agent config GA

[jalvz]

fixes #2694, fixes #2630 , fixes #2646

depends on elastic/kibana#46995

required by elastic/apm-agent-rum-js#439

[codecov-io]

Codecov Report

Merging #2747 into master will decrease coverage by 1.36%.
The diff coverage is 82.82%.

@@            Coverage Diff            @@
##           master   #2747      +/-   ##
=========================================
- Coverage   80.16%   78.8%   -1.37%     
=========================================
  Files          83      82       -1     
  Lines        4589    4288     -301     
=========================================
- Hits         3679    3379     -300     
+ Misses        910     909       -1

Impacted Files	Coverage Δ
beater/middleware/rate_limit_middleware.go	0% <0%> (ø)	⬆️
beater/middleware/rum_middleware.go	0% <0%> (ø)
kibana/connecting_client.go	40% <0%> (ø)	⬆️
beater/middleware/cors_middleware.go	100% <100%> (ø)	⬆️
beater/api/config/agent/handler.go	94.82% <100%> (+0.38%)	⬆️
beater/api/intake/handler.go	100% <100%> (ø)	⬆️
beater/request/context.go	85.96% <100%> (+0.25%)	⬆️
sourcemap/mapper.go	87.23% <100%> (ø)	⬆️
agentcfg/fetch.go	88.57% <100%> (+0.69%)	⬆️
beater/api/mux.go	69.07% <72.72%> (-1.9%)	⬇️
... and 9 more

[jalvz]

failing test can't be fixed until Kibana side is merged, as Kibana returns 400 upon unknown attributes (in this case etag)
cc @sqren

[jalvz]

depends on elastic/kibana#46995

[simitt]

You explained that GA changes will be breaking. Does that mean that the agents using the beta implementation would break when talking to APM Server or would they just stop applying ACM?

[simitt]

No need for exporting this.

[simitt]

The agentcfg package has knowledge about RUM, and the Query has an IsRum flag. IMO this sanitize method should be part of fetching the result from the agentcfg package.

[simitt]

With this implementation non authorized RUM results are not cached. IMO this should be changed.

[jalvz]

I don't think so. If then the same request comes trough the right endpoint, the result would be a wrong empty result.

[simitt]

Kibana is responding the same way to this query, no matter who requests it, right? So I don't see why caching the result here would lead to wrong results.
Ofc I did not mean to cache the ZeroResult but the result.

[jalvz]

in that case i don't know why i would want to cache something that i am not even returning, but im fine either way

[simitt]

My reasoning is the following:
What is the purpose of caching here?
To avoid unnecessary calls to Kibana based on legitimate requests from agents. But as soon as those requests can be triggered from requests to unsecured RUM endpoint, also to prevent overloading Kibana on any kind of attacks.
The authorized check would only return false if the agents had a bug or for malicious requests. In the case of malicious requests it makes sense to also avoid sending the same requests over and over to Kibana.

However, if you add it to the cache, you would probably also need to size limit the cache, as otherwise you open up another attack vector.

I don't see why the decision in which cases something should be added to the cache is in direct relation on whether or not you are returning this information.

[simitt]

Not sure you find this useful, but I gave this some thought when introducing the caching #2220 (comment).

[jalvz]

Thanks.

I am changing the caching key to be service name + env, instead of Etag.
When there are many RUM agents, they will not send an ifnonematch arg until they get one from a previous call, which means that all of them would have to hit Kibana at least one.
Caching the service name solves this problem.

On the other side, I don't think is necessary to have a cache limit.

[jalvz]

cd40ddb

[simitt]

It still bothers me that all of these middleware functions are run if someone has RUM disabled; as a user I'd expect the KillswitchMiddleware to be run before the CORS and rate limiter middleware at least.

[jalvz]

i actually think we should do the CORS dance properly and return to the browsers the response they expect, otherwise the browser might show an error in the lines of "domain not allowed" when the root cause is other.

[simitt]

I lack knowledge about what is the standard behavior related to CORS and browsers. If the advantage is worth the potential additional costs I'm ok with it.

[simitt]

Can you change the name to include IP now.

[jalvz]

ha! i was about to do that, but then i thought you will reply with something like this: #2706 (comment)

not sure what is the criteria now, but will change as I agree

[simitt]

I don't follow. The logic that the rate limiter limits by IP is now in the middleware. It was not before. So now it makes sense to reflect it in the middleware name.

[jalvz]

As clarified offline, this is a comment on L29, not L34.
Changed in 0788847

[jalvz]

You explained that GA changes will be breaking. Does that mean that the agents using the beta implementation would break when talking to APM Server or would they just stop applying ACM?

they will just not get any config updates, so they won't apply it

[simitt]

The sanitize method is based on the querie's isRum, the cache key is based on Service attributes. You call sanitize before adding the value to the cache. In case a request is made for a backend service via the RUM endpoint and then again via the backend endpoint this will lead to wrong results.

The authorized check occurs only for non-cached information. As soon as information is cached, which is based on service attributes and ignoring RUM/backend, the information is just returned. If an unauthorized RUM request follows an authorized backend request, this will result in non-authorized response.

On the other side, I don't think is necessary to have a cache limit.

From what I see the cache can potentially grow infinite with requests for non-existing services. Since we had a bit of an offline discussion regarding caching, please describe why you decided a cache limit is not necessary.

[jalvz]

You call sanitize before adding the value to the cache

Not true, as far I can see.

The authorized check occurs only for non-cached information

Right, will update.

the cache can potentially grow infinite with requests for non-existing services

Lets talk about that offline

[simitt]

You call sanitize before adding the value to the cache

Not true, as far I can see.

Within the cache.fetch you call fetch(), which leads to running the sanitize. The returned, sanitized result is then added to the cache.

[jalvz]

This test 8bbae34#diff-6756162984ecc44fbead19b809440eaeR305 covers that scenario and passes locally, I have to see what's up

[jalvz]

it always worked because each handler has its own cache, added another test completeness.
pushed another change because i didn't like important logic buried in a cache method any ways

[simitt]

Except for one comment related to removing sourrinding " of etags I only left nitpick comments.

[simitt]

As I understand from your arguments in an offline discussion, you are in favor of not using abbreviations, so please use query here instead of q.

[simitt]

logging result.Source.Etag is not correct anymore.

[simitt]

That's only used in tests now

[simitt]

please remove empty line 72

[simitt]

you can directly say return newResult... now

[simitt]

I'd prefer calling this ID as that's better describing what it does, and toString is usually used for a nicer presentation of an instance.

[simitt]

Why is this necessary?

[simitt]

nit: No need for setting agent="python", it reflects the default.

[simitt]

why is it necessary to remove surrounding " of etag? It should be possible to just use the etag that is returned by the server.

[jalvz]

because the rum agent will actually send it without double quotes

[simitt]

But shouldn't the server be able to process with or without quotes? And why is the RUM agent sending without quotes (I probably missed that discussion somewhere).

[simitt]

I approved the PR, as I haven't followed discussions about this. Please ensure then RUM agent properly removes the quotes from the response they get if you don't change it in the server.

[jalvz]

Revisiting this question:

You explained that GA changes will be breaking. Does that mean that the agents using the beta implementation would break when talking to APM Server or would they just stop applying ACM?

What do you actually meant with "break"?

I bumped the min version from 7.3 to 7.5, so the agents would get an error response code, and the should handle it, therefore, not applying any config