[kbn/es serverless] Rename usages of ESS (#166581)

## Summary Closes #166580 To avoid confusion, rename any usages of ESS because it has been established to represent Elastic Cloud and there are situations where ES serverless and Elastic Cloud can be used within the same context.
2025-04-24 01:38:56 -04:00 · 2023-09-21 11:44:45 -06:00 · 2023-09-21 11:44:45 -06:00 · e5399e43c3
commit e5399e43c3
parent 7fab0b15e6
17 changed files with 89 additions and 57 deletions
--- a/packages/kbn-dev-utils/src/dev_service_account.ts
+++ b/packages/kbn-dev-utils/src/dev_service_account.ts
@ -10,7 +10,7 @@ const env = process.env;

 /**
 * `kibana-dev` service account token for connecting to ESS
- * See packages/kbn-es/src/ess_resources/README.md
+ * See packages/kbn-es/src/serverless_resources/README.md
 */
 export const kibanaDevServiceAccount = {
  token:
--- a/packages/kbn-es/src/cli_commands/serverless.ts
+++ b/packages/kbn-es/src/cli_commands/serverless.ts
@ -28,19 +28,19 @@ export const serverless: Command = {
    return dedent`
    Options:

-      --tag               Image tag of ESS to run from ${SERVERLESS_REPO} [default: ${SERVERLESS_TAG}]
-      --image             Full path of ESS image to run, has precedence over tag. [default: ${SERVERLESS_IMG}]
+      --tag               Image tag of ES serverless to run from ${SERVERLESS_REPO} [default: ${SERVERLESS_TAG}]
+      --image             Full path of ES serverless image to run, has precedence over tag. [default: ${SERVERLESS_IMG}]
      
-      --background        Start ESS without attaching to the first node's logs
+      --background        Start ES serverless without attaching to the first node's logs
      --basePath          Path to the directory where the ES cluster will store data
      --clean             Remove existing file system object store before running
-      --kill              Kill running ESS nodes if detected on startup
+      --kill              Kill running ES serverless nodes if detected on startup
      --port              The port to bind to on 127.0.0.1 [default: ${DEFAULT_PORT}]
-      --ssl               Enable HTTP SSL on Elasticsearch
+      --ssl               Enable HTTP SSL on the ES cluster
      --skipTeardown      If this process exits, leave the ES cluster running in the background
      --waitForReady      Wait for the ES cluster to be ready to serve requests
      
-      -E                  Additional key=value settings to pass to Elasticsearch
+      -E                  Additional key=value settings to pass to ES
      -F                  Absolute paths for files to mount into containers

    Examples:
--- a/packages/kbn-es/src/paths.ts
+++ b/packages/kbn-es/src/paths.ts
@ -24,31 +24,43 @@ export const ES_CONFIG = 'config/elasticsearch.yml';

 export const ES_KEYSTORE_BIN = maybeUseBat('./bin/elasticsearch-keystore');

-export const ESS_OPERATOR_USERS_PATH = resolve(__dirname, './ess_resources/operator_users.yml');
-export const ESS_SERVICE_TOKENS_PATH = resolve(__dirname, './ess_resources/service_tokens');
+export const SERVERLESS_OPERATOR_USERS_PATH = resolve(
+  __dirname,
+  './serverless_resources/operator_users.yml'
+);
+export const SERVERLESS_SERVICE_TOKENS_PATH = resolve(
+  __dirname,
+  './serverless_resources/service_tokens'
+);

-export const ESS_USERS_PATH = resolve(__dirname, './ess_resources/users');
-export const ESS_USERS_ROLES_PATH = resolve(__dirname, './ess_resources/users_roles');
+export const SERVERLESS_USERS_PATH = resolve(__dirname, './serverless_resources/users');
+export const SERVERLESS_USERS_ROLES_PATH = resolve(__dirname, './serverless_resources/users_roles');

