func newElasticsearchConfigFromFramework()

in internal/clients/config/elasticsearch.go [138:222]

• 74 lines of code
• 18 McCabe index (conditional complexity)

func newElasticsearchConfigFromFramework(ctx context.Context, cfg ProviderConfiguration, base baseConfig) (*elasticsearchConfig, fwdiags.Diagnostics) {
	if len(cfg.Elasticsearch) == 0 {
		return nil, nil
	}

	config := base.toElasticsearchConfig()
	esConfig := cfg.Elasticsearch[0]

	var endpoints []string
	diags := esConfig.Endpoints.ElementsAs(ctx, &endpoints, true)
	if diags.HasError() {
		return nil, diags
	}

	if len(endpoints) > 0 {
		config.config.Addresses = endpoints
	}

	for header, value := range esConfig.Headers.Elements() {
		strValue := value.(basetypes.StringValue)
		// trim the strings to remove any leading/trailing whitespace
		config.config.Header.Add(strings.TrimSpace(header), strings.TrimSpace(strValue.ValueString()))
	}

	if esConfig.BearerToken.ValueString() != "" {
		config.bearerToken = esConfig.BearerToken.ValueString()
		if esConfig.ESClientAuthentication.ValueString() != "" {
			config.esClientAuthentication = esConfig.ESClientAuthentication.ValueString()
		}
	}

	if esConfig.Insecure.ValueBool() {
		tlsClientConfig := config.ensureTLSClientConfig()
		tlsClientConfig.InsecureSkipVerify = true
	}

	if caFile := esConfig.CAFile.ValueString(); caFile != "" {
		caCert, err := os.ReadFile(caFile)
		if err != nil {
			diags.Append(fwdiags.NewErrorDiagnostic("Unable to read CA file", err.Error()))
			return nil, diags
		}
		config.config.CACert = caCert
	}
	if caData := esConfig.CAData.ValueString(); caData != "" {
		config.config.CACert = []byte(caData)
	}

	if certFile := esConfig.CertFile.ValueString(); certFile != "" {
		if keyFile := esConfig.KeyFile.ValueString(); keyFile != "" {
			cert, err := tls.LoadX509KeyPair(certFile, keyFile)
			if err != nil {
				diags.Append(fwdiags.NewErrorDiagnostic("Unable to read certificate or key file", err.Error()))
				return nil, diags
			}
			tlsClientConfig := config.ensureTLSClientConfig()
			tlsClientConfig.Certificates = []tls.Certificate{cert}
		} else {
			diags.Append(fwdiags.NewErrorDiagnostic("Unable to read key file", "Path to key file has not been configured or is empty"))
			return nil, diags
		}
	}
	if certData := esConfig.CertData.ValueString(); certData != "" {
		if keyData := esConfig.KeyData.ValueString(); keyData != "" {
			cert, err := tls.X509KeyPair([]byte(certData), []byte(keyData))
			if err != nil {
				diags.Append(fwdiags.NewErrorDiagnostic("Unable to parse certificate or key", err.Error()))
				return nil, diags
			}
			tlsClientConfig := config.ensureTLSClientConfig()
			tlsClientConfig.Certificates = []tls.Certificate{cert}
		} else {
			diags.Append(fwdiags.NewErrorDiagnostic("Unable to parse key", "Key data has not been configured or is empty"))
			return nil, diags
		}
	}

	if logging.IsDebugOrHigher() {
		config.config.EnableDebugLogger = true
		config.config.Logger = &debugLogger{Name: "elasticsearch"}
	}

	config = config.withEnvironmentOverrides()
	return &config, nil
}