paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

feat: add ssl requestUnauthorized config value

Browse Source 
Signed-off-by: Sam Robson <srobson@gocardless.com>
This commit is contained in:
Sam Robson
2021-09-10 11:29:04 +01:00
parent 9ad1fd628d
commit f0c2c81676
3 changed files with 120 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/rotten-pears-live.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-search-backend-module-elasticsearch': patch
---
Added rejectUnauthorized config option
plugins/search-backend-module-elasticsearch/config.d.ts
Vendored
+88 -75
View File
@@ -20,90 +20,103 @@ export interface Config {
/**
* Options for ElasticSearch
*/
elasticsearch?:
| // elastic = Elastic.co ElasticSearch provider
{
provider: 'elastic';
elasticsearch?: {
/** Miscellaneous options for the client */
clientOptions?: {
ssl?: {
/**
* Elastic.co CloudID
* See: https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/client-connecting.html#authentication
* If true the server will reject any connection which is not
* authorized with the list of supplied CAs.
* @default true
*/
cloudId: string;
auth: {
username: string;
rejectUnauthorized?: boolean;
};
} & (
| {
// elastic = Elastic.co ElasticSearch provider
provider: 'elastic';
/**
* @visibility secret
* Elastic.co CloudID
* See: https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/client-connecting.html#authentication
*/
password: string;
};
}
cloudId: string;
/**
* AWS = Amazon Elasticsearch Service provider
*
* Authentication is handled using the default AWS credentials provider chain
*/
| {
provider: 'aws';
auth: {
username: string;
/**
* Node configuration.
* URL AWS ES endpoint to connect to.
* Eg. https://my-es-cluster.eu-west-1.es.amazonaws.com
*/
node: string;
}
/**
* @visibility secret
*/
password: string;
};
}
/**
* Standard ElasticSearch
*
* Includes self-hosted clusters and others that provide direct connection via an endpoint
* and authentication method (see possible authentication options below)
*/
| {
/**
* Node configuration.
* URL/URLS to ElasticSearch node to connect to.
* Either direct URL like 'https://localhost:9200' or with credentials like 'https://username:password@localhost:9200'
*/
node: string | string[];
/**
* Authentication credentials for ElasticSearch
* If both ApiKey/Bearer token and username+password is provided, tokens take precedence
*/
auth?:
| {
username: string;
/**
* @visibility secret
*/
password: string;
}
| {
/**
* Base64 Encoded API key to be used to connect to the cluster.
* See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html
*
* @visibility secret
*/
apiKey: string;
};
/* TODO(kuangp): unsupported until @elastic/elasticsearch@7.14 is released
/**
* AWS = Amazon Elasticsearch Service provider
*
* Authentication is handled using the default AWS credentials provider chain
*/
| {
provider: 'aws';
/**
* Bearer authentication token to connect to the cluster.
* See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html
*
* @visibility secret
*
bearer: string;
};*/
};
/**
* Node configuration.
* URL AWS ES endpoint to connect to.
* Eg. https://my-es-cluster.eu-west-1.es.amazonaws.com
*/
node: string;
}
/**
* Standard ElasticSearch
*
* Includes self-hosted clusters and others that provide direct connection via an endpoint
* and authentication method (see possible authentication options below)
*/
| {
/**
* Node configuration.
* URL/URLS to ElasticSearch node to connect to.
* Either direct URL like 'https://localhost:9200' or with credentials like 'https://username:password@localhost:9200'
*/
node: string | string[];
/**
* Authentication credentials for ElasticSearch
* If both ApiKey/Bearer token and username+password is provided, tokens take precedence
*/
auth?:
| {
username: string;
/**
* @visibility secret
*/
password: string;
}
| {
/**
* Base64 Encoded API key to be used to connect to the cluster.
* See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html
*
* @visibility secret
*/
apiKey: string;
};
/* TODO(kuangp): unsupported until @elastic/elasticsearch@7.14 is released
| {
/**
* Bearer authentication token to connect to the cluster.
* See: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html
*
* @visibility secret
*
bearer: string;
};*/
}
);
};
};
}
plugins/search-backend-module-elasticsearch/src/engines/ElasticSearchSearchEngine.ts
+27
View File
@@ -97,6 +97,9 @@ export class ElasticSearchSearchEngine implements SearchEngine {
throw new Error('No elastic search config found');
}
const clientOptionsConfig = config.getOptionalConfig('clientOptions');
const sslConfig = clientOptionsConfig?.getOptionalConfig('ssl');
if (config.getOptionalString('provider') === 'elastic') {
logger.info('Initializing Elastic.co ElasticSearch search engine.');
const authConfig = config.getConfig('auth');
@@ -108,6 +111,14 @@ export class ElasticSearchSearchEngine implements SearchEngine {
username: authConfig.getString('username'),
password: authConfig.getString('password'),
},
...(sslConfig
? {
ssl: {
rejectUnauthorized:
sslConfig?.getOptionalBoolean('rejectUnauthorized'),
},
}
: {}),
});
}
if (config.getOptionalString('provider') === 'aws') {
@@ -117,6 +128,14 @@ export class ElasticSearchSearchEngine implements SearchEngine {
return new Client({
node: config.getString('node'),
...AWSConnection,
...(sslConfig
? {
ssl: {
rejectUnauthorized:
sslConfig?.getOptionalBoolean('rejectUnauthorized'),
},
}
: {}),
});
}
logger.info('Initializing ElasticSearch search engine.');
@@ -134,6 +153,14 @@ export class ElasticSearchSearchEngine implements SearchEngine {
return new Client({
node: config.getString('node'),
auth,
...(sslConfig
? {
ssl: {
rejectUnauthorized:
sslConfig?.getOptionalBoolean('rejectUnauthorized'),
},
}
: {}),
});
}