Implement k8s secrets provider for Agent

x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/controller.go

@@ -50,7 +50,7 @@ func NewController(
 	caps capabilities.Capability,
 	reloadables ...reloadable,
 ) *Controller {
-	init, _ := transpiler.NewVars(map[string]interface{}{})
+	init, _ := transpiler.NewVars(map[string]interface{}{}, nil)
 
 	return &Controller{
 		logger:      log,

x-pack/elastic-agent/pkg/agent/cmd/include.go

@@ -11,6 +11,7 @@ import (
 	_ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/env"
 	_ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/host"
 	_ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/kubernetes"
+	_ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/kubernetes_secrets"
 	_ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/local"
 	_ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/localdynamic"
 	_ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/path"

x-pack/elastic-agent/pkg/agent/transpiler/ast_test.go

@@ -1616,7 +1616,7 @@ func TestHash(t *testing.T) {
 }
 
 func mustMakeVars(mapping map[string]interface{}) *Vars {
-	v, err := NewVars(mapping)
+	v, err := NewVars(mapping, nil)
 	if err != nil {
 		panic(err)
 	}

x-pack/elastic-agent/pkg/agent/transpiler/utils_test.go

@@ -737,7 +737,7 @@ func TestRenderInputs(t *testing.T) {
 }
 
 func mustMakeVarsP(mapping map[string]interface{}, processorKey string, processors Processors) *Vars {
-	v, err := NewVarsWithProcessors(mapping, processorKey, processors)
+	v, err := NewVarsWithProcessors(mapping, processorKey, processors, nil)
 	if err != nil {
 		panic(err)
 	}

x-pack/elastic-agent/pkg/agent/transpiler/vars.go

@@ -9,6 +9,10 @@ import (
 	"regexp"
 	"strings"
 	"unicode"
+
+	"github.com/elastic/beats/v7/libbeat/common"
+
+	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable"
 )
 
 var varsRegex = regexp.MustCompile(`\${([\p{L}\d\s\\\-_|.'"]*)}`)
@@ -18,23 +22,24 @@ var ErrNoMatch = fmt.Errorf("no matching vars")
 
 // Vars is a context of variables that also contain a list of processors that go with the mapping.
 type Vars struct {
-	tree          *AST
-	processorsKey string
-	processors    Processors
+	tree                  *AST
+	processorsKey         string
+	processors            Processors
+	fetchContextProviders common.MapStr
 }
 
 // NewVars returns a new instance of vars.
-func NewVars(mapping map[string]interface{}) (*Vars, error) {
-	return NewVarsWithProcessors(mapping, "", nil)
+func NewVars(mapping map[string]interface{}, fetchContextProviders common.MapStr) (*Vars, error) {
+	return NewVarsWithProcessors(mapping, "", nil, fetchContextProviders)
 }
 
 // NewVarsWithProcessors returns a new instance of vars with attachment of processors.
-func NewVarsWithProcessors(mapping map[string]interface{}, processorKey string, processors Processors) (*Vars, error) {
+func NewVarsWithProcessors(mapping map[string]interface{}, processorKey string, processors Processors, fetchContextProviders common.MapStr) (*Vars, error) {
 	tree, err := NewAST(mapping)
 	if err != nil {
 		return nil, err
 	}
-	return &Vars{tree, processorKey, processors}, nil
+	return &Vars{tree, processorKey, processors, fetchContextProviders}, nil
 }
 
 // Replace returns a new value based on variable replacement.
@@ -44,7 +49,6 @@ func (v *Vars) Replace(value string) (Node, error) {
 	if !validBrackets(value, matchIdxs) {
 		return nil, fmt.Errorf("starting ${ is missing ending }")
 	}
-
 	result := ""
 	lastIndex := 0
 	for _, r := range matchIdxs {
@@ -55,6 +59,22 @@ func (v *Vars) Replace(value string) (Node, error) {
 			}
 			set := false
 			for _, val := range vars {
+				for providerName, provider := range v.fetchContextProviders {
+					if varPrefixMatched(val.Value(), providerName) {
+						fetchProvider := provider.(composable.FetchContextProvider)
+						fval, found := fetchProvider.Fetch(val.Value())
+						if found {
+							result += value[lastIndex:r[0]] + fval
+							set = true
+							break
+						} else {
+							return NewStrVal(""), ErrNoMatch
+						}
+					}
+				}
+				if set {
+					continue
+				}
 				switch val.(type) {
 				case *constString:
 					result += value[lastIndex:r[0]] + val.Value()

x-pack/elastic-agent/pkg/agent/transpiler/vars_test.go

@@ -215,7 +215,8 @@ func TestVars_ReplaceWithProcessors(t *testing.T) {
 			},
 		},
 		"dynamic",
-		processers)
+		processers,
+		nil)
 	require.NoError(t, err)
 
 	res, err := vars.Replace("${testing.key1}")

x-pack/elastic-agent/pkg/composable/context.go

@@ -5,30 +5,16 @@
 package composable
 
 import (
-	"context"
 	"fmt"
 	"strings"
 
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config"
+	corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger"
 )
 
-// ContextProviderComm is the interface that a context provider uses to communicate back to Elastic Agent.
-type ContextProviderComm interface {
-	context.Context
-
-	// Set sets the current mapping for this context.
-	Set(map[string]interface{}) error
-}
-
-// ContextProvider is the interface that a context provider must implement.
-type ContextProvider interface {
-	// Run runs the context provider.
-	Run(ContextProviderComm) error
-}
-
 // ContextProviderBuilder creates a new context provider based on the given config and returns it.
-type ContextProviderBuilder func(log *logger.Logger, config *config.Config) (ContextProvider, error)
+type ContextProviderBuilder func(log *logger.Logger, config *config.Config) (corecomp.ContextProvider, error)
 
 // AddContextProvider adds a new ContextProviderBuilder
 func (r *providerRegistry) AddContextProvider(name string, builder ContextProviderBuilder) error {

x-pack/elastic-agent/pkg/composable/controller.go

@@ -8,16 +8,18 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"strings"
-
 	"reflect"
 	"sort"
+	"strings"
 	"sync"
 	"time"
 
+	"github.com/elastic/beats/v7/libbeat/common"
+
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config"
+	corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger"
 )
 
@@ -98,6 +100,9 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error {
 	notify := make(chan bool, 5000)
 	localCtx, cancel := context.WithCancel(ctx)
 
+	//fetchContextProviders := make(map[string]corecomp.ContextProvider, len(FetchContextProviders))
+	fetchContextProviders := common.MapStr{}
+
 	// run all the enabled context providers
 	for name, state := range c.contextProviders {
 		state.Context = localCtx
@@ -107,6 +112,9 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error {
 			cancel()
 			return errors.New(err, fmt.Sprintf("failed to run provider '%s'", name), errors.TypeConfig, errors.M("provider", name))
 		}
+		if p, ok := state.provider.(corecomp.FetchContextProvider); ok {
+			fetchContextProviders.Put(name, p)
+		}
 	}
 
 	// run all the enabled dynamic providers
@@ -151,15 +159,15 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error {
 				mapping[name] = state.Current()
 			}
 			// this is ensured not to error, by how the mappings states are verified
-			vars[0], _ = transpiler.NewVars(mapping)
+			vars[0], _ = transpiler.NewVars(mapping, fetchContextProviders)
 
 			// add to the vars list for each dynamic providers mappings
 			for name, state := range c.dynamicProviders {
 				for _, mappings := range state.Mappings() {
 					local, _ := cloneMap(mapping) // will not fail; already been successfully cloned once
 					local[name] = mappings.mapping
 					// this is ensured not to error, by how the mappings states are verified
-					v, _ := transpiler.NewVarsWithProcessors(local, name, mappings.processors)
+					v, _ := transpiler.NewVarsWithProcessors(local, name, mappings.processors, fetchContextProviders)
 					vars = append(vars, v)
 				}
 			}
@@ -175,7 +183,7 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error {
 type contextProviderState struct {
 	context.Context
 
