elasticsearch-transport 7.14.0 → 7.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 88ee4e1ccbc2d04cc4e6581a80f8ab3e0ab8f09eae398eeacd395709eb103c40
-  data.tar.gz: b0314674f2e91da921549f4694a1e885d0cf51b5ca7ef9201aef3f063243c346
+  metadata.gz: 86cb8f5de5ca5fc4270376d791ea8bd03252e5bbed8494d232da2eea8512434a
+  data.tar.gz: 27a6b7bfeea33bfa6e56ddd4a01109a1864a48685b54558707fe9af15ae73948
 SHA512:
-  metadata.gz: 95a622b3a2e4ab25c5b9eb4e35fab83b6dd7aae8896ccbfe75ad5c52c1f6b7b3ffe04582d5b6106c4c6f2ea9a3e9cbc7b8a6182a58fd5c1a0c1b65168547b35b
-  data.tar.gz: 8d59c0dfd2bd0de4744e59ebba0d6e600bbd39f8e13486e901fb4e01f6a221477c7dd0205f3201767b26dd5ec5d0c6133210fb4a7aba37553f1c4ed4c5f56d08
+  metadata.gz: d2c129c4eeeb76a83d3fea12764ec135ad768920cd20c7c447a768708ab324db32482bdf616197e0674fe72a62ec74422b35774117a2d22cd0de8cc1520df20d
+  data.tar.gz: 586f14ab09c77a7a257667131d692dfd056e06ea66ccd3f53194985113043dec32e0fab5cf7fb3ed3d1a84036df02127df051c589ca137c6412ea8456a238a68

data/elasticsearch-transport.gemspec

@@ -26,12 +26,12 @@ Gem::Specification.new do |s|
   s.authors       = ['Karel Minarik']
   s.email         = ['karel.minarik@elasticsearch.org']
   s.summary       = 'Ruby client for Elasticsearch.'
-  s.homepage      = 'https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/7.x/index.html'
+  s.homepage      = 'https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/7.16/index.html'
   s.license       = 'Apache-2.0'
   s.metadata = {
-    'homepage_uri' => 'https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/7.x/index.html',
-    'changelog_uri' => 'https://github.com/elastic/elasticsearch-ruby/blob/7.x/CHANGELOG.md',
-    'source_code_uri' => 'https://github.com/elastic/elasticsearch-ruby/tree/7.x/elasticsearch-transport',
+    'homepage_uri' => 'https://www.elastic.co/guide/en/elasticsearch/client/ruby-api/7.16/index.html',
+    'changelog_uri' => 'https://github.com/elastic/elasticsearch-ruby/blob/7.16/CHANGELOG.md',
+    'source_code_uri' => 'https://github.com/elastic/elasticsearch-ruby/tree/7.16/elasticsearch-transport',
     'bug_tracker_uri' => 'https://github.com/elastic/elasticsearch-ruby/issues'
   }
   s.files         = `git ls-files`.split($/)

data/lib/elasticsearch/transport/client.rb

@@ -92,6 +92,8 @@ module Elasticsearch
       #
       # @option arguments [Boolean,Number] :retry_on_failure   Retry X times when request fails before raising and
       #                                                        exception (false by default)
+      # @option arguments [Number] :delay_on_retry  Delay in milliseconds between each retry (0 by default)
+      #
       # @option arguments Array<Number> :retry_on_status Retry when specific status codes are returned
       #
       # @option arguments [Boolean] :reload_on_failure Reload connections after failure (false by default)
@@ -126,6 +128,7 @@ module Elasticsearch
       #                                                     if you're using X-Opaque-Id
       # @option enable_meta_header [Boolean] :enable_meta_header Enable sending the meta data header to Cloud.
       #                                                          (Default: true)
+      # @option ca_fingerprint [String] :ca_fingerprint provide this value to only trust certificates that are signed by a specific CA certificate
       #
       # @yield [faraday] Access and configure the `Faraday::Connection` instance directly with a block
       #
@@ -136,6 +139,7 @@ module Elasticsearch
         @arguments[:tracer] ||= @arguments[:trace] ? DEFAULT_TRACER.call() : nil
         @arguments[:reload_connections] ||= false
         @arguments[:retry_on_failure]   ||= false
+        @arguments[:delay_on_retry]     ||= 0
         @arguments[:reload_on_failure]  ||= false
         @arguments[:randomize_hosts]    ||= false
         @arguments[:transport_options]  ||= {}
@@ -156,6 +160,7 @@ module Elasticsearch
 
         @send_get_body_as = @arguments[:send_get_body_as] || 'GET'
         @opaque_id_prefix = @arguments[:opaque_id_prefix] || nil
+        @ca_fingerprint = @arguments.delete(:ca_fingerprint)
 
         if @arguments[:request_timeout]
           @arguments[:transport_options][:request] = { timeout: @arguments[:request_timeout] }
@@ -188,6 +193,7 @@ module Elasticsearch
           opaque_id = @opaque_id_prefix ? "#{@opaque_id_prefix}#{opaque_id}" : opaque_id
           headers.merge!('X-Opaque-Id' => opaque_id)
         end
+        validate_ca_fingerprints if @ca_fingerprint
         transport.perform_request(method, path, params, body, headers)
       end
 
