Deprecate username/password in elastic-agent#29434
Deprecate username/password in elastic-agent#29434michel-laterman merged 5 commits intoelastic:7.17from
Conversation
|
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
| hosts: [127.0.0.1:9200] | ||
| username: elastic | ||
| password: changeme | ||
| api_key: "example-key" |
There was a problem hiding this comment.
I'm a bit confused if this attribute should be api_key or service_token.
the libbeat output config expects api_key, but some config from within the agent refers to it as service_token.
There was a problem hiding this comment.
api_key is for the output, service_token is for what is passed to fleet-server. This is not the same thing, see other comments.
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
michalpristas
left a comment
There was a problem hiding this comment.
could you describe api_key and service_token and their usage?
i see some outputs gained token other ones api_key
|
I retargeted this PR to 7.17. If we need it also in 7.16, lets make sure it is backported. |
| - Add diagnostics collect command to gather beat metadata, config, policy, and logs and bundle it into an archive. {pull}28461[28461] | ||
| - Add `KIBANA_FLEET_SERVICE_TOKEN` to Elastic Agent container. {pull}28096[28096] | ||
| - Allow pprof endpoints for elastic-agent or beats if enabled. {pull}28983[28983] {pull}29155[29155] | ||
| - Mark username/password settings as deprecated. {pull}29434[29434] |
There was a problem hiding this comment.
username / password for fleet-server are deprecated. If we should deprecate username / password for Elastic Agent in a more general way for the output is another discussion.
| username: elastic | ||
| password: changeme | ||
| api_key: "example-key" | ||
| # Note that basic auth is deprecated and will be removed in 8.0 |
There was a problem hiding this comment.
This does not apply to the general output. +1 on having the api_key here but username / password for the output part stay around AFAIK.
There was a problem hiding this comment.
ah, much simpler then. i'll just log it there.
| hosts: [127.0.0.1:9200] | ||
| username: elastic | ||
| password: changeme | ||
| api_key: "example-key" |
There was a problem hiding this comment.
api_key is for the output, service_token is for what is passed to fleet-server. This is not the same thing, see other comments.
|
/test |
ruflin
left a comment
There was a problem hiding this comment.
Lets make sure we also follow up with docs to deprecate it also in the docs.
ruflin
left a comment
There was a problem hiding this comment.
I think this also needs an update on
Add a note that these are deprecated as this is what shows up in the help output.|
/test |
ruflin
left a comment
There was a problem hiding this comment.
Change LGTM. Lets try to get CI pass and get it in.
* Deprecate username/password in elastic-agent * Appy deprecation only to fleet-server * Review feedback * Add deprecation notes in container help output (cherry picked from commit 1810b78)
* Deprecate username/password in elastic-agent * Appy deprecation only to fleet-server * Review feedback * Add deprecation notes in container help output (cherry picked from commit 1810b78) Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com>
What does this PR do?
Add deprecation logs when username/password is detected by the elastic-agent.
Checklist
I have commented my code, particularly in hard-to-understand areasI have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues