Remove Elasticsearch field from CRDs (#1687)

* Remove Elasticsearch field from CRDs Use an annotation to manage association configuration instead of the publicly visible Elasticsearch field in Kibana and APM objects. * Fix lint issue * Fix typo * Address CR comments
elastic · Sep 11, 2019 · 2686c67 · 2686c67
1 parent 3144a76
commit 2686c67
Show file tree

Hide file tree

Showing 35 changed files with 1,069 additions and 754 deletions.
diff --git a/config/crds/apm_v1alpha1_apmserver.yaml b/config/crds/apm_v1alpha1_apmserver.yaml
@@ -50,35 +50,6 @@ spec:
             config:
               description: Config represents the APM configuration.
               type: object
-            elasticsearch:
-              description: Elasticsearch configures how the APM server connects to
-                Elasticsearch
-              properties:
-                auth:
-                  description: Auth configures authentication for APM Server to use.
-                  properties:
-                    secret:
-                      description: SecretKeyRef is a secret that contains the credentials
-                        to use.
-                      type: object
-                  type: object
-                hosts:
-                  description: Hosts are the URLs of the output Elasticsearch nodes.
-                  items:
-                    type: string
-                  type: array
-                ssl:
-                  description: SSL configures TLS-related configuration for Elasticsearch
-                  properties:
-                    certificateAuthorities:
-                      description: CertificateAuthorities is a secret that contains
-                        a `tls.crt` entry that contain certificates for server verifications.
-                      properties:
-                        secretName:
-                          type: string
-                      type: object
-                  type: object
-              type: object
             elasticsearchRef:
               description: ElasticsearchRef references an Elasticsearch resource in
                 the Kubernetes cluster. If the namespace is not specified, the current

diff --git a/config/crds/kibana_v1alpha1_kibana.yaml b/config/crds/kibana_v1alpha1_kibana.yaml
@@ -52,30 +52,6 @@ spec:
             config:
               description: Config represents Kibana configuration.
               type: object
-            elasticsearch:
-              description: Elasticsearch configures how Kibana connects to Elasticsearch
-              properties:
-                auth:
-                  description: Auth configures authentication for Kibana to use.
-                  properties:
-                    secret:
-                      description: SecretKeyRef is a secret that contains the credentials
-                        to use.
-                      type: object
-                  type: object
-                certificateAuthorities:
-                  description: CertificateAuthorities names a secret that contains
-                    a CA file entry to use.
-                  properties:
-                    secretName:
-                      type: string
-                  type: object
-                url:
-                  description: ElasticsearchURL is the URL to the target Elasticsearch
-                  type: string
-              required:
-              - url
-              type: object
             elasticsearchRef:
               description: ElasticsearchRef references an Elasticsearch resource in
                 the Kubernetes cluster. If the namespace is not specified, the current

diff --git a/pkg/apis/apm/v1alpha1/apmserver_types.go b/pkg/apis/apm/v1alpha1/apmserver_types.go
@@ -36,10 +36,6 @@ type ApmServerSpec struct {
 	// If the namespace is not specified, the current resource namespace will be used.
 	ElasticsearchRef commonv1alpha1.ObjectSelector `json:"elasticsearchRef,omitempty"`
 
-	// Elasticsearch configures how the APM server connects to Elasticsearch
-	// +optional
-	Elasticsearch ElasticsearchOutput `json:"elasticsearch,omitempty"`
-
 	// PodTemplate can be used to propagate configuration to APM Server pods.
 	// This allows specifying custom annotations, labels, environment variables,
 	// affinity, resources, etc. for the pods created from this NodeSpec.
@@ -56,26 +52,6 @@ type ApmServerSpec struct {
 	SecureSettings []commonv1alpha1.SecretSource `json:"secureSettings,omitempty"`
 }
 
-// Elasticsearch contains configuration for the Elasticsearch output
-type ElasticsearchOutput struct {
-
-	// Hosts are the URLs of the output Elasticsearch nodes.
-	Hosts []string `json:"hosts,omitempty"`
-
-	// Auth configures authentication for APM Server to use.
-	Auth commonv1alpha1.ElasticsearchAuth `json:"auth,omitempty"`
-
-	// SSL configures TLS-related configuration for Elasticsearch
-	SSL ElasticsearchOutputSSL `json:"ssl,omitempty"`
-}
-
-// ElasticsearchOutputSSL contains TLS-related configuration for Elasticsearch
-type ElasticsearchOutputSSL struct {
-	// CertificateAuthorities is a secret that contains a `tls.crt` entry that contain certificates for server
-	// verifications.
-	CertificateAuthorities commonv1alpha1.SecretRef `json:"certificateAuthorities,omitempty"`
-}
-
 // ApmServerHealth expresses the status of the Apm Server instances.
 type ApmServerHealth string
 
@@ -103,11 +79,6 @@ func (as ApmServerStatus) IsDegraded(prev ApmServerStatus) bool {
 	return prev.Health == ApmServerGreen && as.Health != ApmServerGreen
 }
 
-// IsConfigured returns true if the output configuration is populated with non-default values.
-func (e ElasticsearchOutput) IsConfigured() bool {
-	return len(e.Hosts) > 0
-}
-
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
@@ -123,8 +94,9 @@ type ApmServer struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   ApmServerSpec   `json:"spec,omitempty"`
-	Status ApmServerStatus `json:"status,omitempty"`
+	Spec      ApmServerSpec   `json:"spec,omitempty"`
+	Status    ApmServerStatus `json:"status,omitempty"`
+	assocConf *commonv1alpha1.AssociationConf
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -145,10 +117,6 @@ func (as *ApmServer) IsMarkedForDeletion() bool {
 	return !as.DeletionTimestamp.IsZero()
 }
 
-func (as *ApmServer) ElasticsearchAuth() commonv1alpha1.ElasticsearchAuth {
-	return as.Spec.Elasticsearch.Auth
-}
-
 func (as *ApmServer) ElasticsearchRef() commonv1alpha1.ObjectSelector {
 	return as.Spec.ElasticsearchRef
 }
@@ -162,3 +130,11 @@ func (as *ApmServer) SecureSettings() []commonv1alpha1.SecretSource {
 func (as *ApmServer) Kind() string {
 	return Kind
 }
+
+func (as *ApmServer) AssociationConf() *commonv1alpha1.AssociationConf {
+	return as.assocConf
+}
+
+func (as *ApmServer) SetAssociationConf(assocConf *commonv1alpha1.AssociationConf) {
+	as.assocConf = assocConf
+}
diff --git a/pkg/apis/apm/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/apm/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/apis/common/v1alpha1/association.go b/pkg/apis/common/v1alpha1/association.go
@@ -26,6 +26,78 @@ const (
 type Associated interface {
 	metav1.Object
 	runtime.Object
-	ElasticsearchAuth() ElasticsearchAuth
 	ElasticsearchRef() ObjectSelector
+	AssociationConf() *AssociationConf
+}
+
+// Associator describes an object that allows its association to be set.
+type Associator interface {
+	metav1.Object
+	runtime.Object
+	SetAssociationConf(*AssociationConf)
+}
+
+// AssociationConf holds the association configuration of an Elasticsearch cluster.
+type AssociationConf struct {
+	AuthSecretName string `json:"authSecretName"`
+	AuthSecretKey  string `json:"authSecretKey"`
+	CASecretName   string `json:"caSecretName"`
+	URL            string `json:"url"`
+}
+
+// IsConfigured returns true if all the fields are set.
+func (esac *AssociationConf) IsConfigured() bool {
+	return esac.AuthIsConfigured() && esac.CAIsConfigured() && esac.URLIsConfigured()
+}
+
+// AuthIsConfigured returns true if all the auth fields are set.
+func (esac *AssociationConf) AuthIsConfigured() bool {
+	if esac == nil {
+		return false
+	}
+	return esac.AuthSecretName != "" && esac.AuthSecretKey != ""
+}
+
+// CAIsConfigured returns true if the CA field is set.
+func (esac *AssociationConf) CAIsConfigured() bool {
+	if esac == nil {
+		return false
+	}
+	return esac.CASecretName != ""
+}
+
+// URLIsConfigured returns true if the URL field is set.
+func (esac *AssociationConf) URLIsConfigured() bool {
+	if esac == nil {
+		return false
+	}
+	return esac.URL != ""
+}
+
+func (esac *AssociationConf) GetAuthSecretName() string {
+	if esac == nil {
+		return ""
+	}
+	return esac.AuthSecretName
+}
+
+func (esac *AssociationConf) GetAuthSecretKey() string {
+	if esac == nil {
+		return ""
+	}
+	return esac.AuthSecretKey
+}
+
+func (esac *AssociationConf) GetCASecretName() string {
+	if esac == nil {
+		return ""
+	}
+	return esac.CASecretName
+}
+
+func (esac *AssociationConf) GetURL() string {
+	if esac == nil {
+		return ""
+	}
+	return esac.URL
 }
diff --git a/pkg/apis/common/v1alpha1/association_test.go b/pkg/apis/common/v1alpha1/association_test.go
@@ -0,0 +1,77 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package v1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestAssociationConfIsConfigured(t *testing.T) {
+	tests := []struct {
+		name      string
+		assocConf *AssociationConf
+		want      bool
+	}{
+		{
+			name: "nil object",
+			want: false,
+		},
+		{
+			name: "missing URL",
+			assocConf: &AssociationConf{
+				AuthSecretName: "auth-secret",
+				AuthSecretKey:  "elastic",
+				CASecretName:   "ca-secret",
+			},
+			want: false,
+		},
+		{
+			name: "missing auth secret name",
+			assocConf: &AssociationConf{
+				AuthSecretKey: "elastic",
+				CASecretName:  "ca-secret",
+				URL:           "https://my-es.svc",
+			},
+			want: false,
+		},
+		{
+			name: "missing auth secret key",
+			assocConf: &AssociationConf{
+				AuthSecretName: "auth-secret",
+				CASecretName:   "ca-secret",
+				URL:            "https://my-es.svc",
+			},
+			want: false,
+		},
+		{
+			name: "missing CA secret name",
+			assocConf: &AssociationConf{
+				AuthSecretName: "auth-secret",
+				AuthSecretKey:  "elastic",
+				URL:            "https://my-es.svc",
+			},
+			want: false,
+		},
+		{
+			name: "correctly configured",
+			assocConf: &AssociationConf{
+				AuthSecretName: "auth-secret",
+				AuthSecretKey:  "elastic",
+				CASecretName:   "ca-secret",
+				URL:            "https://my-es.svc",
+			},
+			want: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := tt.assocConf.IsConfigured()
+			require.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/pkg/apis/common/v1alpha1/authentication.go b/pkg/apis/common/v1alpha1/authentication.go