Does connect() support providing SSL certs, as well as username/password for HTTPS? For Xpack Security (paid features) - ES v5.5, v6.2, 6.3, 6.4

[bfgiordano]

Session Info

[sckott]

thanks for your question @bfgiordano

SSL certs aren't supported at the moment, but I do have a branch here (see #87) where I'm re-working the how the connection is done and can include this.

I already have username/pwd support, see parameters es_user/es_pwd in connect() and those should are used in simple auth.

I don't have any explicit support for xpack because i don't have a paid install and Elasticsearch won't give me access to xpack, so ther's no way to test it (so not worth supporting)

[sckott]

@bfgiordano did you try setting es_user and es_pwd in connect()?

[bfgiordano]

Yes we did but we are using SSL and need to also pass certs which your package does not appear to support directly. We tried setting cainfo to the path to the cert file (.pem) and then doing a connect with username/password but that did not work - no error reported on the connect, but also no data returned from the ES cluster on search request.

…

Sent from my iPhone

On Sep 26, 2018, at 12:30 PM, Scott Chamberlain ***@***.***> wrote: @bfgiordano did you try setting es_user and es_pwd in connect()? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[sckott]

@bfgiordano sorry for long delay in responding here - In the current version of elastic, we should now be able to support certs, see ?connect and the examples - let me know if it works for you

[peterpramb]

@sckott Unfortunately cainfo is currently not passed to crul as documented, it has to be set explicitly:

library("elastic")
library("crul")
set_opts(cainfo = "/path/to/ca.file")
x = connect()
x$info(verbose = TRUE)

packageVersion("elastic")
[1] ‘1.1.0’
packageVersion("crul")
[1] ‘0.9.0’

[peterpramb]

Hm, rather strange:

connect(..., cainfo = "/path/to/ca.file")$info(verbose = TRUE) does not work without set_opts, but Search() does...

[sckott]

thanks @peterpramb

interesting, i'll have a look and see why its working in some cases but not others.

when it doesn't work I assume you're getting an unauthorized error?

[peterpramb]

@sckott I don't have the exact error message at hand, but the verbose info output shows curl using the system's default CA store instead of the provided one.

[sckott]

thanks - will have a look soon