add elasticsearch API key support (#63)

* add elasticsearch API key support * Update Readme --------- Co-authored-by: Marek Hornak <[email protected]>
xco-sk · Sep 14, 2023 · ad5f065 · ad5f065
1 parent e428fa6
commit ad5f065
Show file tree

Hide file tree

Showing 18 changed files with 637 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ Currently supported resources:
   - [Snapshot lifecycle policy](docs/cr_snapshot_lifecycle_policy.md)
   - [User](docs/cr_user.md)
   - [Role](docs/cr_role.md)
+  - [API key](docs/cr_apikey.md)
 - For Kibana:
   - [Kibana Instance](docs/cr_kibana_instance.md)
   - [Space](docs/cr_space.md)
@@ -39,6 +40,12 @@ Configuration options are documented in [chart README file](charts/eck-custom-re
 
 ## Upgrade guide
 
+### From 0.5.0 to 0.6.0
+The Elasticsearch API Key support was introduced. To apply the CRD, run:
+```
+kubectl apply --server-side -f https://raw.githubusercontent.com/xco-sk/eck-custom-resources/eck-custom-resources-operator-0.6.0/config/crd/bases/es.eck.github.com_elasticsearchapikeys.yaml
+```
+
 ### From 0.4.1 to 0.5.0
 The Multi-target support was introduced. This changes is backward compatible, but in order to make use of the multi-target support
 apply the new CRDs manually:

diff --git a/apis/es.eck/v1alpha1/elasticsearchapikey_types.go b/apis/es.eck/v1alpha1/elasticsearchapikey_types.go
@@ -0,0 +1,58 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// ElasticsearchApikeySpec defines the desired state of ElasticsearchApikey
+type ElasticsearchApikeySpec struct {
+	// +optional
+	TargetConfig CommonElasticsearchConfig `json:"targetInstance,omitempty"`
+
+	Body string `json:"body"`
+}
+
+// ElasticsearchApikeyStatus defines the observed state of ElasticsearchApikey
+type ElasticsearchApikeyStatus struct {
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// ElasticsearchApikey is the Schema for the elasticsearchApikeys API
+type ElasticsearchApikey struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   ElasticsearchApikeySpec   `json:"spec,omitempty"`
+	Status ElasticsearchApikeyStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// ElasticsearchApikeyList contains a list of ElasticsearchApikey
+type ElasticsearchApikeyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ElasticsearchApikey `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ElasticsearchApikey{}, &ElasticsearchApikeyList{})
+}
diff --git a/apis/es.eck/v1alpha1/zz_generated.deepcopy.go b/apis/es.eck/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/eck-custom-resources-operator/Chart.yaml b/charts/eck-custom-resources-operator/Chart.yaml
@@ -9,5 +9,5 @@ maintainers:
     email: [email protected]
     url: https://github.com/xco-sk
 type: application
-version: 0.5.6
-appVersion: 0.5.6
+version: 0.6.0
+appVersion: 0.6.0
diff --git a/charts/eck-custom-resources-operator/templates/role.yaml b/charts/eck-custom-resources-operator/templates/role.yaml
@@ -14,6 +14,36 @@ rules:
   - get
   - list
   - watch
+  - create
+  - delete
+  - patch
+  - watch
+- apiGroups:
+  - es.eck.github.com
+  resources:
+  - elasticsearchapikeys
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - es.eck.github.com
+  resources:
+  - elasticsearchapikeys/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - es.eck.github.com
+  resources:
+  - elasticsearchapikeys/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - ""
   resources:

diff --git a/config/crd/bases/es.eck.github.com_elasticsearchapikeys.yaml b/config/crd/bases/es.eck.github.com_elasticsearchapikeys.yaml
@@ -0,0 +1,62 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.8.0
+  creationTimestamp: null
+  name: elasticsearchapikeys.es.eck.github.com
+spec:
+  group: es.eck.github.com
+  names:
+    kind: ElasticsearchApikey
+    listKind: ElasticsearchApikeyList
+    plural: elasticsearchapikeys
+    singular: elasticsearchapikey
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ElasticsearchApikey is the Schema for the elasticsearchApikeys
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ElasticsearchApikeySpec defines the desired state of ElasticsearchApikey
+            properties:
+              body:
+                type: string
+              targetInstance:
+                properties:
+                  name:
+                    type: string
+                type: object
+            required:
+            - body
+            type: object
+          status:
+            description: ElasticsearchApikeyStatus defines the observed state of ElasticsearchApikey
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -19,6 +19,7 @@ resources:
 - bases/kibana.eck.github.com_dataviews.yaml
 - bases/kibana.eck.github.com_kibanainstances.yaml
 - bases/es.eck.github.com_elasticsearchinstances.yaml
+- bases/es.eck.github.com_elasticsearchapikeys.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -41,6 +42,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_dataviews.yaml
 #- patches/webhook_in_kibanainstances.yaml
 #- patches/webhook_in_elasticsearchinstances.yaml
+#- patches/webhook_in_elasticsearchapikeys.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
@@ -62,6 +64,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_dataviews.yaml
 #- patches/cainjection_in_kibanainstances.yaml
 #- patches/cainjection_in_elasticsearchinstances.yaml
+#- patches/cainjection_in_elasticsearchapikeys.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

diff --git a/config/crd/patches/cainjection_in_elasticsearchapikeys.yaml b/config/crd/patches/cainjection_in_elasticsearchapikeys.yaml
@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: elasticsearchapikeys.es.eck.github.com
diff --git a/config/crd/patches/webhook_in_elasticsearchapikeys.yaml b/config/crd/patches/webhook_in_elasticsearchapikeys.yaml
@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: elasticsearchapikeys.es.eck.github.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1
diff --git a/config/rbac/elasticsearchapikey_editor_role.yaml b/config/rbac/elasticsearchapikey_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit elasticsearchusers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: elasticsearchapikey-editor-role
+rules:
+- apiGroups:
+  - es.eck.github.com
+  resources:
+  - elasticsearchapikeys
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - es.eck.github.com
+  resources:
+  - elasticsearchapikeys/status
+  verbs:
+  - get
diff --git a/config/rbac/elasticsearchapikey_viewer_role.yaml b/config/rbac/elasticsearchapikey_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view elasticsearchusers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: elasticsearchapikey-viewer-role
+rules:
+- apiGroups:
+  - es.eck.github.com
+  resources:
+  - elasticsearchapikeys
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - es.eck.github.com
+  resources:
+  - elasticsearchapikeys/status
+  verbs:
+  - get