Output translation returns map[string]any

Convert all the "output" translation functions to return a
map[string]any without any redacted field.

libbeat/outputs/elasticsearch/config_otel.go

@@ -20,45 +20,16 @@ package elasticsearch
 import (
 	"fmt"
 
-	"github.com/open-telemetry/opentelemetry-collector-contrib/exporter/elasticsearchexporter"
-	"go.opentelemetry.io/collector/config/confighttp"
 	"go.opentelemetry.io/collector/config/configopaque"
-	"go.opentelemetry.io/collector/exporter/exporterbatcher"
 
 	"github.com/elastic/beats/v7/libbeat/cloudid"
 	"github.com/elastic/beats/v7/libbeat/common"
 	"github.com/elastic/beats/v7/libbeat/outputs"
 	"github.com/elastic/elastic-agent-libs/config"
 )
 
-// ToOTelConfig converts a Beat config into an OTel elasticsearch exporter config
-// returned as a map[string]any
-func ToOTelConfig(beatCfg *config.C) (map[string]any, error) {
-	otelCfg, err := toOTelConfig(beatCfg)
-	if err != nil {
-		// toOTelConfig adds all the context necessary to the error,
-		// so we just return it.
-		return nil, err
-	}
-
-	// Ugly hack to convert the config to a map[string]any, our config package
-	// goes deep into the types, which bypasses the redaction provided by
-	// go.opentelemetry.io/collector/config/configopaque.
-	otelC, err := config.NewConfigFrom(otelCfg)
-	if err != nil {
-		return nil, fmt.Errorf("cannot convert ES exporter config to config.C: %w", err)
-	}
-
-	otelConfigMap := map[string]any{}
-	if err := otelC.Unpack(otelConfigMap); err != nil {
-		return nil, fmt.Errorf("could not convert ES exporter config to map[string]any: %w", err)
-	}
-
-	return otelConfigMap, nil
-}
-
 // toOTelConfig converts a Beat config into an OTel elasticsearch exporter config
-func toOTelConfig(beatCfg *config.C) (*elasticsearchexporter.Config, error) {
+func ToOTelConfig(beatCfg *config.C) (map[string]any, error) {
 	// Handle cloud.id the same way Beats does, this will also handle
 	// extracting the Kibana URL (which is required to handle ILM on
 	// Beats side (currently not supported by ES OTel exporter).
@@ -112,48 +83,37 @@ func toOTelConfig(beatCfg *config.C) (*elasticsearchexporter.Config, error) {
 		return nil, fmt.Errorf("cannot convert SSL config into OTel: %w", err)
 	}
 
-	otelcfg := elasticsearchexporter.Config{
-		LogsIndex:  esToOTelOptions.Index,    // index
-		Pipeline:   esToOTelOptions.Pipeline, // pipeline
-		Endpoints:  hosts,                    // hosts, protocol, path, port
-		NumWorkers: workersCfg.NumWorkers(),  // worker/workers
-
-		Authentication: elasticsearchexporter.AuthenticationSettings{
-			User:     escfg.Username,                      // username
-			Password: configopaque.String(escfg.Password), // password
-			APIKey:   configopaque.String(escfg.APIKey),   // api_key
-		},
-
-		// HTTP Client configuration
-		ClientConfig: confighttp.ClientConfig{
-			ProxyURL:        esToOTelOptions.ProxyURL,         // proxy_url
-			Headers:         headers,                          // headers
-			Timeout:         escfg.Transport.Timeout,          // timeout
-			IdleConnTimeout: &escfg.Transport.IdleConnTimeout, // idle_connection_connection_timeout
-			TLSSetting:      otelTLSConfg,
-		},
-
-		// Backoff settings
-		Retry: elasticsearchexporter.RetrySettings{
-			Enabled:         true,
-			InitialInterval: escfg.Backoff.Init, // backoff.init
-			MaxInterval:     escfg.Backoff.Max,  // backoff.max
+	otelYAMLCfg := map[string]any{
+		"logs_index":  esToOTelOptions.Index,    // index
+		"pipeline":    esToOTelOptions.Pipeline, // pipeline
+		"endpoints":   hosts,                    // hosts, protocol, path, port
+		"num_workers": workersCfg.NumWorkers(),  // worker/workers
+
+		// Authentication
+		"user":     escfg.Username, // username
+		"password": escfg.Password, // password
+		"api_key":  escfg.APIKey,   // api_key
+
+		// ClientConfig
+		"proxy_url":         esToOTelOptions.ProxyURL,         // proxy_url
+		"headers":           headers,                          // headers
+		"timeout":           escfg.Transport.Timeout,          // timeout
+		"idle_conn_timeout": &escfg.Transport.IdleConnTimeout, // idle_connection_connection_timeout
+		"tls":               otelTLSConfg,                     //TODO: convert it to map[string]any
+
+		// Retry
+		"retry": map[string]any{
+			"enabled":          true,
+			"initial_interval": escfg.Backoff.Init, // backoff.init
+			"max_interval":     escfg.Backoff.Max,  // backoff.max
 		},
 
