diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils.test.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils.test.ts index 844aa6d2de7ed..7e938e766657c 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils.test.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/lib/axios_utils.test.ts @@ -65,7 +65,7 @@ describe('request', () => { logger, proxySettings: { proxyUrl: 'http://localhost:1212', - rejectUnauthorizedCertificates: false, + proxyRejectUnauthorizedCertificates: false, }, }); diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.test.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.test.ts index 2468fab8c6ac5..8623a67e8a68e 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.test.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.test.ts @@ -14,7 +14,7 @@ const logger = loggingSystemMock.create().get() as jest.Mocked; describe('getProxyAgent', () => { test('return HttpsProxyAgent for https proxy url', () => { const agent = getProxyAgent( - { proxyUrl: 'https://someproxyhost', rejectUnauthorizedCertificates: false }, + { proxyUrl: 'https://someproxyhost', proxyRejectUnauthorizedCertificates: false }, logger ); expect(agent instanceof HttpsProxyAgent).toBeTruthy(); @@ -22,7 +22,7 @@ describe('getProxyAgent', () => { test('return HttpProxyAgent for http proxy url', () => { const agent = getProxyAgent( - { proxyUrl: 'http://someproxyhost', rejectUnauthorizedCertificates: false }, + { proxyUrl: 'http://someproxyhost', proxyRejectUnauthorizedCertificates: false }, logger ); expect(agent instanceof HttpProxyAgent).toBeTruthy(); diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.ts index bb4dadd3a4698..957d31546b019 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/lib/get_proxy_agent.ts @@ -23,7 +23,7 @@ export function getProxyAgent( protocol: proxyUrl.protocol, headers: proxySettings.proxyHeaders, // do not fail on invalid certs if value is false - rejectUnauthorized: proxySettings.rejectUnauthorizedCertificates, + rejectUnauthorized: proxySettings.proxyRejectUnauthorizedCertificates, }); } else { return new HttpProxyAgent(proxySettings.proxyUrl); diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts index f69a2fc1d209c..b6c4a4ea882e5 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.test.ts @@ -73,7 +73,7 @@ describe('send_email module', () => { }, { proxyUrl: 'https://example.com', - rejectUnauthorizedCertificates: false, + proxyRejectUnauthorizedCertificates: false, } ); // @ts-expect-error @@ -140,6 +140,9 @@ describe('send_email module', () => { "host": "example.com", "port": 1025, "secure": false, + "tls": Object { + "rejectUnauthorized": undefined, + }, }, ] `); diff --git a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts index a4f32f1880cb5..dead8fee63d4f 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/lib/send_email.ts @@ -19,6 +19,7 @@ export interface SendEmailOptions { routing: Routing; content: Content; proxySettings?: ProxySettings; + rejectUnauthorized?: boolean; } // config validation ensures either service is set or host/port are set @@ -45,7 +46,7 @@ export interface Content { // send an email export async function sendEmail(logger: Logger, options: SendEmailOptions): Promise { - const { transport, routing, content, proxySettings } = options; + const { transport, routing, content, proxySettings, rejectUnauthorized } = options; const { service, host, port, secure, user, password } = transport; const { from, to, cc, bcc } = routing; const { subject, message } = content; @@ -68,15 +69,18 @@ export async function sendEmail(logger: Logger, options: SendEmailOptions): Prom transportConfig.host = host; transportConfig.port = port; transportConfig.secure = !!secure; - if (proxySettings && !transportConfig.secure) { + + if (proxySettings) { transportConfig.tls = { // do not fail on invalid certs if value is false - rejectUnauthorized: proxySettings?.rejectUnauthorizedCertificates, + rejectUnauthorized: proxySettings?.proxyRejectUnauthorizedCertificates, }; - } - if (proxySettings) { transportConfig.proxy = proxySettings.proxyUrl; transportConfig.headers = proxySettings.proxyHeaders; + } else if (!transportConfig.secure) { + transportConfig.tls = { + rejectUnauthorized, + }; } } diff --git a/x-pack/plugins/actions/server/builtin_action_types/slack.test.ts b/x-pack/plugins/actions/server/builtin_action_types/slack.test.ts index b15d92cecba62..d98a41ed1f355 100644 --- a/x-pack/plugins/actions/server/builtin_action_types/slack.test.ts +++ b/x-pack/plugins/actions/server/builtin_action_types/slack.test.ts @@ -167,7 +167,7 @@ describe('execute()', () => { params: { message: 'this invocation should succeed' }, proxySettings: { proxyUrl: 'https://someproxyhost', - rejectUnauthorizedCertificates: false, + proxyRejectUnauthorizedCertificates: false, }, }); expect(response).toMatchInlineSnapshot(` @@ -206,7 +206,7 @@ describe('execute()', () => { params: { message: 'this invocation should succeed' }, proxySettings: { proxyUrl: 'https://someproxyhost', - rejectUnauthorizedCertificates: false, + proxyRejectUnauthorizedCertificates: false, }, }); expect(mockedLogger.debug).toHaveBeenCalledWith( diff --git a/x-pack/plugins/actions/server/config.test.ts b/x-pack/plugins/actions/server/config.test.ts index ac815a425a2b7..1d7edd5f6b38f 100644 --- a/x-pack/plugins/actions/server/config.test.ts +++ b/x-pack/plugins/actions/server/config.test.ts @@ -18,7 +18,8 @@ describe('config validation', () => { "*", ], "preconfigured": Object {}, - "rejectUnauthorizedCertificates": true, + "proxyRejectUnauthorizedCertificates": true, + "rejectUnauthorized": true, } `); }); @@ -34,7 +35,8 @@ describe('config validation', () => { }, }, }, - rejectUnauthorizedCertificates: false, + proxyRejectUnauthorizedCertificates: false, + rejectUnauthorized: false, }; expect(configSchema.validate(config)).toMatchInlineSnapshot(` Object { @@ -55,7 +57,8 @@ describe('config validation', () => { "secrets": Object {}, }, }, - "rejectUnauthorizedCertificates": false, + "proxyRejectUnauthorizedCertificates": false, + "rejectUnauthorized": false, } `); }); diff --git a/x-pack/plugins/actions/server/config.ts b/x-pack/plugins/actions/server/config.ts index 087a08f572c65..8823cea9f4452 100644 --- a/x-pack/plugins/actions/server/config.ts +++ b/x-pack/plugins/actions/server/config.ts @@ -34,7 +34,8 @@ export const configSchema = schema.object({ }), proxyUrl: schema.maybe(schema.string()), proxyHeaders: schema.maybe(schema.recordOf(schema.string(), schema.string())), - rejectUnauthorizedCertificates: schema.boolean({ defaultValue: true }), + proxyRejectUnauthorizedCertificates: schema.boolean({ defaultValue: true }), + rejectUnauthorized: schema.boolean({ defaultValue: true }), }); export type ActionsConfig = TypeOf; diff --git a/x-pack/plugins/actions/server/plugin.test.ts b/x-pack/plugins/actions/server/plugin.test.ts index 4fdf9f2523568..9d545600e61ee 100644 --- a/x-pack/plugins/actions/server/plugin.test.ts +++ b/x-pack/plugins/actions/server/plugin.test.ts @@ -34,7 +34,8 @@ describe('Actions Plugin', () => { enabledActionTypes: ['*'], allowedHosts: ['*'], preconfigured: {}, - rejectUnauthorizedCertificates: true, + proxyRejectUnauthorizedCertificates: true, + rejectUnauthorized: true, }); plugin = new ActionsPlugin(context); coreSetup = coreMock.createSetup(); @@ -195,7 +196,8 @@ describe('Actions Plugin', () => { secrets: {}, }, }, - rejectUnauthorizedCertificates: true, + proxyRejectUnauthorizedCertificates: true, + rejectUnauthorized: true, }); plugin = new ActionsPlugin(context); coreSetup = coreMock.createSetup(); diff --git a/x-pack/plugins/actions/server/plugin.ts b/x-pack/plugins/actions/server/plugin.ts index 413e6663105b8..a6c5899281658 100644 --- a/x-pack/plugins/actions/server/plugin.ts +++ b/x-pack/plugins/actions/server/plugin.ts @@ -323,7 +323,8 @@ export class ActionsPlugin implements Plugin, Plugi ? { proxyUrl: this.actionsConfig.proxyUrl, proxyHeaders: this.actionsConfig.proxyHeaders, - rejectUnauthorizedCertificates: this.actionsConfig.rejectUnauthorizedCertificates, + proxyRejectUnauthorizedCertificates: this.actionsConfig + .proxyRejectUnauthorizedCertificates, } : undefined, }); diff --git a/x-pack/plugins/actions/server/types.ts b/x-pack/plugins/actions/server/types.ts index 0a7d6bf01b7ec..3e92ca331bb93 100644 --- a/x-pack/plugins/actions/server/types.ts +++ b/x-pack/plugins/actions/server/types.ts @@ -145,5 +145,5 @@ export interface ActionTaskExecutorParams { export interface ProxySettings { proxyUrl: string; proxyHeaders?: Record; - rejectUnauthorizedCertificates: boolean; + proxyRejectUnauthorizedCertificates: boolean; } diff --git a/x-pack/test/alerting_api_integration/common/config.ts b/x-pack/test/alerting_api_integration/common/config.ts index 67dd8c877e378..f9fdfaed1c79b 100644 --- a/x-pack/test/alerting_api_integration/common/config.ts +++ b/x-pack/test/alerting_api_integration/common/config.ts @@ -63,7 +63,7 @@ export function createTestConfig(name: string, options: CreateTestConfigOptions) const actionsProxyUrl = options.enableActionsProxy ? [ `--xpack.actions.proxyUrl=http://localhost:${proxyPort}`, - '--xpack.actions.rejectUnauthorizedCertificates=false', + '--xpack.actions.proxyRejectUnauthorizedCertificates=false', ] : [];