APM users should not use the built-in "superuser" role

[barkbay]

I think there has been a regression regarding the role of the user used in the APM/ES association. The superuser built-in role is used while we should use one of the roles introduced in #2777

cloud-on-k8s/pkg/controller/association/controller/apm_es.go

Lines 37 to 39 in 2465556

	UserSecretSuffix: "apm-user",
	ESUserRole: esuser.SuperUserBuiltinRole,
	})

[sebgl]

:o my bad it probably happened concurrently with the recent refactoring!

[barkbay]

I guess we have to replace ESUserRole with a something like:

type AssociationInfo struct {
   ...
   ESUserRole func(commonv1.Associated) (string, error)
}

And then try to convert the interface to its implementation in the APM association controller:

// getRoles returns for a given version of the APM Server the set of required roles.
func getRoles(associated commonv1.Associated) (string, error) {
	apmServer, ok := associated.(*apmv1.ApmServer)
	if !ok {
		return "", errors.New(".....")
	}

	v, err := version.Parse(apmServer.Spec.Version)
	if err != nil {
		return "", err
	}
...

I will try to work on a fix.