-export const ESS_ROLES_PATH = resolve(__dirname, './ess_resources/roles.yml');
-export const ESS_ROLE_MAPPING_PATH = resolve(__dirname, './ess_resources/role_mapping.yml');
+export const SERVERLESS_ROLES_PATH = resolve(__dirname, './serverless_resources/roles.yml');
+export const SERVERLESS_ROLE_MAPPING_PATH = resolve(
+  __dirname,
+  './serverless_resources/role_mapping.yml'
+);

-export const ESS_SECRETS_PATH = resolve(__dirname, './ess_resources/secrets.json');
+export const SERVERLESS_SECRETS_PATH = resolve(__dirname, './serverless_resources/secrets.json');

-export const ESS_SECRETS_SSL_PATH = resolve(__dirname, './ess_resources/secrets_ssl.json');
+export const SERVERLESS_SECRETS_SSL_PATH = resolve(
+  __dirname,
+  './serverless_resources/secrets_ssl.json'
+);

-export const ESS_JWKS_PATH = resolve(__dirname, './ess_resources/jwks.json');
+export const SERVERLESS_JWKS_PATH = resolve(__dirname, './serverless_resources/jwks.json');

-export const ESS_RESOURCES_PATHS = [
-  ESS_OPERATOR_USERS_PATH,
-  ESS_ROLE_MAPPING_PATH,
-  ESS_ROLES_PATH,
-  ESS_SERVICE_TOKENS_PATH,
-  ESS_USERS_PATH,
-  ESS_USERS_ROLES_PATH,
+export const SERVERLESS_RESOURCES_PATHS = [
+  SERVERLESS_OPERATOR_USERS_PATH,
+  SERVERLESS_ROLE_MAPPING_PATH,
+  SERVERLESS_ROLES_PATH,
+  SERVERLESS_SERVICE_TOKENS_PATH,
+  SERVERLESS_USERS_PATH,
+  SERVERLESS_USERS_ROLES_PATH,
 ];

-export const ESS_CONFIG_PATH = '/usr/share/elasticsearch/config/';
+export const SERVERLESS_CONFIG_PATH = '/usr/share/elasticsearch/config/';

 // Files need to be inside config for permissions reasons inside the container
-export const ESS_FILES_PATH = `${ESS_CONFIG_PATH}files/`;
+export const SERVERLESS_FILES_PATH = `${SERVERLESS_CONFIG_PATH}files/`;
--- a/packages/kbn-es/src/serverless_resources/README.md
+++ b/packages/kbn-es/src/serverless_resources/README.md
@ -1,5 +1,5 @@
 # Elasticsearch Serverless Resources
-The resources in this directory are used for seeding Elasticsearch Serverless (ESS) images with users, roles and tokens for SSL and authentication. ESS requires file realm authentication, so we will bind mount them into the containers at `/usr/share/elasticsearch/config/`.
+The resources in this directory are used for seeding Elasticsearch Serverless images with users, roles and tokens for SSL and authentication. Serverless requires file realm authentication, so we will bind mount them into the containers at `/usr/share/elasticsearch/config/`.

 ## Users

@ -21,7 +21,7 @@ password: changeme

 ## Service Account and Tokens

-This section for Service Accounts was originally from the [ESS repository](https://github.com/elastic/elasticsearch-serverless/blob/main/serverless-build-tools/src/main/resources/README.service_tokens.md).
+This section for Service Accounts was originally from the [ES Serverless repository](https://github.com/elastic/elasticsearch-serverless/blob/main/serverless-build-tools/src/main/resources/README.service_tokens.md).

