' of github.com:elastic/kibana: (187 commits)
  Space management page UX improvements (elastic#100448)
  [Reporting] Unskip flaky test when downloading CSV with "no data" (elastic#105252)
  Update dependency @elastic/charts to v33 (master) (elastic#105633)
  [Observability RAC] Improve alerts table columns (elastic#105446)
  Introduce `preboot` lifecycle stage (elastic#103636)
  [Security Solution] Invalid kql query timeline refresh bug (elastic#105525)
  skip flaky suite (elastic#106121)
  [Security Solution][Endpoint] Fix UI inconsistency between isolation forms and remove display of Pending isolation statuses (elastic#106118)
  docs: APM RUM Source map API (elastic#105332)
  [CTI] Adds indicator match rule improvements (elastic#97310)
  [Security Solution] update text for Isolation action submissions (elastic#105956)
  EP Meta Telemetry Perf (elastic#104396)
  [Metrics UI] Drop partial buckets from ALL Metrics UI queries (elastic#104784)
  Remove beta admonitions for Fleet docs (elastic#106010)
  [Observability RAC] Remove indexing of rule evaluation documents (elastic#104970)
  Parameterize migration test for kibana version (elastic#105417)
  [Alerting] Allow rule to execute if the value is 0 and that mets the condition (elastic#105626)
  [ML] Fix Index data visualizer sometimes shows wrong doc count for saved searches (elastic#106007)
  [Security Solution] UX fixes for Policy page and Case Host Isolation comment (elastic#106027)
  [Security Solution]Memory protection configuration card for policies integration. (elastic#101365)
  ...

# Conflicts:
#	x-pack/plugins/reporting/public/management/report_listing.test.tsx
#	x-pack/plugins/reporting/public/management/report_listing.tsx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@legrego legrego legrego approved these changes

@joshdover joshdover joshdover approved these changes

@nchaulet nchaulet nchaulet approved these changes

@smith smith smith approved these changes

@pgayvallet pgayvallet Awaiting requested review from pgayvallet

@mshustov mshustov Awaiting requested review from mshustov

Assignees

@azasypkin azasypkin

Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:New Feature New feature not correlating to an existing feature label release_note:skip Skip the PR/issue when compiling release notes Team:APM All issues that need APM UI Team support Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc Team:Fleet Team label for Observability Data Collection Fleet team v7.15.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@azasypkin @elasticmachine @pgayvallet @kibanamachine @smith @nchaulet @joshdover @mshustov @legrego