[Branding] allow for SSL setup failures (opensearch-project#1414) (op…

…ensearch-project#1417) Setup HTTP Agent in the render portion when it did not need to be it just needed a one time setup for the life time of the server. Also if this fails to read the keys then it would fail. But it's only used for custom branding. We shouldn't failed for custom branding just rely on default branding. Issue Resolved: https://discuss.opendistrocommunity.dev/t/is-opensearch-dashboard-server-certificate-and-key-required-to-be-reloaded-everytime-when-gui-is-accessed/9069/13 Signed-off-by: Kawika Avilla <[email protected]> (cherry picked from commit 0bd14bd) Co-authored-by: Kawika Avilla <[email protected]>
tmarkley · Apr 1, 2022 · 7195123 · 7195123
1 parent f54ed1c
commit 7195123
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/src/core/server/rendering/rendering_service.tsx b/src/core/server/rendering/rendering_service.tsx
@@ -75,6 +75,8 @@ export class RenderingService {
       this.coreContext.configService.atPath<HttpConfigType>('server').pipe(first()).toPromise(),
     ]);
 
+    this.setupHttpAgent(serverConfig as HttpConfigType);
+
     return {
       render: async (
         request,
@@ -96,8 +98,6 @@ export class RenderingService {
           ? Boolean(settings.user['theme:darkMode'].userValue)
           : false;
 
-        this.setupHttpAgent(serverConfig as HttpConfigType);
-
         const brandingAssignment = await this.assignBrandingConfig(
           darkMode,
           opensearchDashboardsConfig as OpenSearchDashboardsConfigType
@@ -169,7 +169,8 @@ export class RenderingService {
    * @param {Readonly<HttpConfigType>} httpConfig
    */
   private setupHttpAgent(httpConfig: Readonly<HttpConfigType>) {
-    if (httpConfig.ssl?.enabled) {
+    if (!httpConfig.ssl?.enabled) return;
+    try {
       const sslConfig = new SslConfig(httpConfig.ssl);
       this.httpsAgent = new HttpsAgent({
         ca: sslConfig.certificateAuthorities,
@@ -178,6 +179,8 @@ export class RenderingService {
         passphrase: sslConfig.keyPassphrase,
         rejectUnauthorized: false,
       });
+    } catch (e) {
+      this.logger.get('branding').error('HTTP agent failed to setup for SSL.');
     }
   }