 The "service_tokens" file contains this line:
 ```
@ -46,4 +46,4 @@ If a node is configured to use this `service_tokens` file, then you can authenti
 curl -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1kZXY6VVVVVVVVTEstKiBaNA" http://localhost:9200/_security/_authenticate
 ```

-The name of the token (`kibana-dev`) is important because the `operator_users.yml` file designates that token as an operator and allows us to seed an ESS cluster with this token.
+The name of the token (`kibana-dev`) is important because the `operator_users.yml` file designates that token as an operator and allows us to seed a serverless cluster with this token.
--- a/packages/kbn-es/src/serverless_resources/jwks.json
+++ b/packages/kbn-es/src/serverless_resources/jwks.json
--- a/packages/kbn-es/src/serverless_resources/operator_users.yml
+++ b/packages/kbn-es/src/serverless_resources/operator_users.yml
--- a/packages/kbn-es/src/serverless_resources/role_mapping.yml
+++ b/packages/kbn-es/src/serverless_resources/role_mapping.yml
--- a/packages/kbn-es/src/serverless_resources/roles.yml
+++ b/packages/kbn-es/src/serverless_resources/roles.yml
--- a/packages/kbn-es/src/serverless_resources/secrets.json
+++ b/packages/kbn-es/src/serverless_resources/secrets.json
--- a/packages/kbn-es/src/serverless_resources/secrets_ssl.json
+++ b/packages/kbn-es/src/serverless_resources/secrets_ssl.json
--- a/packages/kbn-es/src/serverless_resources/service_tokens
+++ b/packages/kbn-es/src/serverless_resources/service_tokens
--- a/packages/kbn-es/src/serverless_resources/users
+++ b/packages/kbn-es/src/serverless_resources/users
--- a/packages/kbn-es/src/serverless_resources/users_roles
+++ b/packages/kbn-es/src/serverless_resources/users_roles
--- a/packages/kbn-es/src/utils/docker.test.ts
+++ b/packages/kbn-es/src/utils/docker.test.ts
@ -32,7 +32,12 @@ import {
 } from './docker';
 import { ToolingLog, ToolingLogCollectingWriter } from '@kbn/tooling-log';
 import { ES_P12_PATH } from '@kbn/dev-utils';
-import { ESS_CONFIG_PATH, ESS_RESOURCES_PATHS, ESS_SECRETS_PATH, ESS_JWKS_PATH } from '../paths';
+import {
+  SERVERLESS_CONFIG_PATH,
+  SERVERLESS_RESOURCES_PATHS,
+  SERVERLESS_SECRETS_PATH,
+  SERVERLESS_JWKS_PATH,
+} from '../paths';
 import * as waitClusterUtil from './wait_until_cluster_ready';

 jest.mock('execa');
@ -77,8 +82,8 @@ afterEach(() => {
  jest.clearAllMocks();
 });

-const essResources = ESS_RESOURCES_PATHS.reduce<string[]>((acc, path) => {
-  acc.push(`${path}:${ESS_CONFIG_PATH}${basename(path)}`);
+const serverlessResources = SERVERLESS_RESOURCES_PATHS.reduce<string[]>((acc, path) => {
+  acc.push(`${path}:${SERVERLESS_CONFIG_PATH}${basename(path)}`);

  return acc;
 }, []);
@ -88,10 +93,10 @@ const volumeCmdTest = async (volumeCmd: string[]) => {
  expect(volumeCmd).toEqual(
    expect.arrayContaining([
      ...getESp12Volume(),
-      ...essResources,
+      ...serverlessResources,
      `${baseEsPath}:/objectstore:z`,
-      `${ESS_SECRETS_PATH}:${ESS_CONFIG_PATH}secrets/secrets.json:z`,
-      `${ESS_JWKS_PATH}:${ESS_CONFIG_PATH}secrets/jwks.json:z`,
+      `${SERVERLESS_SECRETS_PATH}:${SERVERLESS_CONFIG_PATH}secrets/secrets.json:z`,
+      `${SERVERLESS_JWKS_PATH}:${SERVERLESS_CONFIG_PATH}secrets/jwks.json:z`,
    ])
  );

@ -428,7 +433,11 @@ describe('setupServerlessVolumes()', () => {

    const volumeCmd = await setupServerlessVolumes(log, { basePath: baseEsPath, ssl: true });

