From 536f8ccfa542a3b3ed181fbc1783501830c742e0 Mon Sep 17 00:00:00 2001 From: Juan Date: Tue, 16 Feb 2021 11:17:15 +0100 Subject: [PATCH 1/2] disable sourcemap upload endpoint when data streams enabled --- .../DataStreams.approved.json | 3 +++ .../OffRum.approved.json | 2 +- .../OffSourcemap.approved.json | 2 +- beater/api/mux.go | 5 +++-- beater/api/mux_sourcemap_handler_test.go | 9 +++++++++ 5 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json diff --git a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json new file mode 100644 index 00000000000..4fd1e8a5d6f --- /dev/null +++ b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json @@ -0,0 +1,3 @@ +{ + "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error. If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." +} diff --git a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json index 395e899493d..4fd1e8a5d6f 100644 --- a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json +++ b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json @@ -1,3 +1,3 @@ { - "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error." + "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error. If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." } diff --git a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json index 395e899493d..4fd1e8a5d6f 100644 --- a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json +++ b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json @@ -1,3 +1,3 @@ { - "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error." + "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error. If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." } diff --git a/beater/api/mux.go b/beater/api/mux.go index cf236ee85bf..1f056d74319 100644 --- a/beater/api/mux.go +++ b/beater/api/mux.go @@ -220,8 +220,9 @@ func rumMiddleware(cfg *config.Config, _ *authorization.Handler, m map[request.R func sourcemapMiddleware(cfg *config.Config, auth *authorization.Handler) []middleware.Middleware { msg := "Sourcemap upload endpoint is disabled. " + "Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. " + - "If you are not using the RUM agent, you can safely ignore this error." - enabled := cfg.RumConfig.IsEnabled() && cfg.RumConfig.SourceMapping.IsEnabled() + "If you are not using the RUM agent, you can safely ignore this error. " + + "If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." + enabled := cfg.RumConfig.IsEnabled() && cfg.RumConfig.SourceMapping.IsEnabled() && !cfg.DataStreams.Enabled return append(backendMiddleware(cfg, auth, sourcemap.MonitoringMap), middleware.KillSwitchMiddleware(enabled, msg)) } diff --git a/beater/api/mux_sourcemap_handler_test.go b/beater/api/mux_sourcemap_handler_test.go index 95b9ef0f60e..9480b4ce826 100644 --- a/beater/api/mux_sourcemap_handler_test.go +++ b/beater/api/mux_sourcemap_handler_test.go @@ -70,6 +70,15 @@ func TestSourcemapHandler_KillSwitchMiddleware(t *testing.T) { approvaltest.ApproveJSON(t, approvalPathAsset(t.Name()), rec.Body.Bytes()) }) + t.Run("DataStreams", func(t *testing.T) { + cfg := cfgEnabledRUM() + cfg.DataStreams.Enabled = true + rec, err := requestToMuxerWithPattern(cfg, AssetSourcemapPath) + require.NoError(t, err) + require.Equal(t, http.StatusForbidden, rec.Code) + approvaltest.ApproveJSON(t, approvalPathAsset(t.Name()), rec.Body.Bytes()) + }) + t.Run("On", func(t *testing.T) { rec, err := requestToMuxerWithPattern(cfgEnabledRUM(), AssetSourcemapPath) require.NoError(t, err) From 5b837b59c8e57bea7f3c4a5ed6d5ba31128eabea Mon Sep 17 00:00:00 2001 From: Juan Date: Tue, 16 Feb 2021 12:02:49 +0100 Subject: [PATCH 2/2] more specific error message --- .../DataStreams.approved.json | 2 +- .../OffRum.approved.json | 2 +- .../OffSourcemap.approved.json | 2 +- beater/api/mux.go | 6 ++++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json index 4fd1e8a5d6f..bd5de196284 100644 --- a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json +++ b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/DataStreams.approved.json @@ -1,3 +1,3 @@ { - "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error. If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." + "error": "forbidden request: When APM Server is managed by Fleet, Sourcemaps must be uploaded directly to Elasticsearch." } diff --git a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json index 4fd1e8a5d6f..395e899493d 100644 --- a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json +++ b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffRum.approved.json @@ -1,3 +1,3 @@ { - "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error. If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." + "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error." } diff --git a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json index 4fd1e8a5d6f..395e899493d 100644 --- a/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json +++ b/beater/api/asset/sourcemap/test_approved/integration/TestSourcemapHandler_KillSwitchMiddleware/OffSourcemap.approved.json @@ -1,3 +1,3 @@ { - "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error. If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." + "error": "forbidden request: Sourcemap upload endpoint is disabled. Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. If you are not using the RUM agent, you can safely ignore this error." } diff --git a/beater/api/mux.go b/beater/api/mux.go index 1f056d74319..c1f8663d482 100644 --- a/beater/api/mux.go +++ b/beater/api/mux.go @@ -220,8 +220,10 @@ func rumMiddleware(cfg *config.Config, _ *authorization.Handler, m map[request.R func sourcemapMiddleware(cfg *config.Config, auth *authorization.Handler) []middleware.Middleware { msg := "Sourcemap upload endpoint is disabled. " + "Configure the `apm-server.rum` section in apm-server.yml to enable sourcemap uploads. " + - "If you are not using the RUM agent, you can safely ignore this error. " + - "If you are running APM Server managed by Fleet, you need to upload Sourcemaps directly to Elasticsearch." + "If you are not using the RUM agent, you can safely ignore this error." + if cfg.DataStreams.Enabled { + msg = "When APM Server is managed by Fleet, Sourcemaps must be uploaded directly to Elasticsearch." + } enabled := cfg.RumConfig.IsEnabled() && cfg.RumConfig.SourceMapping.IsEnabled() && !cfg.DataStreams.Enabled return append(backendMiddleware(cfg, auth, sourcemap.MonitoringMap), middleware.KillSwitchMiddleware(enabled, msg))