Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Elastic Agent] Add validation to ensure certificate paths are absolute. #27779

Merged
merged 2 commits into from
Sep 7, 2021
Merged

[Elastic Agent] Add validation to ensure certificate paths are absolute. #27779

merged 2 commits into from
Sep 7, 2021

Conversation

blakerouse
Copy link
Contributor

@blakerouse blakerouse commented Sep 7, 2021
edited
Loading

What does this PR do?

Adds validation to the install and enroll command to ensure that certificate paths are absolute paths.

Why is it important?

If absolute paths are not used then that can affect the ability for the Elastic Agent to pass paths to Fleet Server.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@blakerouse blakerouse added Team:Elastic-Agent Label for the Agent team backport-v7.15.0 Automated backport with mergify backport-v7.16.0 Automated backport with mergify labels Sep 7, 2021
@blakerouse blakerouse self-assigned this Sep 7, 2021
@blakerouse blakerouse marked this pull request as ready for review September 7, 2021 15:47
@elasticmachine
Copy link
Collaborator

Pinging @elastic/agent (Team:Agent)

@blakerouse
Copy link
Contributor Author

Seems Windows 7 runner hit a random failure with the runner itself. Going to merge, as all other tests passed.

@blakerouse blakerouse merged commit 5113d4d into elastic:master Sep 7, 2021
@blakerouse blakerouse deleted the agent-relative-certs branch September 7, 2021 18:49
mergify bot pushed a commit that referenced this pull request Sep 7, 2021
@blakerouse
[Elastic Agent] Add validation to ensure certificate paths are absolu…
2299a9b 
…te. (#27779)

* Add validation to ensure certificate paths are absolute.

* Add changelog entry.

(cherry picked from commit 5113d4d)
@mergify mergify bot mentioned this pull request Sep 7, 2021
Merged
mergify bot pushed a commit that referenced this pull request Sep 7, 2021
@blakerouse
[Elastic Agent] Add validation to ensure certificate paths are absolu…
814b82a 
…te. (#27779)

* Add validation to ensure certificate paths are absolute.

* Add changelog entry.

(cherry picked from commit 5113d4d)
@mergify mergify bot mentioned this pull request Sep 7, 2021
Merged
@elasticmachine
Copy link
Collaborator

💔 Build Failed

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-09-07T15:47:10.409+0000

  • Duration: 242 min 20 sec

  • Commit: 2bb50b8

Test stats 🧪

Test Results
Failed 0
Passed 6156
Skipped 14
Total 6170

Trends 🧪

Image of Build Times

Image of Tests

Steps errors 1

Expand to view the steps failures

Checks if running on a Unix-like node
  • Took 0 min 0 sec . View more details on here

Log output

Expand to view the last 100 lines of log output 

[2021-09-07T16:25:58.560Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config	0.297s	coverage: 69.5% of statements
[2021-09-07T16:25:58.835Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger	0.223s	coverage: 0.0% of statements
[2021-09-07T16:26:00.229Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets	0.479s	coverage: 70.3% of statements
[2021-09-07T16:26:00.816Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/beats	0.791s	coverage: 17.1% of statements
[2021-09-07T16:26:00.816Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/plugin	0.808s	coverage: 69.0% of statements
[2021-09-07T16:26:01.770Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/server	0.485s	coverage: 42.5% of statements
[2021-09-07T16:26:02.723Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/crypto	0.320s	coverage: 73.7% of statements
[2021-09-07T16:26:02.997Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status	0.622s	coverage: 69.8% of statements
[2021-09-07T16:26:02.997Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/dir	0.676s	coverage: 87.5% of statements
[2021-09-07T16:26:04.394Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/eql	0.292s	coverage: 80.6% of statements
[2021-09-07T16:26:05.347Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/fleet	0.383s	coverage: 78.8% of statements
[2021-09-07T16:26:05.618Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/filewatcher	1.285s	coverage: 90.1% of statements
[2021-09-07T16:26:05.618Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi	0.498s	coverage: 48.5% of statements
[2021-09-07T16:26:05.906Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/lazy	0.363s	coverage: 90.9% of statements
[2021-09-07T16:26:06.861Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/id	0.313s	coverage: 100.0% of statements
[2021-09-07T16:26:07.444Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/retry	7.475s	coverage: 80.4% of statements
[2021-09-07T16:26:07.444Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/packer	0.703s	coverage: 66.7% of statements
[2021-09-07T16:26:08.838Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/remote	0.451s	coverage: 82.4% of statements
[2021-09-07T16:26:09.112Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter	0.521s	coverage: 80.9% of statements
[2021-09-07T16:26:09.385Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/log	0.329s	coverage: 41.2% of statements
[2021-09-07T16:26:09.658Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/fleet	0.599s	coverage: 75.0% of statements
[2021-09-07T16:26:09.933Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client	3.378s	coverage: 52.1% of statements
[2021-09-07T16:26:10.517Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/sorted	0.148s	coverage: 100.0% of statements
[2021-09-07T16:26:11.096Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation	31.622s	coverage: 51.4% of statements
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation/tests/scripts/configurable-1.0-darwin-x86_64	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation/tests/scripts/serviceable-1.0-darwin-x86_64	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler/tests/exec-1.0-darwin-x86_64	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/download	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/download/localremote	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/download/snapshot	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/install	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/install/awaitable	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/install/dir	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/install/hooks	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/install/tar	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/install/zip	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/uninstall	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/uninstall/hooks	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/basecmd/restart	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/kubernetesleaderelection	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/testing	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config/operations	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/app	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/authority	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/config	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/noop	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/plugin/process	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/plugin/service	[no test files]
[2021-09-07T16:26:11.096Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/process	[no test files]
[2021-09-07T16:26:12.490Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/tokenbucket	2.208s	coverage: 64.7% of statements
[2021-09-07T16:26:20.630Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/scheduler	11.104s	coverage: 100.0% of statements
[2021-09-07T16:26:27.222Z] ok  	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server	24.060s	coverage: 79.8% of statements
[2021-09-07T16:26:27.223Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state	[no test files]
[2021-09-07T16:26:27.223Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/eql/parser	[no test files]
[2021-09-07T16:26:27.223Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker	[no test files]
[2021-09-07T16:26:27.223Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/noop	[no test files]
[2021-09-07T16:26:27.223Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release	[no test files]
[2021-09-07T16:26:27.223Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/fleet/config	[no test files]
[2021-09-07T16:26:27.223Z] ?   	github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/noop	[no test files]
[2021-09-07T16:26:27.223Z] 
[2021-09-07T16:26:27.223Z] === Skipped
[2021-09-07T16:26:27.223Z] === SKIP: x-pack/elastic-agent/pkg/agent/operation TestConfigurableService (0.00s)
[2021-09-07T16:26:27.223Z]     operator_test.go:392: Flaky test: https://github.com/elastic/beats/issues/23607
[2021-09-07T16:26:27.223Z] 
[2021-09-07T16:26:27.223Z] === SKIP: x-pack/elastic-agent/pkg/core/logger TestLogger (0.00s)
[2021-09-07T16:26:27.223Z]     logger_test.go:10: only checking if test works
[2021-09-07T16:26:27.223Z] 
[2021-09-07T16:26:27.223Z] DONE 882 tests, 2 skipped in 84.997s
[2021-09-07T16:26:29.764Z] >> go test: Unit Test Passed
[2021-09-07T16:26:30.134Z] 
[2021-09-07T16:26:30.134Z] C:\Users\jenkins\workspace\PR-27779-2-77aa4a2c-2ed8-4d75-af78-ee80e322048e\src\github.com\elastic\beats>FOR / %d IN ("ve") DO @IF EXIST "%d" rmdir /s /q "%d" 
[2021-09-07T16:26:30.724Z] 
[2021-09-07T16:26:30.724Z] C:\Users\jenkins\workspace\PR-27779-2-77aa4a2c-2ed8-4d75-af78-ee80e322048e\src\github.com\elastic\beats>python .ci/scripts/pre_archive_test.py 
[2021-09-07T16:26:31.294Z] Copy .\x-pack\elastic-agent\build into build\x-pack\elastic-agent\build
[2021-09-07T16:26:31.307Z] Running in C:\Users\jenkins\workspace\PR-27779-2-77aa4a2c-2ed8-4d75-af78-ee80e322048e\src\github.com\elastic\beats\build
[2021-09-07T16:26:31.323Z] Recording test results
[2021-09-07T16:26:32.868Z] [Checks API] No suitable checks publisher found.
[2021-09-07T16:26:33.229Z] 
[2021-09-07T16:26:33.229Z] C:\Users\jenkins\workspace\PR-27779-2-77aa4a2c-2ed8-4d75-af78-ee80e322048e\src\github.com\elastic\beats>go clean -modcache 
[2021-09-07T16:27:56.225Z] + gsutil --version
[2021-09-07T16:27:57.649Z] Masking supported pattern matches of $FILE_CREDENTIAL
[2021-09-07T16:27:57.972Z] + gcloud auth activate-service-account --key-file ****
[2021-09-07T16:27:58.544Z] Activated service account credentials for: [beats-ci-gcs-plugin@elastic-ci-prod.iam.gserviceaccount.com]
[2021-09-07T16:27:59.121Z] + gsutil -m -q cp eC1wYWNrL2VsYXN0aWMtYWdlbnQtd2luZG93cy0xMC13aW5kb3dzLTEwMmJiNTBiOGViZmY2Yzg2NzVlNDNiOWI1ZTliNTBlZjk2NTcxMGIxYw gs://beats-ci-temp/ci/cache/
[2021-09-07T19:49:23.009Z] Cancelling nested steps due to timeout
[2021-09-07T19:49:23.011Z] Could not connect to beats-ci-immutable-windows-7-1631030577252826819 to send interrupt signal to process
[2021-09-07T19:49:23.023Z] Sleeping for 5 sec
[2021-09-07T19:49:29.085Z] Failed in branch x-pack/elastic-agent-windows-7-windows-7
[2021-09-07T19:49:29.165Z] Stage "Packaging" skipped due to earlier failure(s)
[2021-09-07T19:49:29.204Z] Stage "Packaging-Pipeline" skipped due to earlier failure(s)
[2021-09-07T19:49:29.269Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-27779/src/github.com/elastic/beats
[2021-09-07T19:49:29.609Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-27779
[2021-09-07T19:49:29.658Z] [INFO] getVaultSecret: Getting secrets
[2021-09-07T19:49:29.697Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2021-09-07T19:49:30.407Z] + chmod 755 generate-build-data.sh
[2021-09-07T19:49:30.407Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-27779/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-27779/runs/2 FAILURE 14539734
[2021-09-07T19:49:30.407Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-27779/runs/2/steps/?limit=10000 -o steps-info.json

