From 7a3fe030540b9f39c61f1fefe7ca1d5a592c62af Mon Sep 17 00:00:00 2001
From: Paul Beaudoin <contact@paulbeaudoin.com>
Date: Tue, 24 Sep 2024 11:07:07 -0400
Subject: [PATCH] Update to use new qa and prod ES IPs & api-keys

Update qa and prod configs to use latest qa and prod ES IPs and api-keys,
with code updates to support auth by api-key.
---
 config/production.env |  4 +++-
 config/qa.env         | 15 ++++++++-------
 lib/es-client.js      | 40 +++++++++++++++++++++++++++++++---------
 3 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/config/production.env b/config/production.env
index 42aee789..47f531ce 100644
--- a/config/production.env
+++ b/config/production.env
@@ -1,7 +1,9 @@
 # Greg built self-hosted production domain:
-ENCRYPTED_ELASTICSEARCH_URI=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHgwdgYJKoZIhvcNAQcGoGkwZwIBADBiBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDIYpOz/BbRlJZUul7gIBEIA1idumQ6fdf/j5/pzF4t96MGGH/eV1gD4WCyLUnScgNYqtRNK0ajRO6XVroswsrJtgCwUerDM=
+ENCRYPTED_ELASTICSEARCH_URI=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAJYwgZMGCSqGSIb3DQEHBqCBhTCBggIBADB9BgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDFWw8ECX9Pz81z0kvAIBEIBQGec9PCpwuvEgLH6imhqP6tx1fj8Vlf2ZipnUy06jzmpE262Qvk9LPAq7sIYPVkTCZctwilwcU9oC6yxasVoUlK87la77v03CeZsPIDwciFY=
 # 2024-07-11:
 ENCRYPTED_RESOURCES_INDEX=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHIwcAYJKoZIhvcNAQcGoGMwYQIBADBcBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDGBdRKmRzMe2BVCBQAIBEIAvOT7nIumnss0wJN0N4tSrhW+wh7lJ7yr7VwQhe7TVUJEmADJDEnnyvm18FMLBR4c=
+ENCRYPTED_ELASTICSEARCH_API_KEY=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAJ4wgZsGCSqGSIb3DQEHBqCBjTCBigIBADCBhAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAyPOPaQCBbvKQhJoPQCARCAV2TlWlRh+xKnCegpprEQgfldZGcVW48RND0LVd/pQpVTJnRTtbCpP7damT7k8ziJVdWZ3jsfs5fw5YnKc/EIQ1M//DRUzOJL98ir5LTTxE7QhflKDtUY+Q==
+
 
 ENCRYPTED_SCSB_URL=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHwwegYJKoZIhvcNAQcGoG0wawIBADBmBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDKPFC8wFkVM5CyT6VQIBEIA5m4eLBkpChRA//ZNEWsRqIDGZmevb/thzI03a0NiAW6VfybSAYpFthh+bj/yAk1VEEBF6r1T4A2GP
 ENCRYPTED_SCSB_API_KEY=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAIMwgYAGCSqGSIb3DQEHBqBzMHECAQAwbAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAw8tglwVzGKBduDD9wCARCAP4biSz13FvZVHyQ8LKCb0+uLcKUKmzWqC5abVJI0kTmQJvjr9ViHsuP9/qj94Y8E7K96sb+fn0+HZk8So6CssA==
diff --git a/config/qa.env b/config/qa.env
index 06eb7d13..83575ef0 100644
--- a/config/qa.env
+++ b/config/qa.env
@@ -1,10 +1,11 @@
-# Greg built self-hosted production domain:
-ENCRYPTED_ELASTICSEARCH_URI=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHgwdgYJKoZIhvcNAQcGoGkwZwIBADBiBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDIYpOz/BbRlJZUul7gIBEIA1idumQ6fdf/j5/pzF4t96MGGH/eV1gD4WCyLUnScgNYqtRNK0ajRO6XVroswsrJtgCwUerDM=
-# 2024-07-08:
-ENCRYPTED_RESOURCES_INDEX=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHIwcAYJKoZIhvcNAQcGoGMwYQIBADBcBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDPlFvu2fT4wofRGx2gIBEIAv8HiZp6HnHFLcrUXwocvlBQ2+zfBuU99aR+yF6GcWuXlC8vhDRQyzpbndybggaj8=
-# 2024-07-11:
-# ENCRYPTED_RESOURCES_INDEX=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHIwcAYJKoZIhvcNAQcGoGMwYQIBADBcBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDGBdRKmRzMe2BVCBQAIBEIAvOT7nIumnss0wJN0N4tSrhW+wh7lJ7yr7VwQhe7TVUJEmADJDEnnyvm18FMLBR4c=
-
+# Greg built self-hosted qa domain:
+ENCRYPTED_ELASTICSEARCH_URI=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAJYwgZMGCSqGSIb3DQEHBqCBhTCBggIBADB9BgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDMIkDoQ9C/cCDCAq1wIBEIBQ+L3OgUGeOW9rs1CWkhpBjwM4LbbVRFIWedqew4UXIeSNMJ8cO9SNe4YGCUIoKwCDYt7W7ip3VtDRRRMVvz6QJw+Eg8ugTMVs2pbNFGNvaAQ=
+ENCRYPTED_RESOURCES_INDEX=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHIwcAYJKoZIhvcNAQcGoGMwYQIBADBcBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDDQcspFySB/jXbfGkgIBEIAvH0r3Mwh/jJuwDYRCOV5e+Tq22uNb0fvIKN/a0x7/cRXXqRADxpTOHNu/llP4vYo=
+ENCRYPTED_ELASTICSEARCH_API_KEY=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAJ4wgZsGCSqGSIb3DQEHBqCBjTCBigIBADCBhAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAx+kryf2KUmGdBYD9sCARCAV3ygz3eXIdq8JX/wpG9JRWlTNMRcpNE1qT0zNlN4t+ZvXEoedLQa/3p1YjgHw06GIAdA9xtkMV4eH9a1K8uCvjP8XxxNKekcMj59TlResnu9QF3r7pGXuQ==
+
+# Legacy qa index:
+# ENCRYPTED_ELASTICSEARCH_URI=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAALswgbgGCSqGSIb3DQEHBqCBqjCBpwIBADCBoQYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAyWLvUSzA/IAQCHl0MCARCAdNpF/Z1VJESwJ7hcwo/BqZz2mTDPA9NAPQ4zuPLsItz9A2lfHaP03bPuo9nq8VP5AKLOa4zPL0VoBmwEjj9qCCb+LSpQ3m+OoyM3BxG98/qYEcwXXOa8+0fH1x5asVrup/YICJdeD6jOewxttzzxCCGXEklL
+# ENCRYPTED_RESOURCES_INDEX=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAHIwcAYJKoZIhvcNAQcGoGMwYQIBADBcBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDI88/9macimvmLyWCAIBEIAvMUOAtF2Miq+8u7/A9fzBz57LavqkeLJmv8dd7WQzdA9lhqPkjUK0pzYtxsPe6Nk=
 
