-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] Prevent output changing types from Elasticsearch -> Logstash if a Fleet Server policy uses it #152234
Comments
Pinging @elastic/fleet (Team:Fleet) |
I think we need to go a bit further than just validation here. We allow customers to set a Logstash output as their default output, which breaks any Fleet Server policies. So I think there's two things:
|
This please. My architecture requires a Logstash output for agents, but I only have a basic license, and Fleet server 8.6 is unable to start with this config. |
@elastic/fleet |
Hi folks, we've got this prioritized internally for our next sprint. 8.7.0 might be a bit of stretch to land the fix, but definitely expect a fix to land in 8.7.1 and 8.8.0. @juliaElastic @criamico - Do you think we could take a look at this next week to see if we can get a backport to 8.7.0 done? We're passed feature freeze but this would be an impactful bugfix so should be acceptable to land on the release branch. |
Is the following one a valid workaround?
|
Closes #152234 ## Summary - If the user changes an output from `ES` to `logstash` when there are Fleet server policies that use that output, we throw asking the user to create a new output - If the user changes the default output to a `logstash` one, we update the Fleet server policies to use the previous default output (that should be ES) - Removed limitations to basic licenses so that fleet server policies can select a per-policy output (between the available ES outputs). This means that "Basic" users should be able to set their default output to Logstash but still have the Fleet Server policy attached to an ES output. - Added some tests to cover new functionalities ### UI changes When editing a "logstash" output the modal displays a warning: <img width="878" alt="Screenshot 2023-03-16 at 15 04 54" src="https://user-images.githubusercontent.com/16084106/225665515-6090b85c-b84f-4295-9b30-c480d2a84879.png"> ### Testing 1. **Edit existing logstash output to be default** - Have a default ES output and a fleet server policy (verify that has fleet server integration) - Create a new logstash output - Update it to make it default (this is valid for both integrations and monitoring output) - Check that fleet server policy keeps the ES output, it can be verified from agent policies > fleet server policy > settings. - The other policies should be switched to the logstash output **Note** if the previous output is logstash, it will be switched to the default one. However, users who updated the system and already had a logstash ouput set as a default will need to to manually set the output from the agent policy settings page. 2. **Edit existing ES output to become a logstash one** - Have a default ES output and a fleet server policy (verify that has fleet server integration) - Edit the output and change it to type 'logstash' - Check that the endpoint throws with an error <img width="366" alt="Screenshot 2023-03-21 at 18 06 25" src="https://user-images.githubusercontent.com/16084106/226687174-296e6e2b-3cef-4649-8173-18ee70c6a4a7.png"> 3. **Create new logstash output as default** - Have a default ES output and a fleet server policy (verify that has fleet server integration) - Create a new logstash output as set it as default output - Check that the fleet server policy keeps the previous ES default output - basically this should behave like case 1 (PUT and POST should have the same behaviour) 5. **Delete ES Output** - Once in the previous case (fleet server on ES output, other policies on logstash), try to delete the ES output - It should be prevented with an error <img width="444" alt="Screenshot 2023-03-16 at 15 05 44" src="https://user-images.githubusercontent.com/16084106/226687206-f22e1330-4435-4077-a7ef-f29846f25e00.png"> 6. **Custom output per policy** - With "basic" license, go to an agent policy with fleet server > settings - Check that "output for integrations" can select any output of type `elasticsearch`, while the logstash ones are disabled <img width="981" alt="Screenshot 2023-03-21 at 18 09 29" src="https://user-images.githubusercontent.com/16084106/226687854-95d239a3-4122-470a-88e0-73c456ad5f7d.png"> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Closes elastic#152234 ## Summary - If the user changes an output from `ES` to `logstash` when there are Fleet server policies that use that output, we throw asking the user to create a new output - If the user changes the default output to a `logstash` one, we update the Fleet server policies to use the previous default output (that should be ES) - Removed limitations to basic licenses so that fleet server policies can select a per-policy output (between