Allow to use TLS with ES basic auth (jaegertracing#1388)

* Allow to use TLS with ES basic auth Signed-off-by: Pavol Loffay <[email protected]> * Change flag messages Signed-off-by: Pavol Loffay <[email protected]>
annanay25 · Mar 1, 2019 · 78696af · 78696af
1 parent 2eaac79
commit 78696af
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 13 deletions.
diff --git a/pkg/es/config/config.go b/pkg/es/config/config.go
@@ -256,25 +256,26 @@ func (c *Configuration) getConfigOptions() ([]elastic.ClientOptionFunc, error) {
 			TLSClientConfig: ctlsConfig,
 		}
 	} else {
+		httpTransport := &http.Transport{}
+		if c.TLS.CaPath != "" {
+			ctls := &TLSConfig{CaPath: c.TLS.CaPath}
+			ca, err := ctls.loadCertificate()
+			if err != nil {
+				return nil, err
+			}
+			httpTransport.TLSClientConfig = &tls.Config{RootCAs: ca}
+		}
 		if c.TokenFilePath != "" {
 			token, err := loadToken(c.TokenFilePath)
 			if err != nil {
 				return nil, err
 			}
-			wrapped := &http.Transport{}
-			if c.TLS.CaPath != "" {
-				ctls := &TLSConfig{CaPath: c.TLS.CaPath}
-				ca, err := ctls.loadCertificate()
-				if err != nil {
-					return nil, err
-				}
-				wrapped.TLSClientConfig = &tls.Config{RootCAs: ca}
-			}
 			httpClient.Transport = &tokenAuthTransport{
 				token:   token,
-				wrapped: wrapped,
+				wrapped: httpTransport,
 			}
 		} else {
+			httpClient.Transport = httpTransport
 			options = append(options, elastic.SetBasicAuth(c.Username, c.Password))
 		}
 	}

diff --git a/plugin/storage/es/options.go b/plugin/storage/es/options.go
@@ -117,15 +117,15 @@ func addFlags(flagSet *flag.FlagSet, nsConfig *namespaceConfig) {
 	flagSet.String(
 		nsConfig.namespace+suffixUsername,
 		nsConfig.Username,
-		"The username required by ElasticSearch")
+		"The username required by ElasticSearch. The basic authentication also loads CA if it is specified.")
 	flagSet.String(
 		nsConfig.namespace+suffixPassword,
 		nsConfig.Password,
 		"The password required by ElasticSearch")
 	flagSet.String(
 		nsConfig.namespace+suffixTokenPath,
 		nsConfig.TokenFilePath,
-		"Path to a file containing bearer token. This flag also uses CA if it is specified")
+		"Path to a file containing bearer token. This flag also loads CA if it is specified.")
 	flagSet.Bool(
 		nsConfig.namespace+suffixSniffer,
 		nsConfig.Sniffer,
@@ -173,7 +173,7 @@ func addFlags(flagSet *flag.FlagSet, nsConfig *namespaceConfig) {
 	flagSet.Bool(
 		nsConfig.namespace+suffixTLS,
 		nsConfig.TLS.Enabled,
-		"Enable TLS")
+		"Enable TLS with client certificates.")
 	flagSet.String(
 		nsConfig.namespace+suffixCert,
 		nsConfig.TLS.CertPath,