From 0474a1bfea19859a92831a71bb5da62b1f290c62 Mon Sep 17 00:00:00 2001
From: bitsofinfo <bitsofinfo.g@gmail.com>
Date: Tue, 8 Jul 2014 20:32:13 -0400
Subject: [PATCH] Allow https communication per ec2 or s3 service

By default all communication w/ AWS services done by this plugin is sent the clear over `http`, overriding amazons own default of https: http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/ClientConfiguration.html#getProtocol()

One has to set `cloud.aws.protocol` in `elasticsearch.yml` to force SSL.

    cloud.aws.protocol: https

This is not entirely clear to the average user, and should be added to the documentation on both this project's README.

Closes #101.
---
 README.md                                     | 17 +++++++++
 .../cloud/aws/AwsEc2Service.java              |  1 +
 .../cloud/aws/InternalAwsS3Service.java       |  1 +
 ...ava => S3SnapshotRestoreAbstractTest.java} |  2 +-
 .../s3/S3SnapshotRestoreOverHttpTest.java     | 35 +++++++++++++++++++
 .../s3/S3SnapshotRestoreOverHttpsTest.java    | 35 +++++++++++++++++++
 6 files changed, 90 insertions(+), 1 deletion(-)
 rename src/test/java/org/elasticsearch/repositories/s3/{S3SnapshotRestoreTest.java => S3SnapshotRestoreAbstractTest.java} (99%)
 create mode 100644 src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpTest.java
 create mode 100644 src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpsTest.java

diff --git a/README.md b/README.md
index d7232a7a240..76440f6b6b1 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,23 @@ cloud:
         secret_key: vExyMThREXeRMm/b/LRzEB8jWwvzQeXgjqMX+6br
 ```
 
+### Transport security
+
+By default this plugin uses HTTP for all API calls to AWS endpoints. If you wish to configure HTTPS you can set 
+`cloud.aws.protocol` in the elasticsearch config. You can optionally override this setting per individual service 
+via: `cloud.aws.ec2.protocol` or `cloud.aws.s3.protocol`. 
+
+```
+cloud:
+    aws:
+        protocol: http
+        s3: 
+            protocol: https
+        ec2: 
+            protocol: http
+
+```
+
 ### Region
 
 The `cloud.aws.region` can be set to a region and will automatically use the relevant settings for both `ec2` and `s3`. The available values are:
diff --git a/src/main/java/org/elasticsearch/cloud/aws/AwsEc2Service.java b/src/main/java/org/elasticsearch/cloud/aws/AwsEc2Service.java
index 69829febdc8..6499ee0e29f 100644
--- a/src/main/java/org/elasticsearch/cloud/aws/AwsEc2Service.java
+++ b/src/main/java/org/elasticsearch/cloud/aws/AwsEc2Service.java
@@ -61,6 +61,7 @@ public class AwsEc2Service extends AbstractLifecycleComponent<AwsEc2Service> {
 
         ClientConfiguration clientConfiguration = new ClientConfiguration();
         String protocol = componentSettings.get("protocol", "http").toLowerCase();
+        protocol = componentSettings.get("ec2.protocol", protocol).toLowerCase();
         if ("http".equals(protocol)) {
             clientConfiguration.setProtocol(Protocol.HTTP);
         } else if ("https".equals(protocol)) {
diff --git a/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java b/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java
index 9cf215807f0..94ec05c1c44 100644
--- a/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java
+++ b/src/main/java/org/elasticsearch/cloud/aws/InternalAwsS3Service.java
@@ -89,6 +89,7 @@ public class InternalAwsS3Service extends AbstractLifecycleComponent<AwsS3Servic
 
         ClientConfiguration clientConfiguration = new ClientConfiguration();
         String protocol = componentSettings.get("protocol", "http").toLowerCase();
+        protocol = componentSettings.get("s3.protocol", protocol).toLowerCase();
         if ("http".equals(protocol)) {
             clientConfiguration.setProtocol(Protocol.HTTP);
         } else if ("https".equals(protocol)) {
diff --git a/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreTest.java b/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreAbstractTest.java
similarity index 99%
rename from src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreTest.java
rename to src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreAbstractTest.java
index 0737d184730..5aaf6758dfd 100644
--- a/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreTest.java
+++ b/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreAbstractTest.java
@@ -55,7 +55,7 @@ import static org.hamcrest.Matchers.*;
  */
 @AwsTest
 @ClusterScope(scope = Scope.SUITE, numDataNodes = 2, numClientNodes = 0, transportClientRatio = 0.0)
-public class S3SnapshotRestoreTest extends AbstractAwsTest {
+abstract public class S3SnapshotRestoreAbstractTest extends AbstractAwsTest {
 
     @Override
     public Settings indexSettings() {
diff --git a/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpTest.java b/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpTest.java
new file mode 100644
index 00000000000..45222b8510d
--- /dev/null
+++ b/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpTest.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to Elasticsearch (the "Author") under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. Author licenses this
+ * file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.repositories.s3;
+
+import org.elasticsearch.common.settings.ImmutableSettings;
+import org.elasticsearch.common.settings.Settings;
+
+/**
+ */
+public class S3SnapshotRestoreOverHttpTest extends S3SnapshotRestoreAbstractTest {
+    @Override
+    public Settings nodeSettings(int nodeOrdinal) {
+        ImmutableSettings.Builder settings = ImmutableSettings.builder()
+                .put(super.nodeSettings(nodeOrdinal))
+                .put("cloud.aws.s3.protocol", "http");
+        return settings.build();
+    }
+}
diff --git a/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpsTest.java b/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpsTest.java
new file mode 100644
index 00000000000..f36b0595fa5
--- /dev/null
+++ b/src/test/java/org/elasticsearch/repositories/s3/S3SnapshotRestoreOverHttpsTest.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to Elasticsearch (the "Author") under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. Author licenses this
+ * file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.repositories.s3;
+
+import org.elasticsearch.common.settings.ImmutableSettings;
+import org.elasticsearch.common.settings.Settings;
+
+/**
+ */
+public class S3SnapshotRestoreOverHttpsTest extends S3SnapshotRestoreAbstractTest {
+    @Override
+    public Settings nodeSettings(int nodeOrdinal) {
+        ImmutableSettings.Builder settings = ImmutableSettings.builder()
+                .put(super.nodeSettings(nodeOrdinal))
+                .put("cloud.aws.s3.protocol", "https");
+        return settings.build();
+    }
+}