Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Support option ssl.certificate_authorities for elasticstack_kibana_synthetics_monitor #916

Open
mag-mkorn opened this issue Nov 12, 2024 · 4 comments
Open

[Feature] Support option ssl.certificate_authorities for elasticstack_kibana_synthetics_monitor #916

mag-mkorn opened this issue Nov 12, 2024 · 4 comments
Assignees
@biscout42
Labels
enhancement New feature or request

Comments

@mag-mkorn
Copy link

Is your feature request related to a problem? Please describe.
I can not create http monitors using the elasticstack_kibana_synthetics_monitor resource with custom certificates.

Describe the resource you would like to have implemented.
The resource already targets the right API: https://www.elastic.co/guide/en/kibana/current/add-monitor-api.html

Describe the solution you'd like
The resource needs to implement an option for setting ssl.certificate_authorities, for example as ssl_certificate_authorities.

Describe alternatives you've considered
As of now, ssl_verification_mode must be set to none to check endpoints with custom certificates.
@mag-mkorn mag-mkorn added the enhancement New feature or request label Nov 12, 2024
@biscout42
Copy link
Contributor

Quick update here. Due-to elastic/kibana#187952 ssl.certificate_authorities is not supported in the provider yet (as many other ssl options).

We would need to plan the provider upgrade to 8.16 and synthetics fix to make it work.

@mag-mkorn , which kibana / ES stack version do you use?

@mag-mkorn
Copy link
Author

We're currently still running 8.15.3. But upgrading to newer versions is no issue.

@biscout42
Copy link
Contributor

I did prepare a change to support 8.16 in the provider #964 .

That will help to include certificate_authorities support.

While testing new kibana API version I faced the following (same described in the docs). API accepts ssl config option as documented in ssl support, but returns it key by key (not as a json object) in the response, here is an example:

   "ssl.certificate_authorities": [
      "ca1",
      "ca2"
   ],
   "ssl.certificate": "cert",
   "ssl.key": "key",
   "ssl.verification_mode": "full",
   "ssl.supported_protocols": [
      "TLSv1.0",
      "TLSv1.1",
      "TLSv1.2"
   ],

That forces me to support it in terraform provider key by key. I'm about to add support for following keys:

  • certificate_authorities
  • key
  • certificate
  • key_passphrase

Some fields are not supported by 8.16 synthetics yet, e.g.

Invalid monitor key(s) for http type: ssl.ca_sha256 | ssl.ca_trusted_fingerprint | ssl.cipher_suites | ssl.curve_types

@mag-mkorn , would that be enough for you to move forward?

@biscout42 biscout42 self-assigned this Dec 19, 2024
@biscout42 biscout42 mentioned this issue Dec 20, 2024
Open
4 tasks
@biscout42
Copy link
Contributor

@mag-mkorn , after we release this one #967 certificate_authorities should work. Please, note, it requires stack version 8.16 and above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@biscout42 biscout42

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@biscout42 @mag-mkorn