Cleanup cmd/fleet/main.go (#1886)

* Replace cache.Config with config.Cache

* Move server setup from cmd/fleet to new pkg/server

* Move constants

* Fix imports and integration tests

* fix linter

cmd/fleet/main_integration_test.go

@@ -29,6 +29,7 @@ import (
 	"github.com/elastic/fleet-server/v7/internal/pkg/build"
 	"github.com/elastic/fleet-server/v7/internal/pkg/dl"
 	"github.com/elastic/fleet-server/v7/internal/pkg/model"
+	fserver "github.com/elastic/fleet-server/v7/internal/pkg/server"
 	ftesting "github.com/elastic/fleet-server/v7/internal/pkg/testing"
 	"github.com/elastic/fleet-server/v7/internal/pkg/testing/suite"
 )
@@ -117,7 +118,7 @@ func (s *agentSuite) TestAgentMode(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		agent, err := NewAgentMode(ucfg.New(), r, biInfo)
+		agent, err := fserver.NewAgent(ucfg.New(), r, biInfo)
 		require.NoError(t, err)
 		err = agent.Run(ctx)
 		assert.NoError(t, err)

cmd/fleet/server_integration_test.go

@@ -31,6 +31,7 @@ import (
 	"github.com/elastic/fleet-server/v7/internal/pkg/build"
 	"github.com/elastic/fleet-server/v7/internal/pkg/config"
 	"github.com/elastic/fleet-server/v7/internal/pkg/logger"
+	"github.com/elastic/fleet-server/v7/internal/pkg/server"
 	"github.com/elastic/fleet-server/v7/internal/pkg/sleep"
 	"github.com/elastic/fleet-server/v7/internal/pkg/status"
 	ftesting "github.com/elastic/fleet-server/v7/internal/pkg/testing"
@@ -45,7 +46,7 @@ const (
 type tserver struct {
 	cfg *config.Config
 	g   *errgroup.Group
-	srv *FleetServer
+	srv *server.Fleet
 }
 
 func (s *tserver) baseURL() string {
@@ -82,7 +83,7 @@ func startTestServer(ctx context.Context) (*tserver, error) {
 	cfg.Inputs[0].Server = *srvcfg
 	log.Info().Uint16("port", port).Msg("Test fleet server")
 
-	srv, err := NewFleetServer(cfg, build.Info{Version: serverVersion}, status.NewLog())
+	srv, err := server.NewFleet(cfg, build.Info{Version: serverVersion}, status.NewLog())
 	if err != nil {
 		return nil, fmt.Errorf("unable to create server: %w", err)
 	}

internal/pkg/api/handleAck_test.go

@@ -411,7 +411,7 @@ func TestHandleAckEvents(t *testing.T) {
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
 			logger := testlog.SetLogger(t)
-			cache, err := cache.New(cache.Config{NumCounters: 100, MaxCost: 100000})
+			cache, err := cache.New(config.Cache{NumCounters: 100, MaxCost: 100000})
 			if err != nil {
 				t.Fatal(err)
 			}

internal/pkg/api/handleStatus_test.go

@@ -51,7 +51,7 @@ func TestHandleStatus(t *testing.T) {
 
 	cfg := &config.Server{}
 	cfg.InitDefaults()
-	c, err := cache.New(cache.Config{NumCounters: 100, MaxCost: 100000})
+	c, err := cache.New(config.Cache{NumCounters: 100, MaxCost: 100000})
 	require.NoError(t, err)
 
 	authfnOk := func(r *http.Request) (*apikey.APIKey, error) {

internal/pkg/api/router_test.go

@@ -38,7 +38,7 @@ func TestRun(t *testing.T) {
 	cfg.Port = port
 
 	verCon := mustBuildConstraints("8.0.0")
-	c, err := cache.New(cache.Config{NumCounters: 100, MaxCost: 100000})
+	c, err := cache.New(config.Cache{NumCounters: 100, MaxCost: 100000})
 	require.NoError(t, err)
 	bulker := ftesting.NewMockBulk()
 	pim := mock.NewMockMonitor()

internal/pkg/bulk/bulk_integration_test.go

@@ -265,7 +265,7 @@ func TestBulkSearch(t *testing.T) {
 	}
 
 	if len(res.Hits) != 1 {
-		t.Fatal(fmt.Sprintf("hit mismatch: %d", len(res.Hits)))
+		t.Fatalf("hit mismatch: %d", len(res.Hits))
 	}
 
 	var dst3 testT

internal/pkg/cache/cache.go

@@ -11,15 +11,15 @@ import (
 	"sync"
 	"time"
 
