[alerting] add preconfigured actions to cloud allowlist

[pmuellr]

We currently do not allowlist the Kibana config that provides preconfigured actions in the cloud. Seems like we should.

A couple of things about it:

• we recommend, correctly, to use the keystore to store secrets like passwords, and this works in tandem with the preconfigured action config, so that at runtime, the system will see all the data combined. We need to make sure this works in the cloud as it does when running on prem.

• we've been looking into making an email action available on cloud that is auto-populated from a customer's registered email, so they don't have to do any configuration, and get a free email action. We should make sure exposing preconfigured actions on the cloud doesn't cause any issues with eventually getting there - and maybe it helps!

[mikecote]

we've been looking into making an email action available on cloud that is auto-populated from a customer's registered email, so they don't have to do any configuration, and get a free email action. We should make sure exposing preconfigured actions on the cloud doesn't cause any issues with eventually getting there - and maybe it helps!

I wanted to iterate a few things based on this but they're all assumptions (hopefully @peterschretlen can keep me honest or correct me from the original proposal). The preconfigured actions was designed specifically for the cloud team to inject connectors to every customer deployments. The customer doesn't have access to any of the configuration (or secrets) set for these connectors. On-prem is getting this feature as a bonus but it wasn't designed for this use case. Allow-listing this on cloud, I'm guessing, would expose the internal configurations that the cloud team set as I don't believe these get merged?

In my opinion, I feel like allow-listing this on cloud would create two ways for customers to create connectors. I feel a request for this should be redirected to using our management UIs and to set proper RBAC for who can edit these connectors. Though, I may be wrong.

[pmuellr]

Allow-listing this on cloud, I'm guessing, would expose the internal configurations that the cloud team set as I don't believe these get merged?

Ya, if we want these for the cloud and for them to be hidden, AND for cloud users to add them, then someone would have to "merge" two different sets of config.

I've found these pre-configured actions to be soooo useful, since:

• they're in every space
• I can put the keys in a keystore, and some magic merges them into the resulting config
• they're available immediately after I start a new deployment

We'll probably get to a place where a lot of this is moot, long-term.

And I don't think we've had significant pickup on these either - I've not heard a customer ask about using these in the cloud, nor on-prem.

Had to try though! I'm fine not including it.

We might as well close the issue at this point, we could always re-open if we get some interest.

[mikecote]

I've found these pre-configured actions to be soooo useful

Ah, I didn't think about those use cases, thanks!

We might as well close the issue at this point, we could always re-open if we get some interest.

I think we should gather some thoughts from more people before closing it. I wouldn't want just my opinion to drive a decision on the issue.

[ymao1]

Closing in favor of #98900