Merge pull request #48 from DarioBalinzo/feature/44/add-elastic-ssl-config

Feature/44/add elastic ssl config

Author: DarioBalinzo

README.md

@@ -131,6 +131,33 @@ to avoid data losses when paginating (available starting from versions >= 1.4).
 * Type: any
 * Importance: low
 
+
+``es.tls.truststore.location``
+Elastic ssl truststore location
+
+* Type: string
+* Importance: medium
+
+``es.tls.truststore.password``
+Elastic ssl truststore password
+
+* Type: string
+* Default: ""
+* Importance: medium
+
+``es.tls.keystore.location``
+Elasticsearch keystore location
+
+* Type: string
+* Importance: medium
+
+``es.tls.keystore.password``
+Elasticsearch keystore password
+
+* Type: string
+* Default: ""
+* Importance: medium
+
 ``connection.attempts``
 Maximum number of attempts to retrieve a valid Elasticsearch connection.
 

doc/README.md

@@ -124,13 +124,40 @@ The name of the strictly incrementing field to use to detect new records.
 * Importance: high
 
 ``incrementing.secondary.field.name``
-In case the main incrementing field may have duplicates,
-this secondary field is used as a secondary sort field in order
+In case the main incrementing field may have duplicates, 
+this secondary field is used as a secondary sort field in order 
 to avoid data losses when paginating (available starting from versions >= 1.4).
 
 * Type: any
 * Importance: low
 
+
+``es.tls.truststore.location``
+Elastic ssl truststore location
+
+* Type: string
+* Importance: medium
+
+``es.tls.truststore.password``
+Elastic ssl truststore password
+
+* Type: string
+* Default: ""
+* Importance: medium
+
+``es.tls.keystore.location``
+Elasticsearch keystore location
+
+* Type: string
+* Importance: medium
+
+``es.tls.keystore.password``
+Elasticsearch keystore password
+
+* Type: string
+* Default: ""
+* Importance: medium
+
 ``connection.attempts``
 Maximum number of attempts to retrieve a valid Elasticsearch connection.
 
@@ -152,6 +179,13 @@ Indices prefix to include in copying.
 * Default: ""
 * Importance: medium
 
+``index.names``
+List of elasticsearch indices: `es1,es2,es3`
+
+* Type: string
+* Default: null
+* Importance: medium
+
 ### Connector Configuration
 
 ``poll.interval.ms``
@@ -183,6 +217,15 @@ nested fields. To provide multiple fields use `;` as separator
 * Importance: medium
 * Default: null
 
+``filters.blacklist``
+Blacklist filter for extracting a subset of fields from elastic-search json documents. The blacklist filter supports
+nested fields. To provide multiple fields use `;` as separator
+(e.g. `customer;order.qty;order.price`).
+
+* Type: string
+* Importance: medium
+* Default: null
+
 ``filters.json_cast``
 This filter casts nested fields to json string, avoiding parsing recursively as kafka connect-schema. The json-cast
 filter supports nested fields. To provide multiple fields use `;` as separator

src/main/java/com/github/dariobalinzo/ElasticSourceConnector.java

@@ -74,13 +74,27 @@ public void start(Map<String, String> props) {
                 .withMaxAttempts(maxConnectionAttempts)
                 .withBackoff(connectionRetryBackoff);
 
+        String truststore = config.getString(ElasticSourceConnectorConfig.ES_TRUSTSTORE_CONF);
+        String truststorePass = config.getString(ElasticSourceConnectorConfig.ES_TRUSTSTORE_PWD_CONF);
+        String keystore = config.getString(ElasticSourceConnectorConfig.ES_KEYSTORE_CONF);
+        String keystorePass = config.getString(ElasticSourceConnectorConfig.ES_KEYSTORE_PWD_CONF);
+
+        if (truststore != null) {
+            connectionBuilder.withTrustStore(truststore, truststorePass);
+        }
+
+        if (keystore != null) {
+            connectionBuilder.withKeyStore(keystore, keystorePass);
+        }
+
         if (esUser == null || esUser.isEmpty()) {
             elasticConnection = connectionBuilder.build();
         } else {
             elasticConnection = connectionBuilder.withUser(esUser)
                     .withPassword(esPwd)
                     .build();
         }
+
         elasticRepository = new ElasticRepository(elasticConnection);
     }
 

src/main/java/com/github/dariobalinzo/ElasticSourceConnectorConfig.java

@@ -50,6 +50,18 @@ public class ElasticSourceConnectorConfig extends AbstractConfig {
     private final static String ES_PWD_DOC = "Elasticsearch password";
     private final static String ES_PWD_DISPLAY = "Elasticsearch password";
 
