Deprecate username/password in elastic-agent #29434
Conversation
michel-laterman
added
release-note:deprecation
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
botelastic
bot
added
needs_team
| @@ -5,8 +5,11 @@ outputs: | |||
| default: | |||
| type: elasticsearch | |||
| hosts: [127.0.0.1:9200] | |||
| username: elastic | |||
| password: changeme | |||
| api_key: "example-key" | |||
There was a problem hiding this comment.
I'm a bit confused if this attribute should be api_key or service_token.
the libbeat output config expects api_key, but some config from within the agent refers to it as service_token.
There was a problem hiding this comment.
api_key is for the output, service_token is for what is passed to fleet-server. This is not the same thing, see other comments.
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
|
I retargeted this PR to 7.17. If we need it also in 7.16, lets make sure it is backported. |
| @@ -150,3 +150,4 @@ | |||
| - Add diagnostics collect command to gather beat metadata, config, policy, and logs and bundle it into an archive. {pull}28461[28461] | |||
| - Add `KIBANA_FLEET_SERVICE_TOKEN` to Elastic Agent container. {pull}28096[28096] | |||
| - Allow pprof endpoints for elastic-agent or beats if enabled. {pull}28983[28983] {pull}29155[29155] | |||
| - Mark username/password settings as deprecated. {pull}29434[29434] | |||
There was a problem hiding this comment.
username / password for fleet-server are deprecated. If we should deprecate username / password for Elastic Agent in a more general way for the output is another discussion.
| username: elastic | ||
| password: changeme | ||
| api_key: "example-key" | ||
| # Note that basic auth is deprecated and will be removed in 8.0 |
There was a problem hiding this comment.
This does not apply to the general output. +1 on having the api_key here but username / password for the output part stay around AFAIK.
There was a problem hiding this comment.
ah, much simpler then. i'll just log it there.
| @@ -5,8 +5,11 @@ outputs: | |||
| default: | |||
| type: elasticsearch | |||
| hosts: [127.0.0.1:9200] | |||
| username: elastic | |||
| password: changeme | |||
| api_key: "example-key" | |||
There was a problem hiding this comment.
api_key is for the output, service_token is for what is passed to fleet-server. This is not the same thing, see other comments.
|
/test |
|
/test |
* Deprecate username/password in elastic-agent * Appy deprecation only to fleet-server * Review feedback * Add deprecation notes in container help output (cherry picked from commit 1810b78)
* Deprecate username/password in elastic-agent * Appy deprecation only to fleet-server * Review feedback * Add deprecation notes in container help output (cherry picked from commit 1810b78) Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com>
What does this PR do?
Add deprecation logs when username/password is detected by the elastic-agent.
Checklist
I have commented my code, particularly in hard-to-understand areasI have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues