Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #16365 to 7.x: Refactor keystore interface into 3 different interfaces #17435

Merged
merged 1 commit into from
Apr 2, 2020
Merged

Cherry-pick #16365 to 7.x: Refactor keystore interface into 3 different interfaces #17435

merged 1 commit into from
Apr 2, 2020

Conversation

ChrsMark
Copy link
Member

@ChrsMark ChrsMark commented Apr 2, 2020
edited by andresrc
Loading

Cherry-pick of PR #16365 to 7.x branch. Original message:

What does this PR do?

This PR refactor keystore interface into 3 different interfaces.

This PR introduces a new Keystore backend which is ReadOnly and retrieves passwords from k8s secrets through k8s API. In order to implement this, the basic Keystore interface is split into 3 different interfaces, Keystore (readonly), WritableKeystore (Keystore + store/write/delete), ListingKeystore (WritableKeystore + list) as proposed on #5832.

The new Keystore that retrieves data from k8s secrets is of Keystore (readonly) type.

#### Autodiscover adoption
In order to support this k8s Keystore in Autodiscover, a keystore object is attached on every event. The keystore object is either created or retrieved if it already exists. We create only one keystore per namespace and we reuse it for events of the same namespace.

Why is it important?

This is important in order to support different keystore backends, like k8s keystore.

This is important in order to support autodiscover hints being able to refer to k8s secrets for password retrieval.

How to test this PR locally

Try all the set of available commands:

  1. ./metricbeat keystore create
  2. ./metricbeat keystore add ES_PWD
  3. ./metricbeat keystore add ES_PWD --force
  4. echo "passpass" | ./metricbeat keystore add ES_PWD --stdin --for
  5. ./metricbeat keystore list
  6. ./metricbeat keystore remove ES_PWD

Create a key and consume it (Elastic Cloud auth or any other ES setting can be used as an example):

  1. ./metricbeat keystore add ES_PWD
  2. ./metricbeat -e -d "*" -E "cloud.id=testkeys:xxxx" -E "cloud.auth=\${ES_PWD}"

or

  1. ./metricbeat keystore add ES_HOST
  2. ./metricbeat -e -d "*" -E output.elasticsearch.hosts=["\${ES_HOST}"]

Related issues

@ChrsMark ChrsMark requested review from AleBElastic and a team April 2, 2020 12:22
@ChrsMark ChrsMark self-assigned this Apr 2, 2020
@ChrsMark ChrsMark added the Team:Integrations Label for the Integrations team label Apr 2, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations (Team:Integrations)

@ChrsMark ChrsMark removed the request for review from AleBElastic April 2, 2020 12:23
ycombinator
ycombinator approved these changes Apr 2, 2020
View reviewed changes
Copy link
Contributor

@ycombinator ycombinator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backport LGTM.

@ChrsMark ChrsMark merged commit 7759cb5 into elastic:7.x Apr 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ycombinator ycombinator ycombinator approved these changes

Assignees

@ChrsMark ChrsMark

Labels
backport review Team:Integrations Label for the Integrations team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ChrsMark @elasticmachine @ycombinator