Add API integration tests for Interactive Setup. (#111879)
This commit is contained in:
parent
ebb9e24b61
commit
025861c189
|
@ -498,6 +498,7 @@ module.exports = {
|
|||
'x-pack/plugins/apm/**/*.js',
|
||||
'test/*/config.ts',
|
||||
'test/*/config_open.ts',
|
||||
'test/*/*.config.ts',
|
||||
'test/*/{tests,test_suites,apis,apps}/**/*',
|
||||
'test/visual_regression/tests/**/*',
|
||||
'x-pack/test/*/{tests,test_suites,apis,apps}/**/*',
|
||||
|
@ -1596,6 +1597,7 @@ module.exports = {
|
|||
{
|
||||
files: [
|
||||
'src/plugins/interactive_setup/**/*.{js,mjs,ts,tsx}',
|
||||
'test/interactive_setup_api_integration/**/*.{js,mjs,ts,tsx}',
|
||||
'x-pack/plugins/encrypted_saved_objects/**/*.{js,mjs,ts,tsx}',
|
||||
'x-pack/plugins/security/**/*.{js,mjs,ts,tsx}',
|
||||
'x-pack/plugins/spaces/**/*.{js,mjs,ts,tsx}',
|
||||
|
|
5
.github/CODEOWNERS
vendored
5
.github/CODEOWNERS
vendored
|
@ -244,7 +244,6 @@
|
|||
/packages/kbn-std/ @elastic/kibana-core
|
||||
/packages/kbn-config/ @elastic/kibana-core
|
||||
/packages/kbn-logging/ @elastic/kibana-core
|
||||
/packages/kbn-crypto/ @elastic/kibana-core
|
||||
/packages/kbn-http-tools/ @elastic/kibana-core
|
||||
/src/plugins/saved_objects_management/ @elastic/kibana-core
|
||||
/src/dev/run_check_published_api_changes.ts @elastic/kibana-core
|
||||
|
@ -285,9 +284,11 @@
|
|||
/packages/kbn-i18n/ @elastic/kibana-localization @elastic/kibana-core
|
||||
#CC# /x-pack/plugins/translations/ @elastic/kibana-localization @elastic/kibana-core
|
||||
|
||||
# Security
|
||||
# Kibana Platform Security
|
||||
/packages/kbn-crypto/ @elastic/kibana-security
|
||||
/src/core/server/csp/ @elastic/kibana-security @elastic/kibana-core
|
||||
/src/plugins/interactive_setup/ @elastic/kibana-security
|
||||
/test/interactive_setup_api_integration/ @elastic/kibana-security
|
||||
/x-pack/plugins/spaces/ @elastic/kibana-security
|
||||
/x-pack/plugins/encrypted_saved_objects/ @elastic/kibana-security
|
||||
/x-pack/plugins/security/ @elastic/kibana-security
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -30,15 +30,17 @@ The password used for both of these is "storepass". Other copies are also provid
|
|||
|
||||
[Elasticsearch cert-util](https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html) and [OpenSSL](https://www.openssl.org/) were used to generate these certificates. The following commands were used from the root directory of Elasticsearch:
|
||||
|
||||
__IMPORTANT:__ CA keystore (ca.p12) is not checked in intentionally, talk to @elastic/kibana-security if you need it to sign new certificates.
|
||||
|
||||
```
|
||||
# Generate the PKCS #12 keystore for a CA, valid for 50 years
|
||||
bin/elasticsearch-certutil ca -days 18250 --pass castorepass
|
||||
bin/elasticsearch-certutil ca --out ca.p12 -days 18250 --pass castorepass
|
||||
|
||||
# Generate the PKCS #12 keystore for Elasticsearch and sign it with the CA
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca elastic-stack-ca.p12 --ca-pass castorepass --name elasticsearch --dns localhost --pass storepass
|
||||
bin/elasticsearch-certutil cert --out elasticsearch.p12 -days 18250 --ca ca.p12 --ca-pass castorepass --name elasticsearch --dns localhost --pass storepass
|
||||
|
||||
# Generate the PKCS #12 keystore for Kibana and sign it with the CA
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca elastic-stack-ca.p12 --ca-pass castorepass --name kibana --dns localhost --pass storepass
|
||||
bin/elasticsearch-certutil cert --out kibana.p12 -days 18250 --ca ca.p12 --ca-pass castorepass --name kibana --dns localhost --pass storepass
|
||||
|
||||
# Copy the PKCS #12 keystore for Elasticsearch with an empty password
|
||||
openssl pkcs12 -in elasticsearch.p12 -nodes -passin pass:"storepass" -passout pass:"" | openssl pkcs12 -export -out elasticsearch_emptypassword.p12 -passout pass:""
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
Bag Attributes
|
||||
friendlyName: elasticsearch
|
||||
localKeyID: 54 69 6D 65 20 31 35 37 37 34 36 36 31 39 38 30 33 37
|
||||
localKeyID: 54 69 6D 65 20 31 36 33 34 31 32 30 31 35 32 31 39 33
|
||||
Key Attributes: <No Attributes>
|
||||
Bag Attributes
|
||||
friendlyName: ca
|
||||
2.16.840.1.113894.746875.1.1: <Unsupported tag 6>
|
||||
subject=/CN=Elastic Certificate Tool Autogenerated CA
|
||||
issuer=/CN=Elastic Certificate Tool Autogenerated CA
|
||||
subject=CN = Elastic Certificate Tool Autogenerated CA
|
||||
issuer=CN = Elastic Certificate Tool Autogenerated CA
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSzCCAjOgAwIBAgIUW0brhEtYK3tUBYlXnUa+AMmAX6kwDQYJKoZIhvcNAQEL
|
||||
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
|
||||
cmF0ZWQgQ0EwIBcNMTkxMjI3MTcwMjMyWhgPMjA2OTEyMTQxNzAyMzJaMDQxMjAw
|
||||
BgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2VuZXJhdGVkIENB
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplO5m5Xy8xERyA0/G5SM
|
||||
Nu2QXkfS+m7ZTFjSmtwqX7BI1I6ISI4Yw8QxzcIgSbEGlSqb7baeT+A/1JQj0gZN
|
||||
KOnKbazl+ujVRJpsfpt5iUsnQyVPheGekcHkB+9WkZPgZ1oGRENr/4Eb1VImQf+Y
|
||||
yo/FUj8X939tYW0fficAqYKv8/4NWpBUbeop8wsBtkz738QKlmPkMwC4FbuF2/bN
|
||||
vNuzQuRbGMVmPeyivZJRfDAMKExoXjCCLmbShdg4dUHsUjVeWQZ6s4vbims+8qF9
|
||||
b4bseayScQNNU3hc5mkfhEhSM0KB0lDpSvoCxuXvXzb6bOk7xIdYo+O4vHUhvSkQ
|
||||
mwIDAQABo1MwUTAdBgNVHQ4EFgQUGu0mDnvDRnBdNBG8DxwPdWArB0kwHwYDVR0j
|
||||
BBgwFoAUGu0mDnvDRnBdNBG8DxwPdWArB0kwDwYDVR0TAQH/BAUwAwEB/zANBgkq
|
||||
hkiG9w0BAQsFAAOCAQEASv/FYOwWGnQreH8ulcVupGeZj25dIjZiuKfJmslH8QN/
|
||||
pVCIzAxNZjGjCpKxbJoCu5U9USaBylbhigeBJEq4wmYTs/WPu4uYMgDj0MILuHin
|
||||
RQqgEVG0uADGEgH2nnk8DeY8gQvGpJRQGlXNK8pb+pCsy6F8k/svGOeBND9osHfU
|
||||
CVEo5nXjfq6JCFt6hPx7kl4h3/j3C4wNy/Dv/QINdpPsl6CnF17Q9R9d60WFv42/
|
||||
pkl7W1hszCG9foNJOJabuWfVoPkvKQjoCvPitZt/hCaFZAW49PmAVhK+DAohQ91l
|
||||
TZhDmYqHoXNiRDQiUT68OS7RlfKgNpr/vMTZXDxpmw==
|
||||
MIIDTDCCAjSgAwIBAgIVAJUW7Ky1rVeyYxsS1dGcF3HZpknsMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTIxMTAxMzEwMTU0MVoYDzIwNzExMDAxMTAxNTQxWjA0MTIw
|
||||
MAYDVQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBD
|
||||
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSQK7Q/wBblLXhD8WZc
|
||||
HO0mwEOILBVRCY2wcSLaibfzxvX/EhX7mAbozrCgj0hOTFZldzoSHURZmLUntONF
|
||||
vUxWyR3ulAXuCfpvxoh7+WJWWvk0m8iI5GzwYjCYoRDRgLrzPlNSRd6CuW4z5vXC
|
||||
sT7MjE69iAEmXR6bdV6GvQ3kBVUJVCz23QbXLCl4gzWAWsfXuNx1+ZjJXeM/eEkH
|
||||
dQbmBoG6jKJtnSlXjG/s2aSi/Jv/GoHJJT7YQXSvWFpklu3Dk9c+FacQoz95HZD1
|
||||
qbaruKq1SjIG6Leht3DNpNT7n5q1EQeZ5uhhWMAI81vRgAZYZxwGJQF19Qgz13D6
|
||||
de8CAwEAAaNTMFEwHQYDVR0OBBYEFDBMKsCOW9DGKTccGhyfU8NS6d6eMB8GA1Ud
|
||||
IwQYMBaAFDBMKsCOW9DGKTccGhyfU8NS6d6eMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
|
||||
KoZIhvcNAQELBQADggEBABf0ZznDu2m9IVn7ThLPb5UJU/rZiTkRyP6cqPFFtSww
|
||||
TiZ0+AS5phGFV8f/znC/scU2u57EAl8DWSalJZTXJMekboFpfXJME/BK66I6wdSi
|
||||
TfL99HjYR6LYyjvkXhoIBhR1eCw1zwm8IGzRV++/zY5ksYb5GQ9smFr3TNgqgdsv
|
||||
