ADR Support self-signed certificates for elasticsearch

Change Type:

Feature
Bugfix
Refactoring

Context and Scope

Search and Indexer Service does not support HTTPS connections with self-signed certificates (SSC) for Elastic search.

Decision

Add a new property that will control trust/not-to-trust SSC.

Module: search-core
Affected Class: org.opengroup.osdu.search.util.ElasticClientHandler
Property: security.https.certificate.trust
Default value false

public class ElasticClientHandler {
...

  @Value("#{new Boolean('${security.https.certificate.trust:false}')}")
  private Boolean securityHttpsCertificateTrust;
...

if ("https".equals(protocolScheme) && securityHttpsCertificateTrust) {
...

Rational

To use self-signed certificates for Elastic on non-production environments.

Consequences

No changes from other CSP will be required. Default strategy still will be Not to trust SSC.

Edited Sep 10, 2020 by Dmitriy Rudko