add https support for elasticsearch

jaserud · jaserud · commit 5c0caa262529 · 2020-03-18T13:02:07.000-04:00
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,5 @@
 FROM adoptopenjdk/openjdk11:jdk-11.0.6_10-alpine-slim as builder
 
-# Build song-server jar
 COPY . /srv
 WORKDIR /srv
 RUN ./mvnw clean package -DskipTests
diff --git a/compose/docker-compose.yaml b/compose/docker-compose.yaml
@@ -30,8 +30,7 @@ services:
      ports:
        - "9001:9001"
      environment:
-       ELASTICSEARCH_HOST: http://elasticsearch
-       ELASTICSEARCH_PORT: 9200
+       ELASTICSEARCH_NODE: http://elasticsearch:9200
        ELASTICSEARCH_AUTHENABLED: "true"
        SPRING_PROFILES_ACTIVE: test
        SPRING_CLOUD_VAULT_HOST: vault
diff --git a/src/main/java/bio/overture/rollcall/config/ElasticsearchConfig.java b/src/main/java/bio/overture/rollcall/config/ElasticsearchConfig.java
@@ -19,31 +19,37 @@
 package bio.overture.rollcall.config;
 
 import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
 import lombok.val;
 import org.apache.http.HttpHost;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.elasticsearch.client.RestClient;
 import org.elasticsearch.client.RestHighLevelClient;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 
 @Configuration
+@Slf4j
 public class ElasticsearchConfig {
 
-  @Value("${elasticsearch.host}")
-  private String host;
+  @Value("${elasticsearch.node}")
+  private String node;
 
-  @Value("${elasticsearch.port}")
-  private int port;
-
-  @Value("${elasticsearch.authEnabled}")
+  @Value("${elasticsearch.authEnabled:false}")
   private boolean authEnabled;
 
+  @Value("${elasticsearch.trustSelfSignedCert:true}")
+  private boolean trustSelfSignedCert;
+
   @Value("${elasticsearch.user}")
   private String user;
 
@@ -53,15 +59,34 @@ public class ElasticsearchConfig {
   @Bean
   @SneakyThrows
   public RestHighLevelClient restClient() {
-      val builder = RestClient.builder(new HttpHost(new URL(host).getHost(), port));
-      if (authEnabled) {
-          builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
-              val credentialsProvider = new BasicCredentialsProvider();
+      val builder = RestClient.builder(HttpHost.create(node));
+
+      builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
+          if (trustSelfSignedCert) {
+              log.debug("Elasticsearch Client - trustSelfSignedCert enabled so setting SSLContext");
+              SSLContextBuilder sslCtxBuilder = new SSLContextBuilder();
+              try {
+                  sslCtxBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
+                  httpAsyncClientBuilder.setSSLContext(sslCtxBuilder.build());
+                  httpAsyncClientBuilder.setSSLHostnameVerifier((s, sslSession) -> true); // this is for local only
+              } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
+                  throw new RuntimeException("failed to build Elastic rest client");
+              }
+          }
+
+          if (authEnabled) {
+              log.debug("Elasticsearch Client - authEnabled enabled so setting credentials provider");
+              BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
               credentialsProvider.setCredentials(AuthScope.ANY,
                       new UsernamePasswordCredentials(user, password));
-              return httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
-          });
-      }
-      return new RestHighLevelClient(builder);
+              httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
+          }
+
+          return httpAsyncClientBuilder;
+      });
+
+    log.info("Elasticsearch Client - built");
+
+    return new RestHighLevelClient(builder);
   }
 }
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -6,10 +6,10 @@ auth:
     publicKeyUrl: "http://localhost:8081/oauth/token/public_key"
 
 elasticsearch:
-  host: http://127.0.0.1
-  port: 9200
+  node: http://127.0.0.1:9200
   cluster-name: elasticsearch
   authEnabled: false
+  trustSelfSignedCert: true
   user:
   password:
 