GnPJgytVc/sYXuc1l7MS8j1Q+JLhpIymDKCJ2CB+x2p2oMYqJmFstc8I0z6vZtiM
|
||||
zeyy07qK71uOfD5F1HHw/rv738yrlq7NwAH9fc3/0fPueyjTHSQtKiSBfc0phEMz
|
||||
TV7Px45EUVFhn9YgIHGBSKPkA5QCC3bPNb6iYGREDcU=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -1,29 +1,29 @@
|
|||
Bag Attributes
|
||||
friendlyName: elasticsearch
|
||||
localKeyID: 54 69 6D 65 20 31 35 37 37 34 36 36 31 39 38 30 33 37
|
||||
localKeyID: 54 69 6D 65 20 31 36 33 34 31 32 30 31 35 32 31 39 33
|
||||
Key Attributes: <No Attributes>
|
||||
Bag Attributes
|
||||
friendlyName: elasticsearch
|
||||
localKeyID: 54 69 6D 65 20 31 35 37 37 34 36 36 31 39 38 30 33 37
|
||||
subject=/CN=elasticsearch
|
||||
issuer=/CN=Elastic Certificate Tool Autogenerated CA
|
||||
localKeyID: 54 69 6D 65 20 31 36 33 34 31 32 30 31 35 32 31 39 33
|
||||
subject=CN = elasticsearch
|
||||
issuer=CN = Elastic Certificate Tool Autogenerated CA
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDQDCCAiigAwIBAgIVAI93OQE6tZffPyzenSg3ljE3JJBzMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTE5MTIyNzE3MDMxN1oYDzIwNjkxMjE0MTcwMzE3WjAYMRYw
|
||||
FAYDVQQDEw1lbGFzdGljc2VhcmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEA2EkPfvE3ZNMjHCAQZhpImoXBCIN6KavvJSbVHRtLzAXB4wxige+vFQWb
|
||||
4umqPeEeVH7FvrsRqn24tUgGIkag9p9AOwYxfcT3vwNqcK/EztIlYFs72pmYg7Ez
|
||||
s6+qLc/YSLOT3aMoHKDHE93z1jYIDGccyjGbv9NsdgCbLHD0TQuqm+7pKy1MZoJm
|
||||
0qn4KYw4kXakVNWlxm5GIwr8uqU/w4phrikcOOWqRzsxByoQajypLOA4eD/uWnI2
|
||||
zGyPQy7Bkxojiy1ss0CVlrl8fJgcjC4PONpm1ibUSX3SoZ8PopPThR6gvvwoQolR
|
||||
rYu4+D+rsX7q/ldA6vBOiHBD8r4QoQIDAQABo2MwYTAdBgNVHQ4EFgQUSlIMCYYd
|
||||
e72A0rUqaCkjVPkGPIwwHwYDVR0jBBgwFoAUGu0mDnvDRnBdNBG8DxwPdWArB0kw
|
||||
FAYDVR0RBA0wC4IJbG9jYWxob3N0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQAD
|
||||
ggEBAImbzBVAEjiLRsNDLP7QAl0k7lVmfQRFz5G95ZTAUSUgbqqymDvry47yInFF
|
||||
3o12TuI1GxK5zHzi+qzpJLyrnGwGK5JBR+VGxIBBKFVcFh1WNGKV6kSO/zBzO7PO
|
||||
4Jw4G7By/ImWvS0RBhBUQ9XbQZN3WcVkVVV8UQw5Y7JoKtM+fzyEKXKRCTsvgH+h
|
||||
3+fUBgqwal2Mz4KPH57Jrtk209dtn7tnQxHTNLo0niHyEcfrpuG3YFqTwekr+5FF
|
||||
FniIcYHPGjag1WzLIdyhe88FFpuav19mlCaxBACc7t97v+euSVUWnsKpy4dLydpv
|
||||
NxJiI9eWbJZ7f5VM7o64pm7U1cU=
|
||||
MIIDPzCCAiegAwIBAgIUCTO1pAvYtfaJndsQwa9cS/AtoSowDQYJKoZIhvcNAQEL
|
||||
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
|
||||
cmF0ZWQgQ0EwIBcNMjExMDEzMTAxNTUyWhgPMjA3MTEwMDExMDE1NTJaMBgxFjAU
|
||||
BgNVBAMTDWVsYXN0aWNzZWFyY2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
|
||||
AoIBAQCJK4KLS0kSIM+eqdMq4nO1p7nQ7ADUXIYjeRKaCycSJ7sj//1FRdj2NhLb
|
||||
gdSX2VGIUZyOw4ptw6bGo0A7KyFE4yJZdG9m+VC1PFck3WaIdQHFdxgMia9deIHx
|
||||
sU1ETnC4PstdkrsZZpf5+twS6O9TaIQolG6nEShst075v2b3y0NDHcxKW+BtSw27
|
||||
HEHlchhP/Uj4haVMABQahfP8gv5vlHqStuOOWeoSgwF5FngCekx+ZeoIf5wVWfE1
|
||||
SzDlU7L/JdYOrAp+kN+2g+b4qcr+WvFNCEwbhjJjd9/VIJ5z9kIjJhG9z1NilPhR
|
||||
RVPG4njS6PxTufejbWN/360HfZbZAgMBAAGjYzBhMB0GA1UdDgQWBBR0kfoZtlNi
|
||||
ZKxVBPhhpipoXdTQMjAfBgNVHSMEGDAWgBQwTCrAjlvQxik3HBocn1PDUunenjAU
|
||||
BgNVHREEDTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOC
|
||||
AQEAkNcEM6mBzCdECFtuor3lfxrXzmrIo3wUspbv6Rrm4+n6TwJIYp6ydf4OcruR
|
||||
Uv5feevaYXwDRHBkIEGvhU5po6sGp6k7ppXS5bgrEtAhJSK8SOsLINnbJLnptmZQ
|
||||
Jharcks5STEqfJFB2QBZvFSLLpvO9g/N8sMro6ZvaUXhfW9DNpd6GIUXQiMhKLex
|
||||
t80Sb4zuahTRqUSi2j5Hoq8ouc7U9T/RmA3zXNmzq7YvL/gv2it67qdyKvpzoX7t
|
||||
HJaT1HU0o5Xi/Ol33C/wvfRe05UrHEUil148n/XWz3EJky7El2LYbg36/++mVTHX
|
||||
xUXS+FdZ1rBlGnGwOHTPHj5FMQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -1,27 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEogIBAAKCAQEA2EkPfvE3ZNMjHCAQZhpImoXBCIN6KavvJSbVHRtLzAXB4wxi
|
||||
ge+vFQWb4umqPeEeVH7FvrsRqn24tUgGIkag9p9AOwYxfcT3vwNqcK/EztIlYFs7
|
||||
2pmYg7Ezs6+qLc/YSLOT3aMoHKDHE93z1jYIDGccyjGbv9NsdgCbLHD0TQuqm+7p
|
||||
Ky1MZoJm0qn4KYw4kXakVNWlxm5GIwr8uqU/w4phrikcOOWqRzsxByoQajypLOA4
|
||||
eD/uWnI2zGyPQy7Bkxojiy1ss0CVlrl8fJgcjC4PONpm1ibUSX3SoZ8PopPThR6g
|
||||
vvwoQolRrYu4+D+rsX7q/ldA6vBOiHBD8r4QoQIDAQABAoIBAB+s44YV0aUEfvnZ
|
||||
gE1TwBpRSGn0x2le8tEgFMoEe19P4Itd/vdEoQGVJrVevz38wDJjtpYuU3ICo5B5
|
||||
EdznNx+nRwLd71WaCSaCW45RT6Nyh2LLOcLUB9ARnZ7NNUEsVWKgWiF1iaRXr5Ar
|
||||
S1Ct7RPT7hV2mnbHgfTuNcuWZ1D5BUcqNczNoHsV6guFChiwTr7ZObnKj4qJLwdu
|
||||
ioYYWno4ZLgsk4SfW6DXUCvfKROfYdDd2rGu0NQ4QxT3Q98AsXlrlUITBQbpQEgy
|
||||
5GSTEh/4sRYj4NQZqncDpPgXm22kYdU7voBjt/zu66oq1W6kKQ4JwPmyc2SI0haa
|
||||
/pyCMtkCgYEA/y3vs59RvrM6xpT77lf7WigSBbIBQxeKs9RGNoN0Nn/eR0MlQAUG
|
||||
SmCkkEOcUGuVMnoo5Kc73IP/Q1+O4UGg7f1Gs8KeFPFQMm/wcSL7obvRWray1Bw6
|
||||
ohITJPqZYZrw3hmkOMxkLpvUydivN1Unm7BezjOa+T/+OaV3PyAYufsCgYEA2Psb
|
||||
S8OQhFiVbOKlMYOebvG+AnhAzJiSVus9R9NcViv20E61PRj2rfA398pYpZ8nxaQp
|
||||
cWGy+POZbkxRCprZ1GHkwWjaQysgeOCbJv8nQ2oh5C0ZCaGw6lfmi2mN097+Prmx
|
||||
QE8j8OKj3wVI6bniCF7vzwfG3c5cU73elLTAWRMCgYBoA/eDRlvx2ekJbU1MGDzy
|
||||
wQann6l4Ca6WIt8D9Y13caPPdIVIlUO9KauqyoR7G39TdgwZODnkZ0Gz2s3I8BGD
|
||||
MQyS1a/OZZcFGC/wTgw4HvD1gydd4qvbyHZZSnUfHiM0xUr1hAsKHKceJ980NNfS
|
||||
VJAwiUSQeQ9NvC7hYlnx5QKBgDxESsmZcRuBa0eKEC4Xi7rvBEK1WfI58nOX9TZs
|
||||
+3mnzm7/XZGxzFp1nWYC2uptsWNQ/H3UkBxbtOMQ6XWTmytFYX9i+zSq1uMcJ5wG
|
||||
RMaRxQYWjJzDP1tnvM4+LDmL93w+oX/mO2pd2PxKAH2CtshybhNH6rGS7swHsboG
|
||||
FmLnAoGAYTnTcWD1qiwjbJR5ZdukAjIq39cGcf0YOVJCiaFS+5vTirbw04ARvNyM
|
||||
rxU8EpVN1sKC411pgNvlm6KZJHwihRRQoY+UI2fn78bHBH991QhlrTPO6TBZx7Aw
|
||||
+hzyxqAiSBX65dQo0e4C15wZysQO/bdT5Def0+UTDR8j8ZgMAQg=
|
||||
MIIEowIBAAKCAQEAiSuCi0tJEiDPnqnTKuJztae50OwA1FyGI3kSmgsnEie7I//9
|
||||
RUXY9jYS24HUl9lRiFGcjsOKbcOmxqNAOyshROMiWXRvZvlQtTxXJN1miHUBxXcY
|
||||
DImvXXiB8bFNRE5wuD7LXZK7GWaX+frcEujvU2iEKJRupxEobLdO+b9m98tDQx3M
|
||||
SlvgbUsNuxxB5XIYT/1I+IWlTAAUGoXz/IL+b5R6krbjjlnqEoMBeRZ4AnpMfmXq
|
||||
CH+cFVnxNUsw5VOy/yXWDqwKfpDftoPm+KnK/lrxTQhMG4YyY3ff1SCec/ZCIyYR
|
||||
vc9TYpT4UUVTxuJ40uj8U7n3o21jf9+tB32W2QIDAQABAoIBAAdC/+q65hfpF8S5
|
||||
Dd5X1bNYuUwXqmWTrmBDYRo5m+xooQ4jV7eqnnVOYIoxYd1WGmxikay3KmVsNbCP
|
||||
ZO+c9WptsdxVfy5O5ZhqpNxlQi/YLetTxjins1p57jsq3UHP+0StwltmULRkC4im
|
||||
4K65mS3ruw9g6Ei87kxvGeW73coha0syjORYGcFUynX/DfLi5svUjtSyVUQ1KCiU
|
||||
KYc0q+SzsgXd71Ngr/HZR4ncCoACW3q/pLp0AUvDY0wZMkACOav2m9D2AnRPbPrA
|
||||
+/n7LlrD0+LDScZx5nwO3ToFZuTDUXt3G0UWRaQfqiAZxNs2oeOc2gKegEJnPKIo
|
||||
/BLN/D8CgYEAvMmtcZyrw8vifpP32erSBx2+wftt2JA9GdtZlOxu/kbWH7DAZ75g
|
||||
YUT0nkcIRrvAS5FCVpOIENZit0RIvA5gM08Brko2mBIRQAbMWmu+c7RUBIa2xVDF
|
||||
kjputhlWTT7xY03VbJThqUG4oK+zJJSb/RfRM4x2dRYskb7MEwqZFzcCgYEAugFT
|
||||
t/0Lj+OXR+2pcjPk5VmxjCv4xohNOaX4YZ4/rK4H+gi9iyx232zE/1Dtz5SB4+uw
|
||||
6hx7Aw3r5U9h1fauT60rSrydChEpFqcfpNQca7HncbF2DDdtEX+ZBkBDZ/U3LJ6Y
|
||||
pI4o0vCLmiqZYbQ/+4v2f2/5ZqrzyMKLJ3zeqm8CgYAfCHP3ag6eJ+S6c+5ZJw2R
|
||||
V+Vkk8URxVwV5QXLwjXYnKJUIUTviM7lDmW7oueMYQ6SHXWvL589TVB62cGvEBnm
|
||||
NUWMdeyVgNrPEI8FChMLiAgLmm1u8AEaMXrDelTCa+dYMJI1wB98KC6GU3t6NueR
|
||||
ahnchGlwg82dw6ReOO7DbwKBgGe5Sbg2EfaBUeE4dN9MdP44kDu8YZREedwF44Z8
|
||||
OsHOooAZ06kCeJ+LBifiN1skU3KIAjXq/+XqI3vSUpqAXx/rT1Lz7xaoDyOkuo6u
|
||||
AdNEd+38qfmSBu5VGz5TI8ObCNOG9VP+OmG25gJocvP7EhryJ9lU1d0cw6lWY0b3
|
||||
6StdAoGBAKUkfbN7qbB+jiZt/6ArYWQE4PL4pqi+B+84xSrp46e41mmocezKhnsp
