Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tlscommon: require cert in ServerConfig.Validate #19584

Merged
merged 2 commits into from
Jul 4, 2020
Merged

tlscommon: require cert in ServerConfig.Validate #19584

merged 2 commits into from
Jul 4, 2020

Conversation

axw
Copy link
Member

@axw axw commented Jul 2, 2020
edited
Loading

What does this PR do?

When validating server-side TLS config, ensure there is a certificate and key pair.

Why is it important?

It does not make sense to configure server-side TLS without specifying a certificate and key pair. If users enable TLS (ssl.enabled) for a server (e.g. APM Server) but do not specify a certificate or key file, then they should receive a helpful error message indicating that the configuration is missing.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation (The metricbeat docs talk about client cert/key only; the APM Server docs already state that these config fields are required.)
    - [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

  1. build metricbeat
  2. run metricbeat with a config like
metricbeat.modules:
  - module: http
    metricsets: ["server"]
    ssl: {}

It should exit with an error containing the phrase "certificate file not configured".

Related issues

elastic/apm-server#3908

@axw
tlscommon: require cert in ServerConfig.Validate
4f59553 
It does not make sense to configure server-side TLS
without specifying a certificate and key pair. Check
that both a certificate and key are configured. We
were previously checking that both or neither were
specified.
@axw axw added the enhancement label Jul 2, 2020
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 2, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 2, 2020
edited
Loading

❕ Build Aborted

Either there was a build timeout or someone aborted the build.'}

Pipeline View Test View Changes Artifacts

Expand to view the summary

Build stats

  • Build Cause: [Branch indexing]

  • Start Time: 2020-07-03T08:04:20.996+0000

  • Duration: 123 min 20 sec

Test stats 🧪

Test Results
Failed 1
Passed 5888
Skipped 1011
Total 6900

Test errors

Expand to view the tests failures

  • Name: Build and Test / Filebeat oss / test_clean_inactive – test_registrar.Test

    • Age: 1
    • Duration: 0.309
    • Error Details:

Steps errors

Expand to view the steps failures

  • Name: Make -C filebeat testsuite

    • Description: make -C filebeat testsuite

    • Duration: 29 min 13 sec

    • Start Time: 2020-07-03T08:35:27.894+0000

    • log

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Duration: 2 min 22 sec

    • Start Time: 2020-07-03T09:04:43.630+0000

    • log

  • Name: Notifies GitHub of the status of a Pull Request

    • Description:

    • Duration: 28 min 23 sec

    • Start Time: 2020-07-03T09:07:06.463+0000

    • log

  • Name: Notifies GitHub of the status of a Pull Request

  • Name: Notifies GitHub of the status of a Pull Request

  • Name: Notifies GitHub of the status of a Pull Request

  • Name: Error signal

    • Description: untar: step failed with error null

    • Duration: 0 min 0 sec

    • Start Time: 2020-07-03T10:06:19.701+0000

    • log

  • Name: Mage build unitTest

    • Description: mage build unitTest

    • Duration: 4 min 45 sec

    • Start Time: 2020-07-03T08:42:39.579+0000

    • log

  • Name: Report to Codecov

    • Description: curl -sSLo codecov https://codecov.io/bash for i in auditbeat filebeat heartbeat libbeat metricbeat packetbeat winlogbeat journalbeat do FILE="${i}/build/coverage/full.cov" if [ -f "${FILE}" ]; then bash codecov -f "${FILE}" fi done

