-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inject HTTPS_PROXY/HTTP_PROXY
env var into endpoint elasticsearch output units as proxy_url
#5044
Conversation
This pull request does not have a backport label. Could you fix it @michel-laterman? 🙏
NOTE: |
HTTPS_PROXY/HTTP_PROXY
env var into output units as proxy_url
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading the issue this seems like this should also be endpoint specific, so you should really be filter this only to the endpoint component. I don't think we want this to be done across the board, as passing the ENV down to the subprocesses already does the correct thing.
I believe there is already a endpoint specific component modifier, it might be better to integrate this there so multiple modifiers are not needed, each looping through all components and units each time.
See comment amount elasticsearch specific, we should ensure it also works for logstash. Format might be different.
internal/pkg/agent/application/inject_proxy_component_modifier.go
Outdated
Show resolved
Hide resolved
internal/pkg/agent/application/inject_proxy_component_modifier.go
Outdated
Show resolved
Hide resolved
internal/pkg/agent/application/inject_proxy_component_modifier.go
Outdated
Show resolved
Hide resolved
1debafc
to
38f9463
Compare
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
HTTPS_PROXY/HTTP_PROXY
env var into output units as proxy_url HTTPS_PROXY/HTTP_PROXY
env var into endpoint elasticsearch output units as proxy_url
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for scoping this to endpoint and elasticsearch only. Good test coverage as well, nice!
The PR is incomplete, Endpoint requires fleet proxy as well. I guess that environment proxy also overrides fleet connection on Agent. However, I'm concerned about the configuration update flow. Endpoint is caching permanently received config so that even if Agent gets compromised the machine remains protected by Endpoint (using last known configuration).
I've reviewed the configuration update flow, the config state index is only reported back, any configuration change will be applied. |
Thanks @intxgo, |
6d41b4f
to
a5496f1
Compare
a5496f1
to
bffc340
Compare
Quality Gate passedIssues Measures |
…utput units as proxy_url (#5044) Inject proxy_url value into endpoint's elasticsearch output configuration, and enpoint/apm's fleet configuration if the attribute is missing and HTTPS_PROXY/HTTP_PROXY env var is set. The first host value is used to determine if the HTTPS_PROXY, or HTTP_PROXY value is injected. If that can't be used to determine then the HTTPS_PROXY is preferred. No Injection occurs if the proxy_url key exists, proxy_disable: true is set, or the env vars are empty. (cherry picked from commit 097787f)
…utput units as proxy_url (#5044) (#5083) Inject proxy_url value into endpoint's elasticsearch output configuration, and enpoint/apm's fleet configuration if the attribute is missing and HTTPS_PROXY/HTTP_PROXY env var is set. The first host value is used to determine if the HTTPS_PROXY, or HTTP_PROXY value is injected. If that can't be used to determine then the HTTPS_PROXY is preferred. No Injection occurs if the proxy_url key exists, proxy_disable: true is set, or the env vars are empty. (cherry picked from commit 097787f) Co-authored-by: Michel Laterman <[email protected]>
What does this PR do?
Inject
proxy_url
value into endpoint's elasticsearch output configuration, and enpoint/apm's fleet configuration if the attribute is missing andHTTPS_PROXY/HTTP_PROXY
env var is set.The first host value is used to determine if the
HTTPS_PROXY
, orHTTP_PROXY
value is injected.If that can't be used to determine then the
HTTPS_PROXY
is preferred.No Injection occurs if the
proxy_url
key exists,proxy_disable: true
is set, or the env vars are empty.Why is it important?
Go HTTP clients automatically use various proxy env vars. This leads to inconsistent behaviour where some components get config from the environment, but others do not.
This effects endpoint specifically as it is not a go process.
Checklist
I have made corresponding changes to the documentationI have made corresponding change to the default configuration files./changelog/fragments
using the changelog toolI have added an integration test or an E2E testRelated issues
HTTP_PROXY/HTTPS_PROXY/NO_PROXY
to components. #2602