Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.x](backport #3908) Add secret_paths attributes to policies sent to agents #3968

Merged
merged 1 commit into from
Oct 1, 2024
Merged

[8.x](backport #3908) Add secret_paths attributes to policies sent to agents #3968

merged 1 commit into from
Oct 1, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Oct 1, 2024

What is the problem this PR solves?

Agent cannot determine where secrets have been injected into a policy.

How does this PR solve the problem?

Add a new attribute secret_paths to the policy data sent to agents. This attribute is a list of keys where the fleet-server has repalced a reference with a secret value. The agent is expected to redact the values of these keys when outputting policy data.

Design Checklist

  • I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
  • I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
  • I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
    This is an automatic backport of pull request Add secret_paths attributes to policies sent to agents #3908 done by Mergify.

@michel-laterman @mergify
Add secret_paths attributes to policies sent to agents (#3908)
468246a 
Add a new attribute "secret_paths" to the policy data sent to agents.
This attribute is a list of keys where the fleet-server has repalced a
reference with a secret value. The agent is expected to redact the
values of these keys when outputting policy data.

(cherry picked from commit 4864cf4)
@mergify mergify bot requested a review from a team as a code owner October 1, 2024 16:01
@mergify mergify bot added the backport label Oct 1, 2024
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
80.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@michel-laterman michel-laterman merged commit 88fd979 into 8.x Oct 1, 2024
8 checks passed
@michel-laterman michel-laterman deleted the mergify/bp/8.x/pr-3908 branch October 1, 2024 16:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michel-laterman michel-laterman michel-laterman approved these changes

@pkoutsovasilis pkoutsovasilis Awaiting requested review from pkoutsovasilis pkoutsovasilis is a code owner automatically assigned from elastic/elastic-agent-control-plane

@andrzej-stencel andrzej-stencel Awaiting requested review from andrzej-stencel andrzej-stencel is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

@michel-laterman michel-laterman

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@michel-laterman