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 6156
Skipped 14
Total 6170

blakerouse added a commit that referenced this pull request Sep 8, 2021
@mergify @blakerouse
[Elastic Agent] Add validation to ensure certificate paths are absolu…
e391d91 
…te. (#27779) (#27786)

* Add validation to ensure certificate paths are absolute.

* Add changelog entry.

(cherry picked from commit 5113d4d)

Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
blakerouse added a commit that referenced this pull request Sep 8, 2021
@mergify @blakerouse
[Elastic Agent] Add validation to ensure certificate paths are absolu…
2200e2f 
…te. (#27779) (#27787)

* Add validation to ensure certificate paths are absolute.

* Add changelog entry.

(cherry picked from commit 5113d4d)

Co-authored-by: Blake Rouse <blake.rouse@elastic.co>
mdelapenya added a commit to mdelapenya/beats that referenced this pull request Sep 9, 2021
@mdelapenya
Merge branch 'master' into 27608-fix-elastic-agent-build
16ae989 
* master: (39 commits)
  [Heartbeat] Move JSON tests from python->go (elastic#27816)
  docs: simplify permissions for Dockerfile COPY (elastic#27754)
  Osquerybeat: Fix osquery logger plugin severy levels mapping (elastic#27789)
  [Filebeat] Update compatibility function to remove processor description on ES < 7.9.0 (elastic#27774)
  warn log entry and no validation failure when both queue_url and buck… (elastic#27612)
  libbeat/cmd/instance: ensure test config file has appropriate permissions (elastic#27178)
  [Heartbeat] Add httpcommon options to ZipURL (elastic#27699)
  Add a header round tripper option to httpcommon (elastic#27509)
  [Elastic Agent] Add validation to ensure certificate paths are absolute. (elastic#27779)
  Rename dashboards according to module.yml files for master (elastic#27749)
  Refactor vagrantfile, add scripts for provisioning with docker/kind (elastic#27726)
  Accept syslog dates with leading 0 (elastic#27775)
  [Filebeat] Add timezone config option to decode_cef and syslog input (elastic#27727)
  [Filebeat] Threatintel compatibility updates (elastic#27323)
  Add support for ephemeral containers in elastic agent dynamic provider (elastic#27707)
  [Filebeat] Integration tests in CI for AWS-S3 input (elastic#27491)
  Fix flakyness of TestFilestreamEmptyLine (elastic#27705)
  [Filebeat] kafka v2 using parsers (elastic#27335)
  Update Kafka version parsing / supported range (elastic#27720)
  Update Sarama to 1.29.1 (elastic#27717)
  ...
Icedroid pushed a commit to Icedroid/beats that referenced this pull request Nov 1, 2021
@blakerouse
[Elastic Agent] Add validation to ensure certificate paths are absolu…
d73407f 
…te. (elastic#27779)

* Add validation to ensure certificate paths are absolute.

* Add changelog entry.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kvch kvch kvch approved these changes

Assignees

@blakerouse blakerouse

Labels
backport-v7.15.0 Automated backport with mergify backport-v7.16.0 Automated backport with mergify Team:Elastic-Agent Label for the Agent team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fleet Server install can fail when using relative paths for certificates
3 participants
@blakerouse @elasticmachine @kvch