Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-1214

Optimize can connect to secured Elasticsearch

    Details

    • Type: Feature Request
    • Status: Done
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.2.0
    • Component/s: backend
    • Labels:

      Description

      AT:

      • given:
        • Optimize is up and running
        • Elasticsearch is up, running and secured with Elasticsearch X-Pack
      • when:
        • I configure the Elasticsearch endpoint, enable basic auth with username and password
      • then:
        • Optimize can successfully connect to Elasticsearch and perform all necessary Operations to make Optimize fully functional

        Issue Links

          Activity

          Hide
          johannes.heinemann Johannes Heinemann added a comment - - edited

          Sebastian Stamm:

          • I don't expect you to fully understand the CI stuff, because I reviewed that already with Christian. Also the code might open up a couple of questions - feel free to approach me anytime. We can also go through the code together, if you want. Just make an appointment if you want to do that.
          • What's most important, is that the technical guide contains all important information and all steps are clear. So it should be possible for the user to setup a secured version Elasticsearch and then connect Optimize to it.
          • Also in the qa/connect-to-secured-es-tests folder, you will find a readme explaining how to execute the tests. Please try to execute it once to see if it works for you.

          So if you can try to test the last two points, it would be enough for me

          Show
          johannes.heinemann Johannes Heinemann added a comment - - edited Sebastian Stamm : I don't expect you to fully understand the CI stuff, because I reviewed that already with Christian. Also the code might open up a couple of questions - feel free to approach me anytime. We can also go through the code together, if you want. Just make an appointment if you want to do that. What's most important, is that the technical guide contains all important information and all steps are clear. So it should be possible for the user to setup a secured version Elasticsearch and then connect Optimize to it. Also in the qa/connect-to-secured-es-tests folder, you will find a readme explaining how to execute the tests. Please try to execute it once to see if it works for you. So if you can try to test the last two points, it would be enough for me
          Hide
          sebastian.stamm Sebastian Stamm added a comment -

          Some things we discovered when testing this:

          • It appears the optimize user in elasticsearch needs more rights. Just transport_client does not work. With superuser rights it worked.
          • It was not clear for me that I had to change the verification mode in elasticsearch to certificate. Maybe we can add a hint that the verification mode setting in the environment-config.yaml and the elasticsearch.yml need to match. For reference, in the elasticsearch.yml, the property is called xpack.security.transport.ssl.verification_mode
          • The tests do not run on windows for some reason
          Show
          sebastian.stamm Sebastian Stamm added a comment - Some things we discovered when testing this: It appears the optimize user in elasticsearch needs more rights. Just transport_client does not work. With superuser rights it worked. It was not clear for me that I had to change the verification mode in elasticsearch to certificate. Maybe we can add a hint that the verification mode setting in the environment-config.yaml and the elasticsearch.yml need to match. For reference, in the elasticsearch.yml, the property is called xpack.security.transport.ssl.verification_mode The tests do not run on windows for some reason
          Hide
          johannes.heinemann Johannes Heinemann added a comment -

          Thanks for the hints! I created OPT-1426 for the third point.

          Show
          johannes.heinemann Johannes Heinemann added a comment - Thanks for the hints! I created OPT-1426 for the third point.
          Hide
          sebastian.stamm Sebastian Stamm added a comment -

          Looks good. I linked the ticket to fix the tests on windows.

          Show
          sebastian.stamm Sebastian Stamm added a comment - Looks good. I linked the ticket to fix the tests on windows.

            People

            • Assignee:
              Unassigned
              Reporter:
              johannes.heinemann Johannes Heinemann
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: