elasticsearch: Add keystore management commands (#58)

Adds two new commands, which allow an Elasticsearch cluster's keystore
to be updated and to be shown:

* ecctl deployment elasticsearch keystore set <cluster id> -f def.json
* ecctl deployment elasticsearch keystore show <cluster id>

The specified keystore definition is treated as a partial and the values
in it are used to either create / update the keystore values. Existing
keystore values will not be affected if missing from the request.


Signed-off-by: Marc Lopez <marc5.12@outlook.com>

Author: marclop

cmd/deployment/elasticsearch/command.go

@@ -21,6 +21,7 @@ import (
 	"github.com/spf13/cobra"
 
 	cmdelasticsearchinstances "github.com/elastic/ecctl/cmd/deployment/elasticsearch/instances"
+	cmdelasticsearchkeystore "github.com/elastic/ecctl/cmd/deployment/elasticsearch/keystore"
 	cmdelasticsearchmonitoring "github.com/elastic/ecctl/cmd/deployment/elasticsearch/monitoring"
 	cmdelasticsearchplan "github.com/elastic/ecctl/cmd/deployment/elasticsearch/plan"
 )
@@ -40,5 +41,6 @@ func init() {
 		cmdelasticsearchmonitoring.Command,
 		cmdelasticsearchplan.Command,
 		cmdelasticsearchinstances.Command,
+		cmdelasticsearchkeystore.Command,
 	)
 }

cmd/deployment/elasticsearch/keystore/command.go

@@ -0,0 +1,32 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package cmdelasticsearchkeystore
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// Command is the elasticsearch keystore command
+var Command = &cobra.Command{
+	Use:     `keystore`,
+	Short:   "Manages an Elasticsearch cluster's keystore",
+	PreRunE: cobra.NoArgs,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return cmd.Help()
+	},
+}

cmd/deployment/elasticsearch/keystore/set.go

@@ -0,0 +1,88 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package cmdelasticsearchkeystore
+
+import (
+	"github.com/elastic/cloud-sdk-go/pkg/models"
+	"github.com/spf13/cobra"
+
+	cmdutil "github.com/elastic/ecctl/cmd/util"
+	"github.com/elastic/ecctl/pkg/deployment/elasticsearch"
+	"github.com/elastic/ecctl/pkg/ecctl"
+)
+
+const setKeystoreLong = `Manages the keystore settings of an Elasticsearch cluster.
+Note that each operation is add/modify only, unspecified existing keystore values will be unchanged.`
+
+var setKeystoreExamples = `
+$ cat keystore_example.json
+{
+    "secrets": {
+        "s3.client.foobar.access_key": {
+            "value": "AKIXAIQFKXPHIFXSILUWPA",
+            "as_file": false
+        },
+        "s3.client.foobar.secret_key": {
+            "value": "18qXOpY2zGlApay1237dLXh+LG1X5LUNWjTHq5X1SWjf++m+p0"
+        }
+    }
+}
+$ ecctl deployment elasticsearch keystore set 4c052fb17f65467a9b3c36d060106377 --file keystore_example.json
+{
+  "secrets": {
+    "s3.client.foobar.access_key": {
+      "as_file": false
+    },
+    "s3.client.foobar.secret_key": {
+      "as_file": false
+    }
+  }
+}`[1:]
+
+var setCmd = &cobra.Command{
+	Use:     `set <cluster id> -f <file definition.json>`,
+	Short:   "Updates an Elasticsearch cluster keystore with the contents of a file",
+	Long:    setKeystoreLong,
+	Example: setKeystoreExamples,
+	PreRunE: cmdutil.MinimumNArgsAndUUID(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		filename, _ := cmd.Flags().GetString("file")
+		var req models.KeystoreContents
+		if err := cmdutil.DecodeFile(filename, &req); err != nil {
+			return err
+		}
+
+		res, err := elasticsearch.SetKeystore(elasticsearch.SetKeystoreParams{
+			API:       ecctl.Get().API,
+			ClusterID: args[0],
+			Request:   &req,
+		})
+		if err != nil {
+			return err
+		}
+
+		return ecctl.Get().Formatter.Format("", res)
+	},
+}
+
+func init() {
+	Command.AddCommand(setCmd)
+	setCmd.Flags().StringP("file", "f", "", "JSON file that contains JSON-style domain-specific keystore definition")
+	setCmd.MarkFlagRequired("file")
+	setCmd.MarkFlagFilename("file", "*.json")
+}

