Watcher: Add whitelist to HttpClient

[spinscale]

This adds a configurable whitelist to the HTTP client in watcher. By
default it allows everything is does not, but there is a dynamically
configurable setting named "xpack.http.hosts.whitelist" that allows to
configure an array of urls, which can also contain simple regexes.

TODO:

• fix the code TODO and cast properly, this was a two hour prototype so might more serve as a discussion base instead of being merged
• Is a blacklist needed on top of a whitelist? No
• Should we block certain things by default as mentioned in the issue? Not for now
• Should we always whitelist slack/hipchat/pagerduty or allow to block this as well and tell the user he should whitelist it manually?
• Add documentation

Closes #29937

[elasticmachine]

Pinging @elastic/es-core-features

[jakelandis]

Should we match against a host list or really against URLs? Right now
you cannot filter http vs https which might be quite the feature

I think we should support the full URI and not just the host. Some large organizations do path based routing over dns for operational reasons (shared wildcard certs, SSO, etc), and they may to limit access to specific paths within a company's host. I think we should also support a URL with our with the http(s)://, for usability. w/r/t http vs. https allowance, I think this should be a standalone setting allow_insecure_http (or the like) and work towards making false the default.

Is a blacklist needed on top of a whitelist?

I don't think so. More of a personal opinion then anything ... but I have found when having both it is harder to understand which one to configure and how the precedence works for anything but the trivial case.

Should we block certain things by default as mentioned in the issue?

I think this gets tricky to get right and can lead to a false sense of increased security by providing these defaults. However, I think it may help, but the real answer is to require a white list.

[spinscale]

I changed the setting to be an URL like https://hooks.slack.com/messages*, this also simplified the code. There are a few todo's left, which I'd work on if the rest makes sense.. (plus documentation)

[spinscale]

Removed the always whitelisting feature for slack/PD/pagerduty. If someone is using this feature, they could easily add the respective endpoints themselves. Documentation was added. TODOs were removed.

I think this is ready for a first review.

Jake: I intentionally did not introduce another allow_insecure_http parameter, as this can all be solved with the existing one. And if someone wants to add http based URLs, so be it.

[hub-cap]

lgtm

[hub-cap]

nice fix right here :)

[jakelandis]

++

[jakelandis]

a question and a couple nit picks, but LGTM as-is

[jakelandis]

++

[spinscale]

@elasticmachine retest this please

[spinscale]

applied all the requests changes. I also changed the setting from xpack.http.hosts.whitelist to xpack.http.whitelist as we are no longer whitelisting hosts. There is also no need to introduce this hierarchy.

[jakelandis]

still LGTM

[hub-cap]

still LGTM

same