Proxy support for plugin installer

[timroes]

This pull request supersedes #10946. It adds basic proxy support via the (kind of but not really standard) env variables http_proxy and basic support for exclusion of hosts via no_proxy (though no ports or wildcards are supported.

Release Note: Kibana now respects the http_proxy, https_proxy and no_proxy environment variables to download plugins via a proxy.

[kimjoar]

Some nitpicks, otherwise it would be great with updated docs + tests that cover getProxyAgent

[kimjoar]

Use -> Using?

[kimjoar]

Maybe change to early return instead?

if (!httpProxy) {
  return undefined;
}

[timroes]

Do we have some styleguide about early return? I am personally not a fan of early return, if it's not the very first statement and just checks function parameters.

[kimjoar]

https://github.com/elastic/kibana/blob/master/style_guides/js_style_guide.md#returnthrow-early-from-functions

[kimjoar]

excludedHosts.includes(hostname)?

[kimjoar]

Also: might need to handle whitespace in excludedHosts:

'foo, bar'.split(',')
> ["foo", " bar"]

[timroes]

Done the first. For the second: no_proxy can have a rather complex syntax and lots of tools don't support it all. @tylersmalley and me discussed if we should make an easy implementation at the beginning or try to support it as good as possible and decided to just check for plain hostnames now. We don't support ports at the moment (e.g. no_proxy="artifcacts.elastic.co:443" wouldn't neither match. I would also count this trimming of spaces as "advanced" handling at the moment, since we need to process the all entries again. So we should discuss whether or not we would also enhance the no_proxy support in general then? Discuss plz :)

[kimjoar]

Works for me, just make it super-clear in the docs :)

[kimjoar]

Btw, saw https://github.com/Rob--W/proxy-from-env. If it makes our lives easier we could just fork it and bring it into the codebase and make the necessary changes. It also has a good test suite we can use as a starting point: https://github.com/Rob--W/proxy-from-env/blob/master/test.js

[kimjoar]

nitpick: Maybe extract a getEnv:

const getEnv = env => process.env[env.toLowerCase()] || process.env[env.toUpperCase()]

[kimjoar]

nitpick, maybe:

const { hostname } = URL.parse(sourceUrl);

[kimjoar]

Pulling this out from the comment, as it was "hidden" because of another fix:

Btw, saw https://github.com/Rob--W/proxy-from-env. If it makes our lives easier we could just fork it and bring it into the codebase and make the necessary changes. It also has a good test suite we can use as a starting point: https://github.com/Rob--W/proxy-from-env/blob/master/test.js

[timroes]

@kjbekkelund we have now again two options. We could either use - as discussed with @tylersmalley - the very limited implementation of no_proxy now, so we could still merge this before the feature freeze and open a new ticket, to provide a better no_proxy support. Or we implement the proper no_proxy support directly in this PR, but therefore it won't make it till feature freeze anymore, since I am today all day in x-school.

[kimjoar]

Unless it's very important for 6.0 I prefer doing it properly. 6.1 isn't that long after 6.0. If it's an important feature to get in, though, I'm open to getting it in before ff.

[timroes]

I would also like to have tests and docs for the limited implementation, so I would say, postpone it till 6.1, unless someone vetoes against it :-)

[epixa]

++ Focus on doing this right and it'll get released when it gets released

[timroes]

@kjbekkelund Why do you think we should fork it? I looked through the sources and it seems to do exactly what we need. Could we just pull it from npm? In that case we also wouldn't "need" to write test cases for that part, since the library is covered pretty well with tests.

[kimjoar]

@timroes Yeah, we don't need to fork if it does exactly what we want it to do. However, of it's not a perfect fit we can use it as a starting point instead.

[epixa]

We do want tests on the behaviors we're exposing though, even if they happen to be tested in the upstream project, otherwise a gap in coverage or a breaking change in the dependency means a regression in Kibana

[kimjoar]

++ every time we directly expose a third-party dep we need to cover our use of that dep with tests.

[timroes]

@kjbekkelund changed to use the library now. Would be glad about another review :-)

[timroes]

Jenkins, please test this

[kimjoar]

Maybe add a test that has http_proxy specified, but does an https request, and the other way around. Those would both be expectNoProxyHit, right?

[timroes]

@kjbekkelund Good catch. will do so!

[jbudz]

Do you know how standardized these environment variables are? My only thought with this is someone using these for some other application and not being able to shut it off without unsetting.

I haven't done any research yet but my gut would be to prefix all environment variable usage with kibana. Anyone have thoughts on this? /cc @elastic/kibana-operations, @elastic/kibana-platform

[timroes]

From my experience they are pretty common (even though not standardized). Applications using them are e.g. curl (and everything using curl as a library), wget, most package managers, like pacman or yum.

So using Linux since quite some time (and already managing some servers) I was always frustrated when an application doesn't use this env vars - which are mainly Java and node. So if I manage a server where I have set http_proxy and https_proxy I don't see a reason why I would be confused/frustrated/angry if a program uses this, only the other way around, since I used them with the purpose to configure a proxy. If I tried to configure it only for a specific application I would have wrapped the setting of these vars directly in a startup script for a forked shell (and not set them globally). But maybe people with more server managing experience than me could tell about their experiences here :)

Update: If you look at the famous ArchLinux Wiki these environment variables make the first chapter of "Proxy Settings".

[salimhb]

I second @timroes's statement.

I'm setting up an ELK stack using deviantony/docker-elk and landed on this PR when I looked for kibana plugin install proxy support. I eventually found a workaround to install it offline, but it would have been much less work if kibana's plugin installer supported these "standard" http_proxy/https_proxy environment variables.

In comparison with another Elastic product, this would be way better than what elasticsearch-plugin install requires.

[tylersmalley]

http {
  access_log  /dev/stdout;
  error_log /dev/stdout debug;

  server {
    listen 8200;

    location /downloads/kibana-plugins/x-pack/x-pack-6.0.0-beta1.zip {
      alias /Users/tyler/Downloads/x-pack-6.0.0-beta1-SNAPSHOT.zip;
    }
  }
}

> env HTTPS_PROXY=http://localhost:8200 bin/kibana-plugin install x-pack
Found previous install attempt. Deleting...
Attempting to transfer from x-pack
Attempting to transfer from https://artifacts.elastic.co/downloads/kibana-plugins/x-pack/x-pack-6.0.0-beta1.zip
Picked up proxy http://localhost:8200 from environment variable.
Transferring 118711203 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
...

[tylersmalley]

LGTM

[jbudz]

Works for me. LGTM