[actions] support list of url or host "patterns" to bypass when a proxy is in use

[pmuellr]

A common feature supported for apps that support using network proxies, is to configure an "bypass" list of url patterns that should NOT go through the proxy. This is typically used in cases where some services in use are 3rd party services, which need to go through the proxy, and locally implemented services, which do not need - and perhaps cannot - go through the proxy.

This should be a peer of the xpack.actions.proxyUrl config, perhaps named xpack.actions.proxyBypassUrls, which should be a list of ... patterns.

What should those patterns be? They will probably need to have some kind of "wildcard" processing, but we should look around at what other products support.

The proxy processing would then take these into account, and if it finds a match for the target url in the list of bypass urls, NOT go through the existing proxy processing. Thinking simple '*' and '?' sort of processing would be simple and useful enough, but we'll need to make sure customers can't accidently make these patterns "wider" than they expected - something like http://internal-* is likely not safe, as it would bypass the proxy for urls that should go through the proxy ...

Or maybe that's over-thinking it - is it just a list of hostnames? Would be "safer" I think if we could contrain it down to that. So maybe it would be xpack.actions.proxyBypassHostnames ...

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[pmuellr]

Just had an internal request to be able to specify the proxy should ONLY be used for certain hosts / urls. Seems reasonable. I think that would be a separate config, and both the "bypass" and "only" style versions of the config could not be used together. Name something like xpack.actions.proxyOnlyHostnames.

[pmuellr]

I'm not sure we'll ever get to a point where we would need even more precision - associate an arbitrary proxy with a specific connector, or specific hostname/url - which would allow different proxies to be used by different connectors. Seems like a stretch, not sure any typical proxy usage supports that kinda thing.

But if we did need it, presumably it could be solved the same way we're handling per-server TLS options - see issue #80120

[pmuellr]

I must have forgotten about issue #92949 when I created this, it's basically a DUP.

So, closing in favor of issue #92949