Skip to content

Commit

Permalink
changes to include apikey configuration for elastic search rest client
Browse files Browse the repository at this point in the history
  • Loading branch information
@sriram22
sriram22 committed Jan 18, 2025
1 parent 4120834 commit 9f6366e
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 25 deletions.
16 changes: 12 additions & 4 deletions ...c/main/java/io/quarkus/elasticsearch/restclient/lowlevel/runtime/ElasticsearchConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import io.quarkus.runtime.annotations.ConfigRoot;
import io.smallrye.config.ConfigMapping;
import io.smallrye.config.WithDefault;
import io.smallrye.config.WithParentName;

@ConfigMapping(prefix = "quarkus.elasticsearch")
@ConfigRoot(phase = ConfigPhase.RUN_TIME)
Expand All @@ -29,14 +30,21 @@ public interface ElasticsearchConfig {
String protocol();

/**
* The API Key ID for Elasticsearch authentication.
* Retrieves the Configuration for API Key Authentication
*/
Optional<String> apiKeyId();
@WithParentName
Optional<EsApiKeyAuth> esApiKeyAuth();

/**
* The API Key Secret for Elasticsearch authentication.
* Represents the API Key authentication details for Elasticsearch
*/
Optional<String> apiKeySecret();
interface EsApiKeyAuth {

/**
* Retrieves the API key used for authentication.
*/
String apiKey();
}

/**
* The username for basic HTTP authentication.
Expand Down
80 changes: 59 additions & 21 deletions ...in/java/io/quarkus/elasticsearch/restclient/lowlevel/runtime/RestClientBuilderHelper.java
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
package io.quarkus.elasticsearch.restclient.lowlevel.runtime;

import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.List;

import org.apache.http.Header;
Expand Down Expand Up @@ -59,25 +58,9 @@ public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder reques
builder.setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
if (config.username().isPresent()) {
if (!"https".equalsIgnoreCase(config.protocol())) {
LOG.warn("Using Basic authentication in HTTP implies sending plain text passwords over the wire, " +
"use the HTTPS protocol instead.");
}
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(config.username().get(), config.password().orElse(null)));
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
} else if (config.apiKeyId().isPresent() && config.apiKeySecret().isPresent()) {
String apiKeyId = config.apiKeyId().get();
String apiKeySecret = config.apiKeySecret().get();

String apiKeyAuth = Base64.getEncoder().encodeToString(
(apiKeyId + ":" + apiKeySecret).getBytes(StandardCharsets.UTF_8));
Header apiKeyHeader = new BasicHeader(HttpHeaders.AUTHORIZATION, "ApiKey " + apiKeyAuth);
builder.setDefaultHeaders(new Header[] { apiKeyHeader });
LOG.info("API Key authentication is enabled.");
}

EsAuth authMethod = checkAuthMethod(config);
authMethod.apply(httpClientBuilder, config);

if (config.ioThreadCounts().isPresent()) {
IOReactorConfig ioReactorConfig = IOReactorConfig.custom()
Expand Down Expand Up @@ -106,6 +89,7 @@ public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpCli
}
return result;
}

});

return builder;
Expand All @@ -126,4 +110,58 @@ public static Sniffer createSniffer(RestClient client, ElasticsearchConfig confi

return builder.build();
}

public enum EsAuth {
NONE {
@Override
public void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config) {
// No authentication needed
}
},

BASIC {
@Override
public void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config) {
if (config.username().isPresent()) {
if (!"https".equalsIgnoreCase(config.protocol())) {
LOG.warn("Using Basic authentication in HTTP implies sending plain text passwords over the wire, "
+ "use the HTTPS protocol instead.");
}

CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(config.username().get(),
config.password().orElse(null)));
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
}
},

API_KEY {
@Override
public void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config) {
if (config.esApiKeyAuth().isPresent()) {
ElasticsearchConfig.EsApiKeyAuth auth = config.esApiKeyAuth().get();
Header apiKeyHeader = new BasicHeader(HttpHeaders.AUTHORIZATION,
"ApiKey " + auth.apiKey());
httpClientBuilder.setDefaultHeaders(Collections.singleton(apiKeyHeader));
LOG.info("API Key authentication is enabled.");
}
}
};

public abstract void apply(HttpAsyncClientBuilder httpClientBuilder, ElasticsearchConfig config);
}

private static EsAuth checkAuthMethod(ElasticsearchConfig config) {
boolean hasBasic = config.username().isPresent();
boolean hasApiKey = config.esApiKeyAuth().isPresent();

if (hasBasic && hasApiKey) {
LOG.warn("Multiple authentication methods configured. Defaulting to Basic Authentication.");
return EsAuth.BASIC;
}

return hasApiKey ? EsAuth.API_KEY : hasBasic ? EsAuth.BASIC : EsAuth.NONE;
}
}

0 comments on commit 9f6366e

Please sign in to comment.