|
||||
DxdcuZyg9OXs1xi6AaJtCbelho9bT8jC51GZSFvf887fvGVq7j1TgxWp4mvlqiX7
|
||||
tztiggaPXwRZQiThxdJaCIadw26hxdLNOcdGOl/u2m0rudvwybab
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,29 +1,29 @@
|
|||
Bag Attributes
|
||||
friendlyName: kibana
|
||||
localKeyID: 54 69 6D 65 20 31 35 37 37 34 36 36 32 32 33 30 33 39
|
||||
localKeyID: 54 69 6D 65 20 31 36 33 34 31 32 30 31 35 38 38 30 33
|
||||
Key Attributes: <No Attributes>
|
||||
Bag Attributes
|
||||
friendlyName: kibana
|
||||
localKeyID: 54 69 6D 65 20 31 35 37 37 34 36 36 32 32 33 30 33 39
|
||||
subject=/CN=kibana
|
||||
issuer=/CN=Elastic Certificate Tool Autogenerated CA
|
||||
localKeyID: 54 69 6D 65 20 31 36 33 34 31 32 30 31 35 38 38 30 33
|
||||
subject=CN = kibana
|
||||
issuer=CN = Elastic Certificate Tool Autogenerated CA
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDOTCCAiGgAwIBAgIVANNWkg9lzNiLqNkMFhFKHcXyaZmqMA0GCSqGSIb3DQEB
|
||||
MIIDOTCCAiGgAwIBAgIVAN0GVNLw3IaUBuG7t6CeW8w2wyymMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTE5MTIyNzE3MDM0MloYDzIwNjkxMjE0MTcwMzQyWjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ
|
||||
wYYbQtbRBKJ4uNZc2+IgRU+7NNL21ZebQlEIMgK7jAqOMrsW2b5DATz41Fd+GQFU
|
||||
FUYYjwo+PQj6sJHshOJo/gNb32HrydvMI7YPvevkszkuEGCfXxQ3Dw2RTACLgD0Q
|
||||
OCkwHvn3TMf0loloV/ePGWaZDYZaXi3a5DdWi/HFFoJysgF0JV2f6XyKhJkGaEfJ
|
||||
s9pWX269zH/XQvGNx4BEimJpYB8h4JnDYPFIiQdqj+sl2b+kS1hH9kL5gBAMXjFU
|
||||
vcNnX+PmyTjyJrGo75k0ku+spBf1bMwuQt3uSmM+TQIXkvFDmS0DOVESrpA5EC1T
|
||||
BUGRz6o/I88Xx4Mud771AgMBAAGjYzBhMB0GA1UdDgQWBBQLB1Eo23M3Ss8MsFaz
|
||||
V+Twcb3PmDAfBgNVHSMEGDAWgBQa7SYOe8NGcF00EbwPHA91YCsHSTAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnEl/
|
||||
z5IElIjvkK4AgMPrNcRlvIGDt2orEik7b6Jsq6/RiJQ7cSsYTZf7xbqyxNsUOTxv
|
||||
+frj47MEN448H2nRvUxH29YR3XygV5aEwADSAhwaQWn0QfWTCZbJTmSoNEDtDOzX
|
||||
TGDlAoCD9s9Xz9S1JpxY4H+WWRZrBSDM6SC1c6CzuEeZRuScNAjYD5mh2v6fOlSy
|
||||
b8xJWSg0AFlJPCa3ZsA2SKbNqI0uNfJTnkXRm88Z2NHcgtlADbOLKauWfCrpgsCk
|
||||
cZgo6yAYkOM148h/8wGla1eX+iE1R72NUABGydu8MSQKvc0emWJkGsC1/KqPlf/O
|
||||
eOUsdwn1yDKHRxDHyA==
|
||||
ZXJhdGVkIENBMCAXDTIxMTAxMzEwMTU1OFoYDzIwNzExMDAxMTAxNTU4WjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3
|
||||
nvfL3/26D8EkLso+t9S0m+tSJipLsBWs0dCpc8KRJ/+ijDRnAQ5lOmOAcxt43SNY
|
||||
KFr0EntQEZyYaRwMIM8aPR0WYW/VV5o4fq2o/JnmHqzZJRJCwZq+5WiCiDPt012N
|
||||
mRGYCMUxjlEwejue6diLAeQhZ/sfN4jUp217bMEHrhHrNBWTwwJ+Uk5TBQMhviCW
|
||||
LKbsKrfluA6DGHWrXN4pH7Xmaf/Zyc9AYL/nxwv3VQHZzIAK/U/WNCgFJJ3qoFYY
|
||||
6TUwDDNa30mSj165OOds9N+VmUlDC3IFiHV3osBWscSU4HJd6QJ8huHrFLLV4y4i
|
||||
u62el47Qr+/8Ut3SzeIXAgMBAAGjYzBhMB0GA1UdDgQWBBQli5f2bYL9jKUA5Uxp
|
||||
yRRHeCoPJzAfBgNVHSMEGDAWgBQwTCrAjlvQxik3HBocn1PDUunenjAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEATFNj
|
||||
WkTBPfgflGYZD4OsYvfT/rVjFKbJP/u1a0rkzNamA2QKNzI9JTOzONPTyRhe9yVS
|
||||
zeO8X2rtN63l38dtgMjFQ15Xxnp7GFT7GkXfa1JR+tGSGTgVld8nLUzig+mNmBoR
|
||||
nE4cNc0JJ1PsXPzfPgJ6WMp2WOoNUrQf2cm42i36Jk+7KGcosfyFMPQILZE34Geo
|
||||
DAgCVpNWPgST4HYBUCHMC7S14LHLVdUXPsfGZPEqU5Zf9Hvy61rQC/RdNjnMI6JD
|
||||
s57l9oHASNeEg55NQm01aOmwq/z1DXs3UP2nRmp6XCCfE61ghofO5dtV1j3cZ3f5
|
||||
dzkzSBV7H6+/MD3Y8Q==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -1,27 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAkMGGG0LW0QSieLjWXNviIEVPuzTS9tWXm0JRCDICu4wKjjK7
|
||||
Ftm+QwE8+NRXfhkBVBVGGI8KPj0I+rCR7ITiaP4DW99h68nbzCO2D73r5LM5LhBg
|
||||
n18UNw8NkUwAi4A9EDgpMB7590zH9JaJaFf3jxlmmQ2GWl4t2uQ3VovxxRaCcrIB
|
||||
dCVdn+l8ioSZBmhHybPaVl9uvcx/10LxjceARIpiaWAfIeCZw2DxSIkHao/rJdm/
|
||||
pEtYR/ZC+YAQDF4xVL3DZ1/j5sk48iaxqO+ZNJLvrKQX9WzMLkLd7kpjPk0CF5Lx
|
||||
Q5ktAzlREq6QORAtUwVBkc+qPyPPF8eDLne+9QIDAQABAoIBAHl9suxWYKz00te3
|
||||
alJtSZAEHDLm1tjL034/XnseXiTCGGnYMiWvgnwCIgZFUVlH61GCuV4LT3GFEHA2
|
||||
mYKE1PGBn5gQF8MpnAvtPPRhVgaQVUFQBYg86F59h8mWnC545sciG4+DsA/apUem
|
||||
wJSOn/u+Odni/AwEV0ALolZFBhl+0rccSr+6paJnzJ7QNiIn6EWbgb0n9WXqkhap
|
||||
TqoPclBHm0ObeBI6lNyfvBZ8HB3hyjWZInNCaAs9DnkNPh4evuttUn/KlOPOVn9r
|
||||
xz2UYsmVW6E+yPXUpSYkFQN9aaPF6alOz8PIfF8Wit7pmZMmInluGcwi/us9+ZTN
|
||||
8gNvpoECgYEA0KC7XEoXRsBTN4kPznkGftvj1dtgB35W/HxXNouArQQjCbLhqcsA
|
||||
jqaK0f+stYzSWZXGsKl9yQU9KA7u/wCHmLep70l7WsYYUKdkhWouK0HU5MeeLwB0
|
||||
N4ekQOQuQGqelqMo7IG2hQhTYD9PB4F3G0Sz1FgdObfuGPKfvNFVjckCgYEAsaAA
|
||||
IY/TpRBWeWZfyXrnkp3atOPzkdpjb6cfT8Kib9bIECXr7ULUxA5QANX05ofodhsW
|
||||
3+7iW5wicyZ1VNVEsPRL0aw7YUbNpBvob8faBUZ2KEdKQr42IfVOo7TQnvVXtumR
|
||||
UE+dNvWUL2PbL0wMxD1XbMSmOze/wF8X2CeyDc0CgYBQnLqol2xVBz1gaRJ1emgb
|
||||
HoXzfVemrZeY6cadKdwnfkC3n6n4fJsTg6CCMiOe5vHkca4bVvJmeSK/Vr3cRG0g
|
||||
gl8kOaVzVrXQfE2oC3YZes9zMvqZOLivODcsZ77DXy82D4dhk2FeF/B3cR7tTIYk
|
||||
QDCoLP/l7H8QnrdAMza2mQKBgDODwuX475ncviehUEB/26+DBo4V2ms/mj0kjAk2
|
||||
2qNy+DzuspjyHADsYbmMU+WUHxA51Q2HG7ET/E3HJpo+7BgiEecye1pADZ391hCt
|
||||
Nob3I4eU/W2T+uEoYvFJnIOthg3veYyAOolY+ewwmr4B4WX8oGFUOx3Lklo5ehHf
|
||||
mV01AoGBAI/c6OoHdcqQsZxKlxDNLyB2bTbowAcccoZIOjkC5fkkbsmMDLfScBfW
|
||||
Q4YYJsmJBdrWNvo7jCl17Mcc4Is3RlmHDrItRkaZj+ehqAN3ejrnPLdgYeW/5XDK
|
||||
e7yBj7oJd4oKZc59jVytdHvo5R8K0QohAv9gQEZ/tdypX+xWe+5E
|
||||
MIIEpQIBAAKCAQEAt573y9/9ug/BJC7KPrfUtJvrUiYqS7AVrNHQqXPCkSf/oow0
|
||||
ZwEOZTpjgHMbeN0jWCha9BJ7UBGcmGkcDCDPGj0dFmFv1VeaOH6tqPyZ5h6s2SUS
|
||||
QsGavuVogogz7dNdjZkRmAjFMY5RMHo7nunYiwHkIWf7HzeI1Kdte2zBB64R6zQV
|
||||
k8MCflJOUwUDIb4gliym7Cq35bgOgxh1q1zeKR+15mn/2cnPQGC/58cL91UB2cyA
|
||||
Cv1P1jQoBSSd6qBWGOk1MAwzWt9Jko9euTjnbPTflZlJQwtyBYh1d6LAVrHElOBy
|
||||
XekCfIbh6xSy1eMuIrutnpeO0K/v/FLd0s3iFwIDAQABAoIBAAKgqzzHI/Xdfi7l
|
||||
iS5e6hPQPAytECOMza/vQV7+EZWLLtIlfdB63Y5e8107XclxJ1gpHQLAyvPz3zui
|
||||
cWzOVrhc5zAn98uOmTM1bjMXXkptO52l3/4wOrsq7upt8YmgjIZXX5Q/N+HZfq7v
|
||||
aNqsJQBO6B6pmBiJGROrS6/y9/Yt+3jDolgtI6fifYZcMXACoal++BAXbiHYPoff
|
||||
+nG5lHrAdQoEfNACNnGFlq2O85EWmr3qxUsZV8TblOirAuaUFk5KhhDvTOfTknHY
|
||||
pW8Z4ttD26+QITyUbI56flgLOfe57y0u4XsOPtWQWEteIBxBFsB9MMj4B8XYdiO/
|
||||
hma1jSUCgYEA14H/6vtzM42INgphoj0lHFVL8N0DnuUquR77vQStTO2sDvMQrVTk
|
||||
BKpy5iYmokHPjY7qV7C37/tQVKdQpUz9Lr0ylwinHwX1KasJkYEJGv++Z59sKH+C
|
||||
CZX9lZjfTqPpuEonGgPruc8LOXaaM/+g3Nvs7M4S339gnjCZExNzpLsCgYEA2h8z
|
||||
OhHJpOWOy004HHVjpkWHKTxgZ9xfMLCKjMi1m5sCJ2PCdkd4+wTtkY+u7+iFF1cp
|
||||
5CVSvZC6fS0rk11ygXix1ZP7cDJj1y4mxvbzWOtPxvZc882Xv0RDXAQBLXgHW6YE
|
||||
RqvdMczfAx0mbUNke4Umwa5PngSWQAqCYkXNkFUCgYEAhEAY5wEsLyTZxCAWzlMr
|
||||
pPmLQuK+yBHmZ/hlkBeAqkboYbw0Lcp8q4hWPnqHFufAEST1Fp8yIaleILUUvnxC
|
||||
mx4sH5eFx3oGe22kz5AaIGF1XW3uF+Q3zt4m4lkQINhiI2AOIt7pF/vA7aCk/OgQ
|
||||
tbiY6rGDz3gBuNIl/hjfzOUCgYEAy1rDO6RRxnZuhoPbiEy5Ns8jkAJGLw55gL9W
|
||||
rKKDDiuZ+nc7WWKRHBYgFtFKW0kArB4LZDSXyzwfYYy3T5CTrLmFsoVgqd2Qz5Cr
|
||||
flvFzGS139zYFETc8OkHk8X4AxggZAWHfwvEESXb1N9ccAmgqLgexftpJv1HxzUF
|
||||
EfHaEHECgYEArtWvtUdvRQ20r/X/g+mNyUhbYOy15pAgswLK4gIi8rmQPxR08spl
|
||||
uJJ/cl4fGxG95dl/OV+lNdwl4UcvjATdreEMKvG4X4Cxd+42SUf40M6pGxXoyYz+
|
||||
i4WujBaEqBBqjKmYNJVgY7EvqF+VYLBVFZYB1zQhdNPcoPgIH/97vvI=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
Binary file not shown.