-    const requiredPaths = [`${baseEsPath}:/objectstore:z`, ES_P12_PATH, ...ESS_RESOURCES_PATHS];
+    const requiredPaths = [
+      `${baseEsPath}:/objectstore:z`,
+      ES_P12_PATH,
+      ...SERVERLESS_RESOURCES_PATHS,
+    ];
    const pathsNotIncludedInCmd = requiredPaths.filter(
      (path) => !volumeCmd.some((cmd) => cmd.includes(path))
    );
--- a/packages/kbn-es/src/utils/docker.ts
+++ b/packages/kbn-es/src/utils/docker.ts
@ -24,17 +24,17 @@ import {
 import { createCliError } from '../errors';
 import { EsClusterExecOptions } from '../cluster_exec_options';
 import {
-  ESS_RESOURCES_PATHS,
-  ESS_SECRETS_PATH,
-  ESS_JWKS_PATH,
-  ESS_CONFIG_PATH,
-  ESS_FILES_PATH,
-  ESS_SECRETS_SSL_PATH,
+  SERVERLESS_RESOURCES_PATHS,
+  SERVERLESS_SECRETS_PATH,
+  SERVERLESS_JWKS_PATH,
+  SERVERLESS_CONFIG_PATH,
+  SERVERLESS_FILES_PATH,
+  SERVERLESS_SECRETS_SSL_PATH,
 } from '../paths';
 import {
  ELASTIC_SERVERLESS_SUPERUSER,
  ELASTIC_SERVERLESS_SUPERUSER_PASSWORD,
-} from './ess_file_realm';
+} from './serverless_file_realm';
 import { SYSTEM_INDICES_SUPERUSER } from './native_realm';
 import { waitUntilClusterReady } from './wait_until_cluster_ready';

@ -167,13 +167,19 @@ const DEFAULT_SERVERLESS_ESARGS: Array<[string, string]> = [

  ['xpack.security.authc.realms.jwt.jwt1.order', '-98'],

-  ['xpack.security.authc.realms.jwt.jwt1.pkc_jwkset_path', `${ESS_CONFIG_PATH}secrets/jwks.json`],
+  [
+    'xpack.security.authc.realms.jwt.jwt1.pkc_jwkset_path',
+    `${SERVERLESS_CONFIG_PATH}secrets/jwks.json`,
+  ],

  ['xpack.security.operator_privileges.enabled', 'true'],

  ['xpack.security.transport.ssl.enabled', 'true'],

-  ['xpack.security.transport.ssl.keystore.path', `${ESS_CONFIG_PATH}certs/elasticsearch.p12`],
+  [
+    'xpack.security.transport.ssl.keystore.path',
+    `${SERVERLESS_CONFIG_PATH}certs/elasticsearch.p12`,
+  ],

  ['xpack.security.transport.ssl.verification_mode', 'certificate'],
 ];
@ -181,7 +187,7 @@ const DEFAULT_SERVERLESS_ESARGS: Array<[string, string]> = [
 const DEFAULT_SSL_ESARGS: Array<[string, string]> = [
  ['xpack.security.http.ssl.enabled', 'true'],

-  ['xpack.security.http.ssl.keystore.path', `${ESS_CONFIG_PATH}certs/elasticsearch.p12`],
+  ['xpack.security.http.ssl.keystore.path', `${SERVERLESS_CONFIG_PATH}certs/elasticsearch.p12`],

  ['xpack.security.http.ssl.verification_mode', 'certificate'],
 ];
@ -193,7 +199,10 @@ const DOCKER_SSL_ESARGS: Array<[string, string]> = [

  ['xpack.security.transport.ssl.enabled', 'true'],

-  ['xpack.security.transport.ssl.keystore.path', `${ESS_CONFIG_PATH}certs/elasticsearch.p12`],
+  [
+    'xpack.security.transport.ssl.keystore.path',
+    `${SERVERLESS_CONFIG_PATH}certs/elasticsearch.p12`,
+  ],

  ['xpack.security.transport.ssl.verification_mode', 'certificate'],

@ -436,16 +445,16 @@ export function resolveEsArgs(
 }

 export function getESp12Volume() {
-  return ['--volume', `${ES_P12_PATH}:${ESS_CONFIG_PATH}certs/elasticsearch.p12`];
+  return ['--volume', `${ES_P12_PATH}:${SERVERLESS_CONFIG_PATH}certs/elasticsearch.p12`];
 }

 /**
 * Removes REPO_ROOT from hostPath. Keep the rest to avoid filename collisions.
- * Returns the path where a file will be mounted inside the ES or ESS container.
+ * Returns the path where a file will be mounted inside the ES or ES serverless container.
 * /root/kibana/package/foo/bar.json => /usr/share/elasticsearch/files/package/foo/bar.json
 */
 export function getDockerFileMountPath(hostPath: string) {
-  return join(ESS_FILES_PATH, hostPath.replace(REPO_ROOT, ''));
+  return join(SERVERLESS_FILES_PATH, hostPath.replace(REPO_ROOT, ''));
 }

 /**
@ -491,21 +500,23 @@ export async function setupServerlessVolumes(log: ToolingLog, options: Serverles
    volumeCmds.push(...fileCmds);
  }

-  const essResources = ESS_RESOURCES_PATHS.reduce<string[]>((acc, path) => {
-    acc.push('--volume', `${path}:${ESS_CONFIG_PATH}${basename(path)}`);
+  const serverlessResources = SERVERLESS_RESOURCES_PATHS.reduce<string[]>((acc, path) => {
+    acc.push('--volume', `${path}:${SERVERLESS_CONFIG_PATH}${basename(path)}`);

    return acc;
  }, []);

  volumeCmds.push(
    ...getESp12Volume(),
-    ...essResources,
+    ...serverlessResources,

    '--volume',
-    `${ssl ? ESS_SECRETS_SSL_PATH : ESS_SECRETS_PATH}:${ESS_CONFIG_PATH}secrets/secrets.json:z`,
+    `${
+      ssl ? SERVERLESS_SECRETS_SSL_PATH : SERVERLESS_SECRETS_PATH
+    }:${SERVERLESS_CONFIG_PATH}secrets/secrets.json:z`,

    '--volume',
-    `${ESS_JWKS_PATH}:${ESS_CONFIG_PATH}secrets/jwks.json:z`
+    `${SERVERLESS_JWKS_PATH}:${SERVERLESS_CONFIG_PATH}secrets/jwks.json:z`
  );

  return volumeCmds;
@ -592,7 +603,7 @@ export async function runServerlessCluster(log: ToolingLog, options: ServerlessO

  if (options.ssl) {
    log.warning(`SSL has been enabled for ES. Kibana should be started with the SSL flag so that it can authenticate with ES.
-  See packages/kbn-es/src/ess_resources/README.md for additional information on authentication.
+  See packages/kbn-es/src/serverless_resources/README.md for additional information on authentication.
    `);
  }

@ -631,7 +642,7 @@ export async function runServerlessCluster(log: ToolingLog, options: ServerlessO
  }

  if (!options.background) {
-    // The ESS cluster has to be started detached, so we attach a logger afterwards for output
+    // The serverless cluster has to be started detached, so we attach a logger afterwards for output
    await execa('docker', ['logs', '-f', SERVERLESS_NODES[0].name], {
      // inherit is required to show Docker output and Java console output for pw, enrollment token, etc
      stdio: ['ignore', 'inherit', 'inherit'],
--- a/packages/kbn-es/src/utils/index.ts
+++ b/packages/kbn-es/src/utils/index.ts
@ -17,4 +17,4 @@ export { buildSnapshot } from './build_snapshot';
 export { archiveForPlatform } from './build_snapshot';
 export * from './parse_timeout_to_ms';
 export * from './docker';
-export * from './ess_file_realm';
+export * from './serverless_file_realm';
--- a/packages/kbn-es/src/utils/serverless_file_realm.ts
+++ b/packages/kbn-es/src/utils/serverless_file_realm.ts