Merge pull request #5246 from spalger/implement/multipleCas
[elasticsearch] allow defining multiple ca certs
This commit is contained in:
commit
89ae862af8
|
@ -19,7 +19,7 @@ module.exports = function (kibana) {
|
|||
startupTimeout: Joi.number().default(5000),
|
||||
ssl: Joi.object({
|
||||
verify: Joi.boolean().default(true),
|
||||
ca: Joi.string(),
|
||||
ca: Joi.array().single().items(Joi.string()),
|
||||
cert: Joi.string(),
|
||||
key: Joi.string()
|
||||
}).default(),
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
var url = require('url');
|
||||
var _ = require('lodash');
|
||||
var readFile = _.partialRight(require('fs').readFileSync, 'utf8');
|
||||
var readFile = (file) => require('fs').readFileSync(file, 'utf8');
|
||||
var http = require('http');
|
||||
var https = require('https');
|
||||
|
||||
|
@ -14,8 +14,8 @@ module.exports = _.memoize(function (server) {
|
|||
rejectUnauthorized: config.get('elasticsearch.ssl.verify')
|
||||
};
|
||||
|
||||
if (config.get('elasticsearch.ssl.ca')) {
|
||||
agentOptions.ca = [readFile(config.get('elasticsearch.ssl.ca'))];
|
||||
if (_.size(config.get('elasticsearch.ssl.ca'))) {
|
||||
agentOptions.ca = config.get('elasticsearch.ssl.ca').map(readFile);
|
||||
}
|
||||
|
||||
// Add client certificate and key if required by elasticsearch
|
||||
|
@ -29,4 +29,4 @@ module.exports = _.memoize(function (server) {
|
|||
|
||||
// See https://lodash.com/docs#memoize: We use a Map() instead of the default, because we want the keys in the cache
|
||||
// to be the server objects, and by default these would be coerced to strings as keys (which wouldn't be useful)
|
||||
module.exports.cache = new Map();
|
||||
module.exports.cache = new Map();
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
var elasticsearch = require('elasticsearch');
|
||||
var _ = require('lodash');
|
||||
var fs = require('fs');
|
||||
var readFile = (file) => require('fs').readFileSync(file, 'utf8');
|
||||
var util = require('util');
|
||||
var url = require('url');
|
||||
var callWithRequest = require('./call_with_request');
|
||||
|
@ -31,11 +31,11 @@ module.exports = function (server) {
|
|||
|
||||
var ssl = { rejectUnauthorized: options.verifySsl };
|
||||
if (options.clientCrt && options.clientKey) {
|
||||
ssl.cert = fs.readFileSync(options.clientCrt, 'utf8');
|
||||
ssl.key = fs.readFileSync(options.clientKey, 'utf8');
|
||||
ssl.cert = readFile(options.clientCrt);
|
||||
ssl.key = readFile(options.clientKey);
|
||||
}
|
||||
if (options.ca) {
|
||||
ssl.ca = fs.readFileSync(options.ca, 'utf8');
|
||||
ssl.ca = options.ca.map(readFile);
|
||||
}
|
||||
|
||||
return new elasticsearch.Client({
|
||||
|
|
Loading…
Reference in a new issue