I'm using version 5.5.0-22 of the SSL plugin with the transport client.
The code is like this:
Settings.Builder settingsBuilder =
Settings.builder()
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH,"<absolute/path/to/keystore>")
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, "<absolute/path/to/truststore>")
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, "<keystore_pasword>")
.put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, "<truststore_password>")
...
TransportClient tc = new PreBuiltTransportClient(settingsBuilder.build(), SearchGuardSSLPlugin.class);Unfortunately this fails with the following exception (edited for brevity):
org.elasticsearch.ElasticsearchException: Failed to load plugin class [com.floragunn.searchguard.ssl.SearchGuardSSLPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:434) ~[elasticsearch-5.5.0.jar:5.5.0]
...
Caused by: java.lang.IllegalStateException: path.home is not configured
at org.elasticsearch.env.Environment.<init>(Environment.java:130) ~[elasticsearch-5.5.0.jar:5.5.0]
at org.elasticsearch.env.Environment.<init>(Environment.java:120) ~[elasticsearch-5.5.0.jar:5.5.0]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:183) ~[search-guard-ssl-5.5.0-22.jar:5.5.0-22]
Now I can fix this by adding settingsBuilder.put("path.home", "/") before transport construction but this is not sensible as my client is not a node and thus does not have a valid ES home directory.
It all boils down to having these lines in DefaultSearchGuardKeyStore.initSSLConfig:
final Environment env = new Environment(settings);
...
final String keystoreFilePath = env.configFile().resolve(settings.get(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, "")).toAbsolutePath().toString();The docs
here state that the file paths to keystore and trust store are absolute so having the option to make them relative to ES's configuration is problematic. Can you fix it so that you only create an Environment object (and thus require path.home) if the file path is relative or remove the relative option completely since it appears to be undocumented.
Thanks,
Robin