From 0d3ddbe9d02f94abcf67060940a2e86eb0aa2297 Mon Sep 17 00:00:00 2001 From: Frank Hassanabad Date: Thu, 7 May 2020 07:57:34 -0600 Subject: [PATCH] Fixes the client to setup SSL with the CA certificates for testing (#65598) ## Summary Fixes the non-legacy ES test client to work with SSL. Without this if you try to migrate `siem rules` or `alerting` or `CASE` or anything else that is using SSL based tests you get this error when trying to use the non-legacy: ```ts // pull in non-legacy service for functional tests const es = getService('es'); ``` ```ts // use it somewhere where your config.ts is utilizing SSL in a functional test // ... ``` In your console you get this error: ```ts ConnectionError: self signed certificate in certificate chain at onResponse (node_modules/@elastic/elasticsearch/lib/Transport.js:205:13) at ClientRequest.request.on.err (node_modules/@elastic/elasticsearch/lib/Connection.js:98:9) at TLSSocket.socketErrorListener (_http_client.js:401:9) at emitErrorNT (internal/streams/destroy.js:91:8) at emitErrorAndCloseNT (internal/streams/destroy.js:59:3) at process._tickCallback (internal/process/next_tick.js:63:19) ``` This fixes that by adding the CA certs from test to the ES test client. --- test/common/services/elasticsearch.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/common/services/elasticsearch.ts b/test/common/services/elasticsearch.ts index 63c4bfeeb4ce7..0436dc901292d 100644 --- a/test/common/services/elasticsearch.ts +++ b/test/common/services/elasticsearch.ts @@ -18,8 +18,9 @@ */ import { format as formatUrl } from 'url'; - +import fs from 'fs'; import { Client } from '@elastic/elasticsearch'; +import { CA_CERT_PATH } from '@kbn/dev-utils'; import { FtrProviderContext } from '../ftr_provider_context'; @@ -27,6 +28,9 @@ export function ElasticsearchProvider({ getService }: FtrProviderContext) { const config = getService('config'); return new Client({ + ssl: { + ca: fs.readFileSync(CA_CERT_PATH, 'utf-8'), + }, nodes: [formatUrl(config.get('servers.elasticsearch'))], requestTimeout: config.get('timeouts.esRequestTimeout'), });