Skip to content

Commit

Permalink
Deprecate apm-server apikey
Browse files Browse the repository at this point in the history
  • Loading branch information
axw committed Oct 27, 2022
1 parent 6e75463 commit bbbaa0d
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 2 deletions.
1 change: 1 addition & 0 deletions changelogs/head.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ https://github.com/elastic/apm-server/compare/8.5\...main[View commits]

[float]
==== Deprecations
- `apm-server apikey` commands have been deprecated. API Keys should be managed through Kibana or the Elasticsearch REST API {pull}9446[9446]

[float]
==== Bug fixes
Expand Down
2 changes: 2 additions & 0 deletions docs/legacy/copied-from-beats/docs/command-reference.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,8 @@ ifdef::apm-server[]

experimental::[]

deprecated::[8.6.0, Users should create API Keys through {kib} or the {es} REST API. See <<api-key-legacy>>.]

Communication between APM agents and APM Server now supports sending an
<<api-key-legacy,API Key in the Authorization header>>.
APM Server provides an `apikey` command that can create, verify, invalidate,
Expand Down
2 changes: 2 additions & 0 deletions docs/legacy/secure-communication-agents.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,8 @@ API keys can also be created and validated outside of {kib}:
[float]
==== APM Server API key workflow

deprecated::[8.6.0, Users should create API Keys through {kib} or the {es} REST API]

APM Server provides a command line interface for creating, retrieving, invalidating, and verifying API keys.
Keys created using this method can only be used for communication with APM Server.

Expand Down
14 changes: 12 additions & 2 deletions internal/beatcmd/apikey.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,22 @@ import (
es "github.com/elastic/apm-server/internal/elasticsearch"
)

const apikeyDeprecationNotice = `NOTE: "apm-server apikey" is deprecated, and will be removed in a future release.
See https://www.elastic.co/guide/en/apm/guide/current/api-key.html for managing API Keys.`

func genApikeyCmd() *cobra.Command {

short := "Manage API Keys for communication between APM agents and server"
short := "Manage API Keys for communication between APM agents and server (deprecated)"
apikeyCmd := cobra.Command{
Use: "apikey",
Short: short,
Long: short + `.
Most operations require the "manage_api_key" cluster privilege. Ensure to configure "apm-server.api_key.*" or
"output.elasticsearch.*" appropriately. APM Server will create security privileges for the "apm" application;
you can freely query them. If you modify or delete apm privileges, APM Server might reject all requests.
Check the Elastic Security API documentation for details.`,
Check the Elastic Security API documentation for details.
` + apikeyDeprecationNotice,
}

apikeyCmd.AddCommand(
Expand All @@ -59,6 +64,11 @@ Check the Elastic Security API documentation for details.`,
getApikeysCmd(),
verifyApikeyCmd(),
)

apikeyCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
fmt.Fprintln(os.Stderr, apikeyDeprecationNotice+"\n")
}

return &apikeyCmd
}

Expand Down

0 comments on commit bbbaa0d

Please sign in to comment.