-
Notifications
You must be signed in to change notification settings - Fork 5k
Implement k8s secrets provider for Agent #24789
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 13 commits
996850e
fa16391
0b582b3
a0ad168
bb4fc0c
a2d9051
5e1dad2
be9f7b1
898e9cb
c731628
5d20635
da4a3d8
68d3ea7
5db6cad
5a85afb
eea350a
f023688
72cccc7
ae81eb1
fb8a33e
2332aec
7a0bdcf
22b5857
7551ef5
e47bb5a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||
|---|---|---|---|---|
|
|
@@ -9,6 +9,8 @@ import ( | |||
| "regexp" | ||||
| "strings" | ||||
| "unicode" | ||||
|
|
||||
| "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" | ||||
| ) | ||||
|
|
||||
| var varsRegex = regexp.MustCompile(`\${([\p{L}\d\s\\\-_|.'"]*)}`) | ||||
|
|
@@ -18,23 +20,24 @@ var ErrNoMatch = fmt.Errorf("no matching vars") | |||
|
|
||||
| // Vars is a context of variables that also contain a list of processors that go with the mapping. | ||||
| type Vars struct { | ||||
| tree *AST | ||||
| processorsKey string | ||||
| processors Processors | ||||
| tree *AST | ||||
| processorsKey string | ||||
| processors Processors | ||||
| fetchContextProviders map[string]composable.ContextProvider | ||||
| } | ||||
|
|
||||
| // NewVars returns a new instance of vars. | ||||
| func NewVars(mapping map[string]interface{}) (*Vars, error) { | ||||
| return NewVarsWithProcessors(mapping, "", nil) | ||||
| func NewVars(mapping map[string]interface{}, fetchContextProviders map[string]composable.ContextProvider) (*Vars, error) { | ||||
| return NewVarsWithProcessors(mapping, "", nil, fetchContextProviders) | ||||
| } | ||||
|
|
||||
| // NewVarsWithProcessors returns a new instance of vars with attachment of processors. | ||||
| func NewVarsWithProcessors(mapping map[string]interface{}, processorKey string, processors Processors) (*Vars, error) { | ||||
| func NewVarsWithProcessors(mapping map[string]interface{}, processorKey string, processors Processors, fetchContextProviders map[string]composable.ContextProvider) (*Vars, error) { | ||||
| tree, err := NewAST(mapping) | ||||
| if err != nil { | ||||
| return nil, err | ||||
| } | ||||
| return &Vars{tree, processorKey, processors}, nil | ||||
| return &Vars{tree, processorKey, processors, fetchContextProviders}, nil | ||||
| } | ||||
|
|
||||
| // Replace returns a new value based on variable replacement. | ||||
|
|
@@ -44,7 +47,6 @@ func (v *Vars) Replace(value string) (Node, error) { | |||
| if !validBrackets(value, matchIdxs) { | ||||
| return nil, fmt.Errorf("starting ${ is missing ending }") | ||||
| } | ||||
|
|
||||
| result := "" | ||||
| lastIndex := 0 | ||||
| for _, r := range matchIdxs { | ||||
|
|
@@ -55,6 +57,18 @@ func (v *Vars) Replace(value string) (Node, error) { | |||
| } | ||||
| set := false | ||||
| for _, val := range vars { | ||||
| for name, provider := range v.fetchContextProviders { | ||||
| if varPrefixMatched(val.Value(), name) { | ||||
| fetchProvider := provider.(composable.FetchContextProvider) | ||||
| fval, _ := fetchProvider.Fetch(val.Value()) | ||||
| result += value[lastIndex:r[0]] + fval | ||||
| set = true | ||||
| break | ||||
| } | ||||
| } | ||||
| if set { | ||||
| continue | ||||
| } | ||||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is it possible that getting a value from a fetch context provider returns something other than a string? Below you can see that it will replace full objects if its a
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I see, however no strong opinion here since I'm not super familiar with the combinations that could occur. Do you think that removing
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Now that I took a closer look at this file. This is definitely in the wrong place. At its current location it would try to find a constant string in a fetch context provider, we do not want that. Looking at it, this needs to be removed from here and moved into the: Leaving this function untouched.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @blakerouse I tried to move (see f023688) the code inside beats/x-pack/elastic-agent/pkg/eql/visitor.go Line 281 in 01eb297
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think I see the issue. You need to do the following: Add the following function to Then change See if that works.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 👍🏼 This fixes the issue, thank you! |
||||
| switch val.(type) { | ||||
| case *constString: | ||||
| result += value[lastIndex:r[0]] + val.Value() | ||||
|
|
||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| // Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
| // or more contributor license agreements. Licensed under the Elastic License; | ||
| // you may not use this file except in compliance with the Elastic License. | ||
|
|
||
| // TODO review the need for this | ||
| // +build linux darwin windows | ||
|
|
||
| package kubernetes_secrets | ||
|
|
||
| // Config for kubernetes provider | ||
| type Config struct { | ||
| KubeConfig string `config:"kube_config"` | ||
| } |
Uh oh!
There was an error while loading. Please reload this page.