    • Duration: 2 min 22 sec

    • Start Time: 2020-07-03T08:41:34.011+0000

    • log

  • Name: Notifies GitHub of the status of a Pull Request

Log output

Expand to view the last 100 lines of log output 

[2020-07-03T10:07:02.949Z] Failed in branch Metricbeat x-pack
[2020-07-03T10:07:12.392Z] Body did not finish within grace period; terminating with extreme prejudice
[2020-07-03T10:07:12.508Z] Error when executing always post condition:
[2020-07-03T10:07:12.509Z] org.jenkinsci.plugins.workflow.steps.FlowInterruptedException
[2020-07-03T10:07:12.509Z] 	at org.jenkinsci.plugins.workflow.steps.TimeoutStepExecution.cancel(TimeoutStepExecution.java:165)
[2020-07-03T10:07:12.509Z] 	at org.jenkinsci.plugins.workflow.steps.TimeoutStepExecution.access$100(TimeoutStepExecution.java:38)
[2020-07-03T10:07:12.509Z] 	at org.jenkinsci.plugins.workflow.steps.TimeoutStepExecution$1.run(TimeoutStepExecution.java:139)
[2020-07-03T10:07:12.509Z] 	at jenkins.security.ImpersonatingScheduledExecutorService$1.run(ImpersonatingScheduledExecutorService.java:58)
[2020-07-03T10:07:12.509Z] 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[2020-07-03T10:07:12.509Z] 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
[2020-07-03T10:07:12.509Z] 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
[2020-07-03T10:07:12.509Z] 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
[2020-07-03T10:07:12.509Z] 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[2020-07-03T10:07:12.509Z] 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[2020-07-03T10:07:12.509Z] 	at java.lang.Thread.run(Thread.java:748)
[2020-07-03T10:07:12.509Z] 
[2020-07-03T10:07:12.623Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats
[2020-07-03T10:07:12.980Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-03T10:07:12.994Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Lint
[2020-07-03T10:07:13.162Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Elastic-Agent-x-pack
[2020-07-03T10:07:13.411Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-crosscompile
[2020-07-03T10:07:13.574Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Winlogbeat-oss
[2020-07-03T10:07:13.688Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Dockerlogbeat
[2020-07-03T10:07:13.800Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Journalbeat-oss
[2020-07-03T10:07:13.975Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Generators-Metricbeat-Linux
[2020-07-03T10:07:14.104Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Elastic-Agent-x-pack-Windows
[2020-07-03T10:07:14.281Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Functionbeat-x-pack
[2020-07-03T10:07:14.470Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Auditbeat-oss-Windows
[2020-07-03T10:07:14.631Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Auditbeat-x-pack-Windows
[2020-07-03T10:07:14.846Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-Windows
[2020-07-03T10:07:15.073Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-OSS-Unit-tests
[2020-07-03T10:07:15.208Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Heartbeat-oss
[2020-07-03T10:07:15.368Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Auditbeat-x-pack
[2020-07-03T10:07:15.579Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Filebeat-Windows
[2020-07-03T10:07:15.794Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Winlogbeat-Windows-x-pack
[2020-07-03T10:07:16.013Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-03T10:07:16.215Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Libbeat-x-pack
[2020-07-03T10:07:16.467Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Auditbeat-oss-Linux
[2020-07-03T10:07:16.650Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Packetbeat-oss
[2020-07-03T10:07:16.856Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-x-pack-Windows
[2020-07-03T10:07:17.087Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Generators-Beat-Linux
[2020-07-03T10:07:17.348Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Winlogbeat-Windows
[2020-07-03T10:07:17.502Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Filebeat-oss
[2020-07-03T10:07:17.648Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-Python-integration-tests
[2020-07-03T10:07:17.818Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests
[2020-07-03T10:07:17.956Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Libbeat-oss
[2020-07-03T10:07:18.191Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Elastic-Agent-Mac-OS-X
[2020-07-03T10:07:18.392Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-03T10:07:18.540Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-07-03T10:07:18.669Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Auditbeat-oss-Mac-OS-X
[2020-07-03T10:07:18.816Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Auditbeat-x-pack-Mac-OS-X
[2020-07-03T10:07:18.965Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-Mac-OS-X
[2020-07-03T10:07:19.104Z] Running in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-x-pack
[2020-07-03T10:07:19.586Z] + cat
[2020-07-03T10:07:19.586Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-03T10:07:19.586Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-03T10:07:26.194Z] runbld>>> runbld started
[2020-07-03T10:07:26.194Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-03T10:07:27.608Z] runbld>>> The following profiles matched the job 'Beats/beats-beats-mbp/PR-19584' in order of occurrence in the config (last value wins).
[2020-07-03T10:07:29.028Z] runbld>>> Debug logging enabled.
[2020-07-03T10:07:29.028Z] runbld>>> Storing result
[2020-07-03T10:07:29.028Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-03T10:07:29.028Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200703100728-E6339CD2
[2020-07-03T10:07:29.028Z] runbld>>> Adding system facts.
[2020-07-03T10:07:29.972Z] runbld>>> Adding vcs info for the latest commit:  e9036e14b45af47222944f56e80f705f1c4127d6
[2020-07-03T10:07:29.972Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-03T10:07:29.972Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-03T10:07:29.972Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-03T10:07:29.972Z] Processing JUnit reports with runbld...
[2020-07-03T10:07:30.553Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-03T10:07:30.553Z] runbld>>> DURATION: 19ms
[2020-07-03T10:07:30.553Z] runbld>>> STDOUT: 40 bytes
[2020-07-03T10:07:30.553Z] runbld>>> STDERR: 49 bytes
[2020-07-03T10:07:30.553Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-03T10:07:30.553Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats
[2020-07-03T10:07:31.495Z] runbld>>> Storing build metadata: 
[2020-07-03T10:07:31.495Z] runbld>>> Adding test report.
[2020-07-03T10:07:31.495Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats
[2020-07-03T10:07:32.089Z] runbld>>> Found 96 test output files
[2020-07-03T10:07:32.670Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-graphite.xml
[2020-07-03T10:07:32.670Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-OSS-Integration-tests/metricbeat/build/TEST-go-integration-windows.xml
[2020-07-03T10:07:32.670Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-iis.xml
[2020-07-03T10:07:32.670Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-istio.xml
[2020-07-03T10:07:32.936Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-activemq.xml
[2020-07-03T10:07:32.936Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-tomcat.xml
[2020-07-03T10:07:32.936Z] runbld>>> No testsuite node found in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584/src/github.com/elastic/beats/Metricbeat-x-pack/x-pack/metricbeat/build/TEST-go-integration-openmetrics.xml
[2020-07-03T10:07:33.932Z] runbld>>> Test output logs contained: Errors: 0 Failures: 1 Tests: 6750 Skipped: 828
[2020-07-03T10:07:33.932Z] runbld>>> Storing result
[2020-07-03T10:07:33.932Z] runbld>>> FAILURES: 1
[2020-07-03T10:07:34.191Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-03T10:07:34.191Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200703100728-E6339CD2
[2020-07-03T10:07:34.451Z] runbld>>> Email notification disabled by environment variable.
[2020-07-03T10:07:34.451Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-03T10:07:40.065Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-19584
[2020-07-03T10:07:40.191Z] [INFO] getVaultSecret: Getting secrets
[2020-07-03T10:07:40.283Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-03T10:07:41.158Z] + chmod 755 generate-build-data.sh
[2020-07-03T10:07:41.158Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19584/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19584/runs/5 ABORTED 7399881
[2020-07-03T10:07:41.158Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19584/runs/5/steps/?limit=10000 -o steps-info.json
[2020-07-03T10:07:47.640Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-19584/runs/5/tests/?status=FAILED -o tests-errors.json

