From f86793a4e3135b65019de2f9eac053577a8d4269 Mon Sep 17 00:00:00 2001 From: Bart Jeukendrup Date: Wed, 24 May 2023 13:39:55 +0200 Subject: [PATCH] Make Elasticsearch CA configurable --- app/signals/apps/search/apps.py | 8 +++++++- app/signals/apps/search/settings.py | 3 ++- app/signals/settings/base.py | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/signals/apps/search/apps.py b/app/signals/apps/search/apps.py index e7f5ff568..60e22f7c4 100644 --- a/app/signals/apps/search/apps.py +++ b/app/signals/apps/search/apps.py @@ -1,5 +1,7 @@ # SPDX-License-Identifier: MPL-2.0 # Copyright (C) 2019 - 2021 Gemeente Amsterdam +from ssl import create_default_context + from django.apps import AppConfig @@ -13,5 +15,9 @@ def ready(self): from .settings import app_settings + ssl_context = None + if app_settings.CONNECTION['CA_BUNDLE']: + ssl_context = create_default_context(cafile=app_settings.CONNECTION['CA_BUNDLE']) + host = app_settings.CONNECTION['HOST'] or 'localhost' - connections.create_connection(hosts=[host, ]) + connections.create_connection(hosts=[host, ], ssl_context=ssl_context) diff --git a/app/signals/apps/search/settings.py b/app/signals/apps/search/settings.py index 4e5f4cc52..c361d18dc 100644 --- a/app/signals/apps/search/settings.py +++ b/app/signals/apps/search/settings.py @@ -8,6 +8,7 @@ CONNECTION=dict( HOST='http://127.0.0.1:9200', INDEX='signals', + CA_BUNDLE=None, ), ) @@ -27,7 +28,7 @@ def user_settings(self): def __getattr__(self, attr): if attr not in self.defaults: - raise AttributeError('Invalid SEARCH setting: {}'.format(attr)) + raise AttributeError('Cannot retrieve non-existing SEARCH setting: {}'.format(attr)) try: val = self.user_settings[attr] diff --git a/app/signals/settings/base.py b/app/signals/settings/base.py index ff58c0c87..85bcf280d 100644 --- a/app/signals/settings/base.py +++ b/app/signals/settings/base.py @@ -385,6 +385,7 @@ def is_super_user(user): 'CONNECTION': { 'HOST': os.getenv('ELASTICSEARCH_HOST', 'elastic-index.service.consul:9200'), 'INDEX': os.getenv('ELASTICSEARCH_INDEX', 'signals'), + 'CA_BUNDLE': os.getenv('ELASTICSEARCH_CA_BUNDLE', None) }, }