From be402a3977c347fdb0834dcf31c9e494a7ebfe73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Mon, 15 Sep 2025 14:48:50 +0200
Subject: [PATCH] allow configuring insecure search client
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 services/search/pkg/command/server.go | 8 ++++++++
 services/search/pkg/config/engine.go  | 1 +
 2 files changed, 9 insertions(+)

diff --git a/services/search/pkg/command/server.go b/services/search/pkg/command/server.go
index b85811268b..ff82575e83 100644
--- a/services/search/pkg/command/server.go
+++ b/services/search/pkg/command/server.go
@@ -2,7 +2,9 @@ package command
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	"net/http"
 	"os/signal"
 
 	"github.com/opencloud-eu/reva/v2/pkg/events/raw"
@@ -98,6 +100,12 @@ func Server(cfg *config.Config) *cli.Command {
 						DiscoverNodesInterval: cfg.Engine.OpenSearch.Client.DiscoverNodesInterval,
 						EnableMetrics:         cfg.Engine.OpenSearch.Client.EnableMetrics,
 						EnableDebugLogger:     cfg.Engine.OpenSearch.Client.EnableDebugLogger,
+						Transport: &http.Transport{
+							TLSClientConfig: &tls.Config{
+								MinVersion:         tls.VersionTLS12,
+								InsecureSkipVerify: cfg.Engine.OpenSearch.Client.Insecure,
+							},
+						},
 					},
 				})
 				if err != nil {
diff --git a/services/search/pkg/config/engine.go b/services/search/pkg/config/engine.go
index 364be26cce..780e44c5f7 100644
--- a/services/search/pkg/config/engine.go
+++ b/services/search/pkg/config/engine.go
@@ -44,4 +44,5 @@ type EngineOpenSearchClient struct {
 	DiscoverNodesInterval time.Duration `yaml:"discover_nodes_interval" env:"SEARCH_ENGINE_OPEN_SEARCH_CLIENT_DISCOVER_NODES_INTERVAL" desc:"Interval for discovering nodes." introductionVersion:"%%NEXT%%"`
 	EnableMetrics         bool          `yaml:"enable_metrics" env:"SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_METRICS" desc:"Enable metrics collection." introductionVersion:"%%NEXT%%"`
 	EnableDebugLogger     bool          `yaml:"enable_debug_logger" env:"SEARCH_ENGINE_OPEN_SEARCH_CLIENT_ENABLE_DEBUG_LOGGER" desc:"Enable debug logging." introductionVersion:"%%NEXT%%"`
+	Insecure              bool          `yaml:"insecure" env:"SEARCH_ENGINE_OPEN_SEARCH_CLIENT_INSECURE" desc:"Skip TLS certificate verification." introductionVersion:"%%NEXT%%"`
 }