Elasticsearch connections: ensure ca_certs setting is set by default …

…to system CA bundle Without that setting the ElasticSearch Zuul driver is unable to verify the authenticity of the server certificate. Change-Id: I5dad1c0bd56a4d393c658c5ec3999c069fd09548
softwarefactory-project · Aug 14, 2024 · 1ae4711 · 1ae4711
1 parent 35873e1
commit 1ae4711
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/controllers/zuul.go b/controllers/zuul.go
@@ -1253,6 +1253,7 @@ func (r *SFController) AddElasticSearchConnection(cfg *ini.File, conn sfv1.Elast
 	section := "connection " + conn.Name
 	cfg.NewSection(section)
 	cfg.Section(section).NewKey("driver", "elasticsearch")
+	cfg.Section(section).NewKey("ca_certs", "/etc/ssl/certs/ca-bundle.crt")
 	cfg.Section(section).NewKey("uri", conn.URI)
 	// Optional fields (set as omitempty in ElasticSearchConnection struct definition)
 	if conn.UseSSL != nil && !*conn.UseSSL {

diff --git a/doc/reference/CHANGELOG.md b/doc/reference/CHANGELOG.md
@@ -8,6 +8,9 @@ All notable changes to this project will be documented in this file.
 ### Deprecated
 ### Removed
 ### Fixed
+
+- zuul connections / elasticsearch - ensure ca_certs setting is set by default to system CA bundle
+
 ### Security
 
 ## [v0.0.35] - 2024-08-13