-
Notifications
You must be signed in to change notification settings - Fork 713
/
association.go
303 lines (253 loc) · 10.4 KB
/
association.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License 2.0;
// you may not use this file except in compliance with the Elastic License 2.0.
package v1
import (
"fmt"
"sort"
"strings"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"github.com/elastic/cloud-on-k8s/v2/pkg/controller/common/hash"
)
const (
singleStatusKey = ""
)
// AssociationType is the type of an association resource, eg. for Kibana-ES association, AssociationType identifies ES.
type AssociationType string
// AssociationStatus is the status of an association resource.
type AssociationStatus string
// AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that
// have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
type AssociationStatusMap map[string]AssociationStatus
// NewSingleAssociationStatusMap creates an AssociationStatusMap that expects only a single Association. Using a
// well-known key allows to keep serialization of the map backwards compatible.
func NewSingleAssociationStatusMap(status AssociationStatus) AssociationStatusMap {
return map[string]AssociationStatus{
singleStatusKey: status,
}
}
func (asm AssociationStatusMap) String() string {
// check if it's single status map and return only status string if yes
// this allows to keep serialization backwards compatible
if len(asm) == 1 {
for key, value := range asm {
if key == singleStatusKey {
return string(value)
}
}
}
// sort by keys to make String() stable
keys := make([]string, 0, len(asm))
for key := range asm {
keys = append(keys, key)
}
sort.StringSlice(keys).Sort()
var i int
var sb strings.Builder
for _, key := range keys {
value := asm[key]
i++
sb.WriteString(key + ": " + string(value))
if len(asm) != i {
sb.WriteString(", ")
}
}
return sb.String()
}
func (asm AssociationStatusMap) Single() (AssociationStatus, error) {
if len(asm) > 1 {
return "", fmt.Errorf("expected at most one AssociationStatus in map, but found %d: %s", len(asm), asm)
}
// returns the only AssociationStatus present or zero value if none are
var result AssociationStatus
for _, status := range asm {
result = status
}
return result, nil
}
// AllEstablished returns true iff all Associations have AssociationEstablished status, false otherwise.
func (asm AssociationStatusMap) AllEstablished() bool {
for _, status := range asm {
if status != AssociationEstablished {
return false
}
}
return true
}
const (
ElasticsearchConfigAnnotationNameBase = "association.k8s.elastic.co/es-conf"
ElasticsearchAssociationType = "elasticsearch"
EsMonitoringAssociationType = "es-monitoring"
KibanaConfigAnnotationNameBase = "association.k8s.elastic.co/kb-conf"
KibanaAssociationType = "kibana"
KbMonitoringAssociationType = "kb-monitoring"
EntConfigAnnotationNameBase = "association.k8s.elastic.co/ent-conf"
EntAssociationType = "ent"
FleetServerConfigAnnotationNameBase = "association.k8s.elastic.co/fs-conf"
FleetServerAssociationType = "fleetserver"
BeatConfigAnnotationNameBase = "association.k8s.elastic.co/beat-conf"
BeatAssociationType = "beat"
BeatMonitoringAssociationType = "beat-monitoring"
LogstashMonitoringAssociationType = "ls-monitoring"
AssociationUnknown AssociationStatus = ""
AssociationPending AssociationStatus = "Pending"
AssociationEstablished AssociationStatus = "Established"
AssociationFailed AssociationStatus = "Failed"
// SingletonAssociationID is an `AssociationID` used for Associations for resources that can have only a single
// Association of each type. For example, Kibana can only have a single ES Association, so Kibana-ES Associations
// should use `SingletonAssociationID` as their `AssociationID`. On the contrary, Agent can have unbounded number
// of Associations so Agent-ES Associations should _not_ use `SingletonAssociationID`.
SingletonAssociationID = ""
// NoAuthRequiredValue is the value set for AuthSecretName if no authentication
// credentials are necessary for that association.
NoAuthRequiredValue = "-"
)
type ServiceAccountName string
// Associated represents an Elastic stack resource that is associated with other stack resources.
// Examples:
// - Kibana can be associated with Elasticsearch
// - APMServer can be associated with Elasticsearch and Kibana
// - EnterpriseSearch can be associated with Elasticsearch
// - Beat can be associated with Elasticsearch and Kibana
// - Agent can be associated with multiple Elasticsearches
// +kubebuilder:object:generate=false
type Associated interface {
metav1.Object
runtime.Object
ServiceAccountName() string
GetAssociations() []Association
AssociationStatusMap(typ AssociationType) AssociationStatusMap
SetAssociationStatusMap(typ AssociationType, statusMap AssociationStatusMap) error
}
// Association interface helps to manage the Spec fields involved in an association.
// +kubebuilder:object:generate=false
type Association interface {
Associated
// ElasticServiceAccount returns the Elasticsearch service account name to be used for authentication.
ElasticServiceAccount() (ServiceAccountName, error)
// Associated can be used to retrieve the associated object
Associated() Associated
// AssociationType returns a string describing the type of the target resource (elasticsearch most of the time)
// It is mostly used to build some other strings depending on the type of the targeted resource.
AssociationType() AssociationType
// AssociationRef is a reference to the associated resource. If defined with a Name then the Namespace is expected
// to be set in the returned object.
AssociationRef() ObjectSelector
// AssociationConfAnnotationName is the name of the annotation used to define the config for the associated resource.
// It is used by the association controller to store the configuration and by the controller which is
// managing the associated resource to build the appropriate configuration.
AssociationConfAnnotationName() string
// AssociationConf is the configuration of the Association allowing to connect to the Association resource.
AssociationConf() (*AssociationConf, error)
SetAssociationConf(*AssociationConf)
// SupportsAuthAPIKey returns true if the Association supports authenticating with an API key
SupportsAuthAPIKey() bool
// AssociationID uniquely identifies this Association among all Associations of the same type belonging to Associated()
AssociationID() string
}
// FormatNameWithID conditionally formats `template`. `template` is expected to have a single %s verb.
// If `id` is empty, the %s verb will be formatted with empty string. Otherwise %s verb will be replaced with `-id`.
// Eg:
// FormatNameWithID("name%s", "") returns "name"
// FormatNameWithID("name%s", "ns1-es1") returns "name-ns1-es1"
// FormatNameWithID("name%s", "ns2-es2") returns "name-ns2-es2"
// This function exists to abstract this conditional logic away from the callers. It can be used to format names
// for objects differing only by id, that would otherwise collide. In addition, it allows to preserve current naming
// for object types with a single association and introduce object types with unbounded number of associations.
func FormatNameWithID(template string, id string) string {
if id != SingletonAssociationID {
// we want names to be changed for any id but SingletonAssociationID
id = fmt.Sprintf("-%s", id)
}
return fmt.Sprintf(template, id)
}
// AssociationConf holds the association configuration of a referenced resource in an association.
type AssociationConf struct {
AuthSecretName string `json:"authSecretName"`
AuthSecretKey string `json:"authSecretKey"`
IsAPIKey bool `json:"isApiKey"`
IsServiceAccount bool `json:"isServiceAccount"`
CACertProvided bool `json:"caCertProvided"`
CASecretName string `json:"caSecretName"`
// AdditionalSecretsHash is a hash of additional secrets such that when any of the underlying
// secrets change, the CRD annotation is updated and the pods are restarted.
AdditionalSecretsHash string `json:"additionalSecretsHash,omitempty"`
URL string `json:"url"`
// Version of the referenced resource. If a version upgrade is in progress,
// matches the lowest running version. May be empty if unknown.
Version string `json:"version"`
// Serverless is true when the referenced resource is a serverless project.
Serverless bool `json:"serverless,omitempty"`
}
// IsConfigured returns true if all the fields are set.
func (ac *AssociationConf) IsConfigured() bool {
if ac.GetCACertProvided() && !ac.CAIsConfigured() {
return false
}
return ac.AuthIsConfigured() && ac.URLIsConfigured()
}
// AuthIsConfigured returns true if the auth fields are set.
func (ac *AssociationConf) AuthIsConfigured() bool {
if ac == nil {
return false
}
if ac.NoAuthRequired() {
// auth fields are not required, but still configured
return true
}
// ensure both secret name and secret key are provided
return ac.AuthSecretName != "" && ac.AuthSecretKey != ""
}
func (ac *AssociationConf) NoAuthRequired() bool {
return ac.AuthSecretName == NoAuthRequiredValue
}
// CAIsConfigured returns true if the CA field is set.
func (ac *AssociationConf) CAIsConfigured() bool {
if ac == nil {
return false
}
return ac.CASecretName != ""
}
// URLIsConfigured returns true if the URL field is set.
func (ac *AssociationConf) URLIsConfigured() bool {
if ac == nil {
return false
}
return ac.URL != ""
}
func (ac *AssociationConf) GetAuthSecretName() string {
if ac == nil {
return ""
}
return ac.AuthSecretName
}
func (ac *AssociationConf) GetAuthSecretKey() string {
if ac == nil {
return ""
}
return ac.AuthSecretKey
}
func (ac *AssociationConf) GetCACertProvided() bool {
if ac == nil {
return false
}
return ac.CACertProvided
}
func (ac *AssociationConf) GetCASecretName() string {
if ac == nil {
return ""
}
return ac.CASecretName
}
func (ac *AssociationConf) GetURL() string {
if ac == nil {
return ""
}
return ac.URL
}
func ElasticsearchConfigAnnotationName(o ObjectSelector) string {
// annotation key should be stable to allow the Elasticsearch Controller to only pick up the ones it expects,
// based on the ObjectSelector
return FormatNameWithID(ElasticsearchConfigAnnotationNameBase+"%s", hash.HashObject(o))
}