diff --git a/pkg/es/config/config.go b/pkg/es/config/config.go index c6b5be9526c..3da07659d00 100644 --- a/pkg/es/config/config.go +++ b/pkg/es/config/config.go @@ -45,7 +45,8 @@ type Configuration struct { Password string `mapstructure:"password"` TokenFilePath string `mapstructure:"token_file"` AllowTokenFromContext bool `mapstructure:"-"` - Sniffer bool `mapstructure:"sniffer"` // /~https://github.com/olivere/elastic/wiki/Sniffing + Sniffer bool `mapstructure:"sniffer"` // /~https://github.com/olivere/elastic/wiki/Sniffing + SnifferTLSEnabled bool `mapstructure:"sniffer_tls_enabled"` MaxNumSpans int `mapstructure:"-"` // defines maximum number of spans to fetch from storage per query MaxSpanAge time.Duration `yaml:"max_span_age" mapstructure:"-"` // configures the maximum lookback on span reads NumShards int64 `yaml:"shards" mapstructure:"num_shards"` @@ -212,6 +213,9 @@ func (c *Configuration) ApplyDefaults(source *Configuration) { if c.BulkFlushInterval == 0 { c.BulkFlushInterval = source.BulkFlushInterval } + if !c.SnifferTLSEnabled { + c.SnifferTLSEnabled = source.SnifferTLSEnabled + } } // GetNumShards returns number of shards from Configuration @@ -288,6 +292,9 @@ func (c *Configuration) getConfigOptions(logger *zap.Logger) ([]elastic.ClientOp // we don' have a valid token to do the check ad if we don't disable the check the service that // uses this won't start. elastic.SetHealthcheck(!c.AllowTokenFromContext)} + if c.SnifferTLSEnabled { + options = append(options, elastic.SetScheme("https")) + } httpClient := &http.Client{ Timeout: c.Timeout, } diff --git a/plugin/storage/es/options.go b/plugin/storage/es/options.go index 6d89a368d86..695abb9d167 100644 --- a/plugin/storage/es/options.go +++ b/plugin/storage/es/options.go @@ -31,6 +31,7 @@ const ( suffixUsername = ".username" suffixPassword = ".password" suffixSniffer = ".sniffer" + suffixSnifferTLSEnabled = ".sniffer-tls-enabled" suffixTokenPath = ".token-file" suffixServerURLs = ".server-urls" suffixMaxSpanAge = ".max-span-age" @@ -227,6 +228,10 @@ func addFlags(flagSet *flag.FlagSet, nsConfig *namespaceConfig) { nsConfig.namespace+suffixVersion, 0, "The major Elasticsearch version. If not specified, the value will be auto-detected from Elasticsearch.") + flagSet.Bool( + nsConfig.namespace+suffixSnifferTLSEnabled, + nsConfig.SnifferTLSEnabled, + "Option to enable TLS when sniffing an Elasticsearch Cluster ; client uses sniffing process to find all nodes automatically, disabled by default") if nsConfig.namespace == archiveNamespace { flagSet.Bool( nsConfig.namespace+suffixEnabled, @@ -249,6 +254,7 @@ func initFromViper(cfg *namespaceConfig, v *viper.Viper) { cfg.Password = v.GetString(cfg.namespace + suffixPassword) cfg.TokenFilePath = v.GetString(cfg.namespace + suffixTokenPath) cfg.Sniffer = v.GetBool(cfg.namespace + suffixSniffer) + cfg.SnifferTLSEnabled = v.GetBool(cfg.namespace + suffixSnifferTLSEnabled) cfg.Servers = strings.Split(stripWhiteSpace(v.GetString(cfg.namespace+suffixServerURLs)), ",") cfg.MaxSpanAge = v.GetDuration(cfg.namespace + suffixMaxSpanAge) cfg.MaxNumSpans = v.GetInt(cfg.namespace + suffixMaxNumSpans) diff --git a/plugin/storage/es/options_test.go b/plugin/storage/es/options_test.go index 8e71c2f266f..1157b4081da 100644 --- a/plugin/storage/es/options_test.go +++ b/plugin/storage/es/options_test.go @@ -34,6 +34,7 @@ func TestOptions(t *testing.T) { assert.Equal(t, int64(1), primary.NumReplicas) assert.Equal(t, 72*time.Hour, primary.MaxSpanAge) assert.False(t, primary.Sniffer) + assert.False(t, primary.SnifferTLSEnabled) aux := opts.Get("archive") assert.Equal(t, primary.Username, aux.Username) @@ -50,6 +51,7 @@ func TestOptionsWithFlags(t *testing.T) { "--es.password=world", "--es.token-file=/foo/bar", "--es.sniffer=true", + "--es.sniffer-tls-enabled=true", "--es.max-span-age=48h", "--es.num-shards=20", "--es.num-replicas=10", @@ -68,6 +70,7 @@ func TestOptionsWithFlags(t *testing.T) { assert.Equal(t, []string{"1.1.1.1", "2.2.2.2"}, primary.Servers) assert.Equal(t, 48*time.Hour, primary.MaxSpanAge) assert.True(t, primary.Sniffer) + assert.True(t, primary.SnifferTLSEnabled) assert.Equal(t, true, primary.TLS.Enabled) assert.Equal(t, true, primary.TLS.SkipHostVerify)