cmd/deployment/elasticsearch/keystore/show.go

@@ -0,0 +1,60 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package cmdelasticsearchkeystore
+
+import (
+	"github.com/spf13/cobra"
+
+	cmdutil "github.com/elastic/ecctl/cmd/util"
+	"github.com/elastic/ecctl/pkg/deployment/elasticsearch"
+	"github.com/elastic/ecctl/pkg/ecctl"
+)
+
+const keystoreShowExample = `$ ecctl deployment elasticsearch keystore show 4c052fb17f65467a9b3c36d060106377
+{
+  "secrets": {
+    "s3.client.foobar.access_key": {
+      "as_file": false
+    },
+    "s3.client.foobar.secret_key": {
+      "as_file": false
+    }
+  }
+}`
+
+var getCmd = &cobra.Command{
+	Use:     `show <cluster id>`,
+	Short:   "Shows an Elasticsearch cluster's keystore settings",
+	Example: keystoreShowExample,
+	PreRunE: cmdutil.MinimumNArgsAndUUID(1),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		res, err := elasticsearch.GetKeystore(elasticsearch.GetKeystoreParams{
+			API:       ecctl.Get().API,
+			ClusterID: args[0],
+		})
+		if err != nil {
+			return err
+		}
+
+		return ecctl.Get().Formatter.Format("", res)
+	},
+}
+
+func init() {
+	Command.AddCommand(getCmd)
+}

docs/ecctl_deployment_elasticsearch.md

@@ -44,6 +44,7 @@ ecctl deployment elasticsearch [flags]
 * [ecctl deployment elasticsearch delete](ecctl_deployment_elasticsearch_delete.md)	 - Deletes an Elasticsearch cluster
 * [ecctl deployment elasticsearch diagnose](ecctl_deployment_elasticsearch_diagnose.md)	 - Generates a diagnostics bundle for the cluster
 * [ecctl deployment elasticsearch instances](ecctl_deployment_elasticsearch_instances.md)	 - Manages elasticsearch at the instance level
+* [ecctl deployment elasticsearch keystore](ecctl_deployment_elasticsearch_keystore.md)	 - Manages an Elasticsearch cluster's keystore
 * [ecctl deployment elasticsearch list](ecctl_deployment_elasticsearch_list.md)	 - Returns the list of Elasticsearch clusters
 * [ecctl deployment elasticsearch monitoring](ecctl_deployment_elasticsearch_monitoring.md)	 - Manages monitoring for an Elasticsearch cluster
 * [ecctl deployment elasticsearch plan](ecctl_deployment_elasticsearch_plan.md)	 - Manages Elasticsearch plans

docs/ecctl_deployment_elasticsearch_keystore.md

@@ -0,0 +1,44 @@
+## ecctl deployment elasticsearch keystore
+
+Manages an Elasticsearch cluster's keystore
+
+### Synopsis
+
+Manages an Elasticsearch cluster's keystore
+
+```
+ecctl deployment elasticsearch keystore [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for keystore
+```
+
+### Options inherited from parent commands
+
+```
+      --apikey string      API key to use to authenticate (If empty will look for EC_APIKEY environment variable)
+      --config string      Config name, used to have multiple configs in $HOME/.ecctl/<env> (default "config")
+      --force              Do not ask for confirmation
+      --format string      Formats the output using a Go template
+      --host string        Base URL to use
+      --insecure           Skips all TLS validation
+      --message string     A message to set on cluster operation
+      --output string      Output format [text|json] (default "text")
+      --pass string        Password to use to authenticate (If empty will look for EC_PASS environment variable)
+      --pprof              Enables pprofing and saves the profile to pprof-20060102150405
+  -q, --quiet              Suppresses the configuration file used for the run, if any
+      --timeout duration   Timeout to use on all HTTP calls (default 30s)
+      --trace              Enables tracing saves the trace to trace-20060102150405
+      --user string        Username to use to authenticate (If empty will look for EC_USER environment variable)
+      --verbose            Enable verbose mode
+```
+
+### SEE ALSO
+
+* [ecctl deployment elasticsearch](ecctl_deployment_elasticsearch.md)	 - Manages Elasticsearch clusters
+* [ecctl deployment elasticsearch keystore set](ecctl_deployment_elasticsearch_keystore_set.md)	 - Updates an Elasticsearch cluster keystore with the contents of a file
+* [ecctl deployment elasticsearch keystore show](ecctl_deployment_elasticsearch_keystore_show.md)	 - Shows an Elasticsearch cluster's keystore settings
+

