From 5da76a85c710167f35d98112ff7d7966170d9de2 Mon Sep 17 00:00:00 2001
From: Nathan Young <n.young@e-secure.com.au>
Date: Fri, 11 Oct 2019 17:16:35 +0100
Subject: [PATCH] Add api scheme based on http_ssl variable

---
 defaults/main.yml                                |  2 ++
 tasks/compatibility-variables.yml                |  7 ++++++-
 tasks/elasticsearch-template.yml                 |  2 +-
 .../security/elasticsearch-security-native.yml   | 16 ++++++++--------
 .../security/elasticsearch-xpack-activation.yml  |  2 +-
 5 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 479d818..6ed3615 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -35,8 +35,10 @@ es_allow_downgrades: false
 es_xpack_features: []
 #These are used for internal operations performed by ansible.
 #They do not affect the current configuration
+es_api_scheme: "http"
 es_api_host: "localhost"
 es_api_port: 9200
+es_api_uri: "{{es_api_scheme}}://{{es_api_host}}:{{es_api_port}}"
 es_debian_startup_timeout: 10
 
 # JVM custom parameters
diff --git a/tasks/compatibility-variables.yml b/tasks/compatibility-variables.yml
index 0ed0c21..df393b6 100644
--- a/tasks/compatibility-variables.yml
+++ b/tasks/compatibility-variables.yml
@@ -29,7 +29,7 @@
     es_install_xpack: true
     es_xpack_users_command: "x-pack/users"
     es_xpack_conf_subdir: "/x-pack"
-  when: 
+  when:
     - not es_open_xpack
     - es_enable_xpack
 
@@ -43,3 +43,8 @@
   when:
     - es_open_xpack
     - not es_enable_xpack
+
+- name: Set the URL scheme based if http ssl/tls is enabled
+  set_fact:
+    es_api_scheme: "https"
+  when: es_enable_http_ssl
diff --git a/tasks/elasticsearch-template.yml b/tasks/elasticsearch-template.yml
index 8af780d..cfd9947 100644
--- a/tasks/elasticsearch-template.yml
+++ b/tasks/elasticsearch-template.yml
@@ -15,7 +15,7 @@
 
 - name: Install templates
   uri:
-    url: "http://{{es_api_host}}:{{es_api_port}}/_template/{{item | filename}}"
+    url: "{{ es_api_uri }}/_template/{{item | filename}}"
     method: PUT
     status_code: 200
     user: "{{es_api_basic_auth_username | default(omit)}}"
diff --git a/tasks/xpack/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml
index e83cf80..77f3a00 100644
--- a/tasks/xpack/security/elasticsearch-security-native.yml
+++ b/tasks/xpack/security/elasticsearch-security-native.yml
@@ -21,7 +21,7 @@
 #List current users
 - name: List Native Users
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user
+    url: "{{ es_api_uri }}/{{ es_security_api }}/user"
     method: GET
     user: "{{es_api_basic_auth_username}}"
     password: "{{es_api_basic_auth_password}}"
@@ -51,7 +51,7 @@
 
 - name: Update API User Password
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{es_api_basic_auth_username}}/_password
+    url: "{{ es_api_uri }}/{{ es_security_api }}/user/{{es_api_basic_auth_username}}/_password"
     method: POST
     body_format: json
     body: "{ \"password\":\"{{native_users[es_api_basic_auth_username].password}}\" }"
@@ -73,7 +73,7 @@
 #Delete all non required users NOT inc. reserved
 - name: Delete Native Users
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{item}}
+    url: "{{ es_api_uri }}/{{ es_security_api }}/user/{{item}}"
     method: DELETE
     status_code: 200
     user: "{{es_api_basic_auth_username}}"
@@ -94,7 +94,7 @@
 #Update password on all reserved users
 - name: Update Reserved User Passwords
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{item}}/_password
+    url: "{{ es_api_uri }}/{{ es_security_api }}/user/{{item}}/_password"
     method: POST
     body_format: json
     body: "{ \"password\":\"{{native_users[item].password}}\" }"
@@ -113,7 +113,7 @@
 #Overwrite all other users NOT inc. those reserved
 - name: Update Non-Reserved Native User Details
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{item}}
+    url: "{{ es_api_uri }}/{{ es_security_api }}/user/{{item}}"
     method: POST
     body_format: json
     body: "{{ native_users[item] | to_json }}"
@@ -130,7 +130,7 @@
 #List current roles not. inc those reserved
 - name: List Native Roles
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/role
+    url: "{{ es_api_uri }}/{{ es_security_api }}/role"
     method: GET
     body_format: json
     user: "{{es_api_basic_auth_username}}"
@@ -165,7 +165,7 @@
 #Delete all non required roles NOT inc. reserved
 - name: Delete Native Roles
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/role/{{item}}
+    url: "{{ es_api_uri }}/{{ es_security_api }}/role/{{item}}"
     method: DELETE
     status_code: 200
     user: "{{es_api_basic_auth_username}}"
@@ -181,7 +181,7 @@
 #Update other roles - NOT inc. reserved roles
 - name: Update Native Roles
   uri:
-    url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/role/{{item}}
+    url: "{{ es_api_uri }}/{{ es_security_api }}/role/{{item}}"
     method: POST
     body_format: json
     body: "{{ es_roles.native[item] | to_json}}"
diff --git a/tasks/xpack/security/elasticsearch-xpack-activation.yml b/tasks/xpack/security/elasticsearch-xpack-activation.yml
index 7da085e..ea1ac15 100644
--- a/tasks/xpack/security/elasticsearch-xpack-activation.yml
+++ b/tasks/xpack/security/elasticsearch-xpack-activation.yml
@@ -2,7 +2,7 @@
 - name: Activate ES license (with security authentication)
   uri:
     method: PUT
-    url: "http://{{es_api_host}}:{{es_api_port}}/_xpack/license?acknowledge=true"
+    url: "{{ es_api_uri }}/_xpack/license?acknowledge=true"
     user: "{{es_api_basic_auth_username  | default(omit)}}"
     password: "{{es_api_basic_auth_password | default(omit)}}"
     body_format: json