Elasticsearch secured by SearchGuard

[us3r]

first of all - thanks for really nice project 👍

In our case we are using ELK secured by SearchGuard - an open source alternative to commercial X-Pack.
There is easy way howto integrate elastic4play / thehive with SearchGuard.
Something like this is good enought:

class DBConfiguration(
    searchHost: Seq[String],
    searchCluster: String,
    baseIndexName: String,
    xpackUsername: Option[String],
    xpackPassword: Option[String],
    sgKstore: Option[String],
    sgTstore: Option[String],
    sgKpass: Option[String],
    sgTpass: Option[String],
    lifecycle: ApplicationLifecycle,
    val version: Int,
    implicit val ec: ExecutionContext,
    implicit val actorSystem: ActorSystem) {

  @Inject() def this(
      configuration: Configuration,
      lifecycle: ApplicationLifecycle,
      @Named("databaseVersion") version: Int,
      ec: ExecutionContext,
      actorSystem: ActorSystem) = {
    this(
      configuration.get[Seq[String]]("search.host"),
      configuration.get[String]("search.cluster"),
      configuration.get[String]("search.index"),
      configuration.getOptional[String]("search.username"),
      configuration.getOptional[String]("search.password"),
      configuration.getOptional[String]("search.kstore"),
      configuration.getOptional[String]("search.tstore"),
      configuration.getOptional[String]("search.kpass"),
      configuration.getOptional[String]("search.tpass"),
      lifecycle,
      version,
      ec,
      actorSystem)
  }

  private[DBConfiguration] lazy val logger = Logger(getClass)

  private def connect(): TcpClient = {
    val uri = ElasticsearchClientUri(s"elasticsearch://${searchHost.mkString(",")}")
    val settings = Settings.builder()
    settings.put("cluster.name", searchCluster)

    if (sgTstore.nonEmpty && sgKstore.nonEmpty && sgKpass.nonEmpty && sgTpass.nonEmpty) {
      settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, s"${sgKstore}")
      settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, s"${sgTstore}")
      settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, s"${sgKpass}")
      settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, s"${sgTpass}")
      settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION, false)
      settings.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME, false)
     // Probably no needed anymore - there was a bug in sg itself
      settings.put("path.home", "/")
    }

    TcpClient.transport(settings.build(), uri, classOf[SearchGuardSSLPlugin])

A full working example you can find on my fork of that project. Unfortunately as you can see I am not SCALA programmer. Can someone take a look at that and adjust my example ? I have used all necessary parameters (as as you can see some of them are hardcoded).

[To-om]

Thank you for this issue. Can you create a pull-request ?

[0xswitch]

Hey,

It will be great if this enhancement will be merged to the project, I'm also looking to use SG with The Hive. It is planned to do a PR ?

Thank you!

[To-om]

I've added the support of SearchGuard but it hasn't been fully tested.