Add support for synthetics global parameters #1155
Conversation
|
Hmm, looking into the CI failures |
This adds support for creating synthetics global parameters, which are
used to store secrets used for synthetics monitors.
This implementation is based on what we already do for synthetics
private locations. This is mostly just a simple wrapper around API
calls, except we currently requery the resource after creating it or
updating it. This is because Kibana (at least in 9.0.0) has some
unexpected responses for /api/synthetics/params:
1. The POST request to create a parameter does not include the `value`
field in the response.
2. The PUT request to update a parameter returns the new values for all
fields, except for `value`, which contains the old secret.
3. None of the responses include the `share_across_spaces` value, which
can only be inferred by checking of `namespaces` is `["*"]`.
We also use the undocumented `DELETE /api/synthetics/params` API that
the Kibana UI uses due to many quirks with the deletion APIs in various
versions of Kibana. I tested every single version of Kibana since the
parameter APIs were introduced (8.12.0) and this one is the only one
that works on all versions.
* `DELETE /api/synthetics/params/<id>` (from documentation)
- Works on >=8.17.0.
- HTTP 404 on 8.12.x through 8.16.x.
* `DELETE /api/synthetics/params/_bulk_delete` (from documentation)
- HTTP 400 on 9.0.x with error message about URL parameters and body
provided at the same time (`_bulk_delete` interpreted as parameter
ID?).
- HTTP 403 on 8.18.x with error message about missing `uptime-read` and
`uptime-write` permissions despite having the `superuser` role.
- HTTP 403 with no details on 8.17.x.
- HTTP 404 on 8.12.x through 8.16.x.
* `POST /api/synthetics/params/_bulk_delete` (from comment in documentation
example)
- Works on >=8.17.0.
- HTTP 404 on 8.12.x through 8.16.x.
* `DELETE /api/synthetics/params` (what the Kibana UI does)
- Works on >=8.12.0.
Finally, this updates the Github Actions workflow to run the tests using
HTTP basic auth instead of API keys. On all versions of Kibana, the
params endpoint fails to return the current value when using API keys,
even if permissions are not restricted for the key. Explicitly granting
the key all permissions to Kibana does not work either.
Fixes: elastic#1152
Signed-off-by: Andrew Gunnerson <[email protected]>
agunnerson-elastic
force-pushed
the
synthetics-params
branch
from
57d4846 to
0f147fb
Compare
|
CI is fixed! Turns out there are a lot of quirks with the deletion APIs. I tested all 39 Kibana versions between 8.12.0 and 9.0.2 and ended up using |
|
Have we opened issues in the Kibana repo to cover these problems? |
Hey @tobio! Yep, I plan to do so, but haven't yet. |
| Parameter: &KibanaSyntheticsParameterAPI{ | ||
| Add: newKibanaSyntheticsParameterAddFunc(c), | ||
| Delete: newKibanaSyntheticsParameterDeleteFunc(c), | ||
| Get: newKibanaSyntheticsParameterGetFunc(c), | ||
| Update: newKibanaSyntheticsParameterUpdateFunc(c), | ||
| }, |
There was a problem hiding this comment.
We're trying to move everything to a client generated from the Kibana openapi spec. It's not as smooth as I'd like at the moment, but I've done a bit of the work to get started in this commit. Would you be able to migrate this PR over to that client instead of updating this one?
Given the delete endpoint you're using here is undocumented we may need to leave that code in here, but at least for get/post/put we should be able to use the generated client.
There was a problem hiding this comment.
Thanks for starting the work on that! I'll give it a shot.
There was a problem hiding this comment.
I just pushed c7d42a3. The synthetics parameters stuff is working, but it looks like the fleet tests are failing. The only place I'm seeing any changes related to fleet is in generated/kbapi/kibana.gen.go, but I'm not sure why. It seems like the OAPI changes are additive. Any idea what might be going on?
There was a problem hiding this comment.
Sorry for taking ages here. The failures in this PR are all fixed by #1189. We should just be able to merge main when it's fixed.
There was a problem hiding this comment.
Thank you!
…update Signed-off-by: Andrew Gunnerson <[email protected]>
Co-Authored-By: Toby Brain <[email protected]> Signed-off-by: Andrew Gunnerson <[email protected]>
* origin/main: (23 commits) Regenerate Kibana client (elastic#1189) Addressing feedback on elastic#1178 (elastic#1180) Bump github.com/getkin/kin-openapi from 0.127.0 to 0.131.0 (elastic#1190) Remove explicit misspell (elastic#1182) Move tools to go.mod managed tools (elastic#1185) fix(deps): update module github.com/hashicorp/terraform-plugin-docs to v0.22.0 (elastic#1188) Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 in /tools (elastic#1187) Migrate the System User resource to the plugin framework. (elastic#1154) Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in /tools (elastic#1184) Bump golang.org/x/net from 0.36.0 to 0.38.0 in /libs/go-kibana-rest (elastic#1183) chore(deps): update golang:1.24.4 docker digest to 20a022e (elastic#1177) Bump github.com/getkin/kin-openapi from 0.127.0 to 0.131.0 in /tools (elastic#1181) Add basic docs around the current kbapi generation (elastic#1178) chore(deps): update module github.com/golangci/golangci-lint to v2.2.1 (elastic#1176) chore(deps): update docker.elastic.co/elasticsearch/elasticsearch docker tag to v9.0.3 (elastic#1170) chore(deps): update docker.elastic.co/kibana/kibana docker tag to v9.0.3 (elastic#1171) chore(deps): update dependency go to v1.24.4 (elastic#1159) fix(deps): update module github.com/elastic/go-elasticsearch/v8 to v8.18.1 (elastic#1168) chore(deps): update golang docker tag to v1.24.4 (elastic#1161) fix(deps): update module github.com/goreleaser/goreleaser/v2 to v2.10.2 (elastic#1162) ...
* origin/main: Add description to kibana role resource (elastic#1186)
2 participants
Add support for synthetics global parameters
This adds support for creating synthetics global parameters, which are
used to store secrets used for synthetics monitors.
This implementation is based on what we already do for synthetics
private locations. This is mostly just a simple wrapper around API calls, except we currently requery the resource after creating it or updating it. This is because Kibana (at least in 9.0.0) has some unexpected responses for
/api/synthetics/params:valuefield in the response.value, which contains the old secret.share_across_spacesvalue, which can only be inferred by checking ofnamespacesis["*"].We also use the undocumented
DELETE /api/synthetics/paramsAPI that the Kibana UI uses due to many quirks with the deletion APIs in various versions of Kibana. I tested every single version of Kibana since the parameter APIs were introduced (8.12.0) and this one is the only one that works on all versions.DELETE /api/synthetics/params/<id>(from documentation)DELETE /api/synthetics/params/_bulk_delete(from documentation)_bulk_deleteinterpreted as parameter ID?).uptime-readanduptime-writepermissions despite having thesuperuserrole.POST /api/synthetics/params/_bulk_delete(from comment in documentation example)DELETE /api/synthetics/params(what the Kibana UI does)Finally, this updates the Github Actions workflow to run the tests using HTTP basic auth instead of API keys. On all versions of Kibana, the params endpoint fails to return the current value when using API keys, even if permissions are not restricted for the key. Explicitly granting the key all permissions to Kibana does not work either.
Fixes: #1152