[Cloud Security] add is_internal config option for outputs (elastic#1…

…75546) ## Summary - part of elastic#165251 introducing a new `is_internal` config option for `xpack.fleet.outputs`. The usage is currently to protect the internal outputs in the UI: - filter out internal outputs in the Settings UI - disable internal outputs in output select for an agent policy ### Screencast [screencast-github.com-2024.01.26-15_57_56.webm](https://github.com/elastic/kibana/assets/478762/917b4a76-a48f-4bdc-b3d8-5598f86febf8) ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Kyle Pollich <[email protected]>
fkanout · Mar 4, 2024 · 32b69f1 · 32b69f1
1 parent edf04d4
commit 32b69f1
Show file tree

Hide file tree

Showing 25 changed files with 220 additions and 7 deletions.
diff --git a/docs/settings/fleet-settings.asciidoc b/docs/settings/fleet-settings.asciidoc
@@ -207,6 +207,8 @@ NOTE: The `xpack.fleet.outputs` settings are intended for advanced configuration
     If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent data unless there is another one configured specifically for the agent policy.
   `is_default_monitoring`::: 
     If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent monitoring data unless there is another one configured specifically for the agent policy.
+  `is_internal`:::
+    If `true`, the output specified in `xpack.fleet.outputs` will not appear in the UI, and can only be managed via `kibana.yml` or the Fleet API.
   `config`::: 
     Extra config for that output.
   `proxy_id`:::

diff --git a/packages/kbn-check-mappings-update-cli/current_fields.json b/packages/kbn-check-mappings-update-cli/current_fields.json
@@ -523,6 +523,7 @@
     "hosts",
     "is_default",
     "is_default_monitoring",
+    "is_internal",
     "is_preconfigured",
     "key",
     "name",

diff --git a/packages/kbn-check-mappings-update-cli/current_mappings.json b/packages/kbn-check-mappings-update-cli/current_mappings.json
@@ -1697,6 +1697,10 @@
         "type": "boolean",
         "index": false
       },
+      "is_internal": {
+        "type": "boolean",
+        "index": false
+      },
       "ssl": {
         "type": "binary"
       },

diff --git a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts
@@ -107,7 +107,7 @@ describe('checking migration metadata changes on all registered SO types', () =>
         "infrastructure-ui-source": "113182d6895764378dfe7fa9fa027244f3a457c4",
         "ingest-agent-policies": "7633e578f60c074f8267bc50ec4763845e431437",
         "ingest-download-sources": "279a68147e62e4d8858c09ad1cf03bd5551ce58d",
-        "ingest-outputs": "e36a25e789f22b4494be728321f4304a040e286b",
+        "ingest-outputs": "ba8ef97414bc983efdf1c4285afa622df8b4344a",
         "ingest-package-policies": "f4c2767e852b700a8b82678925b86bac08958b43",
         "ingest_manager_settings": "91445219e7115ff0c45d1dabd5d614a80b421797",
         "inventory-view": "b8683c8e352a286b4aca1ab21003115a4800af83",

diff --git a/x-pack/plugins/fleet/common/openapi/bundled.json b/x-pack/plugins/fleet/common/openapi/bundled.json
@@ -7936,6 +7936,9 @@
           "is_default_monitoring": {
             "type": "boolean"
           },
+          "is_internal": {
+            "type": "boolean"
+          },
           "name": {
             "type": "string"
           },
@@ -8037,6 +8040,9 @@
           "is_default_monitoring": {
             "type": "boolean"
           },
+          "is_internal": {
+            "type": "boolean"
+          },
           "name": {
             "type": "string"
           },
@@ -8260,6 +8266,9 @@
           "is_default_monitoring": {
             "type": "boolean"
           },
+          "is_internal": {
+            "type": "boolean"
+          },
           "name": {
             "type": "string"
           },
@@ -8366,6 +8375,9 @@
           "is_default_monitoring": {
             "type": "boolean"
           },
+          "is_internal": {
+            "type": "boolean"
+          },
           "name": {
             "type": "string"
           },
@@ -8436,6 +8448,9 @@
           "is_default_monitoring": {
             "type": "boolean"
           },
+          "is_internal": {
+            "type": "boolean"
+          },
           "name": {
             "type": "string"
           },
@@ -8539,6 +8554,9 @@
           "is_default_monitoring": {
             "type": "boolean"
           },
+          "is_internal": {
+            "type": "boolean"
+          },
           "name": {
             "type": "string"
           },
@@ -8742,6 +8760,9 @@
           "is_default_monitoring": {
             "type": "boolean"
           },
+          "is_internal": {
+            "type": "boolean"
+          },
           "name": {
             "type": "string"
           },

diff --git a/x-pack/plugins/fleet/common/openapi/bundled.yaml b/x-pack/plugins/fleet/common/openapi/bundled.yaml
@@ -5121,6 +5121,8 @@ components:
           type: boolean
         is_default_monitoring:
           type: boolean
+        is_internal:
+          type: boolean
         name:
           type: string
         type:
@@ -5189,6 +5191,8 @@ components:
           type: boolean
         is_default_monitoring:
           type: boolean
+        is_internal:
+          type: boolean
         name:
           type: string
         type:
@@ -5337,6 +5341,8 @@ components:
           type: boolean
         is_default_monitoring:
           type: boolean
+        is_internal:
+          type: boolean
         name:
           type: string
         type:
@@ -5407,6 +5413,8 @@ components:
           type: boolean
         is_default_monitoring:
           type: boolean
+        is_internal:
+          type: boolean
         name:
           type: string
         type:
@@ -5450,6 +5458,8 @@ components:
           type: boolean
         is_default_monitoring:
           type: boolean
+        is_internal:
+          type: boolean
         name:
           type: string
         type:
@@ -5520,6 +5530,8 @@ components:
           type: boolean
         is_default_monitoring:
           type: boolean
+        is_internal:
+          type: boolean
         name:
           type: string
         type:
@@ -5654,6 +5666,8 @@ components:
           type: boolean
         is_default_monitoring:
           type: boolean
+        is_internal:
+          type: boolean
         name:
           type: string
         type:

diff --git a/.../plugins/fleet/common/openapi/components/schemas/output_create_request_elasticsearch.yaml b/.../plugins/fleet/common/openapi/components/schemas/output_create_request_elasticsearch.yaml
@@ -7,6 +7,8 @@ properties:
     type: boolean
   is_default_monitoring:
     type: boolean
+  is_internal:
+    type: boolean
   name:
     type: string
   type:

diff --git a/x-pack/plugins/fleet/common/openapi/components/schemas/output_create_request_kafka.yaml b/x-pack/plugins/fleet/common/openapi/components/schemas/output_create_request_kafka.yaml
@@ -7,6 +7,8 @@ properties:
     type: boolean
   is_default_monitoring:
     type: boolean
+  is_internal:
+    type: boolean
   name:
     type: string
   type:

diff --git a/x-pack/plugins/fleet/common/openapi/components/schemas/output_create_request_logstash.yaml b/x-pack/plugins/fleet/common/openapi/components/schemas/output_create_request_logstash.yaml
@@ -7,6 +7,8 @@ properties:
     type: boolean
   is_default_monitoring:
     type: boolean
+  is_internal:
+    type: boolean
   name:
     type: string
   type:

diff --git a/...s/fleet/common/openapi/components/schemas/output_create_request_remote_elasticsearch.yaml b/...s/fleet/common/openapi/components/schemas/output_create_request_remote_elasticsearch.yaml
@@ -7,6 +7,8 @@ properties:
     type: boolean
   is_default_monitoring:
     type: boolean
+  is_internal:
+    type: boolean
   name:
     type: string
   type:

diff --git a/.../plugins/fleet/common/openapi/components/schemas/output_update_request_elasticsearch.yaml b/.../plugins/fleet/common/openapi/components/schemas/output_update_request_elasticsearch.yaml
@@ -7,6 +7,8 @@ properties:
     type: boolean
   is_default_monitoring:
     type: boolean
+  is_internal:
+    type: boolean
   name:
     type: string
   type:

diff --git a/x-pack/plugins/fleet/common/openapi/components/schemas/output_update_request_kafka.yaml b/x-pack/plugins/fleet/common/openapi/components/schemas/output_update_request_kafka.yaml
@@ -7,6 +7,8 @@ properties:
     type: boolean
   is_default_monitoring:
     type: boolean
+  is_internal:
+    type: boolean
   name:
     type: string
   type:

diff --git a/x-pack/plugins/fleet/common/openapi/components/schemas/output_update_request_logstash.yaml b/x-pack/plugins/fleet/common/openapi/components/schemas/output_update_request_logstash.yaml
@@ -7,6 +7,8 @@ properties:
     type: boolean
   is_default_monitoring:
     type: boolean
+  is_internal:
+    type: boolean
   name:
     type: string
   type:

diff --git a/x-pack/plugins/fleet/common/types/models/output.ts b/x-pack/plugins/fleet/common/types/models/output.ts
@@ -35,6 +35,7 @@ export type OutputPreset = 'custom' | 'balanced' | 'throughput' | 'scale' | 'lat
 interface NewBaseOutput {
   is_default: boolean;
   is_default_monitoring: boolean;
+  is_internal?: boolean;
   is_preconfigured?: boolean;
   name: string;
   type: ValueOf<OutputType>;

