From 10592db676781ef72665696f213fd033c37ebd1f Mon Sep 17 00:00:00 2001
From: Yannis Fragoulis <yannis.fragoulis@causaly.com>
Date: Mon, 19 Dec 2022 16:54:57 +0200
Subject: [PATCH] pump:elasticsearch: allow skip verify for all requests

Although there is support skipping cert verification [1], the same does not
apply for when not using SSL.

[1] https://tyk.io/docs/tyk-pump/tyk-pump-configuration/tyk-pump-environment-variables/#pumpselasticsearchmetassl_insecure_skip_verify
---
 pumps/elasticsearch.go | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/pumps/elasticsearch.go b/pumps/elasticsearch.go
index 8132b6899..180f67c94 100644
--- a/pumps/elasticsearch.go
+++ b/pumps/elasticsearch.go
@@ -127,6 +127,7 @@ type Elasticsearch7Operator struct {
 type ApiKeyTransport struct {
 	APIKey   string
 	APIKeyID string
+	ESConf   *ElasticsearchConf
 }
 
 // RoundTrip for ApiKeyTransport auth
@@ -136,7 +137,18 @@ func (t *ApiKeyTransport) RoundTrip(r *http.Request) (*http.Response, error) {
 
 	r.Header.Set("Authorization", "ApiKey "+key)
 
-	return http.DefaultTransport.RoundTrip(r)
+	transport := &http.Transport{
+		ForceAttemptHTTP2:     true,
+		MaxIdleConns:          100,
+		IdleConnTimeout:       90 * time.Second,
+		TLSHandshakeTimeout:   10 * time.Second,
+		ExpectContinueTimeout: 1 * time.Second,
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: t.ESConf.SSLInsecureSkipVerify,
+		},
+	}
+
+	return transport.RoundTrip(r)
 }
 
 func (e *ElasticsearchPump) getOperator() (ElasticsearchOperator, error) {
@@ -149,7 +161,13 @@ func (e *ElasticsearchPump) getOperator() (ElasticsearchOperator, error) {
 	if conf.AuthAPIKey != "" && conf.AuthAPIKeyID != "" {
 		conf.Username = ""
 		conf.Password = ""
-		httpClient = &http.Client{Transport: &ApiKeyTransport{APIKey: conf.AuthAPIKey, APIKeyID: conf.AuthAPIKeyID}}
+		httpClient = &http.Client{
+			Transport: &ApiKeyTransport{
+				APIKey: conf.AuthAPIKey,
+				APIKeyID: conf.AuthAPIKeyID,
+				ESConf: e.esConf,
+			},
+		}
 	}
 
 	if conf.UseSSL {