Add auth config option to elasticsearch persistence provider

J12934 · J12934 · commit b4681bb28c17 · 2020-04-16T19:33:13.000+02:00
diff --git a/persistence/persistence-elastic/persist.js b/persistence/persistence-elastic/persist.js
@@ -1,19 +1,50 @@
-const { Client } = require('@elastic/elasticsearch');
+const { Client } = require("@elastic/elasticsearch");
 
-const flatMap = require('lodash.flatmap');
-const chunk = require('lodash.chunk');
+const flatMap = require("lodash.flatmap");
+const chunk = require("lodash.chunk");
 
-const client = new Client({ node: process.env['ELASTICSEARCH_ADDRESS'] });
+const authParams = {};
+
+const username = process.env["ELASTICSEARCH_USERNAME"];
+const password = process.env["ELASTICSEARCH_PASSWORD"];
+const apiKeyId = process.env["ELASTICSEARCH_APIKEY_ID"];
+const apiKey = process.env["ELASTICSEARCH_APIKEY"];
+
+if (apiKeyId !== "" && apiKey !== "") {
+  console.log("Using API Key for Authentication");
+  authParams.auth = {
+    id: apiKeyId,
+    api_key: apiKey,
+  };
+} else if (username !== "" && password !== "") {
+  console.log("Using Username/Password for Authentication");
+  authParams.auth = {
+    username,
+    password,
+  };
+} else {
+  console.log(
+    "No Authentication credentials provided. Assuming Elasticsearch doesn't require Auth."
+  );
+}
+
+const client = new Client({
+  node: process.env["ELASTICSEARCH_ADDRESS"],
+  ...authParams,
+});
 
 async function persist({
   getFindings,
   scan,
   now = new Date(),
-  tenant = process.env['NAMESPACE'],
+  tenant = process.env["NAMESPACE"],
 }) {
   const findings = await getFindings();
 
   console.log(`Persisting ${findings.length} findings to Elasticsearch`);
+  console.log(
+    `Using Elasticsearch Instance at "${process.env["ELASTICSEARCH_ADDRESS"]}"`
+  );
 
   const timeStamp = now.toISOString().substr(0, 10);
   const indexName = `securecodebox_${tenant}_${timeStamp}`;
@@ -31,8 +62,8 @@ async function persist({
   await client.index({
     index: indexName,
     body: {
-      '@timestamp': now,
-      type: 'scan',
+      "@timestamp": now,
+      type: "scan",
       id: scan.metadata.uid,
       name: scan.metadata.name,
       scan_type: scan.spec.scanType,
@@ -51,12 +82,12 @@ async function persist({
         findingChunk.length
       } findings to Elasticsearch`
     );
-    const body = flatMap(findingChunk, doc => [
+    const body = flatMap(findingChunk, (doc) => [
       { index: { _index: indexName } },
       {
         ...doc,
-        '@timestamp': now,
-        type: 'finding',
+        "@timestamp": now,
+        type: "finding",
         scan_id: scan.metadata.uid,
         scan_name: scan.metadata.name,
         scan_type: scan.spec.scanType,
@@ -67,7 +98,7 @@ async function persist({
     const { body: bulkResponse } = await client.bulk({ refresh: true, body });
 
     if (bulkResponse.errors) {
-      console.error('Bulk Request had errors:');
+      console.error("Bulk Request had errors:");
       console.log(bulkResponse);
     }
   }