@andresrc andresrc added the Team:Services (Deprecated) Label for the former Integrations-Services team label Jul 2, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations-services (Team:Services)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 2, 2020
@urso urso added the needs_backport PR is waiting to be backported to other branches. label Jul 2, 2020
@axw
Copy link
Member Author

axw commented Jul 3, 2020

jenkins run the tests please

@urso
Copy link

urso commented Jul 3, 2020

Checking the last CI output relevant tests did look ok. One flaky test failed, and there have been a few network timeouts when publishing results.

@axw axw merged commit c63cd32 into elastic:master Jul 4, 2020
@axw axw deleted the tlscommon-serverconfig-require-certkey branch July 4, 2020 08:25
@urso
Copy link

urso commented Jul 6, 2020

@axw Can you please backport this to 7.x? Thanks!

@axw axw mentioned this pull request Jul 7, 2020
Merged
4 tasks
@axw axw added v7.9.0 and removed needs_backport PR is waiting to be backported to other branches. labels Jul 7, 2020
axw added a commit to axw/beats that referenced this pull request Jul 7, 2020
@axw
tlscommon: require cert in ServerConfig.Validate (elastic#19584)
6ac3c31 
* tlscommon: require cert in ServerConfig.Validate

It does not make sense to configure server-side TLS
without specifying a certificate and key pair. Check
that both a certificate and key are configured. We
were previously checking that both or neither were
specified.

(cherry picked from commit c63cd32)
urso pushed a commit that referenced this pull request Jul 7, 2020
@axw
Cherry-pick #19584 to 7.x: tlscommon: require cert in ServerConfig.Va…
28088db 
…lidate (#19692)
@axw axw mentioned this pull request Jul 13, 2020
Merged
2 tasks
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@axw @melchiormoulin
tlscommon: require cert in ServerConfig.Validate (elastic#19584)
7aa8e3d 
* tlscommon: require cert in ServerConfig.Validate

It does not make sense to configure server-side TLS
without specifying a certificate and key pair. Check
that both a certificate and key are configured. We
were previously checking that both or neither were
specified.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@urso urso urso approved these changes

Assignees
No one assigned
Labels
enhancement Team:Services (Deprecated) Label for the former Integrations-Services team v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@axw @elasticmachine @urso @andresrc