Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Alerts] whitelist configuration settings for cloud #51205

Closed
peterschretlen opened this issue Nov 20, 2019 · 5 comments
Closed

[Alerts] whitelist configuration settings for cloud #51205

peterschretlen opened this issue Nov 20, 2019 · 5 comments
Assignees
Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.6.0

Comments

@peterschretlen
Copy link
Contributor

peterschretlen commented Nov 20, 2019

We have a few configuration settings for actions

  • xpack.actions.enabled
  • xpack.actions.whitelistedHosts

and alerts has

  • xpack.alerting.enabled

These will need to be whitelisted in order to be configurable in products like Elasticsearch Service. #50209 will enable the plugins by default so I don't think we need to expose those settings, but xpack.actions.WhitelistedHosts seems like it should be whitelisted and tested in ESS.

@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-stack-services (Team:Stack Services)

@pmuellr
Copy link
Member

pmuellr commented Dec 5, 2019

xpack.actions.enabled and xpack.alerting.enabled are now enabled by default via PR #51254, so we don't need them whitelisted unless we want users to disable them.

@pmuellr
Copy link
Member

pmuellr commented Dec 5, 2019

Now that email does whitelisting via PR #52221, we'll need to get xpack.actions.whitelistedHosts whitelisted for cloud use, in order to test using the email action with the cloud-supplied email relay.

@pmuellr pmuellr self-assigned this Dec 5, 2019
@peterschretlen
Copy link
Contributor Author

peterschretlen commented Dec 5, 2019

I'm wondering if we should also expose and whitelist flags for each of the built in action types, like was discussed in #51784

xpack.actions.webhook.enabled
xpack.actions.email.enabled
xpack.actions.slack.enabled
xpack.actions.pagerduty.enabled
xpack.actions.index.enabled
xpack.actions.serverlog.enabled

Specifically I think webhook is something we may want to disable on cloud and not whitelist (at least for now) because of SSRF concerns. I'll open that as a separate issue, but wanted to mention it here as it would affect the list of configs to whitelist.

@bmcconaghy bmcconaghy added Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) and removed Team:Stack Services labels Dec 12, 2019
@pmuellr
Copy link
Member

pmuellr commented Jan 2, 2020

The way the function was eventually implemented was with a single, new config value, xpack.actions.enabledActionTypes, which is an array of strings, which are the enabled action types, where an entry of '*' indicates all actions should be enabled. The default value of the config is ["*"].

Cloud whitelisting of this property was done in PR https://github.com/elastic/cloud/pull/46815

@pmuellr pmuellr closed this as completed Jan 2, 2020
@mikecote mikecote added the v7.6.0 label Jan 2, 2020
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.6.0
Projects
None yet
Development

No branches or pull requests

6 participants