fix(elasticSearchEngine): optionally read auth config

Signed-off-by: Phil Kuang <pkuang@factset.com>

.changeset/quick-fans-smash.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-search-backend-module-elasticsearch': patch
+---
+
+Fix to allow optionally reading `auth` parameter for custom hosted ElasticSearch instances. Also remove `bearer` auth config since it's currently unsupported.

docs/features/search/search-engines.md

@@ -130,12 +130,9 @@ Other ElasticSearch instances can be connected to by using standard
 ElasticSearch authentication methods and exposed URL, provided that the cluster
 supports that. The configuration options needed are the URL to the node and
 authentication information. Authentication can be handled by either providing
-username/password or an API key or a bearer token. In case both
-username/password combination and one of the tokens are provided, token takes
-precedence. For more information how to create an API key, see
-[Elastic documentation on API keys](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html),
-and how to create a bearer token see
-[Elastic documentation on tokens.](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html)
+username/password or an API key. For more information how to create an API key,
+see
+[Elastic documentation on API keys](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html).
 
 #### Configuration examples
 
@@ -150,16 +147,6 @@ search:
       password: changeme
 ```
 
-##### With bearer token
-
-```yaml
-search:
-  elasticsearch:
-    node: http://localhost:9200
-    auth:
-      bearer: token
-```
-
 ##### With API key
 
 ```yaml

plugins/search-backend-module-elasticsearch/config.d.ts

@@ -75,30 +75,35 @@ export interface Config {
            * Authentication credentials for ElasticSearch
            * If both ApiKey/Bearer token and username+password is provided, tokens take precedence
            */
-          auth?: {
-            username?: string;
+          auth?:
+            | {
+                username: string;
 
-            /**
-             * @visibility secret
-             */
-            password?: string;
+                /**
+                 * @visibility secret
+                 */
+                password: string;
+              }
+            | {
+                /**
+                 * Base64 Encoded API key to be used to connect to the cluster.
+                 * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html
+                 *
+                 * @visibility secret
+                 */
+                apiKey: string;
+              };
+          /* TODO(kuangp): unsupported until @elastic/elasticsearch@7.14 is released
+        | {
 
-            /**
-             * Base64 Encoded API key to be used to connect to the cluster.
-             * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html
-             *
-             * @visibility secret
-             */
-            apiKey?: string;
-
-            /**
-             * Bearer authentication token to connect to the cluster.
-             * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html
-             *
-             * @visibility secret
-             */
-            bearer?: string;
-          };
+          /**
+           * Bearer authentication token to connect to the cluster.
+           * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html
+           *
+           * @visibility secret
+           *
+          bearer: string;
+        };*/
         };
   };
 }

plugins/search-backend-module-elasticsearch/src/engines/ElasticSearchSearchEngine.ts

@@ -35,13 +35,6 @@ export type ConcreteElasticSearchQuery = {
   elasticSearchQuery: Object;
 };
 
-type ElasticConfigAuth = {
-  username: string;
-  password: string;
-  apiKey: string;
-  bearer: string;
-};
-
 type ElasticSearchQueryTranslator = (
   query: SearchQuery,
 ) => ConcreteElasticSearchQuery;
@@ -105,11 +98,15 @@ export class ElasticSearchSearchEngine implements SearchEngine {
 
     if (config.getOptionalString('provider') === 'elastic') {
       logger.info('Initializing Elastic.co ElasticSearch search engine.');
+      const authConfig = config.getConfig('auth');
       return new Client({
         cloud: {
           id: config.getString('cloudId'),
         },
-        auth: config.get<ElasticConfigAuth>('auth'),
+        auth: {
+          username: authConfig.getString('username'),
+          password: authConfig.getString('password'),
+        },
       });
     }
     if (config.getOptionalString('provider') === 'aws') {
@@ -122,9 +119,20 @@ export class ElasticSearchSearchEngine implements SearchEngine {
       });
     }
     logger.info('Initializing ElasticSearch search engine.');
+    const authConfig = config.getOptionalConfig('auth');
+    const auth =
+      authConfig &&
+      (authConfig.has('apiKey')
+        ? {
+            apiKey: authConfig.getString('apiKey'),
+          }
+        : {
+            username: authConfig.getString('username'),
+            password: authConfig.getString('password'),
+          });
     return new Client({
       node: config.getString('node'),
-      auth: config.get<ElasticConfigAuth>('auth'),
+      auth,
     });
   }