From 004edc5fcd9fca64ff1d259b043ebc0b026296b7 Mon Sep 17 00:00:00 2001 From: Pavol Loffay Date: Wed, 27 Feb 2019 15:16:46 +0100 Subject: [PATCH 1/2] Allow to use TLS with ES basic auth Signed-off-by: Pavol Loffay --- pkg/es/config/config.go | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/pkg/es/config/config.go b/pkg/es/config/config.go index 29f646fae72..ecf0216603a 100644 --- a/pkg/es/config/config.go +++ b/pkg/es/config/config.go @@ -256,25 +256,26 @@ func (c *Configuration) getConfigOptions() ([]elastic.ClientOptionFunc, error) { TLSClientConfig: ctlsConfig, } } else { + httpTransport := &http.Transport{} + if c.TLS.CaPath != "" { + ctls := &TLSConfig{CaPath: c.TLS.CaPath} + ca, err := ctls.loadCertificate() + if err != nil { + return nil, err + } + httpTransport.TLSClientConfig = &tls.Config{RootCAs: ca} + } if c.TokenFilePath != "" { token, err := loadToken(c.TokenFilePath) if err != nil { return nil, err } - wrapped := &http.Transport{} - if c.TLS.CaPath != "" { - ctls := &TLSConfig{CaPath: c.TLS.CaPath} - ca, err := ctls.loadCertificate() - if err != nil { - return nil, err - } - wrapped.TLSClientConfig = &tls.Config{RootCAs: ca} - } httpClient.Transport = &tokenAuthTransport{ token: token, - wrapped: wrapped, + wrapped: httpTransport, } } else { + httpClient.Transport = httpTransport options = append(options, elastic.SetBasicAuth(c.Username, c.Password)) } } From 4bc92beed5650f2ee9ae04023e02d87af32a7569 Mon Sep 17 00:00:00 2001 From: Pavol Loffay Date: Thu, 28 Feb 2019 10:49:21 +0100 Subject: [PATCH 2/2] Change flag messages Signed-off-by: Pavol Loffay --- plugin/storage/es/options.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin/storage/es/options.go b/plugin/storage/es/options.go index 9a1fa265066..3256faec3dd 100644 --- a/plugin/storage/es/options.go +++ b/plugin/storage/es/options.go @@ -117,7 +117,7 @@ func addFlags(flagSet *flag.FlagSet, nsConfig *namespaceConfig) { flagSet.String( nsConfig.namespace+suffixUsername, nsConfig.Username, - "The username required by ElasticSearch") + "The username required by ElasticSearch. The basic authentication also loads CA if it is specified.") flagSet.String( nsConfig.namespace+suffixPassword, nsConfig.Password, @@ -125,7 +125,7 @@ func addFlags(flagSet *flag.FlagSet, nsConfig *namespaceConfig) { flagSet.String( nsConfig.namespace+suffixTokenPath, nsConfig.TokenFilePath, - "Path to a file containing bearer token. This flag also uses CA if it is specified") + "Path to a file containing bearer token. This flag also loads CA if it is specified.") flagSet.Bool( nsConfig.namespace+suffixSniffer, nsConfig.Sniffer, @@ -173,7 +173,7 @@ func addFlags(flagSet *flag.FlagSet, nsConfig *namespaceConfig) { flagSet.Bool( nsConfig.namespace+suffixTLS, nsConfig.TLS.Enabled, - "Enable TLS") + "Enable TLS with client certificates.") flagSet.String( nsConfig.namespace+suffixCert, nsConfig.TLS.CertPath,