|
@ -257,9 +257,13 @@ exports.Cluster = class Cluster {
|
|||
// Add to esArgs if ssl is enabled
|
||||
if (this._ssl) {
|
||||
esArgs.push('xpack.security.http.ssl.enabled=true');
|
||||
esArgs.push(`xpack.security.http.ssl.keystore.path=${ES_P12_PATH}`);
|
||||
esArgs.push(`xpack.security.http.ssl.keystore.type=PKCS12`);
|
||||
esArgs.push(`xpack.security.http.ssl.keystore.password=${ES_P12_PASSWORD}`);
|
||||
|
||||
// Include default keystore settings only if keystore isn't configured.
|
||||
if (!esArgs.some((arg) => arg.startsWith('xpack.security.http.ssl.keystore'))) {
|
||||
esArgs.push(`xpack.security.http.ssl.keystore.path=${ES_P12_PATH}`);
|
||||
esArgs.push(`xpack.security.http.ssl.keystore.type=PKCS12`);
|
||||
esArgs.push(`xpack.security.http.ssl.keystore.password=${ES_P12_PASSWORD}`);
|
||||
}
|
||||
}
|
||||
|
||||
const args = parseSettings(extractConfigFiles(esArgs, installPath, { log: this._log }), {
|
||||
|
|
|
@ -13,15 +13,12 @@ const { log: defaultLog } = require('./log');
|
|||
|
||||
exports.NativeRealm = class NativeRealm {
|
||||
constructor({ elasticPassword, port, log = defaultLog, ssl = false, caCert }) {
|
||||
this._client = new Client({
|
||||
node: `${ssl ? 'https' : 'http'}://elastic:${elasticPassword}@localhost:${port}`,
|
||||
ssl: ssl
|
||||
? {
|
||||
ca: caCert,
|
||||
rejectUnauthorized: true,
|
||||
}
|
||||
: undefined,
|
||||
});
|
||||
const auth = { username: 'elastic', password: elasticPassword };
|
||||
this._client = new Client(
|
||||
ssl
|
||||
? { node: `https://localhost:${port}`, ssl: { ca: caCert, rejectUnauthorized: true }, auth }
|
||||
: { node: `http://localhost:${port}`, auth }
|
||||
);
|
||||
this._elasticPassword = elasticPassword;
|
||||
this._log = log;
|
||||
}
|
||||
|
|
|
@ -169,7 +169,7 @@ export async function startServers({ ...options }: StartServerOptions) {
|
|||
...opts,
|
||||
extraKbnOpts: [
|
||||
...options.extraKbnOpts,
|
||||
...(options.installDir ? [] : ['--dev', '--no-dev-config']),
|
||||
...(options.installDir ? [] : ['--dev', '--no-dev-config', '--no-dev-credentials']),
|
||||
],
|
||||
},
|
||||
});
|
||||
|
|
|
@ -16,6 +16,7 @@ export class KbnClientPlugins {
|
|||
public async getEnabledIds() {
|
||||
const apiResp = await this.status.get();
|
||||
|
||||
return Object.keys(apiResp.status.plugins);
|
||||
// Status may not be available at the `preboot` stage.
|
||||
return Object.keys(apiResp.status?.plugins ?? {});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,6 +12,11 @@ const alwaysImportedTests = [
|
|||
require.resolve('../test/plugin_functional/config.ts'),
|
||||
require.resolve('../test/ui_capabilities/newsfeed_err/config.ts'),
|
||||
require.resolve('../test/new_visualize_flow/config.ts'),
|
||||
require.resolve('../test/interactive_setup_api_integration/enrollment_flow.config.ts'),
|
||||
require.resolve('../test/interactive_setup_api_integration/manual_configuration_flow.config.ts'),
|
||||
require.resolve(
|
||||
'../test/interactive_setup_api_integration/manual_configuration_flow_without_tls.config.ts'
|
||||
),
|
||||
];
|
||||
// eslint-disable-next-line no-restricted-syntax
|
||||
const onlyNotInCoverageTests = [
|
||||
|
|
|
@ -67,7 +67,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
|
|||
delete extraCliOptions.env;
|
||||
|
||||
if (opts.dev) {
|
||||
if (!has('elasticsearch.serviceAccountToken')) {
|
||||
if (!has('elasticsearch.serviceAccountToken') && opts.devCredentials !== false) {
|
||||
if (!has('elasticsearch.username')) {
|
||||
set('elasticsearch.username', 'kibana_system');
|
||||
}
|
||||
|
@ -191,7 +191,11 @@ export default function (program) {
|
|||
.option('--no-watch', 'Prevents automatic restarts of the server in --dev mode')
|
||||
.option('--no-optimizer', 'Disable the kbn/optimizer completely')
|
||||
.option('--no-cache', 'Disable the kbn/optimizer cache')
|
||||
.option('--no-dev-config', 'Prevents loading the kibana.dev.yml file in --dev mode');
|
||||
.option('--no-dev-config', 'Prevents loading the kibana.dev.yml file in --dev mode')
|
||||
.option(
|
||||
'--no-dev-credentials',
|
||||
'Prevents setting default values for `elasticsearch.username` and `elasticsearch.password` in --dev mode'
|
||||
);
|
||||
}
|
||||
|
||||
command.action(async function (opts) {
|
||||
|
|
|
@ -67,8 +67,13 @@ export class InteractiveSetupPlugin implements PrebootPlugin {
|
|||
core.elasticsearch.config.hosts.length === 1 &&
|
||||
DEFAULT_ELASTICSEARCH_HOSTS.includes(core.elasticsearch.config.hosts[0]);
|
||||
if (!shouldActiveSetupMode) {
|
||||
const reason = core.elasticsearch.config.credentialsSpecified
|
||||
? 'Kibana system user credentials are specified'
|
||||
: core.elasticsearch.config.hosts.length > 1
|
||||
? 'more than one Elasticsearch host is specified'
|
||||
: 'non-default Elasticsearch host is used';
|
||||
this.#logger.debug(
|
||||
'Interactive setup mode will not be activated since Elasticsearch connection is already configured.'
|
||||
`Interactive setup mode will not be activated since Elasticsearch connection is already configured: ${reason}.`
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import fs from 'fs/promises';
|
||||
import { join, resolve } from 'path';
|
||||
|
||||
import type { FtrConfigProviderContext } from '@kbn/test';
|
||||
import { getDataPath } from '@kbn/utils';
|
||||
|
||||
export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
||||
const manualConfigurationFlowTestsConfig = await readConfigFile(
|
||||
require.resolve('./manual_configuration_flow.config.ts')
|
||||
);
|
||||
|
||||
const tempKibanaYamlFile = join(getDataPath(), `interactive_setup_kibana_${Date.now()}.yml`);
|
||||
await fs.writeFile(tempKibanaYamlFile, '');
|
||||
|
||||
const caPath = resolve(__dirname, './fixtures/elasticsearch.p12');
|
||||
|
||||
return {
|
||||
...manualConfigurationFlowTestsConfig.getAll(),
|
||||
|
||||
testFiles: [require.resolve('./tests/enrollment_flow')],
|
||||
|
||||
junit: {
|
||||
reportName: 'Interactive Setup API Integration Tests (Enrollment flow)',
|
||||
},
|
||||
|
||||
esTestCluster: {
|
||||
...manualConfigurationFlowTestsConfig.get('esTestCluster'),
|
||||
serverArgs: [
|
||||
...manualConfigurationFlowTestsConfig.get('esTestCluster.serverArgs'),
|
||||
'xpack.security.enrollment.enabled=true',
|
||||
`xpack.security.http.ssl.keystore.path=${caPath}`,
|
||||
'xpack.security.http.ssl.keystore.password=storepass',
|
||||
],
|
||||
},
|
||||
|
||||
kbnTestServer: {
|
||||
...manualConfigurationFlowTestsConfig.get('kbnTestServer'),
|
||||
serverArgs: [
|
||||
...manualConfigurationFlowTestsConfig
|
||||
.get('kbnTestServer.serverArgs')
|
||||
.filter((arg: string) => !arg.startsWith('--config')),
|
||||
`--config=${tempKibanaYamlFile}`,
|
||||
],
|
||||
},
|
||||
};
|
||||
}
|
32
test/interactive_setup_api_integration/fixtures/README.md
Normal file
32
test/interactive_setup_api_integration/fixtures/README.md
Normal file
|
@ -0,0 +1,32 @@
|
|||
## Certificate generation
|
||||
|
||||
The Elasticsearch HTTP layer keystore is supposed to mimic the PKCS12 keystore that the elasticsearch startup script will auto-generate for a node. The keystore contains:
|
||||
|
||||
- A PrivateKeyEntry for the node's key and certificate for the HTTP layer
|
||||
- A PrivateKeyEntry for the CA's key and certificate
|
||||
- A TrustedCertificateEntry for the CA's certificate
|
||||
|
||||
```bash
|
||||
$ES_HOME/bin/elasticsearch-certutil cert \
|
||||
--out $KIBANA_HOME/test/interactive_setup_api_integration/fixtures/elasticsearch.p12 \
|
||||
--ca $KIBANA_HOME/packages/kbn-dev-utils/certs/ca.p12 --ca-pass "castorepass" --pass "storepass" \
|
||||
--dns=localhost --dns=localhost.localdomain --dns=localhost4 --dns=localhost4.localdomain4 \
|
||||
--dns=localhost6 --dns=localhost6.localdomain6 \
|
||||
--ip=127.0.0.1 --ip=0:0:0:0:0:0:0:1
|
||||
```
|
||||
|
||||
Change the alias of the TrustedCertificateEntry so that it won't clash with the CA PrivateKeyEntry
|
||||
```bash
|
||||
keytool -changealias -alias ca -destalias cacert -keystore \
|
||||
$KIBANA_HOME/test/interactive_setup_api_integration/fixtures/elasticsearch.p12 \
|
||||
-deststorepass "storepass"
|
||||
```
|
||||
|
||||
Import the CA PrivateKeyEntry
|
||||
```bash
|
||||
keytool -importkeystore \
|
||||
-srckeystore $KIBANA_HOME/packages/kbn-dev-utils/certs/ca.p12 \
|
||||
-srcstorepass "castorepass" \
|
||||
-destkeystore $KIBANA_HOME/test/interactive_setup_api_integration/fixtures/elasticsearch.p12 \
|
||||
-deststorepass "storepass"
|
||||
```
|
Binary file not shown.
