Skip to content

Commit

Permalink
#53 Add support of SearchGuard
Browse files Browse the repository at this point in the history
  • Loading branch information
To-om committed Jun 11, 2018
1 parent c64f2f6 commit 740d2c5
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 13 deletions.
67 changes: 58 additions & 9 deletions app/org/elastic4play/database/DBConfiguration.scala
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package org.elastic4play.database

import javax.inject.{ Inject, Named, Singleton }

import scala.concurrent.duration.DurationInt
import scala.concurrent.{ ExecutionContext, Future, Promise }

Expand Down Expand Up @@ -31,6 +30,8 @@ import org.elasticsearch.action.admin.indices.create.CreateIndexResponse
import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsResponse
import org.elasticsearch.action.delete.DeleteResponse
import org.elasticsearch.common.settings.Settings
import com.floragunn.searchguard.ssl.SearchGuardSSLPlugin
import com.floragunn.searchguard.ssl.util.SSLConfigConstants

import org.elastic4play.Timed

Expand All @@ -46,6 +47,12 @@ class DBConfiguration(
baseIndexName: String,
xpackUsername: Option[String],
xpackPassword: Option[String],
sgKeystorePath: Option[String],
sgTruststorePath: Option[String],
sgKeystorePassword: Option[String],
sgTruststorePassword: Option[String],
sgHostVerification: Boolean,
sgHostVerificationResolveHostname: Boolean,
lifecycle: ApplicationLifecycle,
val version: Int,
implicit val ec: ExecutionContext,
Expand All @@ -63,6 +70,12 @@ class DBConfiguration(
configuration.get[String]("search.index"),
configuration.getOptional[String]("search.username"),
configuration.getOptional[String]("search.password"),
configuration.getOptional[String]("search.guard.keyStore.path"),
configuration.getOptional[String]("search.guard.trustStore.path"),
configuration.getOptional[String]("search.guard.keyStore.password"),
configuration.getOptional[String]("search.guard.trustStore.password"),
configuration.getOptional[Boolean]("search.guard.hostVerification").getOrElse(false),
configuration.getOptional[Boolean]("search.guard.hostVerificationResolveHostname").getOrElse(false),
lifecycle,
version,
ec,
Expand All @@ -71,20 +84,41 @@ class DBConfiguration(

private[DBConfiguration] lazy val logger = Logger(getClass)

private def connect(): TcpClient = {
val uri = ElasticsearchClientUri(s"elasticsearch://${searchHost.mkString(",")}")
val settings = Settings.builder()
settings.put("cluster.name", searchCluster)

val xpackClient = for {
private def xpackConnect(uri: ElasticsearchClientUri, settings: Settings.Builder): Option[TcpClient] = {
for {
username xpackUsername
if username.nonEmpty
password xpackPassword
if password.nonEmpty
_ = settings.put("xpack.security.user", s"$username:$password")
} yield XPackElasticClient(settings.build(), uri)
}

private def sgConnect(uri: ElasticsearchClientUri, settings: Settings.Builder): Option[TcpClient] = {
for {
keystorePath sgKeystorePath
truststorePath sgTruststorePath
keystorePassword sgKeystorePassword
truststorePassword sgTruststorePassword
} yield {
settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, keystorePath)
settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, truststorePath)
settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, keystorePassword)
settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, truststorePassword)
settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION, sgHostVerification)
settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME, sgHostVerificationResolveHostname)
TcpClient.transport(settings.build(), uri, classOf[SearchGuardSSLPlugin])
}
}

private def connect(): TcpClient = {
val uri = ElasticsearchClientUri(s"elasticsearch://${searchHost.mkString(",")}")
val settings = Settings.builder()
settings.put("cluster.name", searchCluster)

xpackClient.getOrElse(TcpClient.transport(settings.build(), uri))
xpackConnect(uri, settings)
.orElse(sgConnect(uri, settings))
.getOrElse(TcpClient.transport(settings.build(), uri))
}

/**
Expand Down Expand Up @@ -155,5 +189,20 @@ class DBConfiguration(
/**
* return a new instance of DBConfiguration that points to the previous version of the index schema
*/
def previousVersion: DBConfiguration = new DBConfiguration(searchHost, searchCluster, baseIndexName, xpackUsername, xpackPassword, lifecycle, version - 1, ec, actorSystem)
def previousVersion: DBConfiguration = new DBConfiguration(
searchHost,
searchCluster,
baseIndexName,
xpackUsername,
xpackPassword,
sgKeystorePath,
sgTruststorePath,
sgKeystorePassword,
sgTruststorePassword,
sgHostVerification,
sgHostVerificationResolveHostname,
lifecycle,
version - 1,
ec,
actorSystem)
}
9 changes: 5 additions & 4 deletions build.sbt
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,14 @@ resolvers += "elasticsearch-releases" at "https://artifacts.elastic.co/maven"

libraryDependencies ++= Seq(
cacheApi,
"com.sksamuel.elastic4s" %% "elastic4s-core" % "5.6.0",
"com.sksamuel.elastic4s" %% "elastic4s-streams" % "5.6.0",
"com.sksamuel.elastic4s" %% "elastic4s-tcp" % "5.6.0",
"com.sksamuel.elastic4s" %% "elastic4s-xpack-security" % "5.6.0",
"com.sksamuel.elastic4s" %% "elastic4s-core" % "5.6.6",
"com.sksamuel.elastic4s" %% "elastic4s-streams" % "5.6.6",
"com.sksamuel.elastic4s" %% "elastic4s-tcp" % "5.6.6",
"com.sksamuel.elastic4s" %% "elastic4s-xpack-security" % "5.6.6",
"com.typesafe.akka" %% "akka-stream-testkit" % "2.5.6" % Test,
"org.scalactic" %% "scalactic" % "3.0.4",
"org.bouncycastle" % "bcprov-jdk15on" % "1.58",
"com.floragunn" % "search-guard-ssl" % "5.6.9-23",
specs2 % Test
)

Expand Down

0 comments on commit 740d2c5

Please sign in to comment.