[esArchiver] support kibana and es ssl from cli (#85073)

Co-authored-by: spalger <spalger@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
elastic · Dec 7, 2020 · a7c5b49 · a7c5b49
1 parent 81a340e
commit a7c5b49
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 29 deletions.
diff --git a/packages/kbn-es-archiver/src/cli.ts b/packages/kbn-es-archiver/src/cli.ts
@@ -26,8 +26,9 @@
 import Path from 'path';
 import Url from 'url';
 import readline from 'readline';
+import Fs from 'fs';
 
-import { RunWithCommands, createFlagError } from '@kbn/dev-utils';
+import { RunWithCommands, createFlagError, KbnClient, CA_CERT_PATH } from '@kbn/dev-utils';
 import { readConfigFile } from '@kbn/test';
 import legacyElasticsearch from 'elasticsearch';
 
@@ -40,13 +41,15 @@ export function runCli() {
   new RunWithCommands({
     description: 'CLI to manage archiving/restoring data in elasticsearch',
     globalFlags: {
-      string: ['es-url', 'kibana-url', 'dir', 'config'],
+      string: ['es-url', 'kibana-url', 'dir', 'config', 'es-ca', 'kibana-ca'],
       help: `
         --config           path to an FTR config file that sets --es-url, --kibana-url, and --dir
                              default: ${defaultConfigPath}
         --es-url           url for Elasticsearch, prefer the --config flag
         --kibana-url       url for Kibana, prefer the --config flag
         --dir              where arechives are stored, prefer the --config flag
+        --kibana-ca        if Kibana url points to https://localhost we default to the CA from @kbn/dev-utils, customize the CA with this flag
+        --es-ca            if Elasticsearch url points to https://localhost we default to the CA from @kbn/dev-utils, customize the CA with this flag
       `,
     },
     async extendContext({ log, flags, addCleanupTask }) {
@@ -78,6 +81,40 @@ export function runCli() {
         throw createFlagError('--kibana-url or --config must be defined');
       }
 
+      const kibanaCaPath = flags['kibana-ca'];
+      if (kibanaCaPath && typeof kibanaCaPath !== 'string') {
+        throw createFlagError('--kibana-ca must be a string');
+      }
+
+      let kibanaCa;
+      if (config.get('servers.kibana.certificateAuthorities') && !kibanaCaPath) {
+        kibanaCa = config.get('servers.kibana.certificateAuthorities');
+      } else if (kibanaCaPath) {
+        kibanaCa = Fs.readFileSync(kibanaCaPath);
+      } else {
+        const { protocol, hostname } = Url.parse(kibanaUrl);
+        if (protocol === 'https:' && hostname === 'localhost') {
+          kibanaCa = Fs.readFileSync(CA_CERT_PATH);
+        }
+      }
+
+      const esCaPath = flags['es-ca'];
+      if (esCaPath && typeof esCaPath !== 'string') {
+        throw createFlagError('--es-ca must be a string');
+      }
+
+      let esCa;
+      if (config.get('servers.elasticsearch.certificateAuthorities') && !esCaPath) {
+        esCa = config.get('servers.elasticsearch.certificateAuthorities');
+      } else if (esCaPath) {
+        esCa = Fs.readFileSync(esCaPath);
+      } else {
+        const { protocol, hostname } = Url.parse(kibanaUrl);
+        if (protocol === 'https:' && hostname === 'localhost') {
+          esCa = Fs.readFileSync(CA_CERT_PATH);
+        }
+      }
+
       let dir = flags.dir;
       if (dir && typeof dir !== 'string') {
         throw createFlagError('--dir must be a string');
@@ -91,15 +128,22 @@ export function runCli() {
 
       const client = new legacyElasticsearch.Client({
         host: esUrl,
+        ssl: esCa ? { ca: esCa } : undefined,
         log: flags.verbose ? 'trace' : [],
       });
       addCleanupTask(() => client.close());
 
+      const kbnClient = new KbnClient({
+        log,
+        url: kibanaUrl,
+        certificateAuthorities: kibanaCa ? [kibanaCa] : undefined,
+      });
+
       const esArchiver = new EsArchiver({
         log,
         client,
         dataDir: dir,
-        kibanaUrl,
+        kbnClient,
       });
 
       return {

diff --git a/packages/kbn-es-archiver/src/es_archiver.ts b/packages/kbn-es-archiver/src/es_archiver.ts
@@ -29,27 +29,24 @@ import {
   editAction,
 } from './actions';
 
+interface Options {
+  client: Client;
+  dataDir: string;
+  log: ToolingLog;
+  kbnClient: KbnClient;
+}
+
 export class EsArchiver {
   private readonly client: Client;
   private readonly dataDir: string;
   private readonly log: ToolingLog;
   private readonly kbnClient: KbnClient;
 
-  constructor({
-    client,
-    dataDir,
-    log,
-    kibanaUrl,
-  }: {
-    client: Client;
-    dataDir: string;
-    log: ToolingLog;
-    kibanaUrl: string;
-  }) {
-    this.client = client;
-    this.dataDir = dataDir;
-    this.log = log;
-    this.kbnClient = new KbnClient({ log, url: kibanaUrl });
+  constructor(options: Options) {
+    this.client = options.client;
+    this.dataDir = options.dataDir;
+    this.log = options.log;
+    this.kbnClient = options.kbnClient;
   }
 
   /**

diff --git a/test/common/services/es_archiver.ts b/test/common/services/es_archiver.ts
@@ -17,17 +17,18 @@
  * under the License.
  */
 
-import { format as formatUrl } from 'url';
 import { EsArchiver } from '@kbn/es-archiver';
 import { FtrProviderContext } from '../ftr_provider_context';
 
 // @ts-ignore not TS yet
 import * as KibanaServer from './kibana_server';
 
-export function EsArchiverProvider({ getService, hasService }: FtrProviderContext): EsArchiver {
+export function EsArchiverProvider({ getService }: FtrProviderContext): EsArchiver {
   const config = getService('config');
   const client = getService('legacyEs');
   const log = getService('log');
+  const kibanaServer = getService('kibanaServer');
+  const retry = getService('retry');
 
   if (!config.get('esArchiver')) {
     throw new Error(`esArchiver can't be used unless you specify it's config in your config file`);
@@ -39,17 +40,15 @@ export function EsArchiverProvider({ getService, hasService }: FtrProviderContex
     client,
     dataDir,
     log,
-    kibanaUrl: formatUrl(config.get('servers.kibana')),
+    kbnClient: kibanaServer,
   });
 
-  if (hasService('kibanaServer')) {
-    KibanaServer.extendEsArchiver({
-      esArchiver,
-      kibanaServer: getService('kibanaServer'),
-      retry: getService('retry'),
-      defaults: config.get('uiSettings.defaults'),
-    });
-  }
+  KibanaServer.extendEsArchiver({
+    esArchiver,
+    kibanaServer,
+    retry,
+    defaults: config.get('uiSettings.defaults'),
+  });
 
   return esArchiver;
 }