Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fleet] handle ESO errors in message signing key pair generation #170292

Merged
merged 1 commit into from
Nov 1, 2023
Merged

[Fleet] handle ESO errors in message signing key pair generation #170292

merged 1 commit into from
Nov 1, 2023

Conversation

joeypoon
Copy link
Member

@joeypoon joeypoon commented Nov 1, 2023
edited
Loading

Summary

If there was a transient error while fetching the key pair from ESO, the MessageSigningService would generate brand new key pair. This would cause existing endpoints to stop working since the messages would be signed by the new key. This PR adds retry logic with backoff for fetching key pairs from ESO so that a new key isn't generated unless we know for sure there isn't an existing key pair. Key pairs can still be manually rotated using the rotate keys API.

Checklist

For maintainers

@joeypoon joeypoon added release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team labels Nov 1, 2023
@joeypoon joeypoon force-pushed the fix/msg-signing-keys branch from 35d05f2 to 9c090d1 Compare November 1, 2023 00:16
@joeypoon joeypoon marked this pull request as ready for review November 1, 2023 00:22
@joeypoon joeypoon requested a review from a team as a code owner November 1, 2023 00:22
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

juliaElastic
juliaElastic approved these changes Nov 1, 2023
View reviewed changes
Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@joeypoon joeypoon merged commit 19359e8 into elastic:main Nov 1, 2023
@joeypoon joeypoon deleted the fix/msg-signing-keys branch November 1, 2023 14:57
@kibanamachine kibanamachine added v8.12.0 backport:skip This commit does not require backporting labels Nov 1, 2023
delanni pushed a commit to delanni/kibana that referenced this pull request Nov 6, 2023
@joeypoon @delanni
[Fleet] handle ESO errors in message signing key pair generation (ela…
11cdbcf 
…stic#170292)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliaElastic juliaElastic juliaElastic approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@joeypoon @elasticmachine @kibana-ci @juliaElastic @kibanamachine