diff --git a/.changeset/quick-fans-smash.md b/.changeset/quick-fans-smash.md new file mode 100644 index 0000000000..b394b2af23 --- /dev/null +++ b/.changeset/quick-fans-smash.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-search-backend-module-elasticsearch': patch +--- + +Fix to allow optionally reading `auth` parameter for custom hosted ElasticSearch instances. Also remove `bearer` auth config since it's currently unsupported. diff --git a/docs/features/search/search-engines.md b/docs/features/search/search-engines.md index a2e4831824..69a223b29e 100644 --- a/docs/features/search/search-engines.md +++ b/docs/features/search/search-engines.md @@ -130,12 +130,9 @@ Other ElasticSearch instances can be connected to by using standard ElasticSearch authentication methods and exposed URL, provided that the cluster supports that. The configuration options needed are the URL to the node and authentication information. Authentication can be handled by either providing -username/password or an API key or a bearer token. In case both -username/password combination and one of the tokens are provided, token takes -precedence. For more information how to create an API key, see -[Elastic documentation on API keys](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html), -and how to create a bearer token see -[Elastic documentation on tokens.](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html) +username/password or an API key. For more information how to create an API key, +see +[Elastic documentation on API keys](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html). #### Configuration examples @@ -150,16 +147,6 @@ search: password: changeme ``` -##### With bearer token - -```yaml -search: - elasticsearch: - node: http://localhost:9200 - auth: - bearer: token -``` - ##### With API key ```yaml diff --git a/plugins/search-backend-module-elasticsearch/config.d.ts b/plugins/search-backend-module-elasticsearch/config.d.ts index 2ea18763fa..31b139794b 100644 --- a/plugins/search-backend-module-elasticsearch/config.d.ts +++ b/plugins/search-backend-module-elasticsearch/config.d.ts @@ -75,30 +75,35 @@ export interface Config { * Authentication credentials for ElasticSearch * If both ApiKey/Bearer token and username+password is provided, tokens take precedence */ - auth?: { - username?: string; + auth?: + | { + username: string; - /** - * @visibility secret - */ - password?: string; + /** + * @visibility secret + */ + password: string; + } + | { + /** + * Base64 Encoded API key to be used to connect to the cluster. + * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html + * + * @visibility secret + */ + apiKey: string; + }; + /* TODO(kuangp): unsupported until @elastic/elasticsearch@7.14 is released + | { - /** - * Base64 Encoded API key to be used to connect to the cluster. - * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html - * - * @visibility secret - */ - apiKey?: string; - - /** - * Bearer authentication token to connect to the cluster. - * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html - * - * @visibility secret - */ - bearer?: string; - }; + /** + * Bearer authentication token to connect to the cluster. + * See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html + * + * @visibility secret + * + bearer: string; + };*/ }; }; } diff --git a/plugins/search-backend-module-elasticsearch/src/engines/ElasticSearchSearchEngine.ts b/plugins/search-backend-module-elasticsearch/src/engines/ElasticSearchSearchEngine.ts index 09f2838abf..d1e831b2ca 100644 --- a/plugins/search-backend-module-elasticsearch/src/engines/ElasticSearchSearchEngine.ts +++ b/plugins/search-backend-module-elasticsearch/src/engines/ElasticSearchSearchEngine.ts @@ -35,13 +35,6 @@ export type ConcreteElasticSearchQuery = { elasticSearchQuery: Object; }; -type ElasticConfigAuth = { - username: string; - password: string; - apiKey: string; - bearer: string; -}; - type ElasticSearchQueryTranslator = ( query: SearchQuery, ) => ConcreteElasticSearchQuery; @@ -105,11 +98,15 @@ export class ElasticSearchSearchEngine implements SearchEngine { if (config.getOptionalString('provider') === 'elastic') { logger.info('Initializing Elastic.co ElasticSearch search engine.'); + const authConfig = config.getConfig('auth'); return new Client({ cloud: { id: config.getString('cloudId'), }, - auth: config.get('auth'), + auth: { + username: authConfig.getString('username'), + password: authConfig.getString('password'), + }, }); } if (config.getOptionalString('provider') === 'aws') { @@ -122,9 +119,20 @@ export class ElasticSearchSearchEngine implements SearchEngine { }); } logger.info('Initializing ElasticSearch search engine.'); + const authConfig = config.getOptionalConfig('auth'); + const auth = + authConfig && + (authConfig.has('apiKey') + ? { + apiKey: authConfig.getString('apiKey'), + } + : { + username: authConfig.getString('username'), + password: authConfig.getString('password'), + }); return new Client({ node: config.getString('node'), - auth: config.get('auth'), + auth, }); }