search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.7k stars 8.24k forks source link

[Connectors] Implement support for `Proxy-Authorization`. #106770

Open YulNaumenko opened 3 years ago

YulNaumenko commented 3 years ago

Describe the feature: Based on the [\enhancement request and existing SDHs information, we need to provide the possibility for the proxy authorization for Alerting connectors. Research results: Actions proxy functionality was build on top of the HttpsProxyAgent which is internally adding Proxy-Authorization: Basic xxx header if the option auth of HttpsProxyAgentOptions was populated https://github.com/TooTallNate/node-https-proxy-agent/blob/master/src/agent.ts#L106. According to the existing implementation, we are not passing username/password to the proxy agent auth of HttpsProxyAgentOptions. Option for the resolution: Implement support for Proxy-Authorization as a part of setting for HttpsProxyAgentOptions . It could be done the same way it is implemented in the fleet plugin as part of the xpack.actions.proxyUrl or by adding new configuration settings xpack.actions.proxy.auth.username and xpack.actions.proxy.auth.password: https://github.com/elastic/kibana/blob/4a541883557bcee83baf09b2c0ddab702f780e45/x-pack/plugins/fleet/server/services/epm/registry/proxy.ts#L42

elasticmachine commented 3 years ago

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

mikecote commented 3 years ago

cc @arisonl

wadsworthn commented 3 years ago

Hi there, I'm the user who raised this issue with Elastic and is the first time I'm going through this process. Can you please tell me what the timeline is for something such as this? Thanks Nigel Wadsworth

arisonl commented 3 years ago

Hi @wadsworthn, thank you for reaching out. This item is not prioritised yet. We will follow up here when it is planned but we do not provide timelines for requested/upcoming features.

pmuellr commented 2 years ago

We should also document the URL structure, since we appear to support user:password@ for http proxies, but ignore it (currently) for https proxies. Whatever we come up with here, would be useful to document what can be used in the URL.

pmuellr commented 7 months ago

It was noted in ER 20568 (link ^^^ for elasticians) that apparently Fleet supports proxy user/pass by embedding it in the proxy URL. Nice trick, though I'm not sure we want to support that, specifically, since it ties a secret and non-secret (user/pass and url) into one config value; seems like it would be better to separate them out.