|
@ -0,0 +1,12 @@
|
|||
{
|
||||
"id": "interactiveSetupTestEndpoints",
|
||||
"owner": {
|
||||
"name": "Platform Security",
|
||||
"githubTeam": "kibana-security"
|
||||
},
|
||||
"version": "8.0.0",
|
||||
"kibanaVersion": "kibana",
|
||||
"type": "preboot",
|
||||
"server": true,
|
||||
"ui": false
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import fs from 'fs/promises';
|
||||
import path from 'path';
|
||||
|
||||
import type { PluginInitializer, PrebootPlugin } from 'kibana/server';
|
||||
|
||||
export const plugin: PluginInitializer<void, never> = (initializerContext): PrebootPlugin => ({
|
||||
setup: (core) => {
|
||||
core.http.registerRoutes('', (router) => {
|
||||
router.get(
|
||||
{
|
||||
path: '/test_endpoints/verification_code',
|
||||
validate: false,
|
||||
options: { authRequired: false },
|
||||
},
|
||||
async (context, request, response) => {
|
||||
// [HACK]: On CI tests are run from the different directories than the built and running Kibana instance. That
|
||||
// means Kibana from a Directory A is running with the test plugins from a Directory B. The problem is that
|
||||
// the data path that interactive setup plugin uses to store verification code is determined by the
|
||||
// `__dirname` that depends on the physical location of the file where it's used. This is the reason why we
|
||||
// end up with different data paths in Kibana built-in and test plugins. To workaround that we use Kibana
|
||||
// `process.cwd()` to construct data path manually.
|
||||
const verificationCodePath = path.join(process.cwd(), 'data', 'verification_code');
|
||||
initializerContext.logger.get().info(`Will read code from ${verificationCodePath}`);
|
||||
return response.ok({
|
||||
body: {
|
||||
verificationCode: (await fs.readFile(verificationCodePath)).toString(),
|
||||
},
|
||||
});
|
||||
}
|
||||
);
|
||||
});
|
||||
},
|
||||
stop: () => {},
|
||||
});
|
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
"extends": "../../../../tsconfig.base.json",
|
||||
"compilerOptions": {
|
||||
"outDir": "./target/types",
|
||||
"emitDeclarationOnly": true,
|
||||
"declaration": true,
|
||||
"declarationMap": true
|
||||
},
|
||||
"include": [
|
||||
"server/**/*.ts",
|
||||
],
|
||||
"exclude": [],
|
||||
"references": [
|
||||
{ "path": "../../../../src/core/tsconfig.json" },
|
||||
],
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import { delay } from 'bluebird';
|
||||
|
||||
import expect from '@kbn/expect';
|
||||
|
||||
import type { FtrProviderContext } from '../ftr_provider_context';
|
||||
|
||||
export async function hasKibanaBooted(context: FtrProviderContext) {
|
||||
const supertest = context.getService('supertest');
|
||||
const log = context.getService('log');
|
||||
|
||||
// Run 30 consecutive requests with 1.5s delay to check if Kibana is up and running.
|
||||
let kibanaHasBooted = false;
|
||||
for (const counter of [...Array(30).keys()]) {
|
||||
await delay(1500);
|
||||
|
||||
try {
|
||||
expect((await supertest.get('/api/status').expect(200)).body).to.have.keys([
|
||||
'version',
|
||||
'status',
|
||||
]);
|
||||
|
||||
log.debug(`Kibana has booted after ${(counter + 1) * 1.5}s.`);
|
||||
kibanaHasBooted = true;
|
||||
break;
|
||||
} catch (err) {
|
||||
log.debug(`Kibana is still booting after ${(counter + 1) * 1.5}s due to: ${err.message}`);
|
||||
}
|
||||
}
|
||||
|
||||
return kibanaHasBooted;
|
||||
}
|
30
test/interactive_setup_api_integration/fixtures/tls_tools.ts
Normal file
30
test/interactive_setup_api_integration/fixtures/tls_tools.ts
Normal file
|
@ -0,0 +1,30 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import tls from 'tls';
|
||||
|
||||
export async function getElasticsearchCaCertificate(host: string, port: string) {
|
||||
let peerCertificate = await new Promise<tls.DetailedPeerCertificate>((resolve, reject) => {
|
||||
const socket = tls.connect({ host, port: Number(port), rejectUnauthorized: false });
|
||||
socket.once('secureConnect', () => {
|
||||
const cert = socket.getPeerCertificate(true);
|
||||
socket.destroy();
|
||||
resolve(cert);
|
||||
});
|
||||
socket.once('error', reject);
|
||||
});
|
||||
|
||||
while (
|
||||
peerCertificate.issuerCertificate &&
|
||||
peerCertificate.fingerprint256 !== peerCertificate.issuerCertificate.fingerprint256
|
||||
) {
|
||||
peerCertificate = peerCertificate.issuerCertificate;
|
||||
}
|
||||
|
||||
return peerCertificate;
|
||||
}
|
13
test/interactive_setup_api_integration/ftr_provider_context.d.ts
vendored
Normal file
13
test/interactive_setup_api_integration/ftr_provider_context.d.ts
vendored
Normal file
|
@ -0,0 +1,13 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import type { GenericFtrProviderContext } from '@kbn/test';
|
||||
|
||||
import type { services } from './services';
|
||||
|
||||
export type FtrProviderContext = GenericFtrProviderContext<typeof services, {}>;
|
|
@ -0,0 +1,55 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import fs from 'fs/promises';
|
||||
import { join } from 'path';
|
||||
|
||||
import type { FtrConfigProviderContext } from '@kbn/test';
|
||||
import { getDataPath } from '@kbn/utils';
|
||||
|
||||
export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
||||
const manualConfigurationFlowWithoutTlsTestsConfig = await readConfigFile(
|
||||
require.resolve('./manual_configuration_flow_without_tls.config.ts')
|
||||
);
|
||||
|
||||
const tempKibanaYamlFile = join(getDataPath(), `interactive_setup_kibana_${Date.now()}.yml`);
|
||||
await fs.writeFile(tempKibanaYamlFile, '');
|
||||
|
||||
return {
|
||||
...manualConfigurationFlowWithoutTlsTestsConfig.getAll(),
|
||||
|
||||
testFiles: [require.resolve('./tests/manual_configuration_flow')],
|
||||
|
||||
servers: {
|
||||
...manualConfigurationFlowWithoutTlsTestsConfig.get('servers'),
|
||||
elasticsearch: {
|
||||
...manualConfigurationFlowWithoutTlsTestsConfig.get('servers.elasticsearch'),
|
||||
protocol: 'https',
|
||||
},
|
||||
},
|
||||
|
||||
junit: {
|
||||
reportName: 'Interactive Setup API Integration Tests (Manual configuration flow)',
|
||||
},
|
||||
|
||||
esTestCluster: {
|
||||
...manualConfigurationFlowWithoutTlsTestsConfig.get('esTestCluster'),
|
||||
ssl: true,
|
||||
},
|
||||
|
||||
kbnTestServer: {
|
||||
...manualConfigurationFlowWithoutTlsTestsConfig.get('kbnTestServer'),
|
||||
serverArgs: [
|
||||
...manualConfigurationFlowWithoutTlsTestsConfig
|
||||
.get('kbnTestServer.serverArgs')
|
||||
.filter((arg: string) => !arg.startsWith('--config')),
|
||||
`--config=${tempKibanaYamlFile}`,
|
||||
],
|
||||
},
|
||||
};
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import fs from 'fs/promises';
|
||||
import { join, resolve } from 'path';
|
||||
|
||||
import type { FtrConfigProviderContext } from '@kbn/test';
|
||||
import { getDataPath } from '@kbn/utils';
|
||||
|
||||
import { services } from './services';
|
||||
|
||||
export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
||||
const xPackAPITestsConfig = await readConfigFile(require.resolve('../api_integration/config'));
|
||||
|
||||
const testEndpointsPlugin = resolve(__dirname, './fixtures/test_endpoints');
|
||||
|
||||
const tempKibanaYamlFile = join(getDataPath(), `interactive_setup_kibana_${Date.now()}.yml`);
|
||||
await fs.writeFile(tempKibanaYamlFile, '');
|
||||
|
||||
return {
|
||||
testFiles: [require.resolve('./tests/manual_configuration_flow_without_tls')],
|
||||
servers: xPackAPITestsConfig.get('servers'),
|
||||
services,
|
||||
junit: {
|
||||
reportName: 'Interactive Setup API Integration Tests (Manual configuration flow without TLS)',
|
||||
},
|
||||
|
||||
esTestCluster: {
|
||||
...xPackAPITestsConfig.get('esTestCluster'),
|
||||
serverArgs: [
|
||||
...xPackAPITestsConfig.get('esTestCluster.serverArgs'),
|
||||
'xpack.security.enabled=true',
|
||||
],
|
||||
},
|
||||
|
||||
kbnTestServer: {
|
||||
...xPackAPITestsConfig.get('kbnTestServer'),
|
||||
serverArgs: [
|
||||
...xPackAPITestsConfig
|
||||
.get('kbnTestServer.serverArgs')
|
||||
.filter((arg: string) => !arg.startsWith('--elasticsearch.')),
|
||||
`--plugin-path=${testEndpointsPlugin}`,
|
||||
`--config=${tempKibanaYamlFile}`,
|
||||
'--interactiveSetup.enabled=true',
|
||||
],
|
||||
runOptions: {
|
||||
...xPackAPITestsConfig.get('kbnTestServer.runOptions'),
|
||||
wait: /Kibana has not been configured/,
|
||||
},
|
||||
},
|
||||
};
|
||||
}
|
13
test/interactive_setup_api_integration/services.ts
Normal file
13
test/interactive_setup_api_integration/services.ts
Normal file
|
@ -0,0 +1,13 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import { services as apiIntegrationServices } from '../api_integration/services';
|
||||
|
||||
export const services = {
|
||||
...apiIntegrationServices,
|
||||
};
|
151
test/interactive_setup_api_integration/tests/enrollment_flow.ts
Normal file
151
test/interactive_setup_api_integration/tests/enrollment_flow.ts
Normal file
|
@ -0,0 +1,151 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import expect from '@kbn/expect';
|
||||
import { getUrl } from '@kbn/test';
|
||||
|
||||
import { hasKibanaBooted } from '../fixtures/test_helpers';
|
||||
import { getElasticsearchCaCertificate } from '../fixtures/tls_tools';
|
||||
import type { FtrProviderContext } from '../ftr_provider_context';
|
||||
|
||||
export default function (context: FtrProviderContext) {
|
||||
const supertest = context.getService('supertest');
|
||||
const es = context.getService('es');
|
||||
const log = context.getService('log');
|
||||
const config = context.getService('config');
|
||||
|
||||
describe('Interactive setup APIs - Enrollment flow', function () {
|
||||
this.tags(['skipCloud', 'ciGroup2']);
|
||||
|
||||
let kibanaVerificationCode: string;
|
||||
let elasticsearchCaFingerprint: string;
|
||||
before(async () => {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
elasticsearchCaFingerprint = (
|
||||
await getElasticsearchCaCertificate(esServerConfig.host, esServerConfig.port)
|
||||
).fingerprint256.replace(/:/g, '');
|
||||
|
||||
kibanaVerificationCode = (
|
||||
await supertest.get('/test_endpoints/verification_code').expect(200)
|
||||
).body.verificationCode;
|
||||
});
|
||||
|
||||
let enrollmentAPIKey: string;
|
||||
beforeEach(async () => {
|
||||
const apiResponse = await es.security.createApiKey({ body: { name: 'enrollment_api_key' } });
|
||||
enrollmentAPIKey = Buffer.from(`${apiResponse.body.id}:${apiResponse.body.api_key}`).toString(
|
||||
'base64'
|
||||
);
|
||||
});
|
||||
|
||||
afterEach(async () => {
|
||||
await es.security.invalidateApiKey({ body: { name: 'enrollment_api_key' } });
|
||||
});
|
||||
|
||||
it('fails to enroll with invalid authentication code', async () => {
|
||||
const esHost = getUrl.baseUrl(config.get('servers.elasticsearch'));
|
||||
const enrollPayload = {
|
||||
apiKey: enrollmentAPIKey,
|
||||
code: '000000',
|
||||
caFingerprint: elasticsearchCaFingerprint,
|
||||
hosts: [esHost],
|
||||
};
|
||||
|
||||
log.debug(`Enroll payload ${JSON.stringify(enrollPayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/enroll')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(enrollPayload)
|
||||
.expect(403, { statusCode: 403, error: 'Forbidden', message: 'Forbidden' });
|
||||
});
|
||||
|
||||
it('fails to enroll with invalid CA fingerprint', async () => {
|
||||
const esHost = getUrl.baseUrl(config.get('servers.elasticsearch'));
|
||||
const enrollPayload = {
|
||||
apiKey: enrollmentAPIKey,
|
||||
code: kibanaVerificationCode,
|
||||
caFingerprint: '3FDAEE71A3604070E6AE6B01412D19772DE5AE129F69C413F0453B293D9BE65D',
|
||||
hosts: [esHost],
|
||||
};
|
||||
|
||||
log.debug(`Enroll payload ${JSON.stringify(enrollPayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/enroll')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(enrollPayload)
|
||||
.expect(500, {
|
||||
statusCode: 500,
|
||||
error: 'Internal Server Error',
|
||||
message: 'Failed to enroll.',
|
||||
attributes: { type: 'enroll_failure' },
|
||||
});
|
||||
});
|
||||
|
||||
it('fails to enroll with invalid api key', async function () {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const enrollPayload = {
|
||||
apiKey: enrollmentAPIKey,
|
||||
code: kibanaVerificationCode,
|
||||
caFingerprint: elasticsearchCaFingerprint,
|
||||
hosts: [getUrl.baseUrl(esServerConfig)],
|
||||
};
|
||||
|
||||
log.debug(`Enroll payload ${JSON.stringify(enrollPayload)}`);
|
||||
|
||||
// Invalidate API key.
