diff --git a/x-pack/plugins/data_usage/server/config.ts b/x-pack/plugins/data_usage/server/config.ts index c6721592b6aac..7dd664f35288b 100644 --- a/x-pack/plugins/data_usage/server/config.ts +++ b/x-pack/plugins/data_usage/server/config.ts @@ -20,6 +20,7 @@ export const configSchema = schema.object({ schema.object({ certificate: schema.maybe(schema.string()), key: schema.maybe(schema.string()), + ca: schema.maybe(schema.string()), }) ), }) diff --git a/x-pack/plugins/data_usage/server/services/autoops_api.ts b/x-pack/plugins/data_usage/server/services/autoops_api.ts index 582cd7ab33046..c1b96a973d9d7 100644 --- a/x-pack/plugins/data_usage/server/services/autoops_api.ts +++ b/x-pack/plugins/data_usage/server/services/autoops_api.ts @@ -52,23 +52,12 @@ export class AutoOpsAPIService { throw new AutoOpsError(AUTO_OPS_MISSING_CONFIG_ERROR); } - if (!autoopsConfig.api?.url) { - this.logger.error(`[AutoOps API] Missing API URL in the configuration.`, errorMetadata); - throw new AutoOpsError('Missing API URL in AutoOps configuration.'); - } - - if (!autoopsConfig.api?.tls?.certificate || !autoopsConfig.api?.tls?.key) { - this.logger.error( - `[AutoOps API] Missing required TLS certificate or key in the configuration.`, - errorMetadata - ); - throw new AutoOpsError('Missing required TLS certificate or key in AutoOps configuration.'); - } - this.logger.debug( - `[AutoOps API] Creating autoops agent with request URL: ${autoopsConfig.api.url} and TLS cert: [REDACTED] and TLS key: [REDACTED]` + `[AutoOps API] Creating autoops agent with TLS cert: ${ + autoopsConfig?.api?.tls?.certificate ? '[REDACTED]' : 'undefined' + } and TLS key: ${autoopsConfig?.api?.tls?.key ? '[REDACTED]' : 'undefined'} + and TLS ca: ${autoopsConfig?.api?.tls?.ca ? '[REDACTED]' : 'undefined'}` ); - const controller = new AbortController(); const tlsConfig = this.createTlsConfig(autoopsConfig); const cloudSetup = appContextService.getCloud(); @@ -180,6 +169,7 @@ export class AutoOpsAPIService { enabled: true, certificate: autoopsConfig?.api?.tls?.certificate, key: autoopsConfig?.api?.tls?.key, + certificateAuthorities: autoopsConfig?.api?.tls?.ca, }) ); } @@ -197,6 +187,7 @@ export class AutoOpsAPIService { ...requestConfig.httpsAgent.options, cert: requestConfig.httpsAgent.options.cert ? 'REDACTED' : undefined, key: requestConfig.httpsAgent.options.key ? 'REDACTED' : undefined, + ca: requestConfig.httpsAgent.options.ca ? 'REDACTED' : undefined, }, }, }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/config.ts b/x-pack/test_serverless/api_integration/test_suites/observability/config.ts index fa0714aa61544..97a30d0f340f9 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/config.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/config.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; +import { CA_CERT_PATH, KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; import { createTestConfig } from '../../config.base'; import { services as apmServices } from './apm_api_integration/common/services'; import { services as datasetQualityServices } from './dataset_quality_api_integration/common/services'; @@ -32,5 +32,6 @@ export default createTestConfig({ '--xpack.dataUsage.autoops.api.url=http://localhost:9000', `--xpack.dataUsage.autoops.api.tls.certificate=${KBN_CERT_PATH}`, `--xpack.dataUsage.autoops.api.tls.key=${KBN_KEY_PATH}`, + `--xpack.dataUsage.autoops.api.tls.ca=${CA_CERT_PATH}`, ], }); diff --git a/x-pack/test_serverless/api_integration/test_suites/search/config.ts b/x-pack/test_serverless/api_integration/test_suites/search/config.ts index 4db3e86bb9787..9f02dc98b88c3 100644 --- a/x-pack/test_serverless/api_integration/test_suites/search/config.ts +++ b/x-pack/test_serverless/api_integration/test_suites/search/config.