Connect to Elasticsearch via SSL when starting kibana with --ssl (#…

…42840) * Initial work * Add check for elasticsearch.hosts * Make --ssl apply default config values only * Move @kbn/dev-utils to devDependencies * Check elasticsearch url for localhost * Cleanup * elasticsearch.hosts can be string too
elastic · Aug 8, 2019 · 6d4191c · 6d4191c
1 parent cb0cabf
commit 6d4191c
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/package.json b/package.json
@@ -267,6 +267,7 @@
     "@elastic/eslint-config-kibana": "0.15.0",
     "@elastic/github-checks-reporter": "0.0.20b3",
     "@elastic/makelogs": "^4.4.0",
+    "@kbn/dev-utils": "1.0.0",
     "@kbn/es": "1.0.0",
     "@kbn/eslint-import-resolver-kibana": "2.0.0",
     "@kbn/eslint-plugin-eslint": "1.0.0",

diff --git a/src/cli/serve/serve.js b/src/cli/serve/serve.js
@@ -20,6 +20,7 @@
 import _ from 'lodash';
 import { statSync } from 'fs';
 import { resolve } from 'path';
+import url from 'url';
 
 import { fromRoot, IS_KIBANA_DISTRIBUTABLE } from '../../legacy/utils';
 import { getConfig } from '../../legacy/server/path';
@@ -87,12 +88,37 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) {
     }
 
     if (opts.ssl) {
-      set('server.ssl.enabled', true);
-    }
+      // @kbn/dev-utils is part of devDependencies
+      const { CA_CERT_PATH } = require('@kbn/dev-utils');
+      const customElasticsearchHosts = opts.elasticsearch
+        ? opts.elasticsearch.split(',')
+        : [].concat(get('elasticsearch.hosts') || []);
+
+      function ensureNotDefined(path) {
+        if (has(path)) {
+          throw new Error(`Can't use --ssl when "${path}" configuration is already defined.`);
+        }
+      }
+      ensureNotDefined('server.ssl.certificate');
+      ensureNotDefined('server.ssl.key');
+      ensureNotDefined('elasticsearch.ssl.certificateAuthorities');
+
+      const elasticsearchHosts = (
+        (customElasticsearchHosts.length > 0 && customElasticsearchHosts) ||
+        ['https://localhost:9200']
+      ).map(hostUrl => {
+        const parsedUrl = url.parse(hostUrl);
+        if (parsedUrl.hostname !== 'localhost') {
+          throw new Error(`Hostname "${parsedUrl.hostname}" can't be used with --ssl. Must be "localhost" to work with certificates.`);
+        }
+        return `https://localhost:${parsedUrl.port}`;
+      });
 
-    if (opts.ssl && !has('server.ssl.certificate') && !has('server.ssl.key')) {
+      set('server.ssl.enabled', true);
       set('server.ssl.certificate', DEV_SSL_CERT_PATH);
       set('server.ssl.key', DEV_SSL_KEY_PATH);
+      set('elasticsearch.hosts', elasticsearchHosts);
+      set('elasticsearch.ssl.certificateAuthorities', CA_CERT_PATH);
     }
   }