Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove PGP endpoint auth requirement #4256

Merged
merged 2 commits into from
Dec 31, 2024

Conversation

michel-laterman
Copy link
Contributor

What is the problem this PR solves?

Air gapped agents are unable to retreive PGP key from fleet-server.

How does this PR solve the problem?

Remove auth key requirement from PGP retrieval endpoint

Design Checklist

  • I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
  • I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
  • I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool

Related issues

@michel-laterman michel-laterman added bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team backport-8.x Automated backport to the 8.x branch with mergify backport-8.16 Automated backport with mergify backport-8.17 Automated backport with mergify labels Dec 30, 2024
@michel-laterman michel-laterman requested a review from a team as a code owner December 30, 2024 21:23
@@ -52,10 +53,9 @@ func (pt *PGPRetrieverT) handlePGPKey(zlog zerolog.Logger, w http.ResponseWriter
return ErrTLSRequired
}
key, err := authAPIKey(r, pt.bulker, pt.cache)
if err != nil {
return err
if err == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Asking out of curiosity; what is the reason we are leaving the authAPIKey call in here?

Copy link
Contributor Author

@michel-laterman michel-laterman Dec 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in order to log the api key id if one is present; but i'll remove this so we don't have to make another request in order to authenticate the key

Copy link
Contributor

@kaanyalti kaanyalti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me. I just have a question about the authAPIKey call.

Copy link

@michel-laterman michel-laterman enabled auto-merge (squash) December 31, 2024 22:13
@michel-laterman michel-laterman merged commit 4915d7c into elastic:main Dec 31, 2024
8 checks passed
mergify bot pushed a commit that referenced this pull request Dec 31, 2024
Remove PGP endpoint auth requirement

(cherry picked from commit 4915d7c)
mergify bot pushed a commit that referenced this pull request Dec 31, 2024
Remove PGP endpoint auth requirement

(cherry picked from commit 4915d7c)
mergify bot pushed a commit that referenced this pull request Dec 31, 2024
Remove PGP endpoint auth requirement

(cherry picked from commit 4915d7c)
jlind23 pushed a commit that referenced this pull request Jan 2, 2025
Remove PGP endpoint auth requirement

(cherry picked from commit 4915d7c)

Co-authored-by: Michel Laterman <[email protected]>
jlind23 pushed a commit that referenced this pull request Jan 2, 2025
Remove PGP endpoint auth requirement

(cherry picked from commit 4915d7c)

Co-authored-by: Michel Laterman <[email protected]>
jlind23 pushed a commit that referenced this pull request Jan 2, 2025
Remove PGP endpoint auth requirement

(cherry picked from commit 4915d7c)

Co-authored-by: Michel Laterman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-8.x Automated backport to the 8.x branch with mergify backport-8.16 Automated backport with mergify backport-8.17 Automated backport with mergify bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

pgp key retrieval requires auth
2 participants