search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.76k stars 8.16k forks source link

Synthetics global parameters will remove line breaks #189434

Open asmith-elastic opened 2 months ago

asmith-elastic commented 2 months ago

Kibana version: 8.14.3

Elasticsearch version: 8.14.3

Original install method (e.g. download page, yum, from source, etc.): ESS

Describe the bug:

Synthetics global parameters will automatically trim line breaks from the defined value. This prohibits the ability to define a PEM encoded certificate within a global parameter as the required line breaks within a PEM certificate will not be parsed.

An example of this can be seen below. The following screenshots demonstrates how one would define a PEM encoded certificate as a global parameter:

Screenshot 2024-07-26 at 3 56 37 PM

When applying the global parameter to a lightweight monitor, the line breaks are removed resulting in an invalid configuration that is applied. Below is an output from the computed config captured from the resulting agent diagnostic: 

ssl.certificate_authorities: |
  -----BEGIN CERTIFICATE----- MIIDeTCCAmGgAwIBAgIJANuSS2L+9oTlMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV ...+MUNf7ty3zcVF0Yt2vqHzp4y8m+mE5nSqRarAGvDNJv+I6e4Edw19u1j ddjiqyutdMsJkgvfNvSLQA8u7SAVjnhnoC6n2jm2wdFbrB+9rnrGje+Q8r1ERFyj SG26SdQCiaG5QBCuDhrtLSR1N90URYCY0H6Z57sWcTKEusb95Pz6cBTLGuiNDKJq juBzebaanR+LTh++Bleb9I0HxFFCTwlQhxo/bfY= -----END CERTIFICATE-----

Expected behavior:

When applying a global parameter, line breaks should not be removed. As a workaround, one can instead define a certificate manually within the lightweight monitor's yaml file in order to insure line breaks are included within the defined certificate within a certificate authority: 

heartbeat.monitors:
- type: http
..
  ssl:
    certificate_authorities: |
      -----BEGIN CERTIFICATE-----
      ....
      -----END CERTIFICATE-----

Screenshots (if relevant):

Errors in browser console (if relevant):

The following error will be displayed within the browser when attempting to pull a certificate authority from a global parameter:

Screenshot 2024-07-29 at 10 45 16 AM

Provide logs and/or server output (if relevant):

{"log.level":"error","@timestamp":"2024-07-29T17:40:49.033Z","message":"Failed to add CA to the cert pool, CA is not a valid PEM document","component":{"binary":"heartbeat","dataset":"elastic_agent.heartbeat","id":"synthetics/http-default","type":"synthetics/http"},"log":{"source":"synthetics/http-default"},"log.origin":{"file.line":230,"file.name":"tlscommon/tls.go","function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.LoadCertificateAuthorities"},"service.name":"heartbeat","ecs.version":"1.6.0","log.logger":"tls","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-07-29T17:40:49.033Z","message":"job could not be initialized: file is not a certificate adding inline to the list of known CAs accessing 'streams.0'","component":{"binary":"heartbeat","dataset":"elastic_agent.heartbeat","id":"synthetics/http-default","type":"synthetics/http"},"log":{"source":"synthetics/http-default"},"ecs.version":"1.6.0","log.origin":{"file.line":176,"file.name":"monitors/monitor.go","function":"github.com/elastic/beats/v7/heartbeat/monitors.newMonitorUnsafe"},"service.name":"heartbeat","ecs.version":"1.6.0"}

Any additional context:

elasticmachine commented 1 month ago

Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)

elasticmachine commented 1 month ago

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)