From bbbaa0da73e0e764a812691b28177c074b21d47b Mon Sep 17 00:00:00 2001 From: Andrew Wilkins Date: Thu, 27 Oct 2022 09:56:30 +0800 Subject: [PATCH] Deprecate `apm-server apikey` --- changelogs/head.asciidoc | 1 + .../docs/command-reference.asciidoc | 2 ++ docs/legacy/secure-communication-agents.asciidoc | 2 ++ internal/beatcmd/apikey.go | 14 ++++++++++++-- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/changelogs/head.asciidoc b/changelogs/head.asciidoc index bfac9862bc7..d77a403c709 100644 --- a/changelogs/head.asciidoc +++ b/changelogs/head.asciidoc @@ -11,6 +11,7 @@ https://github.com/elastic/apm-server/compare/8.5\...main[View commits] [float] ==== Deprecations +- `apm-server apikey` commands have been deprecated. API Keys should be managed through Kibana or the Elasticsearch REST API {pull}9446[9446] [float] ==== Bug fixes diff --git a/docs/legacy/copied-from-beats/docs/command-reference.asciidoc b/docs/legacy/copied-from-beats/docs/command-reference.asciidoc index ae30db07277..00740535cd8 100644 --- a/docs/legacy/copied-from-beats/docs/command-reference.asciidoc +++ b/docs/legacy/copied-from-beats/docs/command-reference.asciidoc @@ -139,6 +139,8 @@ ifdef::apm-server[] experimental::[] +deprecated::[8.6.0, Users should create API Keys through {kib} or the {es} REST API. See <>.] + Communication between APM agents and APM Server now supports sending an <>. APM Server provides an `apikey` command that can create, verify, invalidate, diff --git a/docs/legacy/secure-communication-agents.asciidoc b/docs/legacy/secure-communication-agents.asciidoc index 40a5ad6ebc9..a84fbaf7e5e 100644 --- a/docs/legacy/secure-communication-agents.asciidoc +++ b/docs/legacy/secure-communication-agents.asciidoc @@ -181,6 +181,8 @@ API keys can also be created and validated outside of {kib}: [float] ==== APM Server API key workflow +deprecated::[8.6.0, Users should create API Keys through {kib} or the {es} REST API] + APM Server provides a command line interface for creating, retrieving, invalidating, and verifying API keys. Keys created using this method can only be used for communication with APM Server. diff --git a/internal/beatcmd/apikey.go b/internal/beatcmd/apikey.go index b1de1eda1ec..9fec3e8a6ae 100644 --- a/internal/beatcmd/apikey.go +++ b/internal/beatcmd/apikey.go @@ -40,9 +40,12 @@ import ( es "github.com/elastic/apm-server/internal/elasticsearch" ) +const apikeyDeprecationNotice = `NOTE: "apm-server apikey" is deprecated, and will be removed in a future release. +See https://www.elastic.co/guide/en/apm/guide/current/api-key.html for managing API Keys.` + func genApikeyCmd() *cobra.Command { - short := "Manage API Keys for communication between APM agents and server" + short := "Manage API Keys for communication between APM agents and server (deprecated)" apikeyCmd := cobra.Command{ Use: "apikey", Short: short, @@ -50,7 +53,9 @@ func genApikeyCmd() *cobra.Command { Most operations require the "manage_api_key" cluster privilege. Ensure to configure "apm-server.api_key.*" or "output.elasticsearch.*" appropriately. APM Server will create security privileges for the "apm" application; you can freely query them. If you modify or delete apm privileges, APM Server might reject all requests. -Check the Elastic Security API documentation for details.`, +Check the Elastic Security API documentation for details. + +` + apikeyDeprecationNotice, } apikeyCmd.AddCommand( @@ -59,6 +64,11 @@ Check the Elastic Security API documentation for details.`, getApikeysCmd(), verifyApikeyCmd(), ) + + apikeyCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) { + fmt.Fprintln(os.Stderr, apikeyDeprecationNotice+"\n") + } + return &apikeyCmd }