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; +import { CA_CERT_PATH, KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; import { createTestConfig } from '../../config.base'; export default createTestConfig({ @@ -28,5 +28,6 @@ export default createTestConfig({ '--xpack.dataUsage.autoops.api.url=http://localhost:9000', `--xpack.dataUsage.autoops.api.tls.certificate=${KBN_CERT_PATH}`, `--xpack.dataUsage.autoops.api.tls.key=${KBN_KEY_PATH}`, + `--xpack.dataUsage.autoops.api.tls.ca=${CA_CERT_PATH}`, ], }); diff --git a/x-pack/test_serverless/api_integration/test_suites/security/config.ts b/x-pack/test_serverless/api_integration/test_suites/security/config.ts index 511ec3176ef6f..52b933a22b086 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/config.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/config.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; +import { CA_CERT_PATH, KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; import { createTestConfig } from '../../config.base'; export default createTestConfig({ @@ -32,5 +32,6 @@ export default createTestConfig({ '--xpack.dataUsage.autoops.api.url=http://localhost:9000', `--xpack.dataUsage.autoops.api.tls.certificate=${KBN_CERT_PATH}`, `--xpack.dataUsage.autoops.api.tls.key=${KBN_KEY_PATH}`, + `--xpack.dataUsage.autoops.api.tls.ca=${CA_CERT_PATH}`, ], }); diff --git a/x-pack/test_serverless/functional/test_suites/observability/config.ts b/x-pack/test_serverless/functional/test_suites/observability/config.ts index 41093df640976..9fffd5623f0a3 100644 --- a/x-pack/test_serverless/functional/test_suites/observability/config.ts +++ b/x-pack/test_serverless/functional/test_suites/observability/config.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; +import { CA_CERT_PATH, KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; import { createTestConfig } from '../../config.base'; export default createTestConfig({ @@ -25,5 +25,6 @@ export default createTestConfig({ '--xpack.dataUsage.autoops.api.url=http://localhost:9000', `--xpack.dataUsage.autoops.api.tls.certificate=${KBN_CERT_PATH}`, `--xpack.dataUsage.autoops.api.tls.key=${KBN_KEY_PATH}`, + `--xpack.dataUsage.autoops.api.tls.ca=${CA_CERT_PATH}`, ], }); diff --git a/x-pack/test_serverless/functional/test_suites/search/config.ts b/x-pack/test_serverless/functional/test_suites/search/config.ts index 5c52828a11659..aef26951908d0 100644 --- a/x-pack/test_serverless/functional/test_suites/search/config.ts +++ b/x-pack/test_serverless/functional/test_suites/search/config.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; +import { CA_CERT_PATH, KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; import { createTestConfig } from '../../config.base'; export default createTestConfig({ @@ -28,6 +28,7 @@ export default createTestConfig({ '--xpack.dataUsage.autoops.api.url=http://localhost:9000', `--xpack.dataUsage.autoops.api.tls.certificate=${KBN_CERT_PATH}`, `--xpack.dataUsage.autoops.api.tls.key=${KBN_KEY_PATH}`, + `--xpack.dataUsage.autoops.api.tls.ca=${CA_CERT_PATH}`, ], apps: { serverlessElasticsearch: { diff --git a/x-pack/test_serverless/functional/test_suites/security/config.ts b/x-pack/test_serverless/functional/test_suites/security/config.ts index 6bf456e5f6d55..1693a07b0e844 100644 --- a/x-pack/test_serverless/functional/test_suites/security/config.ts +++ b/x-pack/test_serverless/functional/test_suites/security/config.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; +import { CA_CERT_PATH, KBN_CERT_PATH, KBN_KEY_PATH } from '@kbn/dev-utils'; import { createTestConfig } from '../../config.base'; export default createTestConfig({ @@ -25,5 +25,6 @@ export default createTestConfig({ '--xpack.dataUsage.autoops.api.url=http://localhost:9000', `--xpack.dataUsage.autoops.api.tls.certificate=${KBN_CERT_PATH}`, `--xpack.dataUsage.autoops.api.tls.key=${KBN_KEY_PATH}`, + `--xpack.dataUsage.autoops.api.tls.ca=${CA_CERT_PATH}`, ], });