-	provider ContextProvider
+	provider corecomp.ContextProvider
 	lock     sync.RWMutex
 	mapping  map[string]interface{}
 	signal   chan bool
@@ -189,7 +197,7 @@ func (c *contextProviderState) Set(mapping map[string]interface{}) error {
 		return err
 	}
 	// ensure creating vars will not error
-	_, err = transpiler.NewVars(mapping)
+	_, err = transpiler.NewVars(mapping, nil)
 	if err != nil {
 		return err
 	}
@@ -244,7 +252,7 @@ func (c *dynamicProviderState) AddOrUpdate(id string, priority int, mapping map[
 		return err
 	}
 	// ensure creating vars will not error
-	_, err = transpiler.NewVars(mapping)
+	_, err = transpiler.NewVars(mapping, nil)
 	if err != nil {
 		return err
 	}

x-pack/elastic-agent/pkg/composable/providers/agent/agent.go

@@ -9,6 +9,7 @@ import (
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config"
+	corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release"
 )
@@ -20,7 +21,7 @@ func init() {
 type contextProvider struct{}
 
 // Run runs the Agent context provider.
-func (*contextProvider) Run(comm composable.ContextProviderComm) error {
+func (*contextProvider) Run(comm corecomp.ContextProviderComm) error {
 	a, err := info.NewAgentInfo()
 	if err != nil {
 		return err
@@ -41,6 +42,6 @@ func (*contextProvider) Run(comm composable.ContextProviderComm) error {
 }
 
 // ContextProviderBuilder builds the context provider.
-func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (composable.ContextProvider, error) {
+func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (corecomp.ContextProvider, error) {
 	return &contextProvider{}, nil
 }

x-pack/elastic-agent/pkg/composable/providers/env/env.go

@@ -11,6 +11,7 @@ import (
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config"
+	corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger"
 )
 
@@ -21,7 +22,7 @@ func init() {
 type contextProvider struct{}
 
 // Run runs the environment context provider.
-func (*contextProvider) Run(comm composable.ContextProviderComm) error {
+func (*contextProvider) Run(comm corecomp.ContextProviderComm) error {
 	err := comm.Set(getEnvMapping())
 	if err != nil {
 		return errors.New(err, "failed to set mapping", errors.TypeUnexpected)
@@ -30,7 +31,7 @@ func (*contextProvider) Run(comm composable.ContextProviderComm) error {
 }
 
 // ContextProviderBuilder builds the context provider.
-func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (composable.ContextProvider, error) {
+func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (corecomp.ContextProvider, error) {
 	return &contextProvider{}, nil
 }
 

x-pack/elastic-agent/pkg/composable/providers/host/host.go

@@ -16,6 +16,7 @@ import (
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config"
+	corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable"
 	"github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger"
 )
 
@@ -38,7 +39,7 @@ type contextProvider struct {
 }
 
 // Run runs the environment context provider.
-func (c *contextProvider) Run(comm composable.ContextProviderComm) error {
+func (c *contextProvider) Run(comm corecomp.ContextProviderComm) error {
 	current, err := c.fetcher()
 	if err != nil {
 		return err
@@ -79,7 +80,7 @@ func (c *contextProvider) Run(comm composable.ContextProviderComm) error {
 }
 
 // ContextProviderBuilder builds the context provider.
-func ContextProviderBuilder(log *logger.Logger, c *config.Config) (composable.ContextProvider, error) {
+func ContextProviderBuilder(log *logger.Logger, c *config.Config) (corecomp.ContextProvider, error) {
 	p := &contextProvider{
 		logger:  log,
 		fetcher: getHostInfo,

x-pack/elastic-agent/pkg/composable/providers/kubernetes_secrets/config.go

@@ -0,0 +1,13 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+// TODO review the need for this
+// +build linux darwin windows
+
+package kubernetes_secrets
+
+// Config for kubernetes provider
+type Config struct {
+	KubeConfig string `config:"kube_config"`
+}