 ENCRYPTED_SCSB_URL=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAH8wfQYJKoZIhvcNAQcGoHAwbgIBADBpBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDBKllElmWYLxGOGopQIBEIA8JJyKde/8m8iCJGKR5D8HoTJhXHeyvw9eIDeuUNKiXLfJwoVz+PDAZSxkCQtM9O91zGhXbe3l6Bk1RlYJ
 ENCRYPTED_SCSB_API_KEY=AQECAHh7ea2tyZ6phZgT4B9BDKwguhlFtRC6hgt+7HbmeFsrsgAAAGMwYQYJKoZIhvcNAQcGoFQwUgIBADBNBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDNw8KXkyN8HvtjAX0gIBEIAgX+XG2fxTj6kSchrd/dfHB05KU5pkT0LtPxUTuNCXoLc=
diff --git a/lib/es-client.js b/lib/es-client.js
index b3138eb7..4232956c 100644
--- a/lib/es-client.js
+++ b/lib/es-client.js
@@ -11,16 +11,38 @@ const clientWrapper = {}
  */
 clientWrapper.esClient = function () {
   if (!this._esClient) {
-    // Parse ES connection string:
-    const { protocol, auth, host, port } = url.parse(process.env.ELASTICSEARCH_URI)
-    const [username, password] = auth ? auth.split(':') : []
-    const options = {
-      node: `${protocol}//${host}`,
-      port,
-      auth: { username, password }
+    // Parse ES connection string, which is likely multiple http base URIs
+    // separated by a comma:
+    const elasticUris = process.env.ELASTICSEARCH_URI.split(',')
+    const urisParsed = elasticUris.map((uri) => {
+      // Extract parts of the URI:
+      const { protocol, auth, host } = url.parse(uri)
+      const [username, password] = auth ? auth.split(':') : []
+      return {
+        protocol,
+        host,
+        username,
+        password
+      }
+    })
+    // Build ES client connection config:
+    const config = {}
+    config.nodes = urisParsed.map((uri) => `${uri.protocol}//${uri.host}`)
+
+    // Configure auth:
+    if (process.env.ELASTICSEARCH_API_KEY) {
+      // Auth with `apiKey`:
+      config.auth = { apiKey: process.env.ELASTICSEARCH_API_KEY }
+    } else if (urisParsed[0].username) {
+      // Auth with username, password:
+      config.auth = { username: urisParsed[0].username, password: urisParsed[0].password }
     }
-    logger.info(`Connecting to ES at ${host}:${port}/${process.env.RESOURCES_INDEX} ${username && password ? 'with creds' : 'w/out creds'}`)
-    this._esClient = new elasticsearch.Client(options)
+
+    // Log out some of the connection details for debugging purposes:
+    const authMethod = urisParsed[0].username ? 'with creds' : (process.env.ELASTICSEARCH_API_KEY ? 'with apiKey' : 'w/out creds')
+    logger.info(`Connecting to ES at ${urisParsed.map((u) => u.host).join(',')}/${process.env.RESOURCES_INDEX} ${authMethod}`)
+
+    this._esClient = new elasticsearch.Client(config)
   }
   return this._esClient
 }.bind(clientWrapper)