Allow adding URL to the cluster (opensearch-project#3574)

### Description
Allow adding URLs to the OpenSearch cluster with support for both
http:// and https:// for external logs.

---------

Signed-off-by: David Osorno <[email protected]>

src/main/java/org/opensearch/security/httpclient/HttpClient.java

@@ -13,6 +13,8 @@
 
 import java.io.Closeable;
 import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
@@ -31,7 +33,6 @@
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 
-import com.google.common.collect.Lists;
 import org.apache.hc.client5.http.config.RequestConfig;
 import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder;
 import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
@@ -51,7 +52,6 @@
 import org.apache.hc.core5.ssl.SSLContexts;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-
 import org.opensearch.action.index.IndexRequest;
 import org.opensearch.action.index.IndexResponse;
 import org.opensearch.action.support.WriteRequest.RefreshPolicy;
@@ -62,6 +62,8 @@
 import org.opensearch.client.RestHighLevelClient;
 import org.opensearch.common.xcontent.XContentType;
 
+import com.google.common.collect.Lists;
+
 public class HttpClient implements Closeable {
 
     public static class HttpClientBuilder {
@@ -176,14 +178,8 @@ private HttpClient(
         this.supportedCipherSuites = supportedCipherSuites;
         this.keystoreAlias = keystoreAlias;
 
-        HttpHost[] hosts = Arrays.stream(servers)
-            .map(s -> s.split(":"))
-            .map(s -> new HttpHost(ssl ? "https" : "http", s[0], Integer.parseInt(s[1])))
-            .collect(Collectors.toList())
-            .toArray(new HttpHost[0]);
-
+        HttpHost[] hosts = createHosts(servers);
         RestClientBuilder builder = RestClient.builder(hosts);
-        // builder.setMaxRetryTimeoutMillis(10000);
 
         builder.setFailureListener(new RestClient.FailureListener() {
             @Override
@@ -208,6 +204,24 @@ public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpCli
         rclient = new RestHighLevelClient(builder);
     }
 
+    private HttpHost[] createHosts(String[] servers) {
+        return Arrays.stream(servers).map(server -> {
+            try {
+                server = addSchemeBasedOnSSL(server);
+                URI uri = new URI(server);
+                return new HttpHost(uri.getScheme(), uri.getHost(), uri.getPort());
+            } catch (URISyntaxException e) {
+                return null;
+            }
+        }).filter(Objects::nonNull).collect(Collectors.toList()).toArray(HttpHost[]::new);
+    }
+
+    private String addSchemeBasedOnSSL(String server) {
+        server = server.replaceAll("https://|http://", "");
+        String protocol = ssl ? "https://" : "http://";
+        return protocol.concat(server);
+    }
+
     public boolean index(final String content, final String index, final String type, final boolean refresh) {
 
         try {

src/test/java/org/opensearch/security/httpclient/HttpClientTest.java

@@ -30,7 +30,10 @@ protected String getResourceFolder() {
     @Test
     public void testPlainConnection() throws Exception {
 
-        final Settings settings = Settings.builder().put("plugins.security.ssl.http.enabled", false).build();
+        final Settings settings = Settings.builder()
+            .put("plugins.security.ssl.http.enabled", false)
+            .loadFromPath(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/endpoints/routing/configuration_valid.yml"))
+            .build();
 
         setup(Settings.EMPTY, new DynamicSecurityConfig(), settings);
 
@@ -84,6 +87,7 @@ public void testSslConnection() throws Exception {
             .put(SSLConfigConstants.SECURITY_SSL_HTTP_KEYSTORE_ALIAS, "node-0")
             .put("plugins.security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/node-0-keystore.jks"))
             .put("plugins.security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/truststore.jks"))
+            .loadFromPath(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/endpoints/routing/configuration_valid.yml"))
             .build();
 
         setup(Settings.EMPTY, new DynamicSecurityConfig(), settings);
@@ -123,6 +127,7 @@ public void testSslConnectionPKIAuth() throws Exception {
             .put(SSLConfigConstants.SECURITY_SSL_HTTP_KEYSTORE_ALIAS, "node-0")
             .put("plugins.security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/node-0-keystore.jks"))
             .put("plugins.security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/truststore.jks"))
+            .loadFromPath(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/endpoints/routing/configuration_valid.yml"))
             .build();
 
         setup(Settings.EMPTY, new DynamicSecurityConfig(), settings);

src/test/resources/auditlog/endpoints/routing/configuration_valid.yml

@@ -15,7 +15,23 @@ plugins.security:
       endpoint2:
         type: external_opensearch
         config:
-          http_endpoints: ['localhost:9200','localhost:9201','localhost:9202']
+          http_endpoints: [
+            'localhost',
+            'localhost:9200',
+            'localhost:9201',
+            'localhost:9202',
+            'localhost:9202/opensearch',
+            '127.0.0.1',
+            '127.0.0.1:9200',
+            '127.0.0.1:9200/opensearch',
+            'my-opensearch-cluster.company.com:9200',
+            'my-opensearch-cluster.company.com:9200/opensearch',
+            'http://my-opensearch-cluster.company.com',
+            'https://my-opensearch-cluster.company.com:9200',
+            'https://my-opensearch-cluster.company.com:9200/opensearch',
+            '[::1]:9200',
+            '[::1]:9200/opensearch',
+          ]
           index: auditlog
           username: auditloguser
           password: auditlogpassword