change kibana.yml xpack.actions.whitelistedHosts to default to ['*']

[pmuellr]

resolves #52597

The previous default was [], which meant no hosts were whitelisted,
which would require a Kibana admin to set this value for any actions
that accessed 3rd party services (currently email and webhook, longer
term slack and pagerduty).

Checked the existing function test and jest tests, and I think they're
testing everything correctly and still pass, but we could potentially
add some more FT tests, by adding some additional FT configs.

Checklist

Use strikethroughs to remove checklist items you don't feel are applicable to this PR.

• This was checked for cross-browser compatibility, including a check against IE11
• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• This was checked for keyboard-only and screenreader accessibility

For maintainers

• This was checked for breaking API changes and was labeled appropriately
• This includes a feature addition or change that requires a release note and was labeled appropriately

[pmuellr]

We should update the asciidoc for kibana.yml config settings for this. I don't believe it's currently in there, but will need to be for cloud whitelisting ...

[elasticmachine]

Pinging @elastic/kibana-stack-services (Team:Stack Services)

[pmuellr]

I think this is ready to go.

I added some doc for the setting in the expected place for Kibana.yml settings. We'll need this to refer to when we add the cloud whitelisting bits.

I'm not sure whether we want to release note this somehow? We've talked so much about the security aspects of this, seems worthwhile, but ... perhaps we want some other doc somewhere talking about these settings, and then release note that? Not sure.

Also, no tests added or changed. Consensus seems to be testing config variations is hard, and so it's mostly done via unit testing. We already have function tests with a specific whitelist setting, I think the only other possibilities would be a test for [*] (or the default) and [], which would require two new configs.

[pmuellr]

@peterschretlen are we ready for this? :-)

[peterschretlen]

@peterschretlen are we ready for this? :-)

@pmuellr yep let's do it. This will also let us test all the actions in cloud staging 7.6 prior to whitelisting. Gives us lots of time for testing. Worst case we have to roll it back.

[peterschretlen]

👍 LGTM

[mikecote]

LGTM!

[elasticmachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 55417d0

History

• 💚 Build #15784 succeeded 6a25bed
• 💚 Build #15233 succeeded cff7ed6
• 💚 Build #14985 succeeded dbe2ce407857dd6cb262eb8756ee3788e654e91d

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream