Allow Insecure Connections for Testing

Problem/Motivation

Developers rarely have access to signed certificates on their local environment when developing/testing.

OpenDistro ships Docker images with self signed certificates to help with local development.

https://hub.docker.com/r/amazon/opendistro-for-elasticsearch

eg.

curl -XGET https://localhost:9200 -u admin:admin --insecure

This module can work with these types of setups if we allow developers to toggle on insecure connections.

Steps to reproduce

* Run the Docker image in the above example
* Configure this module to connect
* Try to index content

Proposed resolution

Add a cluster config which allows "insecure" connections.

Remaining tasks

* Add a field to the form
* Update the client manager to handle this type of connection

User interface changes

A new toggle in the cluster configuration form.

API changes

N/A

Data model changes

N/A

Issue fork elasticsearch_connector-3229732

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3229732-allow-insecure-connections changes, plain diff MR !10
Check out this branch

About issue forks

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

25 August 2021 at 04:03

nick_schuch created an issue. See original summary.

Log in or register to post comments

Comment #2

25 August 2021 at 04:09

nick_schuch opened merge request !10

Log in or register to post comments

Comment #3

nick_schuch CreditAttribution: nick_schuch commented 25 August 2021 at 04:11

Status:

Needs work

» Needs review

Pull request submitted

Log in or register to post comments

lebster’s picture

Comment #4

lebster CreditAttribution: lebster commented 3 September 2021 at 17:18

Hey, thanks, anyway I think that you don't really need special field for this, because it is easy forgot about this when you do export site configuration.

You could use hook_elasticsearch_connector_load_library_options_alter to make necessay change, like this:

function example_module_elasticsearch_connector_load_library_options_alter(&$options, &$context) {
  $site_env = \Drupal\Core\Site\Settings::get('site_env');
  if ($site_env == 'local') {
    // Skip SSL certificate verification.
    $options['curl'][CURLOPT_SSL_VERIFYPEER] = FALSE;
    $options['curl'][CURLOPT_SSL_VERIFYHOST] = FALSE;
  }
}

You could control site_env setting via settings.local.php, like:

$settings['site_env'] = 'local';

I have tested this solution with a real ElasticSearch cluster running on AWS.

Log in or register to post comments

Comment #5

nick_schuch CreditAttribution: nick_schuch commented 8 October 2021 at 00:04

Sounds great. I like the approach.

Log in or register to post comments

Comment #6

sokru CreditAttribution: sokru as a volunteer commented 8 October 2021 at 12:01

Status:

Needs review

» Needs work

I think it would be nice to add the code snippet on elasticsearch_connector.api.php on relevant hook with some description.

Log in or register to post comments