From 53685521806cd2fa6e6480b3a5de2a25ff754b09 Mon Sep 17 00:00:00 2001
From: Mike Kalange <countablecloud@gmail.com>
Date: Fri, 7 Jun 2024 12:40:40 -0600
Subject: [PATCH] Adds Elasticsearch api key to envvars

---
 app/bin/bootstrap.py                   | 3 ++-
 app/leek/api/conf/settings.py          | 1 +
 app/leek/api/ext/es.py                 | 2 +-
 doc/docs/architecture/configuration.md | 1 +
 4 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/bin/bootstrap.py b/app/bin/bootstrap.py
index 326121b..f1f8842 100755
--- a/app/bin/bootstrap.py
+++ b/app/bin/bootstrap.py
@@ -32,6 +32,7 @@ def get_status(b):
 ENABLE_WEB = get_bool("LEEK_ENABLE_WEB")
 ENABLE_DDTRACE = get_bool("LEEK_ENABLE_DDTRACE")
 LEEK_ES_URL = os.environ.get("LEEK_ES_URL", "http://0.0.0.0:9200")
+LEEK_ES_API_KEY = os.environ.get("LEEK_ES_API_KEY", None)
 LEEK_ES_IM_ENABLE = get_bool("LEEK_ES_IM_ENABLE", default="false")
 LEEK_ES_IM_SLACK_WEBHOOK_URL = os.environ.get("LEEK_ES_IM_SLACK_WEBHOOK_URL")
 LEEK_ES_IM_ROLLOVER_MIN_SIZE = os.environ.get("LEEK_ES_IM_ROLLOVER_MIN_SIZE")
@@ -291,7 +292,7 @@ def ensure_connection(target):
 
 def ensure_es_connection() -> Elasticsearch:
     logging.getLogger("elasticsearch").setLevel(logging.ERROR)
-    conn = Elasticsearch(LEEK_ES_URL)
+    conn = Elasticsearch(LEEK_ES_URL, api_key=LEEK_ES_API_KEY)
     for i in range(10):
         if conn.ping():
             logging.getLogger("elasticsearch").setLevel(logging.INFO)
diff --git a/app/leek/api/conf/settings.py b/app/leek/api/conf/settings.py
index 4db64b5..722d689 100644
--- a/app/leek/api/conf/settings.py
+++ b/app/leek/api/conf/settings.py
@@ -14,6 +14,7 @@ def get_bool(env_name, default="false"):
 
 # ES
 LEEK_ES_URL = os.environ.get("LEEK_ES_URL")
+LEEK_ES_API_KEY = os.environ.get("LEEK_ES_API_KEY", None)
 LEEK_ES_DEFAULT_REFRESH_INTERVAL = os.environ.get("LEEK_ES_DEFAULT_REFRESH_INTERVAL", "20s")
 LEEK_ES_IM_ENABLE = get_bool("LEEK_ES_IM_ENABLE", default="false")
 
diff --git a/app/leek/api/ext/es.py b/app/leek/api/ext/es.py
index 2b4aee7..3e21680 100644
--- a/app/leek/api/ext/es.py
+++ b/app/leek/api/ext/es.py
@@ -13,5 +13,5 @@ class ESExtension(BaseExtension):
 
     def init_app(self, app):
         app.extensions["es"] = self
-        self.connection = Elasticsearch(settings.LEEK_ES_URL)
+        self.connection = Elasticsearch(settings.LEEK_ES_URL, api_key=settings.LEEK_ES_API_KEY)
         logger.info("Connected to elastic search backend!")
diff --git a/doc/docs/architecture/configuration.md b/doc/docs/architecture/configuration.md
index ca20ed9..c5622c7 100644
--- a/doc/docs/architecture/configuration.md
+++ b/doc/docs/architecture/configuration.md
@@ -12,6 +12,7 @@ Leek components are configured using environment variables.
 |:---- | ---- | ---- |
 | `LEEK_ENABLE_API` | Whether to enable or disable the API. | false |
 | `LEEK_ES_URL` | ElasticSearch index db domain URL | None |
+| `LEEK_ES_API_KEY` | ElasticSearch api key | None |
 | `LEEK_API_LOG_LEVEL` | Log level, set it to ERROR after making sure that the agent can reach brokers and api. | INFO |
 | `LEEK_WEB_URL` | Frontend application url, will be used when constructing slack triggers notifications. | None |
 | `LEEK_API_OWNER_ORG` | The owner organization name that can manage leek, it should be domain name for gsuite organizations, and google username for personal account. | None |