+    public final static String ES_KEYSTORE_CONF = "es.tls.keystore.location";
+    private final static String ES_KEYSTORE_DOC = "Elasticsearch keystore location";
+
+    public final static String ES_KEYSTORE_PWD_CONF = "es.tls.keystore.password";
+    private final static String ES_KEYSTORE_PWD_DOC = "Elasticsearch keystore password";
+
+    public final static String ES_TRUSTSTORE_CONF = "es.tls.truststore.location";
+    private final static String ES_TRUSTSTORE_DOC = "Elasticsearch truststore location";
+
+    public final static String ES_TRUSTSTORE_PWD_CONF = "es.tls.truststore.password";
+    private final static String ES_TRUSTSTORE_PWD_DOC = "Elasticsearch truststore password";
+
     public static final String CONNECTION_ATTEMPTS_CONFIG = "connection.attempts";
     private static final String CONNECTION_ATTEMPTS_DOC
             = "Maximum number of attempts to retrieve a valid Elasticsearch connection.";
@@ -200,6 +212,46 @@ private static void addDatabaseOptions(ConfigDef config) {
                 ++orderInGroup,
                 Width.SHORT,
                 ES_PWD_DISPLAY
+        ).define(
+                ES_KEYSTORE_CONF,
+                Type.STRING,
+                null,
+                Importance.MEDIUM,
+                ES_KEYSTORE_DOC,
+                DATABASE_GROUP,
+                ++orderInGroup,
+                Width.SHORT,
+                ES_KEYSTORE_DOC
+        ).define(
+                ES_KEYSTORE_PWD_CONF,
+                Type.STRING,
+                "",
+                Importance.MEDIUM,
+                ES_KEYSTORE_PWD_DOC,
+                DATABASE_GROUP,
+                ++orderInGroup,
+                Width.SHORT,
+                ES_KEYSTORE_PWD_DOC
+        ).define(
+                ES_TRUSTSTORE_CONF,
+                Type.STRING,
+                null,
+                Importance.MEDIUM,
+                ES_TRUSTSTORE_DOC,
+                DATABASE_GROUP,
+                ++orderInGroup,
+                Width.SHORT,
+                ES_TRUSTSTORE_DOC
+        ).define(
+                ES_TRUSTSTORE_PWD_CONF,
+                Type.STRING,
+                "",
+                Importance.MEDIUM,
+                ES_TRUSTSTORE_PWD_DOC,
+                DATABASE_GROUP,
+                ++orderInGroup,
+                Width.SHORT,
+                ES_TRUSTSTORE_PWD_DOC
         ).define(
                 CONNECTION_ATTEMPTS_CONFIG,
                 Type.STRING,

src/main/java/com/github/dariobalinzo/elastic/ElasticConnection.java

@@ -21,61 +21,114 @@
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.CredentialsProvider;
 import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
 import org.elasticsearch.client.RestClient;
 import org.elasticsearch.client.RestHighLevelClient;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.SSLContext;
 import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.KeyStore;
 import java.util.Arrays;
+import java.util.Objects;
 
 public class ElasticConnection {
     public final static Logger logger = LoggerFactory.getLogger(ElasticConnection.class);
 
     private RestHighLevelClient client;
     private final long connectionRetryBackoff;
     private final int maxConnectionAttempts;
+    private final String hosts;
+    private final String protocol;
+    private final int port;
+    private final SSLContext sslContext;
+    private final CredentialsProvider credentialsProvider;
 
     ElasticConnection(ElasticConnectionBuilder builder) {
-        String hosts = builder.hosts;
+        hosts = builder.hosts;
+        protocol = builder.protocol;
+        port = builder.port;
+
         String user = builder.user;
         String pwd = builder.pwd;
-        String protocol = builder.protocol;
-        int port = builder.port;
-
-        if (user == null) {
-            createConnectionWithNoAuth(hosts, protocol, port);
+        if (user != null) {
+            credentialsProvider = new BasicCredentialsProvider();
+            credentialsProvider.setCredentials(AuthScope.ANY,
+                    new UsernamePasswordCredentials(user, pwd));
         } else {
-            createConnectionUsingAuth(hosts, protocol, port, user, pwd);
+            credentialsProvider = null;
         }
 
+        sslContext = builder.trustStorePath == null ? null :
+                getSslContext(
+                    builder.trustStorePath,
+                    builder.trustStorePassword,
+                    builder.keyStorePath,
+                    builder.keyStorePassword
+                );
+
+        createConnection();
+
         this.maxConnectionAttempts = builder.maxConnectionAttempts;
         this.connectionRetryBackoff = builder.connectionRetryBackoff;
     }
 
-    private void createConnectionWithNoAuth(String hosts, String protocol, int port) {
-        logger.info("elastic auth disabled");
-        HttpHost[] hostList = parseHosts(hosts, protocol, port);
-        client = new RestHighLevelClient(RestClient.builder(hostList));
-    }
-
-    private void createConnectionUsingAuth(String hosts, String protocol, int port, String user, String pwd) {
-        logger.info("elastic auth enabled");
-        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
-        credentialsProvider.setCredentials(AuthScope.ANY,
-                new UsernamePasswordCredentials(user, pwd));
-
-
+    private void createConnection() {
         HttpHost[] hostList = parseHosts(hosts, protocol, port);
 
         client = new RestHighLevelClient(
                 RestClient.builder(hostList)
                         .setHttpClientConfigCallback(
-                                httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider)
+                                httpClientBuilder -> {
+                                    if (credentialsProvider != null) {
+                                        httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
+                                    }
+                                    if (sslContext != null) {
+                                        httpClientBuilder.setSSLContext(sslContext);
+                                    }
+                                    return httpClientBuilder;
+                                }
                         )
         );
     }
 
+    private SSLContext getSslContext(String trustStoreConf, String trustStorePass,
+                             String keyStoreConf, String keyStorePass) {
+
+        Objects.requireNonNull(trustStoreConf, "truststore location is required");
+        Objects.requireNonNull(trustStorePass, "truststore password is required");
+
+        try {
+            Path trustStorePath = Paths.get(trustStoreConf);
+            KeyStore truststore = KeyStore.getInstance("pkcs12");
+            try (InputStream is = Files.newInputStream(trustStorePath)) {
+                truststore.load(is, trustStorePass.toCharArray());
+            }
+            SSLContextBuilder sslBuilder = SSLContexts.custom()
+                    .loadTrustMaterial(truststore, null);
+
+            if (keyStoreConf != null) {
+                Objects.requireNonNull(keyStorePass, "keystore password is required");
+                Path keyStorePath = Paths.get(keyStoreConf);
+                KeyStore keyStore = KeyStore.getInstance("pkcs12");
+                try (InputStream is = Files.newInputStream(keyStorePath)) {
+                    keyStore.load(is, keyStorePass.toCharArray());
+                }
+                sslBuilder.loadKeyMaterial(keyStore, keyStorePass.toCharArray());
+            }
+
+            return sslBuilder.build();
+        } catch (Exception e) {
+            throw new SslContextException(e);
+        }
+    }
+
     private HttpHost[] parseHosts(String hosts, String protocol, int port) {
         return Arrays.stream(hosts.split(";"))
                 .map(host -> new HttpHost(host, port, protocol))

src/main/java/com/github/dariobalinzo/elastic/ElasticConnectionBuilder.java

@@ -26,6 +26,11 @@ public class ElasticConnectionBuilder {
     String user;
     String pwd;
 
+    String trustStorePath;
+    String trustStorePassword;
+    String keyStorePath;
+    String keyStorePassword;
+
     public ElasticConnectionBuilder(String hosts, int port) {
         this.hosts = hosts;
         this.port = port;
@@ -56,6 +61,18 @@ public ElasticConnectionBuilder withBackoff(long connectionRetryBackoff) {
         return this;
     }
 
+    public ElasticConnectionBuilder withTrustStore(String path, String password) {
+        this.trustStorePath = path;
+        this.trustStorePassword = password;
+        return this;
+    }
+
+    public ElasticConnectionBuilder withKeyStore(String path, String password) {
+        this.keyStorePath = path;
+        this.keyStorePassword = password;
+        return this;
+    }
+
     public ElasticConnection build() {
         return new ElasticConnection(this);
     }

src/main/java/com/github/dariobalinzo/elastic/SslContextException.java

@@ -0,0 +1,7 @@
+package com.github.dariobalinzo.elastic;
+
+public class SslContextException extends RuntimeException {
+    public SslContextException(Exception e) {
+        super(e);
+    }
+}