Skip to content

Commit

Permalink
Add TLS dialer to Kerberos transport as well (#18607) (#18643)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 8b17f5a)
  • Loading branch information
@kvch
kvch committed May 21, 2020
1 parent 567b7cc commit 095947e
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 15 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -299,6 +299,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add Kerberos support to Elasticsearch output. {pull}17927[17927]
- Add support for fixed length extraction in `dissect` processor. {pull}17191[17191]
- Update RPM packages contained in Beat Docker images. {issue}17035[17035]
- Add TLS support to Kerberos authentication in Elasticsearch. {pull}18607[18607]

*Auditbeat*

Expand Down
28 changes: 13 additions & 15 deletions libbeat/esleg/eslegclient/connection.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,28 +129,26 @@ func NewConnection(s ConnectionSettings) (*Connection, error) {
}
}

var httpClient esHTTPClient
// when dropping the legacy client in favour of the official Go client, it should be instrumented
// eg, like in https://github.com/elastic/apm-server/blob/7.7/elasticsearch/client.go
transp := apmelasticsearch.WrapRoundTripper(&http.Transport{
Dial: dialer.Dial,
DialTLS: tlsDialer.Dial,
TLSClientConfig: s.TLS.ToConfig(),
Proxy: proxy,
IdleConnTimeout: s.IdleConnTimeout,
})

var httpClient esHTTPClient
httpClient = &http.Client{
Transport: apmelasticsearch.WrapRoundTripper(&http.Transport{
Dial: dialer.Dial,
DialTLS: tlsDialer.Dial,
TLSClientConfig: s.TLS.ToConfig(),
Proxy: proxy,
IdleConnTimeout: s.IdleConnTimeout,
}),
Timeout: s.Timeout,
Transport: transp,
Timeout: s.Timeout,
}

if s.Kerberos.IsEnabled() {
c := &http.Client{
Transport: &http.Transport{
Dial: dialer.Dial,
Proxy: proxy,
IdleConnTimeout: s.IdleConnTimeout,
},
Timeout: s.Timeout,
Transport: transp,
Timeout: s.Timeout,
}
httpClient, err = kerberos.NewClient(s.Kerberos, c, s.URL)
if err != nil {
Expand Down

0 comments on commit 095947e

Please sign in to comment.