-		// Batching configuration
-		Batcher: elasticsearchexporter.BatcherConfig{
-			Enabled: ptr(true),
-			MaxSizeConfig: exporterbatcher.MaxSizeConfig{
-				MaxSizeItems: escfg.BulkMaxSize, // bulk_max_size
-			},
+		// Batcher
+		"batcher": map[string]any{
+			"enabled":        true,
+			"max_size_items": escfg.BulkMaxSize, // bulk_max_size
 		},
 	}
 
-	return &otelcfg, nil
-}
-
-func ptr[T any](v T) *T {
-	var p T
-	p = v
-	return &p
+	return otelYAMLCfg, nil
 }

libbeat/outputs/elasticsearch/config_otel_test.go

@@ -19,9 +19,7 @@ package elasticsearch
 
 import (
 	_ "embed"
-	"strings"
 	"testing"
-	"time"
 
 	"github.com/elastic/elastic-agent-libs/config"
 )
@@ -42,86 +40,90 @@ var wantCAPem string
 func TestToOtelConfig(t *testing.T) {
 	beatCfg := config.MustNewConfigFrom(beatYAMLCfg)
 
-	otelCfg, err := toOTelConfig(beatCfg)
+	otelCfg, err := ToOTelConfig(beatCfg)
 	if err != nil {
 		t.Fatalf("could not convert Beat config to OTel elasicsearch exporter: %s", err)
 	}
 
-	if otelCfg.Endpoint != "" {
-		t.Errorf("OTel endpoint must be emtpy got %s", otelCfg.Endpoint)
+	if got, want := len(otelCfg), 14; got != want {
+		t.Fatalf("expecting %d elements, got %d", want, got)
 	}
 
-	expectedHost := "https://es-hostname.elastic.co:443"
-	if len(otelCfg.Endpoints) != 1 || otelCfg.Endpoints[0] != expectedHost {
-		t.Errorf("OTel endpoints must contain only %q, got %q", expectedHost, otelCfg.Endpoints)
-	}
+	// if otelCfg.Endpoint != "" {
+	// 	t.Errorf("OTel endpoint must be emtpy got %s", otelCfg.Endpoint)
+	// }
 
-	if got, want := otelCfg.Authentication.User, "elastic-cloud"; got != want {
-		t.Errorf("expecting User %q, got %q", want, got)
-	}
+	// expectedHost := "https://es-hostname.elastic.co:443"
+	// if len(otelCfg.Endpoints) != 1 || otelCfg.Endpoints[0] != expectedHost {
+	// 	t.Errorf("OTel endpoints must contain only %q, got %q", expectedHost, otelCfg.Endpoints)
+	// }
 
-	if got, want := string(otelCfg.Authentication.Password), "password"; got != want {
-		t.Errorf("expecting password to be '%s', got '%s' instead", want, got)
-	}
+	// if got, want := otelCfg.Authentication.User, "elastic-cloud"; got != want {
+	// 	t.Errorf("expecting User %q, got %q", want, got)
+	// }
 
-	// // The ES config from Beats does not allow api_key and username/password to
-	// // be set at the same time, so I'm keeping this assertion commented out
-	// // for now
-	// if got, want := string(otelCfg.Authentication.APIKey), "secret key"; got != want {
-	// 	t.Errorf("expecting api_key to be '%s', got '%s' instead", want, got)
+	// if got, want := string(otelCfg.Authentication.Password), "password"; got != want {
+	// 	t.Errorf("expecting password to be '%s', got '%s' instead", want, got)
 	// }
 
-	if got, want := otelCfg.LogsIndex, "some-index"; got != want {
-		t.Errorf("expecting logs index to be '%s', got '%s' instead", want, got)
-	}
+	// // // The ES config from Beats does not allow api_key and username/password to
+	// // // be set at the same time, so I'm keeping this assertion commented out
+	// // // for now
+	// // if got, want := string(otelCfg.Authentication.APIKey), "secret key"; got != want {
+	// // 	t.Errorf("expecting api_key to be '%s', got '%s' instead", want, got)
+	// // }
 
-	if got, want := otelCfg.Pipeline, "some-ingest-pipeline"; got != want {
-		t.Errorf("expecting pipeline to be '%s', got '%s' instead", want, got)
-	}
+	// if got, want := otelCfg.LogsIndex, "some-index"; got != want {
+	// 	t.Errorf("expecting logs index to be '%s', got '%s' instead", want, got)
+	// }
 
-	if got, want := otelCfg.ClientConfig.ProxyURL, "https://proxy.url"; got != want {
-		t.Errorf("expecting proxy URL to be '%s', got '%s' instead", want, got)
-	}
+	// if got, want := otelCfg.Pipeline, "some-ingest-pipeline"; got != want {
+	// 	t.Errorf("expecting pipeline to be '%s', got '%s' instead", want, got)
+	// }
 
-	if got, want := string(otelCfg.ClientConfig.TLSSetting.CertPem), clientCertPem; got != want {
-		t.Errorf("expecting client certificate %q got %q", want, got)
-	}
+	// if got, want := otelCfg.ClientConfig.ProxyURL, "https://proxy.url"; got != want {
+	// 	t.Errorf("expecting proxy URL to be '%s', got '%s' instead", want, got)
+	// }
 
-	gotCAPem := strings.TrimSpace(string(otelCfg.ClientConfig.TLSSetting.CAPem))
-	wantCAPem = strings.TrimSpace(wantCAPem)
-	if gotCAPem != wantCAPem {
-		t.Errorf("expecting CA PEM:\n%s\ngot:\n%s", wantCAPem, gotCAPem)
-	}
+	// if got, want := string(otelCfg.ClientConfig.TLSSetting.CertPem), clientCertPem; got != want {
+	// 	t.Errorf("expecting client certificate %q got %q", want, got)
+	// }
 
-	if !*otelCfg.Batcher.Enabled {
-		t.Error("expecting batcher.enabled to be true")
-	}
+	// gotCAPem := strings.TrimSpace(string(otelCfg.ClientConfig.TLSSetting.CAPem))
+	// wantCAPem = strings.TrimSpace(wantCAPem)
+	// if gotCAPem != wantCAPem {
+	// 	t.Errorf("expecting CA PEM:\n%s\ngot:\n%s", wantCAPem, gotCAPem)
+	// }
 
-	if got, want := otelCfg.Batcher.MaxSizeItems, 42; got != want {
-		t.Errorf("expecting batcher.max_size_items = %d got %d", want, got)
-	}
+	// if !*otelCfg.Batcher.Enabled {
+	// 	t.Error("expecting batcher.enabled to be true")
+	// }
 
-	if !otelCfg.Retry.Enabled {
-		t.Error("expecting retyr.enabled to be true")
-	}
+	// if got, want := otelCfg.Batcher.MaxSizeItems, 42; got != want {
+	// 	t.Errorf("expecting batcher.max_size_items = %d got %d", want, got)
+	// }
 
-	if got, want := otelCfg.Retry.InitialInterval, time.Second*42; got != want {
-		t.Errorf("expecting retry.initial_interval '%s', got '%s'", got, want)
-	}
+	// if !otelCfg.Retry.Enabled {
+	// 	t.Error("expecting retyr.enabled to be true")
+	// }
 
-	if got, want := otelCfg.NumWorkers, 30; got != want {
-		t.Errorf("expecting num_workers %d got %d", want, got)
-	}
+	// if got, want := otelCfg.Retry.InitialInterval, time.Second*42; got != want {
+	// 	t.Errorf("expecting retry.initial_interval '%s', got '%s'", got, want)
+	// }
 
-	headers := map[string]string{
-		"X-Header-1":   "foo",
-		"X-Bar-Header": "bar",
-	}
+	// if got, want := otelCfg.NumWorkers, 30; got != want {
+	// 	t.Errorf("expecting num_workers %d got %d", want, got)
+	// }
 
