[actions] adds proxyBypassHosts and proxyOnlyHosts Kibana config keys #95365
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pmuellr
added
Feature:Actions
Team:ResponseOps
pmuellr
force-pushed
the
actions/proxy-bypass
branch
4 times, most recently
from
1fc503f to
c932f56
Compare
resolves elastic#92949 This PR adds two new Kibana config keys to further customize when the proxy is used when making HTTP requests. Prior to this PR, if a proxy was set via the `xpack.actions.proxyUrl` config key, all requests would be proxied. Now, there's a further refinement in that hostnames can be added to the `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` config keys. Only one of these config keys can be used at a time. If the target URL hostname of the HTTP request is listed in the `proxyBypassHosts` list, the proxy won't be used. If the target URL hostname of the HTTP request is **NOT** listed in the `proxyOnlyHosts` list, the proxy won't be used. Depending on the customer's environment, it may be easier to list the hosts to bypass, or easier to list the hosts that should only be proxied, so they can choose either method.
pmuellr
force-pushed
the
actions/proxy-bypass
branch
from
a2763b2 to
12d6cbf
Compare
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
tylersmalley
approved these changes
Mar 31, 2021
ymao1
approved these changes
Apr 1, 2021
| const { httpAgent, httpsAgent } = getCustomAgents(configurationUtilities, logger, targetUrl); | ||
| expect(httpAgent instanceof HttpProxyAgent).toBeFalsy(); | ||
| expect(httpsAgent instanceof HttpsProxyAgent).toBeFalsy(); | ||
| }); |
There was a problem hiding this comment.
Should we add tests for the reverse? When hostname is not in proxyBypassHosts and when hostname is not in proxyOnlyHosts?
There was a problem hiding this comment.
I've added tests for these cases in commit 7626ece
| | Specifies hostnames which should not use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, all hosts will use the proxy. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. | ||
|
|
||
| | `xpack.actions.proxyOnlyHosts` {ess-icon} | ||
| | Specifies hostnames which should only use the proxy, if using a proxy for actions. The value is an array of hostnames as strings. By default, all hosts will use the proxy. The settings `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` cannot be used at the same time. |
There was a problem hiding this comment.
Is there a way to make clear that hostnames not included in this configuration will not use the proxy? I did not get that from first reading this.
There was a problem hiding this comment.
Good call - I've updated the text for both of these to try to make it clearer 7626ece
|
@elasticmachine merge upstream |
jbudz
reviewed
Apr 5, 2021
x-pack/plugins/actions/server/builtin_action_types/lib/get_custom_agents.ts
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
pmuellr
added a commit
to pmuellr/kibana
that referenced
this pull request
Apr 7, 2021
…elastic#95365) resolves elastic#92949 This PR adds two new Kibana config keys to further customize when the proxy is used when making HTTP requests. Prior to this PR, if a proxy was set via the `xpack.actions.proxyUrl` config key, all requests would be proxied. Now, there's a further refinement in that hostnames can be added to the `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` config keys. Only one of these config keys can be used at a time. If the target URL hostname of the HTTP request is listed in the `proxyBypassHosts` list, the proxy won't be used. If the target URL hostname of the HTTP request is **NOT** listed in the `proxyOnlyHosts` list, the proxy won't be used. Depending on the customer's environment, it may be easier to list the hosts to bypass, or easier to list the hosts that should only be proxied, so they can choose either method.
pmuellr
added a commit
that referenced
this pull request
Apr 7, 2021
…#95365) (#96491) resolves #92949 This PR adds two new Kibana config keys to further customize when the proxy is used when making HTTP requests. Prior to this PR, if a proxy was set via the `xpack.actions.proxyUrl` config key, all requests would be proxied. Now, there's a further refinement in that hostnames can be added to the `xpack.actions.proxyBypassHosts` and `xpack.actions.proxyOnlyHosts` config keys. Only one of these config keys can be used at a time. If the target URL hostname of the HTTP request is listed in the `proxyBypassHosts` list, the proxy won't be used. If the target URL hostname of the HTTP request is **NOT** listed in the `proxyOnlyHosts` list, the proxy won't be used. Depending on the customer's environment, it may be easier to list the hosts to bypass, or easier to list the hosts that should only be proxied, so they can choose either method.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
resolves #92949
Summary
This PR adds two new Kibana config keys to further customize when the proxy is used when making HTTP requests. Prior to this PR, if a proxy was set via the
xpack.actions.proxyUrlconfig key, all requests would be proxied.Now, there's a further refinement in that hostnames can be added to the
xpack.actions.proxyBypassHostsandxpack.actions.proxyOnlyHostsconfig keys. Only one of these config keys can be used at a time.If
proxyBypassHostsis set and the target URL hostname of the HTTP request is listed in theproxyBypassHostslist, the proxy won't be used.If
proxyOnlyHostsis set and the target URL hostname of the HTTP request is NOT listed in theproxyOnlyHostslist, the proxy won't be used.Depending on the customer's environment, it may be easier to list the hosts to bypass, or easier to list the hosts that should only be proxied, so they can choose either method.
docs preview
Checklist
Delete any items that are not applicable to this PR.
Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)This was checked for cross-browser compatibilityFor maintainers
This was checked for breaking API changes and was labeled appropriatelyRelease note
Adds configuration keys
xpack.actions.proxyBypassHostsandxpack.actions.proxyOnlyHoststo customize the use of the proxy configured with the key
xpack.actions.proxyUrl. Hostnamescan be added to the these keys to avoid using the proxy for some hostnames.