[UII] Drop ssl field from output if it's in an invalid format (#211848)

jen-huang · kibanamachine · web-flow · commit 0c932fd4aba7 · 2025-02-21T09:52:17.000+01:00
## Summary Reported in elastic/sdh-beats#5676. When retrieving outputs information, drop the `ssl` field if it's in an invalid format (causing `JSON.parse` to fail). This can happen for ES output with `ssl` field set via API, and then subsequently editing it from the UI (ES output `ssl` fields are currently unsupported, soon to be supported by #207326. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
diff --git a/x-pack/platform/plugins/shared/fleet/server/services/output.test.ts b/x-pack/platform/plugins/shared/fleet/server/services/output.test.ts
@@ -22,6 +22,7 @@ import { agentPolicyService } from './agent_policy';
 import { packagePolicyService } from './package_policy';
 import { auditLoggingService } from './audit_logging';
 import { findAgentlessPolicies } from './outputs/helpers';
+import { outputSavedObjectToOutput } from './output';
 
 jest.mock('./app_context');
 jest.mock('./agent_policy');
@@ -40,13 +41,14 @@ mockedAppContextService.getSecuritySetup.mockImplementation(() => ({
   ...securityMock.createSetup(),
 }));
 
+const mockedLogger = {
+  debug: jest.fn(),
+  info: jest.fn(),
+  warn: jest.fn(),
+  error: jest.fn(),
+} as unknown as Logger;
 mockedAppContextService.getLogger.mockImplementation(() => {
-  return {
-    debug: jest.fn(),
-    info: jest.fn(),
-    warn: jest.fn(),
-    error: jest.fn(),
-  } as unknown as Logger;
+  return mockedLogger;
 });
 
 mockedAppContextService.getExperimentalFeatures.mockReturnValue({} as any);
@@ -2590,4 +2592,42 @@ describe('Output Service', () => {
       await expect(promise).resolves.not.toThrow();
     });
   });
+
+  describe('outputSavedObjectToOutput', () => {
+    it('should return output object with parsed SSL when SSL is a valid JSON string', () => {
+      const so = mockOutputSO('output-test', {
+        ssl: '{ "certificate": "cert", "key": "key" }',
+      });
+
+      const output = outputSavedObjectToOutput(so);
+
+      expect(output.ssl).toEqual({ certificate: 'cert', key: 'key' });
+    });
+
+    it('should return output object with no SSL field when SSL is an invalid JSON string', () => {
+      const so = mockOutputSO('output-test', {
+        ssl: 'invalid-json',
+      });
+
+      const output = outputSavedObjectToOutput(so);
+
+      expect(output.ssl).toEqual(undefined);
+      expect(mockedLogger.warn).toHaveBeenCalledWith(
+        expect.stringContaining(`Unable to parse ssl for output ${so.id}`)
+      );
+      expect(mockedLogger.warn).toHaveBeenCalledWith(
+        expect.stringContaining(`ssl value: invalid-json`)
+      );
+    });
+
+    it('should return output object with no SSL field when SSL is not a string', () => {
+      const so = mockOutputSO('output-test', {
+        ssl: { certificate: 'cert', key: 'key' },
+      });
+
+      const output = outputSavedObjectToOutput(so);
+
+      expect(output.ssl).toEqual(undefined);
+    });
+  });
 });
diff --git a/x-pack/platform/plugins/shared/fleet/server/services/output.ts b/x-pack/platform/plugins/shared/fleet/server/services/output.ts
@@ -122,13 +122,21 @@ export function outputIdToUuid(id: string) {
   return uuidv5(id, uuidv5.DNS);
 }
 
-function outputSavedObjectToOutput(so: SavedObject<OutputSOAttributes>): Output {
+export function outputSavedObjectToOutput(so: SavedObject<OutputSOAttributes>): Output {
+  const logger = appContextService.getLogger();
   const { output_id: outputId, ssl, proxy_id: proxyId, ...atributes } = so.attributes;
 
+  let parsedSsl;
+  try {
+    parsedSsl = typeof ssl === 'string' ? JSON.parse(ssl) : undefined;
+  } catch (e) {
+    logger.warn(`Unable to parse ssl for output ${so.id}: ${e.message}`);
+    logger.warn(`ssl value: ${ssl}`);
+  }
   return {
     id: outputId ?? so.id,
     ...atributes,
-    ...(ssl ? { ssl: JSON.parse(ssl as string) } : {}),
+    ...(parsedSsl ? { ssl: parsedSsl } : {}),
     ...(proxyId ? { proxy_id: proxyId } : {}),
   };
 }