the available ES outputs). This means that "Basic" users should be able to set their default output to Logstash but still have the Fleet Server policy attached to an ES output. - Added some tests to cover new functionalities ### UI changes When editing a "logstash" output the modal displays a warning: <img width="878" alt="Screenshot 2023-03-16 at 15 04 54" src="https://user-images.githubusercontent.com/16084106/225665515-6090b85c-b84f-4295-9b30-c480d2a84879.png"> ### Testing 1. **Edit existing logstash output to be default** - Have a default ES output and a fleet server policy (verify that has fleet server integration) - Create a new logstash output - Update it to make it default (this is valid for both integrations and monitoring output) - Check that fleet server policy keeps the ES output, it can be verified from agent policies > fleet server policy > settings. - The other policies should be switched to the logstash output **Note** if the previous output is logstash, it will be switched to the default one. However, users who updated the system and already had a logstash ouput set as a default will need to to manually set the output from the agent policy settings page. 2. **Edit existing ES output to become a logstash one** - Have a default ES output and a fleet server policy (verify that has fleet server integration) - Edit the output and change it to type 'logstash' - Check that the endpoint throws with an error <img width="366" alt="Screenshot 2023-03-21 at 18 06 25" src="https://user-images.githubusercontent.com/16084106/226687174-296e6e2b-3cef-4649-8173-18ee70c6a4a7.png"> 3. **Create new logstash output as default** - Have a default ES output and a fleet server policy (verify that has fleet server integration) - Create a new logstash output as set it as default output - Check that the fleet server policy keeps the previous ES default output - basically this should behave like case 1 (PUT and POST should have the same behaviour) 5. **Delete ES Output** - Once in the previous case (fleet server on ES output, other policies on logstash), try to delete the ES output - It should be prevented with an error <img width="444" alt="Screenshot 2023-03-16 at 15 05 44" src="https://user-images.githubusercontent.com/16084106/226687206-f22e1330-4435-4077-a7ef-f29846f25e00.png"> 6. **Custom output per policy** - With "basic" license, go to an agent policy with fleet server > settings - Check that "output for integrations" can select any output of type `elasticsearch`, while the logstash ones are disabled <img width="981" alt="Screenshot 2023-03-21 at 18 09 29" src="https://user-images.githubusercontent.com/16084106/226687854-95d239a3-4122-470a-88e0-73c456ad5f7d.png"> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit ec3294f)
# Backport This will backport the following commits from `main` to `8.7`: - [[Fleet] Updates to output logic (#153226)](#153226) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Cristina Amico","email":"criamico@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-03-23T08:00:26Z","message":"[Fleet] Updates to output logic (#153226)\n\nCloses https://github.com/elastic/kibana/issues/152234\r\n\r\n## Summary\r\n\r\n- If the user changes an output from `ES` to `logstash` when there are\r\nFleet server policies that use that output, we throw asking the user to\r\ncreate a new output\r\n- If the user changes the default output to a `logstash` one, we update\r\nthe Fleet server policies to use the previous default output (that\r\nshould be ES)\r\n- Removed limitations to basic licenses so that fleet server policies\r\ncan select a per-policy output (between the available ES outputs). This\r\nmeans that \"Basic\" users should be able to set their default output to\r\nLogstash but still have the Fleet Server policy attached to an ES\r\noutput.\r\n- Added some tests to cover new functionalities\r\n\r\n### UI changes\r\n\r\nWhen editing a \"logstash\" output the modal displays a warning:\r\n\r\n<img width=\"878\" alt=\"Screenshot 2023-03-16 at 15 04 54\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/225665515-6090b85c-b84f-4295-9b30-c480d2a84879.png\">\r\n\r\n### Testing\r\n\r\n1. **Edit existing logstash output to be default**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Create a new logstash output \r\n- Update it to make it default (this is valid for both integrations and\r\nmonitoring output)\r\n- Check that fleet server policy keeps the ES output, it can be verified\r\nfrom agent policies > fleet server policy > settings.\r\n- The other policies should be switched to the logstash output\r\n\r\n**Note** if the previous output is logstash, it will be switched to the\r\ndefault one. However, users who updated the system and already had a\r\nlogstash ouput set as a default will need to to manually set the output\r\nfrom the agent policy settings page.\r\n\r\n2. **Edit existing ES output to become a logstash one**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Edit the output and change it to type 'logstash' \r\n- Check that the endpoint throws with an error\r\n\r\n<img width=\"366\" alt=\"Screenshot 2023-03-21 at 18 06 25\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687174-296e6e2b-3cef-4649-8173-18ee70c6a4a7.png\">\r\n\r\n3. **Create new logstash output as default**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Create a new logstash output as set it as default output\r\n- Check that the fleet server policy keeps the previous ES default\r\noutput\r\n- basically this should behave like case 1 (PUT and POST should have the\r\nsame behaviour)\r\n\r\n5. **Delete ES Output**\r\n- Once in the previous case (fleet server on ES output, other policies\r\non logstash), try to delete the ES output\r\n- It should be prevented with an error\r\n\r\n<img width=\"444\" alt=\"Screenshot 2023-03-16 at 15 05 44\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687206-f22e1330-4435-4077-a7ef-f29846f25e00.png\">\r\n\r\n6. **Custom output per policy**\r\n- With \"basic\" license, go to an agent policy with fleet server >\r\nsettings\r\n- Check that \"output for integrations\" can select any output of type\r\n`elasticsearch`, while the logstash ones are disabled\r\n\r\n<img width=\"981\" alt=\"Screenshot 2023-03-21 at 18 09 29\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687854-95d239a3-4122-470a-88e0-73c456ad5f7d.png\">\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"ec3294f2b340a5f6dbfdada3a997e17047bc8f17","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Fleet","backport:prev-minor","v8.8.0"],"number":153226,"url":"https://github.com/elastic/kibana/pull/153226","mergeCommit":{"message":"[Fleet] Updates to output logic (#153226)\n\nCloses https://github.com/elastic/kibana/issues/152234\r\n\r\n## Summary\r\n\r\n- If the user changes an output from `ES` to `logstash` when there are\r\nFleet server policies that use that output, we throw asking the user to\r\ncreate a new output\r\n- If the user changes the default output to a `logstash` one, we update\r\nthe Fleet server policies to use the previous default output (that\r\nshould be ES)\r\n- Removed limitations to basic licenses so that fleet server policies\r\ncan select a per-policy output (between the available ES outputs). This\r\nmeans that \"Basic\" users should be able to set their default output to\r\nLogstash but still have the Fleet Server policy attached to an ES\r\noutput.\r\n- Added some tests to cover new functionalities\r\n\r\n### UI changes\r\n\r\nWhen editing a \"logstash\" output the modal displays a warning:\r\n\r\n<img width=\"878\" alt=\"Screenshot 2023-03-16 at 15 04 54\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/225665515-6090b85c-b84f-4295-9b30-c480d2a84879.png\">\r\n\r\n### Testing\r\n\r\n1. **Edit existing logstash output to be default**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Create a new logstash output \r\n- Update it to make it default (this is valid for both integrations and\r\nmonitoring output)\r\n- Check that fleet server policy keeps the ES output, it can be verified\r\nfrom agent policies > fleet server policy > settings.\r\n- The other policies should be switched to the logstash output\r\n\r\n**Note** if the previous output is logstash, it will be switched to the\r\ndefault one. However, users who updated the system and already had a\r\nlogstash ouput set as a default will need to to manually set the output\r\nfrom the agent policy settings page.\r\n\r\n2. **Edit existing ES output to become a logstash one**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Edit the output and change it to type 'logstash' \r\n- Check that the endpoint throws with an error\r\n\r\n<img width=\"366\" alt=\"Screenshot 2023-03-21 at 18 06 25\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687174-296e6e2b-3cef-4649-8173-18ee70c6a4a7.png\">\r\n\r\n3. **Create new logstash output as default**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Create a new logstash output as set it as default output\r\n- Check that the fleet server policy keeps the previous ES default\r\noutput\r\n- basically this should behave like case 1 (PUT and POST should have the\r\nsame behaviour)\r\n\r\n5. **Delete ES Output**\r\n- Once in the previous case (fleet server on ES output, other policies\r\non logstash), try to delete the ES output\r\n- It should be prevented with an error\r\n\r\n<img width=\"444\" alt=\"Screenshot 2023-03-16 at 15 05 44\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687206-f22e1330-4435-4077-a7ef-f29846f25e00.png\">\r\n\r\n6. **Custom output per policy**\r\n- With \"basic\" license, go to an agent policy with fleet server >\r\nsettings\r\n- Check that \"output for integrations\" can select any output of type\r\n`elasticsearch`, while the logstash ones are disabled\r\n\r\n<img width=\"981\" alt=\"Screenshot 2023-03-21 at 18 09 29\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687854-95d239a3-4122-470a-88e0-73c456ad5f7d.png\">\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"ec3294f2b340a5f6dbfdada3a997e17047bc8f17"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/153226","number":153226,"mergeCommit":{"message":"[Fleet] Updates to output logic (#153226)\n\nCloses https://github.com/elastic/kibana/issues/152234\r\n\r\n## Summary\r\n\r\n- If the user changes an output from `ES` to `logstash` when there are\r\nFleet server policies that use that output, we throw asking the user to\r\ncreate a new output\r\n- If the user changes the default output to a `logstash` one, we update\r\nthe Fleet server policies to use the previous default output (that\r\nshould be ES)\r\n- Removed limitations to basic licenses so that fleet server policies\r\ncan select a per-policy output (between the available ES outputs). This\r\nmeans that \"Basic\" users should be able to set their default output to\r\nLogstash but still have the Fleet Server policy attached to an ES\r\noutput.\r\n- Added some tests to cover new functionalities\r\n\r\n### UI changes\r\n\r\nWhen editing a \"logstash\" output the modal displays a warning:\r\n\r\n<img width=\"878\" alt=\"Screenshot 2023-03-16 at 15 04 54\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/225665515-6090b85c-b84f-4295-9b30-c480d2a84879.png\">\r\n\r\n### Testing\r\n\r\n1. **Edit existing logstash output to be default**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Create a new logstash output \r\n- Update it to make it default (this is valid for both integrations and\r\nmonitoring output)\r\n- Check that fleet server policy keeps the ES output, it can be verified\r\nfrom agent policies > fleet server policy > settings.\r\n- The other policies should be switched to the logstash output\r\n\r\n**Note** if the previous output is logstash, it will be switched to the\r\ndefault one. However, users who updated the system and already had a\r\nlogstash ouput set as a default will need to to manually set the output\r\nfrom the agent policy settings page.\r\n\r\n2. **Edit existing ES output to become a logstash one**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Edit the output and change it to type 'logstash' \r\n- Check that the endpoint throws with an error\r\n\r\n<img width=\"366\" alt=\"Screenshot 2023-03-21 at 18 06 25\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687174-296e6e2b-3cef-4649-8173-18ee70c6a4a7.png\">\r\n\r\n3. **Create new logstash output as default**\r\n- Have a default ES output and a fleet server policy (verify that has\r\nfleet server integration)\r\n- Create a new logstash output as set it as default output\r\n- Check that the fleet server policy keeps the previous ES default\r\noutput\r\n- basically this should behave like case 1 (PUT and POST should have the\r\nsame behaviour)\r\n\r\n5. **Delete ES Output**\r\n- Once in the previous case (fleet server on ES output, other policies\r\non logstash), try to delete the ES output\r\n- It should be prevented with an error\r\n\r\n<img width=\"444\" alt=\"Screenshot 2023-03-16 at 15 05 44\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687206-f22e1330-4435-4077-a7ef-f29846f25e00.png\">\r\n\r\n6. **Custom output per policy**\r\n- With \"basic\" license, go to an agent policy with fleet server >\r\nsettings\r\n- Check that \"output for integrations\" can select any output of type\r\n`elasticsearch`, while the logstash ones are disabled\r\n\r\n<img width=\"981\" alt=\"Screenshot 2023-03-21 at 18 09 29\"\r\nsrc=\"https://user-images.githubusercontent.com/16084106/226687854-95d239a3-4122-470a-88e0-73c456ad5f7d.png\">\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>","sha":"ec3294f2b340a5f6dbfdada3a997e17047bc8f17"}}]}] BACKPORT--> Co-authored-by: Cristina Amico <criamico@users.noreply.github.com>
Originally reported in #152234 (comment) With EUI v76, `warning` icon type was introduced: #152506 However, the EUI upgrade was only applied on 8.8. The callout here that uses the warning icon was a bug fix backported to 8.7 after the EUI upgrade. In 8.7 the EUI version does not have the `warning` icon type, causing a broken image to be rendered in this callout. This PR reverts the icon to the legacy `alert` type will only be merged into 8.7.