|
||||
await es.security.invalidateApiKey({ body: { name: 'enrollment_api_key' } });
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/enroll')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(enrollPayload)
|
||||
.expect(500, {
|
||||
statusCode: 500,
|
||||
error: 'Internal Server Error',
|
||||
message: 'Failed to enroll.',
|
||||
attributes: { type: 'enroll_failure' },
|
||||
});
|
||||
});
|
||||
|
||||
it('should be able to enroll with valid authentication code', async function () {
|
||||
this.timeout(60000);
|
||||
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const enrollPayload = {
|
||||
apiKey: enrollmentAPIKey,
|
||||
code: kibanaVerificationCode,
|
||||
caFingerprint: elasticsearchCaFingerprint,
|
||||
hosts: [getUrl.baseUrl(esServerConfig)],
|
||||
};
|
||||
|
||||
log.debug(`Enroll payload ${JSON.stringify(enrollPayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/enroll')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(enrollPayload)
|
||||
.expect(204, {});
|
||||
|
||||
// Enroll should no longer accept requests.
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/enroll')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(enrollPayload)
|
||||
.expect(400, {
|
||||
error: 'Bad Request',
|
||||
message: 'Cannot process request outside of preboot stage.',
|
||||
statusCode: 400,
|
||||
attributes: { type: 'outside_preboot_stage' },
|
||||
});
|
||||
|
||||
expect(await hasKibanaBooted(context)).to.be(true);
|
||||
});
|
||||
});
|
||||
}
|
|
@ -0,0 +1,136 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import expect from '@kbn/expect';
|
||||
import { getUrl, kibanaServerTestUser } from '@kbn/test';
|
||||
|
||||
import { hasKibanaBooted } from '../fixtures/test_helpers';
|
||||
import { getElasticsearchCaCertificate } from '../fixtures/tls_tools';
|
||||
import type { FtrProviderContext } from '../ftr_provider_context';
|
||||
|
||||
export default function (context: FtrProviderContext) {
|
||||
const supertest = context.getService('supertest');
|
||||
const log = context.getService('log');
|
||||
const config = context.getService('config');
|
||||
|
||||
describe('Interactive setup APIs - Manual configuration flow', function () {
|
||||
this.tags(['skipCloud', 'ciGroup2']);
|
||||
|
||||
let kibanaVerificationCode: string;
|
||||
let elasticsearchCaCertificate: string;
|
||||
before(async () => {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
elasticsearchCaCertificate = (
|
||||
await getElasticsearchCaCertificate(esServerConfig.host, esServerConfig.port)
|
||||
).raw.toString('base64');
|
||||
|
||||
kibanaVerificationCode = (
|
||||
await supertest.get('/test_endpoints/verification_code').expect(200)
|
||||
).body.verificationCode;
|
||||
});
|
||||
|
||||
it('fails to configure with invalid authentication code', async () => {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const configurePayload = {
|
||||
host: getUrl.baseUrl(esServerConfig),
|
||||
code: '000000',
|
||||
caCert: elasticsearchCaCertificate,
|
||||
...kibanaServerTestUser,
|
||||
};
|
||||
|
||||
log.debug(`Configure payload ${JSON.stringify(configurePayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(403, { statusCode: 403, error: 'Forbidden', message: 'Forbidden' });
|
||||
});
|
||||
|
||||
it('fails to configure with invalid CA certificate', async () => {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const configurePayload = {
|
||||
host: getUrl.baseUrl(esServerConfig),
|
||||
code: kibanaVerificationCode,
|
||||
caCert: elasticsearchCaCertificate.split('').reverse().join(''),
|
||||
...kibanaServerTestUser,
|
||||
};
|
||||
|
||||
log.debug(`Configure payload ${JSON.stringify(configurePayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(500, {
|
||||
statusCode: 500,
|
||||
error: 'Internal Server Error',
|
||||
message: 'Failed to configure.',
|
||||
attributes: { type: 'configure_failure' },
|
||||
});
|
||||
});
|
||||
|
||||
it('fails to configure with invalid credentials', async function () {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const configurePayload = {
|
||||
host: getUrl.baseUrl(esServerConfig),
|
||||
code: kibanaVerificationCode,
|
||||
caCert: elasticsearchCaCertificate,
|
||||
...kibanaServerTestUser,
|
||||
password: 'no-way',
|
||||
};
|
||||
|
||||
log.debug(`Configure payload ${JSON.stringify(configurePayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(500, {
|
||||
statusCode: 500,
|
||||
error: 'Internal Server Error',
|
||||
message: 'Failed to configure.',
|
||||
attributes: { type: 'configure_failure' },
|
||||
});
|
||||
});
|
||||
|
||||
it('should be able to configure with valid authentication code', async function () {
|
||||
this.timeout(60000);
|
||||
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const configurePayload = {
|
||||
host: getUrl.baseUrl(esServerConfig),
|
||||
code: kibanaVerificationCode,
|
||||
caCert: elasticsearchCaCertificate,
|
||||
...kibanaServerTestUser,
|
||||
};
|
||||
|
||||
log.debug(`Configure payload ${JSON.stringify(configurePayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(204, {});
|
||||
|
||||
// Configure should no longer accept requests.
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(400, {
|
||||
error: 'Bad Request',
|
||||
message: 'Cannot process request outside of preboot stage.',
|
||||
statusCode: 400,
|
||||
attributes: { type: 'outside_preboot_stage' },
|
||||
});
|
||||
|
||||
expect(await hasKibanaBooted(context)).to.be(true);
|
||||
});
|
||||
});
|
||||
}
|
|
@ -0,0 +1,103 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License
|
||||
* 2.0 and the Server Side Public License, v 1; you may not use this file except
|
||||
* in compliance with, at your election, the Elastic License 2.0 or the Server
|
||||
* Side Public License, v 1.
|
||||
*/
|
||||
|
||||
import expect from '@kbn/expect';
|
||||
import { getUrl, kibanaServerTestUser } from '@kbn/test';
|
||||
|
||||
import { hasKibanaBooted } from '../fixtures/test_helpers';
|
||||
import type { FtrProviderContext } from '../ftr_provider_context';
|
||||
|
||||
export default function (context: FtrProviderContext) {
|
||||
const supertest = context.getService('supertest');
|
||||
const log = context.getService('log');
|
||||
const config = context.getService('config');
|
||||
|
||||
describe('Interactive setup APIs - Manual configuration flow without TLS', function () {
|
||||
this.tags(['skipCloud', 'ciGroup2']);
|
||||
|
||||
let kibanaVerificationCode: string;
|
||||
before(async () => {
|
||||
kibanaVerificationCode = (
|
||||
await supertest.get('/test_endpoints/verification_code').expect(200)
|
||||
).body.verificationCode;
|
||||
});
|
||||
|
||||
it('fails to configure with invalid authentication code', async () => {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const configurePayload = {
|
||||
host: getUrl.baseUrl(esServerConfig),
|
||||
code: '000000',
|
||||
...kibanaServerTestUser,
|
||||
};
|
||||
|
||||
log.debug(`Configure payload ${JSON.stringify(configurePayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(403, { statusCode: 403, error: 'Forbidden', message: 'Forbidden' });
|
||||
});
|
||||
|
||||
it('fails to configure with invalid credentials', async function () {
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const configurePayload = {
|
||||
host: getUrl.baseUrl(esServerConfig),
|
||||
code: kibanaVerificationCode,
|
||||
...kibanaServerTestUser,
|
||||
password: 'no-way',
|
||||
};
|
||||
|
||||
log.debug(`Configure payload ${JSON.stringify(configurePayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(500, {
|
||||
statusCode: 500,
|
||||
error: 'Internal Server Error',
|
||||
message: 'Failed to configure.',
|
||||
attributes: { type: 'configure_failure' },
|
||||
});
|
||||
});
|
||||
|
||||
it('should be able to configure with valid authentication code', async function () {
|
||||
this.timeout(60000);
|
||||
|
||||
const esServerConfig = config.get('servers.elasticsearch');
|
||||
const configurePayload = {
|
||||
host: getUrl.baseUrl(esServerConfig),
|
||||
code: kibanaVerificationCode,
|
||||
...kibanaServerTestUser,
|
||||
};
|
||||
|
||||
log.debug(`Configure payload ${JSON.stringify(configurePayload)}`);
|
||||
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(204, {});
|
||||
|
||||
// Configure should no longer accept requests.