-	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 
 	"github.com/elastic/fleet-server/v7/internal/pkg/apikey"
+	"github.com/elastic/fleet-server/v7/internal/pkg/config"
 	"github.com/elastic/fleet-server/v7/internal/pkg/model"
 )
 
 type Cache interface {
-	Reconfigure(Config) error
+	Reconfigure(config.Cache) error
 
 	SetAction(model.Action)
 	GetAction(id string) (model.Action, bool)
@@ -39,37 +39,17 @@ type SecurityInfo = apikey.SecurityInfo
 
 type CacheT struct {
 	cache Cacher
-	cfg   Config
+	cfg   config.Cache
 	mut   sync.RWMutex
 }
 
-type Config struct {
-	NumCounters  int64 // number of keys to track frequency of
-	MaxCost      int64 // maximum cost of cache in 'cost' units
-	ActionTTL    time.Duration
-	APIKeyTTL    time.Duration
-	EnrollKeyTTL time.Duration
-	ArtifactTTL  time.Duration
-	APIKeyJitter time.Duration
-}
-
-func (c *Config) MarshalZerologObject(e *zerolog.Event) {
-	e.Int64("numCounters", c.NumCounters)
-	e.Int64("maxCost", c.MaxCost)
-	e.Dur("actionTTL", c.ActionTTL)
-	e.Dur("enrollTTL", c.EnrollKeyTTL)
-	e.Dur("artifactTTL", c.ArtifactTTL)
-	e.Dur("apiKeyTTL", c.APIKeyTTL)
-	e.Dur("apiKeyJitter", c.APIKeyJitter)
-}
-
 type actionCache struct {
 	actionID   string
 	actionType string
 }
 
 // New creates a new cache.
-func New(cfg Config) (*CacheT, error) {
+func New(cfg config.Cache) (*CacheT, error) {
 	cache, err := newCache(cfg)
 	if err != nil {
 		return nil, err
@@ -84,7 +64,7 @@ func New(cfg Config) (*CacheT, error) {
 }
 
 // Reconfigure will drop cache
-func (c *CacheT) Reconfigure(cfg Config) error {
+func (c *CacheT) Reconfigure(cfg config.Cache) error {
 	c.mut.Lock()
 	defer c.mut.Unlock()
 

internal/pkg/cache/impl_integration.go

@@ -9,9 +9,11 @@ package cache
 
 import (
 	"time"
+
+	"github.com/elastic/fleet-server/v7/internal/pkg/config"
 )
 
-func newCache(_ Config) (Cacher, error) {
+func newCache(_ config.Cache) (Cacher, error) {
 	return &NoCache{}, nil
 }
 

internal/pkg/cache/impl_ristretto.go

@@ -9,9 +9,11 @@ package cache
 
 import (
 	"github.com/dgraph-io/ristretto"
+
+	"github.com/elastic/fleet-server/v7/internal/pkg/config"
 )
 
-func newCache(cfg Config) (Cacher, error) {
+func newCache(cfg config.Cache) (Cacher, error) {
 	rcfg := &ristretto.Config{
 		NumCounters: cfg.NumCounters,
 		MaxCost:     cfg.MaxCost,

internal/pkg/config/cache.go

@@ -6,6 +6,8 @@ package config
 
 import (
 	"time"
+
+	"github.com/rs/zerolog"
 )
 
 const (
@@ -56,3 +58,28 @@ func (c *Cache) LoadLimits(limits *envLimits) {
 		c.APIKeyJitter = defaultAPIKeyJitter
 	}
 }
+
+// CopyCache returns a copy of the config's Cache settings
+func CopyCache(cfg *Config) Cache {
+	ccfg := cfg.Inputs[0].Cache
+	return Cache{
+		NumCounters:  ccfg.NumCounters,
+		MaxCost:      ccfg.MaxCost,
+		ActionTTL:    ccfg.ActionTTL,
+		EnrollKeyTTL: ccfg.EnrollKeyTTL,
+		ArtifactTTL:  ccfg.ArtifactTTL,
+		APIKeyTTL:    ccfg.APIKeyTTL,
+		APIKeyJitter: ccfg.APIKeyJitter,
+	}
+}
+
+// MarshalZerologObject turns the cache settings into a zerolog event
+func (c *Cache) MarshalZerologObject(e *zerolog.Event) {
+	e.Int64("numCounters", c.NumCounters)
+	e.Int64("maxCost", c.MaxCost)
+	e.Dur("actionTTL", c.ActionTTL)
+	e.Dur("enrollTTL", c.EnrollKeyTTL)
+	e.Dur("artifactTTL", c.ArtifactTTL)
+	e.Dur("apiKeyTTL", c.APIKeyTTL)
+	e.Dur("apiKeyJitter", c.APIKeyJitter)
+}

internal/pkg/config/config.go

@@ -23,6 +23,8 @@ var DefaultOptions = []ucfg.Option{
 	ucfg.FieldReplaceValues("inputs"),
 }
 