Using 8.7.0: Creating a Fleet Server Policy via the API is successful (screencap 1). Viewing the newly created Policy in the UI, it appears it has still selected the default Output, which is Logstash. (screencap 2) If I specify the output in the API request with: I get the following error:
Is this expected behavior? |
@defensivedepth, this might not help, but try adding an agent under that fleet server while having Elasticsearch as the default output, and switch to Logstash afterwards. |
I was able to work around by creating the Policy via the API with the Logstash output and then updating the Policy through the API with |
Not sure if I should raise this here or open a new issue, but I'm testing the Synthetics integration via a Logstash output, and it's failing with "Output not supported", which seems like the same behaviour as the Fleet server. Basic license so I have no option to configure the Synthetics node with Elasticsearch output.
Aside from the Basic license output limitations, requiring an Elasticsearch output would prevent me from deploying Synthetics monitoring to various locations in our network that can't access ES directly. Any idea whether this is the intended behaviour? Stack version: 8.7.0 |
Hello @ceeeekay this is by design, Heartbeat does need a direct connection to Elasticsearch when using Synthetics. We have an issue to make this clearer in the docs, as it's not right now. Sorry you hit this issue. As you're using 8.7.0, I assume you're using Private Locations, and not the legacy Synthetics Integration? If not, then you need to switch over to Private Locations (any Synthetics Integration monitors will stop working in 8.8) |
Hi @paulb-elastic, thanks for the info. I was testing with Private Locations in the Uptime/Synthetics beta section. No real problem if a direct ES connection is required. I was hoping to just be able to continue by ingesting Synthetics events to my existing Logstash architecture, but I'm sure I can work around it this be deploying dedicated nodes which have direct access to ES. I guess the real issue now is how to get this to work with a Basic license, given the outputs limitation and the requirement to be enrolled in Fleet. Are there any plans to enforce Synthetics ES output in the same way that Fleet Server does since 8.7, regardless of licensing? Cheers. |
@ceeeekay there is the limitation as you've mentioned. I've raised #155725 for us to consider removing this restriction. I can't give any indication yet when that might be able to be worked on, but you could watch that issue to keep track of it. |
## Summary Closes #155725 ### Context Basic license users cannot use Synthetics private locations and a default Logstash output (cf. [this comment](#155725 (comment))). This is because under Basic license per policy output is not allowed. There was a [similar issue](#152234) with Fleet server that was fixed by adding logic to exclude the fleet server integration from the checks ([PR](#153226)). This PR follows a very similar approach for the synthetics integration. ### Changes Compare these to [the corresponding changes that were made for Fleet server](#153226). - If the user tries to change the default output from ES to Logstash and there are agent policies using synthetics, then an error is thrown. - If an existing Logstash output is made to be the default output and there are agent policies using synthetics, then these policies will still be using the previous default ES output. - If the default output is of type Logstash with an agent policy using synthetics and another ES output, then if the user tries to delete the ES output an error is thrown. - Logstash type outputs are disabled in the agent policy settings if the policy uses synthetics. ### Steps for testing⚠️ Ideally the complete scenario reported [here](#155725 (comment)) should be tested. I was having some issues running a dev setup with a proper Logstash output, so the steps below are not end-to-end (similar to #153226). 1. Start with a single default ES output, an agent policy (1) with synthetics and another (2) without (NB: you can also test combinations with fleet server; if an error is thrown, the error for fleet server would be thrown before the one for synthetics). 2. Edit the default ES output to be a Logstash output; this should fail and thrown the following error: ![Screenshot 2023-07-14 at 15 07 56](https://github.com/elastic/kibana/assets/23701614/bf716a7a-745b-4b89-aa49-0ced2cc825a2) 3. Create a new Logstash output and make it default on creation. Go the agent policies and check the policies settings: the `Output for integrations` setting should still be set to the previous ES default output for policies with synthetics (and/or fleet server), and should have switched to the new Logstash default for other policies. 