|
||||
await supertest
|
||||
.post('/internal/interactive_setup/configure')
|
||||
.set('kbn-xsrf', 'xxx')
|
||||
.send(configurePayload)
|
||||
.expect(400, {
|
||||
error: 'Bad Request',
|
||||
message: 'Cannot process request outside of preboot stage.',
|
||||
statusCode: 400,
|
||||
attributes: { type: 'outside_preboot_stage' },
|
||||
});
|
||||
|
||||
expect(await hasKibanaBooted(context)).to.be(true);
|
||||
});
|
||||
});
|
||||
}
|
|
@ -53,6 +53,7 @@
|
|||
{ "path": "../src/plugins/usage_collection/tsconfig.json" },
|
||||
{ "path": "../src/plugins/index_pattern_management/tsconfig.json" },
|
||||
{ "path": "../src/plugins/visualize/tsconfig.json" },
|
||||
{ "path": "interactive_setup_api_integration/fixtures/test_endpoints/tsconfig.json" },
|
||||
{ "path": "plugin_functional/plugins/core_app_status/tsconfig.json" },
|
||||
{ "path": "plugin_functional/plugins/core_provider_plugin/tsconfig.json" },
|
||||
{ "path": "server_integration/__fixtures__/plugins/status_plugin_a/tsconfig.json" },
|
||||
|
|
|
@ -7,25 +7,24 @@
|
|||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<!-- This certificate is extracted from KBN_CERT_PATH in @kbn/dev-utils and should always be in sync with it -->
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVANNWkg9lzNiLqNkMFhFKHcXyaZmqMA0GCSqGSIb3DQEB
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVAN0GVNLw3IaUBuG7t6CeW8w2wyymMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTE5MTIyNzE3MDM0MloYDzIwNjkxMjE0MTcwMzQyWjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ
|
||||
wYYbQtbRBKJ4uNZc2+IgRU+7NNL21ZebQlEIMgK7jAqOMrsW2b5DATz41Fd+GQFU
|
||||
FUYYjwo+PQj6sJHshOJo/gNb32HrydvMI7YPvevkszkuEGCfXxQ3Dw2RTACLgD0Q
|
||||
OCkwHvn3TMf0loloV/ePGWaZDYZaXi3a5DdWi/HFFoJysgF0JV2f6XyKhJkGaEfJ
|
||||
s9pWX269zH/XQvGNx4BEimJpYB8h4JnDYPFIiQdqj+sl2b+kS1hH9kL5gBAMXjFU
|
||||
vcNnX+PmyTjyJrGo75k0ku+spBf1bMwuQt3uSmM+TQIXkvFDmS0DOVESrpA5EC1T
|
||||
BUGRz6o/I88Xx4Mud771AgMBAAGjYzBhMB0GA1UdDgQWBBQLB1Eo23M3Ss8MsFaz
|
||||
V+Twcb3PmDAfBgNVHSMEGDAWgBQa7SYOe8NGcF00EbwPHA91YCsHSTAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnEl/
|
||||
z5IElIjvkK4AgMPrNcRlvIGDt2orEik7b6Jsq6/RiJQ7cSsYTZf7xbqyxNsUOTxv
|
||||
+frj47MEN448H2nRvUxH29YR3XygV5aEwADSAhwaQWn0QfWTCZbJTmSoNEDtDOzX
|
||||
TGDlAoCD9s9Xz9S1JpxY4H+WWRZrBSDM6SC1c6CzuEeZRuScNAjYD5mh2v6fOlSy
|
||||
b8xJWSg0AFlJPCa3ZsA2SKbNqI0uNfJTnkXRm88Z2NHcgtlADbOLKauWfCrpgsCk
|
||||
cZgo6yAYkOM148h/8wGla1eX+iE1R72NUABGydu8MSQKvc0emWJkGsC1/KqPlf/O
|
||||
eOUsdwn1yDKHRxDHyA==
|
||||
</ds:X509Certificate>
|
||||
ZXJhdGVkIENBMCAXDTIxMTAxMzEwMTU1OFoYDzIwNzExMDAxMTAxNTU4WjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3
|
||||
nvfL3/26D8EkLso+t9S0m+tSJipLsBWs0dCpc8KRJ/+ijDRnAQ5lOmOAcxt43SNY
|
||||
KFr0EntQEZyYaRwMIM8aPR0WYW/VV5o4fq2o/JnmHqzZJRJCwZq+5WiCiDPt012N
|
||||
mRGYCMUxjlEwejue6diLAeQhZ/sfN4jUp217bMEHrhHrNBWTwwJ+Uk5TBQMhviCW
|
||||
LKbsKrfluA6DGHWrXN4pH7Xmaf/Zyc9AYL/nxwv3VQHZzIAK/U/WNCgFJJ3qoFYY
|
||||
6TUwDDNa30mSj165OOds9N+VmUlDC3IFiHV3osBWscSU4HJd6QJ8huHrFLLV4y4i
|
||||
u62el47Qr+/8Ut3SzeIXAgMBAAGjYzBhMB0GA1UdDgQWBBQli5f2bYL9jKUA5Uxp
|
||||
yRRHeCoPJzAfBgNVHSMEGDAWgBQwTCrAjlvQxik3HBocn1PDUunenjAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEATFNj
|
||||
WkTBPfgflGYZD4OsYvfT/rVjFKbJP/u1a0rkzNamA2QKNzI9JTOzONPTyRhe9yVS
|
||||
zeO8X2rtN63l38dtgMjFQ15Xxnp7GFT7GkXfa1JR+tGSGTgVld8nLUzig+mNmBoR
|
||||
nE4cNc0JJ1PsXPzfPgJ6WMp2WOoNUrQf2cm42i36Jk+7KGcosfyFMPQILZE34Geo
|
||||
DAgCVpNWPgST4HYBUCHMC7S14LHLVdUXPsfGZPEqU5Zf9Hvy61rQC/RdNjnMI6JD
|
||||
s57l9oHASNeEg55NQm01aOmwq/z1DXs3UP2nRmp6XCCfE61ghofO5dtV1j3cZ3f5
|
||||
dzkzSBV7H6+/MD3Y8Q==</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
|
|
|
@ -9,8 +9,8 @@ The `first_client.p12` and `second_client.p12` files were generated the same tim
|
|||
following commands:
|
||||
|
||||
```
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca elastic-stack-ca.p12 --ca-pass castorepass --name first_client --pass ""
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca elastic-stack-ca.p12 --ca-pass castorepass --name second_client --pass ""
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca $KIBANA_HOME/packages/kbn-dev-utils/certs/ca.p12 --ca-pass castorepass --name first_client --pass ""
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca $KIBANA_HOME/packages/kbn-dev-utils/certs/ca.p12 --ca-pass castorepass --name second_client --pass ""
|
||||
```
|
||||
|
||||
If that CA is ever changed, these two files must be regenerated.
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -7,25 +7,24 @@
|
|||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<!-- This certificate is extracted from KBN_CERT_PATH in @kbn/dev-utils and should always be in sync with it -->
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVANNWkg9lzNiLqNkMFhFKHcXyaZmqMA0GCSqGSIb3DQEB
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVAN0GVNLw3IaUBuG7t6CeW8w2wyymMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTE5MTIyNzE3MDM0MloYDzIwNjkxMjE0MTcwMzQyWjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ
|
||||
wYYbQtbRBKJ4uNZc2+IgRU+7NNL21ZebQlEIMgK7jAqOMrsW2b5DATz41Fd+GQFU
|
||||
FUYYjwo+PQj6sJHshOJo/gNb32HrydvMI7YPvevkszkuEGCfXxQ3Dw2RTACLgD0Q
|
||||
OCkwHvn3TMf0loloV/ePGWaZDYZaXi3a5DdWi/HFFoJysgF0JV2f6XyKhJkGaEfJ
|
||||
s9pWX269zH/XQvGNx4BEimJpYB8h4JnDYPFIiQdqj+sl2b+kS1hH9kL5gBAMXjFU
|
||||
vcNnX+PmyTjyJrGo75k0ku+spBf1bMwuQt3uSmM+TQIXkvFDmS0DOVESrpA5EC1T
|
||||
BUGRz6o/I88Xx4Mud771AgMBAAGjYzBhMB0GA1UdDgQWBBQLB1Eo23M3Ss8MsFaz
|
||||
V+Twcb3PmDAfBgNVHSMEGDAWgBQa7SYOe8NGcF00EbwPHA91YCsHSTAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnEl/
|
||||
z5IElIjvkK4AgMPrNcRlvIGDt2orEik7b6Jsq6/RiJQ7cSsYTZf7xbqyxNsUOTxv
|
||||
+frj47MEN448H2nRvUxH29YR3XygV5aEwADSAhwaQWn0QfWTCZbJTmSoNEDtDOzX
|
||||
TGDlAoCD9s9Xz9S1JpxY4H+WWRZrBSDM6SC1c6CzuEeZRuScNAjYD5mh2v6fOlSy
|
||||
b8xJWSg0AFlJPCa3ZsA2SKbNqI0uNfJTnkXRm88Z2NHcgtlADbOLKauWfCrpgsCk
|
||||
cZgo6yAYkOM148h/8wGla1eX+iE1R72NUABGydu8MSQKvc0emWJkGsC1/KqPlf/O
|
||||
eOUsdwn1yDKHRxDHyA==
|
||||
</ds:X509Certificate>
|
||||
ZXJhdGVkIENBMCAXDTIxMTAxMzEwMTU1OFoYDzIwNzExMDAxMTAxNTU4WjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3
|
||||
nvfL3/26D8EkLso+t9S0m+tSJipLsBWs0dCpc8KRJ/+ijDRnAQ5lOmOAcxt43SNY
|
||||
KFr0EntQEZyYaRwMIM8aPR0WYW/VV5o4fq2o/JnmHqzZJRJCwZq+5WiCiDPt012N
|
||||
mRGYCMUxjlEwejue6diLAeQhZ/sfN4jUp217bMEHrhHrNBWTwwJ+Uk5TBQMhviCW
|
||||
LKbsKrfluA6DGHWrXN4pH7Xmaf/Zyc9AYL/nxwv3VQHZzIAK/U/WNCgFJJ3qoFYY
|
||||
6TUwDDNa30mSj165OOds9N+VmUlDC3IFiHV3osBWscSU4HJd6QJ8huHrFLLV4y4i
|
||||
u62el47Qr+/8Ut3SzeIXAgMBAAGjYzBhMB0GA1UdDgQWBBQli5f2bYL9jKUA5Uxp
|
||||
yRRHeCoPJzAfBgNVHSMEGDAWgBQwTCrAjlvQxik3HBocn1PDUunenjAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEATFNj
|
||||
WkTBPfgflGYZD4OsYvfT/rVjFKbJP/u1a0rkzNamA2QKNzI9JTOzONPTyRhe9yVS
|
||||
zeO8X2rtN63l38dtgMjFQ15Xxnp7GFT7GkXfa1JR+tGSGTgVld8nLUzig+mNmBoR
|
||||
nE4cNc0JJ1PsXPzfPgJ6WMp2WOoNUrQf2cm42i36Jk+7KGcosfyFMPQILZE34Geo
|
||||
DAgCVpNWPgST4HYBUCHMC7S14LHLVdUXPsfGZPEqU5Zf9Hvy61rQC/RdNjnMI6JD
|
||||
s57l9oHASNeEg55NQm01aOmwq/z1DXs3UP2nRmp6XCCfE61ghofO5dtV1j3cZ3f5
|
||||
dzkzSBV7H6+/MD3Y8Q==</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
|
|
|
@ -7,25 +7,24 @@
|
|||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<!-- This certificate is extracted from KBN_CERT_PATH in @kbn/dev-utils and should always be in sync with it -->
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVANNWkg9lzNiLqNkMFhFKHcXyaZmqMA0GCSqGSIb3DQEB
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVAN0GVNLw3IaUBuG7t6CeW8w2wyymMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTE5MTIyNzE3MDM0MloYDzIwNjkxMjE0MTcwMzQyWjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ
|
||||
wYYbQtbRBKJ4uNZc2+IgRU+7NNL21ZebQlEIMgK7jAqOMrsW2b5DATz41Fd+GQFU
|
||||
FUYYjwo+PQj6sJHshOJo/gNb32HrydvMI7YPvevkszkuEGCfXxQ3Dw2RTACLgD0Q
|
||||
OCkwHvn3TMf0loloV/ePGWaZDYZaXi3a5DdWi/HFFoJysgF0JV2f6XyKhJkGaEfJ
|
||||
s9pWX269zH/XQvGNx4BEimJpYB8h4JnDYPFIiQdqj+sl2b+kS1hH9kL5gBAMXjFU
|
||||
vcNnX+PmyTjyJrGo75k0ku+spBf1bMwuQt3uSmM+TQIXkvFDmS0DOVESrpA5EC1T
|
||||
BUGRz6o/I88Xx4Mud771AgMBAAGjYzBhMB0GA1UdDgQWBBQLB1Eo23M3Ss8MsFaz
|
||||
V+Twcb3PmDAfBgNVHSMEGDAWgBQa7SYOe8NGcF00EbwPHA91YCsHSTAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnEl/
|
||||
z5IElIjvkK4AgMPrNcRlvIGDt2orEik7b6Jsq6/RiJQ7cSsYTZf7xbqyxNsUOTxv
|
||||
+frj47MEN448H2nRvUxH29YR3XygV5aEwADSAhwaQWn0QfWTCZbJTmSoNEDtDOzX
|
||||
TGDlAoCD9s9Xz9S1JpxY4H+WWRZrBSDM6SC1c6CzuEeZRuScNAjYD5mh2v6fOlSy
|
||||
b8xJWSg0AFlJPCa3ZsA2SKbNqI0uNfJTnkXRm88Z2NHcgtlADbOLKauWfCrpgsCk
|
||||
cZgo6yAYkOM148h/8wGla1eX+iE1R72NUABGydu8MSQKvc0emWJkGsC1/KqPlf/O
|
||||
eOUsdwn1yDKHRxDHyA==
|
||||
</ds:X509Certificate>
|
||||
ZXJhdGVkIENBMCAXDTIxMTAxMzEwMTU1OFoYDzIwNzExMDAxMTAxNTU4WjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3
|
||||
nvfL3/26D8EkLso+t9S0m+tSJipLsBWs0dCpc8KRJ/+ijDRnAQ5lOmOAcxt43SNY
|
||||
KFr0EntQEZyYaRwMIM8aPR0WYW/VV5o4fq2o/JnmHqzZJRJCwZq+5WiCiDPt012N
|
||||
mRGYCMUxjlEwejue6diLAeQhZ/sfN4jUp217bMEHrhHrNBWTwwJ+Uk5TBQMhviCW
|
||||
LKbsKrfluA6DGHWrXN4pH7Xmaf/Zyc9AYL/nxwv3VQHZzIAK/U/WNCgFJJ3qoFYY
|
||||
6TUwDDNa30mSj165OOds9N+VmUlDC3IFiHV3osBWscSU4HJd6QJ8huHrFLLV4y4i
|
||||
u62el47Qr+/8Ut3SzeIXAgMBAAGjYzBhMB0GA1UdDgQWBBQli5f2bYL9jKUA5Uxp
|
||||
yRRHeCoPJzAfBgNVHSMEGDAWgBQwTCrAjlvQxik3HBocn1PDUunenjAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEATFNj
|
||||
WkTBPfgflGYZD4OsYvfT/rVjFKbJP/u1a0rkzNamA2QKNzI9JTOzONPTyRhe9yVS
|
||||
zeO8X2rtN63l38dtgMjFQ15Xxnp7GFT7GkXfa1JR+tGSGTgVld8nLUzig+mNmBoR
|
||||
nE4cNc0JJ1PsXPzfPgJ6WMp2WOoNUrQf2cm42i36Jk+7KGcosfyFMPQILZE34Geo
|
||||
DAgCVpNWPgST4HYBUCHMC7S14LHLVdUXPsfGZPEqU5Zf9Hvy61rQC/RdNjnMI6JD
|
||||
s57l9oHASNeEg55NQm01aOmwq/z1DXs3UP2nRmp6XCCfE61ghofO5dtV1j3cZ3f5
|
||||
dzkzSBV7H6+/MD3Y8Q==</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
|
|
|
@ -7,25 +7,24 @@
|
|||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<!-- This certificate is extracted from KBN_CERT_PATH in @kbn/dev-utils and should always be in sync with it -->
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVANNWkg9lzNiLqNkMFhFKHcXyaZmqMA0GCSqGSIb3DQEB
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVAN0GVNLw3IaUBuG7t6CeW8w2wyymMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTE5MTIyNzE3MDM0MloYDzIwNjkxMjE0MTcwMzQyWjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ
|
||||
wYYbQtbRBKJ4uNZc2+IgRU+7NNL21ZebQlEIMgK7jAqOMrsW2b5DATz41Fd+GQFU
|
||||
FUYYjwo+PQj6sJHshOJo/gNb32HrydvMI7YPvevkszkuEGCfXxQ3Dw2RTACLgD0Q
|
||||
OCkwHvn3TMf0loloV/ePGWaZDYZaXi3a5DdWi/HFFoJysgF0JV2f6XyKhJkGaEfJ
|
||||
s9pWX269zH/XQvGNx4BEimJpYB8h4JnDYPFIiQdqj+sl2b+kS1hH9kL5gBAMXjFU
|
||||
vcNnX+PmyTjyJrGo75k0ku+spBf1bMwuQt3uSmM+TQIXkvFDmS0DOVESrpA5EC1T
|
||||
BUGRz6o/I88Xx4Mud771AgMBAAGjYzBhMB0GA1UdDgQWBBQLB1Eo23M3Ss8MsFaz
|
||||
V+Twcb3PmDAfBgNVHSMEGDAWgBQa7SYOe8NGcF00EbwPHA91YCsHSTAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnEl/
|
||||
z5IElIjvkK4AgMPrNcRlvIGDt2orEik7b6Jsq6/RiJQ7cSsYTZf7xbqyxNsUOTxv
|
||||
+frj47MEN448H2nRvUxH29YR3XygV5aEwADSAhwaQWn0QfWTCZbJTmSoNEDtDOzX
|
||||
TGDlAoCD9s9Xz9S1JpxY4H+WWRZrBSDM6SC1c6CzuEeZRuScNAjYD5mh2v6fOlSy
|
||||
b8xJWSg0AFlJPCa3ZsA2SKbNqI0uNfJTnkXRm88Z2NHcgtlADbOLKauWfCrpgsCk
|
||||
cZgo6yAYkOM148h/8wGla1eX+iE1R72NUABGydu8MSQKvc0emWJkGsC1/KqPlf/O
|
||||
eOUsdwn1yDKHRxDHyA==
|
||||
</ds:X509Certificate>
|
||||
ZXJhdGVkIENBMCAXDTIxMTAxMzEwMTU1OFoYDzIwNzExMDAxMTAxNTU4WjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3
|
||||
nvfL3/26D8EkLso+t9S0m+tSJipLsBWs0dCpc8KRJ/+ijDRnAQ5lOmOAcxt43SNY
|
||||
KFr0EntQEZyYaRwMIM8aPR0WYW/VV5o4fq2o/JnmHqzZJRJCwZq+5WiCiDPt012N
|
||||
mRGYCMUxjlEwejue6diLAeQhZ/sfN4jUp217bMEHrhHrNBWTwwJ+Uk5TBQMhviCW
|
||||
LKbsKrfluA6DGHWrXN4pH7Xmaf/Zyc9AYL/nxwv3VQHZzIAK/U/WNCgFJJ3qoFYY
|
||||
6TUwDDNa30mSj165OOds9N+VmUlDC3IFiHV3osBWscSU4HJd6QJ8huHrFLLV4y4i
|
||||
u62el47Qr+/8Ut3SzeIXAgMBAAGjYzBhMB0GA1UdDgQWBBQli5f2bYL9jKUA5Uxp
|
||||
yRRHeCoPJzAfBgNVHSMEGDAWgBQwTCrAjlvQxik3HBocn1PDUunenjAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEATFNj
|
||||
WkTBPfgflGYZD4OsYvfT/rVjFKbJP/u1a0rkzNamA2QKNzI9JTOzONPTyRhe9yVS
|
||||
zeO8X2rtN63l38dtgMjFQ15Xxnp7GFT7GkXfa1JR+tGSGTgVld8nLUzig+mNmBoR
|
||||
nE4cNc0JJ1PsXPzfPgJ6WMp2WOoNUrQf2cm42i36Jk+7KGcosfyFMPQILZE34Geo
|
||||
DAgCVpNWPgST4HYBUCHMC7S14LHLVdUXPsfGZPEqU5Zf9Hvy61rQC/RdNjnMI6JD
|
||||
s57l9oHASNeEg55NQm01aOmwq/z1DXs3UP2nRmp6XCCfE61ghofO5dtV1j3cZ3f5
|
||||
dzkzSBV7H6+/MD3Y8Q==</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
|
|
|
@ -7,25 +7,24 @@
|
|||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data>
|
||||
<!-- This certificate is extracted from KBN_CERT_PATH in @kbn/dev-utils and should always be in sync with it -->
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVANNWkg9lzNiLqNkMFhFKHcXyaZmqMA0GCSqGSIb3DQEB
|
||||
<ds:X509Certificate>MIIDOTCCAiGgAwIBAgIVAN0GVNLw3IaUBuG7t6CeW8w2wyymMA0GCSqGSIb3DQEB
|
||||
CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
|
||||
ZXJhdGVkIENBMCAXDTE5MTIyNzE3MDM0MloYDzIwNjkxMjE0MTcwMzQyWjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ
|
||||
wYYbQtbRBKJ4uNZc2+IgRU+7NNL21ZebQlEIMgK7jAqOMrsW2b5DATz41Fd+GQFU
|
||||
FUYYjwo+PQj6sJHshOJo/gNb32HrydvMI7YPvevkszkuEGCfXxQ3Dw2RTACLgD0Q
|
||||
OCkwHvn3TMf0loloV/ePGWaZDYZaXi3a5DdWi/HFFoJysgF0JV2f6XyKhJkGaEfJ
|
||||
s9pWX269zH/XQvGNx4BEimJpYB8h4JnDYPFIiQdqj+sl2b+kS1hH9kL5gBAMXjFU
|
||||
vcNnX+PmyTjyJrGo75k0ku+spBf1bMwuQt3uSmM+TQIXkvFDmS0DOVESrpA5EC1T
|
||||
BUGRz6o/I88Xx4Mud771AgMBAAGjYzBhMB0GA1UdDgQWBBQLB1Eo23M3Ss8MsFaz
|
||||
V+Twcb3PmDAfBgNVHSMEGDAWgBQa7SYOe8NGcF00EbwPHA91YCsHSTAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAnEl/
|
||||
z5IElIjvkK4AgMPrNcRlvIGDt2orEik7b6Jsq6/RiJQ7cSsYTZf7xbqyxNsUOTxv
|
||||
+frj47MEN448H2nRvUxH29YR3XygV5aEwADSAhwaQWn0QfWTCZbJTmSoNEDtDOzX
|
||||
TGDlAoCD9s9Xz9S1JpxY4H+WWRZrBSDM6SC1c6CzuEeZRuScNAjYD5mh2v6fOlSy
|
||||
b8xJWSg0AFlJPCa3ZsA2SKbNqI0uNfJTnkXRm88Z2NHcgtlADbOLKauWfCrpgsCk
|
||||
cZgo6yAYkOM148h/8wGla1eX+iE1R72NUABGydu8MSQKvc0emWJkGsC1/KqPlf/O
|
||||
eOUsdwn1yDKHRxDHyA==
|
||||
</ds:X509Certificate>
|
||||
ZXJhdGVkIENBMCAXDTIxMTAxMzEwMTU1OFoYDzIwNzExMDAxMTAxNTU4WjARMQ8w
|
||||
DQYDVQQDEwZraWJhbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3
|
||||
nvfL3/26D8EkLso+t9S0m+tSJipLsBWs0dCpc8KRJ/+ijDRnAQ5lOmOAcxt43SNY
|
||||
KFr0EntQEZyYaRwMIM8aPR0WYW/VV5o4fq2o/JnmHqzZJRJCwZq+5WiCiDPt012N
|
||||
mRGYCMUxjlEwejue6diLAeQhZ/sfN4jUp217bMEHrhHrNBWTwwJ+Uk5TBQMhviCW
|
||||
LKbsKrfluA6DGHWrXN4pH7Xmaf/Zyc9AYL/nxwv3VQHZzIAK/U/WNCgFJJ3qoFYY
|
||||
6TUwDDNa30mSj165OOds9N+VmUlDC3IFiHV3osBWscSU4HJd6QJ8huHrFLLV4y4i
|
||||
u62el47Qr+/8Ut3SzeIXAgMBAAGjYzBhMB0GA1UdDgQWBBQli5f2bYL9jKUA5Uxp
|
||||
yRRHeCoPJzAfBgNVHSMEGDAWgBQwTCrAjlvQxik3HBocn1PDUunenjAUBgNVHREE
|
||||
DTALgglsb2NhbGhvc3QwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEATFNj
|
||||
WkTBPfgflGYZD4OsYvfT/rVjFKbJP/u1a0rkzNamA2QKNzI9JTOzONPTyRhe9yVS
|
||||
zeO8X2rtN63l38dtgMjFQ15Xxnp7GFT7GkXfa1JR+tGSGTgVld8nLUzig+mNmBoR
|
||||
nE4cNc0JJ1PsXPzfPgJ6WMp2WOoNUrQf2cm42i36Jk+7KGcosfyFMPQILZE34Geo
|
||||
DAgCVpNWPgST4HYBUCHMC7S14LHLVdUXPsfGZPEqU5Zf9Hvy61rQC/RdNjnMI6JD
|
||||
s57l9oHASNeEg55NQm01aOmwq/z1DXs3UP2nRmp6XCCfE61ghofO5dtV1j3cZ3f5
|
||||
dzkzSBV7H6+/MD3Y8Q==</ds:X509Certificate>
|
||||
</ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</md:KeyDescriptor>
|
||||
|
|
Loading…
Reference in a new issue