diff --git a/x-pack/plugins/fleet/cypress/e2e/fleet_settings_outputs.cy.ts b/x-pack/plugins/fleet/cypress/e2e/fleet_settings_outputs.cy.ts
@@ -594,4 +594,34 @@ queue:
       });
     });
   });
+
+  describe('Outputs List', () => {
+    beforeEach(() => {
+      cy.intercept('/api/fleet/outputs', {
+        items: [
+          {
+            id: 'fleet-default-output',
+            name: 'default',
+            type: 'elasticsearch',
+            is_default: true,
+            is_default_monitoring: true,
+          },
+          {
+            id: 'internal-fleet-output',
+            name: 'internal output',
+            type: 'elasticsearch',
+            is_default: false,
+            is_default_monitoring: false,
+            is_internal: true,
+          },
+        ],
+      });
+
+      cy.visit('/app/fleet/settings');
+    });
+
+    it('should not display internal outputs', () => {
+      cy.getBySel(SETTINGS_OUTPUTS.TABLE).should('not.contain', 'internal output');
+    });
+  });
 });
diff --git a/x-pack/plugins/fleet/cypress/screens/fleet.ts b/x-pack/plugins/fleet/cypress/screens/fleet.ts
@@ -119,6 +119,7 @@ export const AGENT_BINARY_SOURCES_FLYOUT = {
 export const SETTINGS_OUTPUTS = {
   EDIT_BTN: 'editOutputBtn',
   ADD_BTN: 'addOutputBtn',
+  TABLE: 'settingsOutputsTable',
   NAME_INPUT: 'settingsOutputsFlyout.nameInput',
   TYPE_INPUT: 'settingsOutputsFlyout.typeInput',
   ADD_HOST_ROW_BTN: 'fleetServerHosts.multiRowInput.addRowButton',

diff --git a/...ations/fleet/sections/agent_policy/components/agent_policy_advanced_fields/hooks.test.tsx b/...ations/fleet/sections/agent_policy/components/agent_policy_advanced_fields/hooks.test.tsx
@@ -120,6 +120,39 @@ const mockApiCallsWithRemoteESOutputs = (http: MockedFleetStartServices['http'])
   });
 };
 
+const mockApiCallsWithInternalOutputs = (http: MockedFleetStartServices['http']) => {
+  http.get.mockImplementation(async (path) => {
+    if (typeof path !== 'string') {
+      throw new Error('Invalid request');
+    }
+    if (path === '/api/fleet/outputs') {
+      return {
+        data: {
+          items: [
+            {
+              id: 'default-output',
+              name: 'Default',
+              type: 'elasticsearch',
+              is_default: true,
+              is_default_monitoring: true,
+            },
+            {
+              id: 'internal-output',
+              name: 'Internal',
+              type: 'elasticsearch',
+              is_default: false,
+              is_default_monitoring: false,
+              is_internal: true,
+            },
+          ],
+        },
+      };
+    }
+
+    return defaultHttpClientGetImplementation(path);
+  });
+};
+
 describe('useOutputOptions', () => {
   it('should generate enabled options if the licence is platinium', async () => {
     const testRenderer = createFleetTestRendererMock();
@@ -550,4 +583,56 @@ describe('useOutputOptions', () => {
     expect(result.current.monitoringOutputOptions.length).toEqual(2);
     expect(result.current.monitoringOutputOptions[1].value).toEqual('remote1');
   });
+
+  it('should not enable internal outputs', async () => {
+    const testRenderer = createFleetTestRendererMock();
+    mockedUseLicence.mockReturnValue({
+      hasAtLeast: () => true,
+    } as unknown as LicenseService);
+    mockApiCallsWithInternalOutputs(testRenderer.startServices.http);
+    const { result, waitForNextUpdate } = testRenderer.renderHook(() =>
+      useOutputOptions({} as AgentPolicy)
+    );
+    expect(result.current.isLoading).toBeTruthy();
+
+    await waitForNextUpdate();
+    expect(result.current.dataOutputOptions).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "disabled": false,
+          "inputDisplay": "Default (currently Default)",
+          "value": "@@##DEFAULT_SELECT##@@",
+        },
+        Object {
+          "disabled": false,
+          "inputDisplay": "Default",
+          "value": "default-output",
+        },
+        Object {
+          "disabled": true,
+          "inputDisplay": "Internal",
+          "value": "internal-output",
+        },
+      ]
+    `);
+    expect(result.current.monitoringOutputOptions).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "disabled": undefined,
+          "inputDisplay": "Default (currently Default)",
+          "value": "@@##DEFAULT_SELECT##@@",
+        },
+        Object {
+          "disabled": false,
+          "inputDisplay": "Default",
+          "value": "default-output",
+        },
+        Object {
+          "disabled": true,
+          "inputDisplay": "Internal",
+          "value": "internal-output",
+        },
+      ]
+    `);
+  });
 });