4. Repeat the previous steps, but this time first create the Logstash output and then edit it to make it default. This tests the update behaviour as opposed to create. You will see the following warning: ![Screenshot 2023-07-14 at 15 06 35](https://github.com/elastic/kibana/assets/23701614/283ee6c2-6d84-4847-bd3d-3c4ff734b2d6) 5. Still with the default Logstash output, try to delete the ES output (that is still used by policies with synthetics/fleet server(. This should fail with the following error: ![Screenshot 2023-07-14 at 15 16 03](https://github.com/elastic/kibana/assets/23701614/62dfe4c1-aed6-4d85-83f0-92985eab9336) 6. (Basic license constraint) Create another ES output (not default). Go the agent policies and check the policies settings: policies with synthetics (or fleet server) should be allowed to switch the `Output for integrations` setting to the new ES output: ![Screenshot 2023-07-14 at 15 18 56](https://github.com/elastic/kibana/assets/23701614/98deb4fc-abb1-40e2-9556-1a4ecfa96923) In contrast, policies without these integrations should be constrained to the default Logstash output: ![Screenshot 2023-07-14 at 15 19 19](https://github.com/elastic/kibana/assets/23701614/9856de1f-675b-47db-a471-9796239f0f85) ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary Closes elastic#155725 ### Context Basic license users cannot use Synthetics private locations and a default Logstash output (cf. [this comment](elastic#155725 (comment))). This is because under Basic license per policy output is not allowed. There was a [similar issue](elastic#152234) with Fleet server that was fixed by adding logic to exclude the fleet server integration from the checks ([PR](elastic#153226)). This PR follows a very similar approach for the synthetics integration. ### Changes Compare these to [the corresponding changes that were made for Fleet server](elastic#153226). - If the user tries to change the default output from ES to Logstash and there are agent policies using synthetics, then an error is thrown. - If an existing Logstash output is made to be the default output and there are agent policies using synthetics, then these policies will still be using the previous default ES output. - If the default output is of type Logstash with an agent policy using synthetics and another ES output, then if the user tries to delete the ES output an error is thrown. - Logstash type outputs are disabled in the agent policy settings if the policy uses synthetics. ### Steps for testing⚠️ Ideally the complete scenario reported [here](elastic#155725 (comment)) should be tested. I was having some issues running a dev setup with a proper Logstash output, so the steps below are not end-to-end (similar to elastic#153226). 1. Start with a single default ES output, an agent policy (1) with synthetics and another (2) without (NB: you can also test combinations with fleet server; if an error is thrown, the error for fleet server would be thrown before the one for synthetics). 2. Edit the default ES output to be a Logstash output; this should fail and thrown the following error: ![Screenshot 2023-07-14 at 15 07 56](https://github.com/elastic/kibana/assets/23701614/bf716a7a-745b-4b89-aa49-0ced2cc825a2) 3. Create a new Logstash output and make it default on creation. Go the agent policies and check the policies settings: the `Output for integrations` setting should still be set to the previous ES default output for policies with synthetics (and/or fleet server), and should have switched to the new Logstash default for other policies. 4. Repeat the previous steps, but this time first create the Logstash output and then edit it to make it default. This tests the update behaviour as opposed to create. You will see the following warning: ![Screenshot 2023-07-14 at 15 06 35](https://github.com/elastic/kibana/assets/23701614/283ee6c2-6d84-4847-bd3d-3c4ff734b2d6) 5. Still with the default Logstash output, try to delete the ES output (that is still used by policies with synthetics/fleet server(. This should fail with the following error: ![Screenshot 2023-07-14 at 15 16 03](https://github.com/elastic/kibana/assets/23701614/62dfe4c1-aed6-4d85-83f0-92985eab9336) 6. (Basic license constraint) Create another ES output (not default). Go the agent policies and check the policies settings: policies with synthetics (or fleet server) should be allowed to switch the `Output for integrations` setting to the new ES output: ![Screenshot 2023-07-14 at 15 18 56](https://github.com/elastic/kibana/assets/23701614/98deb4fc-abb1-40e2-9556-1a4ecfa96923) In contrast, policies without these integrations should be constrained to the default Logstash output: ![Screenshot 2023-07-14 at 15 19 19](https://github.com/elastic/kibana/assets/23701614/9856de1f-675b-47db-a471-9796239f0f85) ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Fleet Server can only output to Elasticsearch. We've made one key change in #148896 wherein a policy containing the Fleet Server integration cannot have its output set to a Logstash output. However, we need to ensure that the same validation applies when an existing output is edited to have its type changed from Elasticsearch to Output.
If a Fleet Server policy exists that's pointing at an output, prevent its
type
attribute from being changed off of Elasticsearch. Users should be creating a separate output for their agents that output to Logstash, and this will prevent breaking their Fleet environment.The text was updated successfully, but these errors were encountered: