Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Endpoint] Update the run_endpoint_agent dev script to support use of an API Key #190449

Merged
merged 5 commits into from
Sep 3, 2024
Merged

[Security Solution][Endpoint] Update the run_endpoint_agent dev script to support use of an API Key #190449

merged 5 commits into from
Sep 3, 2024
+25 −5

Conversation

paul-tavares
Copy link
Contributor

Summary

  • Updates the /x-pack/plugins/security_solution/scripts/endpoint/run_endpoint_agent.js with a new optional argument: --apiKey
    • This argument enables use of a Kibana/ES API key with the script instead of --username and --password
    • Ideal for use against Serverless environments where the use of username/password is not ideal

@paul-tavares paul-tavares added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.16.0 labels Aug 13, 2024
@paul-tavares paul-tavares self-assigned this Aug 13, 2024
@paul-tavares paul-tavares marked this pull request as ready for review August 13, 2024 19:00
@paul-tavares paul-tavares requested a review from a team as a code owner August 13, 2024 19:00
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@pzl pzl requested a review from ashokaditya August 13, 2024 19:05
@paul-tavares paul-tavares enabled auto-merge (squash) August 14, 2024 20:13
ashokaditya
ashokaditya approved these changes Aug 28, 2024
View reviewed changes
x-pack/plugins/security_solution/scripts/endpoint/endpoint_agent_runner/index.ts
@@ -62,6 +65,8 @@ export const cli = () => {
--username Optional. User name to be used for auth against elasticsearch and
kibana (Default: elastic).
--password Optional. Password associated with the username (Default: changeme)
--apiKey Optional. A Kibana API key to use for authz. When defined, 'username'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: I don't see code change that ignores username/password, or is it already baked in?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ashokaditya - yes, its backed into KbnClientExtended class above. When api key is defined, we remove the creds from the URL and also intercept the .request() calls and inject the API key header

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @paul-tavares

@paul-tavares paul-tavares merged commit 243b4fa into elastic:main Sep 3, 2024
41 checks passed
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Sep 3, 2024
@paul-tavares paul-tavares deleted the task/olm-enhance-scripts-to-support-api-key branch September 3, 2024 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pzl pzl pzl approved these changes

@ashokaditya ashokaditya ashokaditya approved these changes

@szwarckonrad szwarckonrad szwarckonrad approved these changes

Assignees

@paul-tavares paul-tavares

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@paul-tavares @elasticmachine @kibana-ci @pzl @ashokaditya @szwarckonrad @kibanamachine