diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 7471b1b99f8..c4337c45f34 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -244,6 +244,7 @@ field. You can revert this change by configuring tags for the module and omittin - Add config example of how to skip the `add_host_metadata` processor when forwarding logs. {issue}13920[13920] {pull}18153[18153] - When using the `decode_json_fields` processor, decoded fields are now deep-merged into existing event. {pull}17958[17958] - Add backoff configuration options for the Kafka output. {issue}16777[16777] {pull}17808[17808] +- Add TLS support to Kerberos authentication in Elasticsearch. {pull}18607[18607] *Auditbeat* diff --git a/libbeat/esleg/eslegclient/connection.go b/libbeat/esleg/eslegclient/connection.go index 138c9ab3c83..46d4840cda8 100644 --- a/libbeat/esleg/eslegclient/connection.go +++ b/libbeat/esleg/eslegclient/connection.go @@ -129,28 +129,26 @@ func NewConnection(s ConnectionSettings) (*Connection, error) { } } - var httpClient esHTTPClient // when dropping the legacy client in favour of the official Go client, it should be instrumented // eg, like in https://github.com/elastic/apm-server/blob/7.7/elasticsearch/client.go + transp := apmelasticsearch.WrapRoundTripper(&http.Transport{ + Dial: dialer.Dial, + DialTLS: tlsDialer.Dial, + TLSClientConfig: s.TLS.ToConfig(), + Proxy: proxy, + IdleConnTimeout: s.IdleConnTimeout, + }) + + var httpClient esHTTPClient httpClient = &http.Client{ - Transport: apmelasticsearch.WrapRoundTripper(&http.Transport{ - Dial: dialer.Dial, - DialTLS: tlsDialer.Dial, - TLSClientConfig: s.TLS.ToConfig(), - Proxy: proxy, - IdleConnTimeout: s.IdleConnTimeout, - }), - Timeout: s.Timeout, + Transport: transp, + Timeout: s.Timeout, } if s.Kerberos.IsEnabled() { c := &http.Client{ - Transport: &http.Transport{ - Dial: dialer.Dial, - Proxy: proxy, - IdleConnTimeout: s.IdleConnTimeout, - }, - Timeout: s.Timeout, + Transport: transp, + Timeout: s.Timeout, } httpClient, err = kerberos.NewClient(s.Kerberos, c, s.URL) if err != nil {