+const kRedacted = "[redacted]"
+
 // Config is the global configuration.
 type Config struct {
 	Fleet   Fleet   `config:"fleet"`
@@ -106,6 +108,66 @@ func (c *Config) Merge(other *Config) (*Config, error) {
 	return cfg, nil
 }
 
+func redactOutput(cfg *Config) Output {
+	redacted := cfg.Output
+
+	if redacted.Elasticsearch.APIKey != "" {
+		redacted.Elasticsearch.APIKey = kRedacted
+	}
+
+	if redacted.Elasticsearch.ServiceToken != "" {
+		redacted.Elasticsearch.ServiceToken = kRedacted
+	}
+
+	if redacted.Elasticsearch.TLS != nil {
+		newTLS := *redacted.Elasticsearch.TLS
+
+		if newTLS.Certificate.Key != "" {
+			newTLS.Certificate.Key = kRedacted
+		}
+		if newTLS.Certificate.Passphrase != "" {
+			newTLS.Certificate.Passphrase = kRedacted
+		}
+
+		redacted.Elasticsearch.TLS = &newTLS
+	}
+
+	return redacted
+}
+
+func redactServer(cfg *Config) Server {
+	redacted := cfg.Inputs[0].Server
+
+	if redacted.TLS != nil {
+		newTLS := *redacted.TLS
+
+		if newTLS.Certificate.Key != "" {
+			newTLS.Certificate.Key = kRedacted
+		}
+		if newTLS.Certificate.Passphrase != "" {
+			newTLS.Certificate.Passphrase = kRedacted
+		}
+
+		redacted.TLS = &newTLS
+	}
+
+	return redacted
+}
+
+// Redact returns a copy of the config with all sensitive attributes redacted.
+func (c *Config) Redact() *Config {
+	redacted := &Config{
+		Fleet:   c.Fleet,
+		Output:  c.Output,
+		Inputs:  make([]Input, 1),
+		Logging: c.Logging,
+		HTTP:    c.HTTP,
+	}
+	redacted.Inputs[0].Server = redactServer(c)
+	redacted.Output = redactOutput(c)
+	return redacted
+}
+
 func checkDeprecatedOptions(deprecatedOpts map[string]string, c *ucfg.Config) {
 	for opt, message := range deprecatedOpts {
 		if c.HasField(opt) {

internal/pkg/policy/parsed_policy_test.go

@@ -6,7 +6,6 @@ package policy
 
 import (
 	"encoding/json"
-	"fmt"
 	"testing"
 
 	"github.com/elastic/fleet-server/v7/internal/pkg/model"
@@ -50,7 +49,7 @@ func TestNewParsedPolicy(t *testing.T) {
 
 		for _, f := range fields {
 			if _, ok := pp.Fields[f]; !ok {
-				t.Error(fmt.Sprintf("Missing field %s", f))
+				t.Errorf("Missing field %s", f)
 			}
 		}
 
@@ -70,7 +69,7 @@ func TestNewParsedPolicy(t *testing.T) {
 
 		expectedSha2 := "d4d0840fe28ca4900129a749b56cee729562c0a88c935192c659252b5b0d762a"
 		if defaultOutput.Role.Sha2 != expectedSha2 {
-			t.Fatal(fmt.Sprintf("Expected sha2: '%s', got '%s'.", expectedSha2, defaultOutput.Role.Sha2))
+			t.Fatalf("Expected sha2: '%s', got '%s'.", expectedSha2, defaultOutput.Role.Sha2)
 		}
 	}
 }
@@ -104,7 +103,7 @@ func TestNewParsedPolicyNoES(t *testing.T) {
 
 	for _, f := range fields {
 		if _, ok := pp.Fields[f]; !ok {
-			t.Error(fmt.Sprintf("Missing field %s", f))
+			t.Errorf("Missing field %s", f)
 		}
 	}