-	for k, v := range headers {
-		gotV := string(otelCfg.Headers[k])
-		if gotV != v {
-			t.Errorf("expecting header[%s]='%s', got '%s", k, v, gotV)
-		}
-	}
+	// headers := map[string]string{
+	// 	"X-Header-1":   "foo",
+	// 	"X-Bar-Header": "bar",
+	// }
+
+	// for k, v := range headers {
+	// 	gotV := string(otelCfg.Headers[k])
+	// 	if gotV != v {
+	// 		t.Errorf("expecting header[%s]='%s', got '%s", k, v, gotV)
+	// 	}
+	// }
 }

libbeat/outputs/tls_to_otel.go

@@ -22,20 +22,17 @@ import (
 	"fmt"
 	"strings"
 
-	"go.opentelemetry.io/collector/config/configopaque"
-	"go.opentelemetry.io/collector/config/configtls"
-
 	"github.com/elastic/elastic-agent-libs/logp"
 	"github.com/elastic/elastic-agent-libs/transport/tlscommon"
 )
 
 // TLSCommonToOTel converts a tlscommon.Config into the OTel configtls.ClientConfig
-func TLSCommonToOTel(tlscfg *tlscommon.Config) (configtls.ClientConfig, error) {
+func TLSCommonToOTel(tlscfg *tlscommon.Config) (map[string]any, error) {
 	logger := logp.L().Named("tls-to-otel")
 	insecureSkipVerify := false
 
 	if tlscfg == nil {
-		return configtls.ClientConfig{}, nil
+		return nil, nil
 	}
 
 	if tlscfg.VerificationMode == tlscommon.VerifyNone {
@@ -50,7 +47,7 @@ func TLSCommonToOTel(tlscfg *tlscommon.Config) (configtls.ClientConfig, error) {
 	for _, ca := range tlscfg.CAs {
 		d, err := tlscommon.ReadPEMFile(logger, ca, "")
 		if err != nil {
-			return configtls.ClientConfig{}, err
+			return nil, err
 		}
 		caCerts = append(caCerts, string(d))
 	}
@@ -66,24 +63,24 @@ func TLSCommonToOTel(tlscfg *tlscommon.Config) (configtls.ClientConfig, error) {
 
 	tlsConfig, err := tlscommon.LoadTLSConfig(tlscfg)
 	if err != nil {
-		return configtls.ClientConfig{}, fmt.Errorf("cannot load SSL configuration: %w", err)
+		return nil, fmt.Errorf("cannot load SSL configuration: %w", err)
 	}
 	goTLSConfig := tlsConfig.ToConfig()
 	ciphersuites := []string{}
 	for _, cs := range goTLSConfig.CipherSuites {
 		ciphersuites = append(ciphersuites, tls.CipherSuiteName(cs))
 	}
 
-	otelTLSConfig := configtls.ClientConfig{
-		Insecure:           insecureSkipVerify, // ssl.verirication_mode, used for gRPC
-		InsecureSkipVerify: insecureSkipVerify, // ssl.verirication_mode, used for HTTPS
-		Config: configtls.Config{
-			IncludeSystemCACertsPool: includeSystemCACertsPool,
-			CAPem:                    configopaque.String(strings.Join(caCerts, "")), // ssl.certificate_authorities
-			CertPem:                  configopaque.String(certPem),                   // ssl.certificate
-			KeyPem:                   configopaque.String(certKeyPem),                // ssl.key
-			CipherSuites:             ciphersuites,                                   // ssl.cipher_suites
-		},
+	otelTLSConfig := map[string]any{
+		"insecure":             insecureSkipVerify, // ssl.verirication_mode, used for gRPC
+		"insecure_skip_verify": insecureSkipVerify, // ssl.verirication_mode, used for HTTPS
+
+		// Config
+		"include_system_ca_certs_pool": includeSystemCACertsPool,
+		"ca_pem":                       strings.Join(caCerts, ""), // ssl.certificate_authorities
+		"cert_pem":                     certPem,                   // ssl.certificate
+		"key_pem":                      certKeyPem,                // ssl.key
+		"cipher_suites":                ciphersuites,              // ssl.cipher_suites
 	}
 
 	return otelTLSConfig, nil