docs/ecctl_deployment_elasticsearch_keystore_set.md

@@ -0,0 +1,72 @@
+## ecctl deployment elasticsearch keystore set
+
+Updates an Elasticsearch cluster keystore with the contents of a file
+
+### Synopsis
+
+Manages the keystore settings of an Elasticsearch cluster.
+Note that each operation is add/modify only, unspecified existing keystore values will be unchanged.
+
+```
+ecctl deployment elasticsearch keystore set <cluster id> -f <file definition.json> [flags]
+```
+
+### Examples
+
+```
+$ cat keystore_example.json
+{
+    "secrets": {
+        "s3.client.foobar.access_key": {
+            "value": "AKIXAIQFKXPHIFXSILUWPA",
+            "as_file": false
+        },
+        "s3.client.foobar.secret_key": {
+            "value": "18qXOpY2zGlApay1237dLXh+LG1X5LUNWjTHq5X1SWjf++m+p0"
+        }
+    }
+}
+$ ecctl deployment elasticsearch keystore set 4c052fb17f65467a9b3c36d060106377 --file keystore_example.json
+{
+  "secrets": {
+    "s3.client.foobar.access_key": {
+      "as_file": false
+    },
+    "s3.client.foobar.secret_key": {
+      "as_file": false
+    }
+  }
+}
+```
+
+### Options
+
+```
+  -f, --file string   JSON file that contains JSON-style domain-specific keystore definition
+  -h, --help          help for set
+```
+
+### Options inherited from parent commands
+
+```
+      --apikey string      API key to use to authenticate (If empty will look for EC_APIKEY environment variable)
+      --config string      Config name, used to have multiple configs in $HOME/.ecctl/<env> (default "config")
+      --force              Do not ask for confirmation
+      --format string      Formats the output using a Go template
+      --host string        Base URL to use
+      --insecure           Skips all TLS validation
+      --message string     A message to set on cluster operation
+      --output string      Output format [text|json] (default "text")
+      --pass string        Password to use to authenticate (If empty will look for EC_PASS environment variable)
+      --pprof              Enables pprofing and saves the profile to pprof-20060102150405
+  -q, --quiet              Suppresses the configuration file used for the run, if any
+      --timeout duration   Timeout to use on all HTTP calls (default 30s)
+      --trace              Enables tracing saves the trace to trace-20060102150405
+      --user string        Username to use to authenticate (If empty will look for EC_USER environment variable)
+      --verbose            Enable verbose mode
+```
+
+### SEE ALSO
+
+* [ecctl deployment elasticsearch keystore](ecctl_deployment_elasticsearch_keystore.md)	 - Manages an Elasticsearch cluster's keystore
+

docs/ecctl_deployment_elasticsearch_keystore_show.md

@@ -0,0 +1,58 @@
+## ecctl deployment elasticsearch keystore show
+
+Shows an Elasticsearch cluster's keystore settings
+
+### Synopsis
+
+Shows an Elasticsearch cluster's keystore settings
+
+```
+ecctl deployment elasticsearch keystore show <cluster id> [flags]
+```
+
+### Examples
+
+```
+$ ecctl deployment elasticsearch keystore show 4c052fb17f65467a9b3c36d060106377
+{
+  "secrets": {
+    "s3.client.foobar.access_key": {
+      "as_file": false
+    },
+    "s3.client.foobar.secret_key": {
+      "as_file": false
+    }
+  }
+}
+```
+
+### Options
+
+```
+  -h, --help   help for show
+```
+
+### Options inherited from parent commands
+
+```
+      --apikey string      API key to use to authenticate (If empty will look for EC_APIKEY environment variable)
+      --config string      Config name, used to have multiple configs in $HOME/.ecctl/<env> (default "config")
+      --force              Do not ask for confirmation
+      --format string      Formats the output using a Go template
+      --host string        Base URL to use
+      --insecure           Skips all TLS validation
+      --message string     A message to set on cluster operation
+      --output string      Output format [text|json] (default "text")
+      --pass string        Password to use to authenticate (If empty will look for EC_PASS environment variable)
+      --pprof              Enables pprofing and saves the profile to pprof-20060102150405
+  -q, --quiet              Suppresses the configuration file used for the run, if any
+      --timeout duration   Timeout to use on all HTTP calls (default 30s)
+      --trace              Enables tracing saves the trace to trace-20060102150405
+      --user string        Username to use to authenticate (If empty will look for EC_USER environment variable)
+      --verbose            Enable verbose mode
+```
+
+### SEE ALSO
+
+* [ecctl deployment elasticsearch keystore](ecctl_deployment_elasticsearch_keystore.md)	 - Manages an Elasticsearch cluster's keystore
+