in pkg/controller/agent/config.go [86:148]
func buildOutputConfig(params Params) (*settings.CanonicalConfig, error) {
if params.Agent.Spec.FleetModeEnabled() {
// in fleet mode outputs are owned by fleet
return settings.NewCanonicalConfig(), nil
}
allAssociations := params.Agent.GetAssociations()
var esAssociations []commonv1.Association
for _, assoc := range allAssociations {
if assoc.AssociationType() == commonv1.ElasticsearchAssociationType {
esAssociations = append(esAssociations, assoc)
}
}
outputs := map[string]interface{}{}
for i, assoc := range esAssociations {
assocConf, err := assoc.AssociationConf()
if err != nil {
return settings.NewCanonicalConfig(), err
}
if !assocConf.IsConfigured() {
return settings.NewCanonicalConfig(), nil
}
credentials, err := association.ElasticsearchAuthSettings(params.Context, params.Client, assoc)
if err != nil {
return settings.NewCanonicalConfig(), err
}
output := map[string]interface{}{
"type": "elasticsearch",
"hosts": []string{assocConf.GetURL()},
}
if credentials.APIKey != "" {
decodedAPIKey, err := base64.StdEncoding.DecodeString(credentials.APIKey)
if err != nil {
return settings.NewCanonicalConfig(), fmt.Errorf("error at decoding api-key from secret %s: %w", assocConf.AuthSecretName, err)
}
output["api_key"] = string(decodedAPIKey)
} else {
output["username"] = credentials.Username
output["password"] = credentials.Password
}
if assocConf.GetCACertProvided() {
output["ssl.certificate_authorities"] = []string{path.Join(certificatesDir(assoc), CAFileName)}
}
outputName := params.Agent.Spec.ElasticsearchRefs[i].OutputName
if outputName == "" {
if len(esAssociations) > 1 {
return settings.NewCanonicalConfig(), errors.New("output is not named and there is more than one specified")
}
outputName = "default"
}
outputs[outputName] = output
}
return settings.NewCanonicalConfigFrom(map[string]interface{}{
"outputs": outputs,
})
}