From 682354f9e4e51fcff820435d33cd90dcd5279113 Mon Sep 17 00:00:00 2001
From: spalger <email@spalger.com>
Date: Fri, 30 Oct 2015 12:26:31 -0500
Subject: [PATCH] [elasticsearch] allow defining multiple ca certs

In the event that a user needs to configure multiple files for a CA chain the configuration
will now accept either a single string or array for `elasticsearch.ssl.ca` and then convert
that value to always be an array.
---
 src/plugins/elasticsearch/index.js             | 2 +-
 src/plugins/elasticsearch/lib/create_agent.js  | 8 ++++----
 src/plugins/elasticsearch/lib/expose_client.js | 8 ++++----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/plugins/elasticsearch/index.js b/src/plugins/elasticsearch/index.js
index e33ec17d814d..ba917218677c 100644
--- a/src/plugins/elasticsearch/index.js
+++ b/src/plugins/elasticsearch/index.js
@@ -19,7 +19,7 @@ module.exports = function (kibana) {
         startupTimeout: Joi.number().default(5000),
         ssl: Joi.object({
           verify: Joi.boolean().default(true),
-          ca: Joi.string(),
+          ca: Joi.array().single().items(Joi.string()),
           cert: Joi.string(),
           key: Joi.string()
         }).default(),
diff --git a/src/plugins/elasticsearch/lib/create_agent.js b/src/plugins/elasticsearch/lib/create_agent.js
index a19af9db446c..5fd7afc56be2 100644
--- a/src/plugins/elasticsearch/lib/create_agent.js
+++ b/src/plugins/elasticsearch/lib/create_agent.js
@@ -1,6 +1,6 @@
 var url = require('url');
 var _ = require('lodash');
-var readFile = _.partialRight(require('fs').readFileSync, 'utf8');
+var readFile = (file) => require('fs').readFileSync(file, 'utf8');
 var http = require('http');
 var https = require('https');
 
@@ -14,8 +14,8 @@ module.exports = _.memoize(function (server) {
     rejectUnauthorized: config.get('elasticsearch.ssl.verify')
   };
 
-  if (config.get('elasticsearch.ssl.ca')) {
-    agentOptions.ca = [readFile(config.get('elasticsearch.ssl.ca'))];
+  if (_.size(config.get('elasticsearch.ssl.ca'))) {
+    agentOptions.ca = config.get('elasticsearch.ssl.ca').map(readFile);
   }
 
   // Add client certificate and key if required by elasticsearch
@@ -29,4 +29,4 @@ module.exports = _.memoize(function (server) {
 
 // See https://lodash.com/docs#memoize: We use a Map() instead of the default, because we want the keys in the cache
 // to be the server objects, and by default these would be coerced to strings as keys (which wouldn't be useful)
-module.exports.cache = new Map();
\ No newline at end of file
+module.exports.cache = new Map();
diff --git a/src/plugins/elasticsearch/lib/expose_client.js b/src/plugins/elasticsearch/lib/expose_client.js
index c5b683ea19f7..8a3d8fba8cd5 100644
--- a/src/plugins/elasticsearch/lib/expose_client.js
+++ b/src/plugins/elasticsearch/lib/expose_client.js
@@ -1,6 +1,6 @@
 var elasticsearch = require('elasticsearch');
 var _ = require('lodash');
-var fs = require('fs');
+var readFile = (file) => require('fs').readFileSync(file, 'utf8');
 var util = require('util');
 var url = require('url');
 var callWithRequest = require('./call_with_request');
@@ -31,11 +31,11 @@ module.exports = function (server) {
 
     var ssl = { rejectUnauthorized: options.verifySsl };
     if (options.clientCrt && options.clientKey) {
-      ssl.cert = fs.readFileSync(options.clientCrt, 'utf8');
-      ssl.key = fs.readFileSync(options.clientKey, 'utf8');
+      ssl.cert = readFile(options.clientCrt);
+      ssl.key = readFile(options.clientKey);
     }
     if (options.ca) {
-      ssl.ca = fs.readFileSync(options.ca, 'utf8');
+      ssl.ca = options.ca.map(readFile);
     }
 
     return new elasticsearch.Client({