@@ -211,6 +217,31 @@ module Elasticsearch
         )
       end
 
+      def validate_ca_fingerprints
+        transport.connections.connections.each do |connection|
+          unless connection.host[:scheme] == 'https'
+            raise Elasticsearch::Transport::Transport::Error, 'CA fingerprinting can\'t be configured over http'
+          end
+
+          next if connection.verified
+
+          ctx = OpenSSL::SSL::SSLContext.new
+          socket = TCPSocket.new(connection.host[:host], connection.host[:port])
+          ssl = OpenSSL::SSL::SSLSocket.new(socket, ctx)
+          ssl.connect
+          cert_store = ssl.peer_cert_chain
+          matching_certs = cert_store.select do |cert|
+            OpenSSL::Digest::SHA256.hexdigest(cert.to_der).upcase == @ca_fingerprint.upcase.gsub(':', '')
+          end
+          if matching_certs.empty?
+            raise Elasticsearch::Transport::Transport::Error,
+                  'Server certificate CA fingerprint does not match the value configured in ca_fingerprint'
+          end
+
+          connection.verified = true
+        end
+      end
+
       def add_header(header)
         headers = @arguments[:transport_options]&.[](:headers) || {}
         headers.merge!(header)

data/lib/elasticsearch/transport/transport/base.rb

@@ -54,6 +54,7 @@ module Elasticsearch
           @options     = arguments[:options] || {}
           @options[:http] ||= {}
           @options[:retry_on_status] ||= []
+          @options[:delay_on_retry]  ||= 0
 
           @block       = block
           @compression = !!@options[:compression]
@@ -223,7 +224,7 @@ module Elasticsearch
         # @api private
         #
         def __convert_to_json(o=nil, options={})
-          o = o.is_a?(String) ? o : serializer.dump(o, options)
+          o.is_a?(String) ? o : serializer.dump(o, options)
         end
 
         # Returns a full URL based on information from host
@@ -264,6 +265,7 @@ module Elasticsearch
           start = Time.now
           tries = 0
           reload_on_failure = opts.fetch(:reload_on_failure, @options[:reload_on_failure])
+          delay_on_retry = opts.fetch(:delay_on_retry, @options[:delay_on_retry])
 
           max_retries = if opts.key?(:retry_on_failure)
             opts[:retry_on_failure] === true ? DEFAULT_MAX_RETRIES : opts[:retry_on_failure]
@@ -272,10 +274,10 @@ module Elasticsearch
           end
 
           params = params.clone
-
           ignore = Array(params.delete(:ignore)).compact.map { |s| s.to_i }
 
           begin
+            sleep(delay_on_retry / 1000.0) if tries > 0
             tries     += 1
             connection = get_connection or raise Error.new('Cannot get new connection from pool.')
 
@@ -284,9 +286,7 @@ module Elasticsearch
             end
 
             url      = connection.full_url(path, params)
-
             response = block.call(connection, url)
-
             connection.healthy! if connection.failures > 0
 
             # Raise an exception so we can catch it for `retry_on_status`
@@ -309,7 +309,6 @@ module Elasticsearch
             log_error "[#{e.class}] #{e.message} #{connection.host.inspect}"
 
             connection.dead!
-
             if reload_on_failure and tries < connections.all.size
               log_warn "[#{e.class}] Reloading connections (attempt #{tries} of #{connections.all.size})"
               reload_connections! and retry
@@ -336,14 +335,10 @@ module Elasticsearch
           duration = Time.now - start
 
           if response.status.to_i >= 300
-            __log_response    method, path, params, body, url, response, nil, 'N/A', duration
-            __trace  method, path, params, connection.connection.headers, body, url, response, nil, 'N/A', duration if tracer
-
+            __log_response(method, path, params, body, url, response, nil, 'N/A', duration)
+            __trace(method, path, params, connection_headers(connection), body, url, response, nil, 'N/A', duration) if tracer
             # Log the failure only when `ignore` doesn't match the response status
-            unless ignore.include?(response.status.to_i)
-              log_fatal "[#{response.status}] #{response.body}"
-            end
-
+            log_fatal "[#{response.status}] #{response.body}" unless ignore.include?(response.status.to_i)
             __raise_transport_error response unless ignore.include?(response.status.to_i)
           end
 
@@ -354,10 +349,8 @@ module Elasticsearch
             __log_response   method, path, params, body, url, response, json, took, duration
           end
 
-          __trace  method, path, params, connection.connection.headers, body, url, response, nil, 'N/A', duration if tracer
-
-          warnings(response.headers['warning']) if response.headers&.[]('warning')
-
+          __trace(method, path, params, connection_headers(connection), body, url, response, nil, 'N/A', duration) if tracer
+          log_warn(response.headers['warning']) if response.headers&.[]('warning')
           Response.new response.status, json || response.body, response.headers
         ensure
           @last_request_at = Time.now
@@ -376,17 +369,38 @@ module Elasticsearch
 
         USER_AGENT_STR = 'User-Agent'.freeze
         USER_AGENT_REGEX = /user\-?\_?agent/
+        ACCEPT_ENCODING = 'Accept-Encoding'.freeze
+        CONTENT_ENCODING = 'Content-Encoding'.freeze
         CONTENT_TYPE_STR = 'Content-Type'.freeze
         CONTENT_TYPE_REGEX = /content\-?\_?type/
         DEFAULT_CONTENT_TYPE = 'application/json'.freeze
         GZIP = 'gzip'.freeze
-        ACCEPT_ENCODING = 'Accept-Encoding'.freeze
         GZIP_FIRST_TWO_BYTES = '1f8b'.freeze
         HEX_STRING_DIRECTIVE = 'H*'.freeze
         RUBY_ENCODING = '1.9'.respond_to?(:force_encoding)
 
+        def compress_request(body, headers)
+          if body
+            headers ||= {}
+
+            if gzipped?(body)
+              headers[CONTENT_ENCODING] = GZIP
+            elsif use_compression?
+              headers[CONTENT_ENCODING] = GZIP
+              gzip = Zlib::GzipWriter.new(StringIO.new)
+              gzip << body
+              body = gzip.close.string
+            else
+              headers.delete(CONTENT_ENCODING)
+            end
+          elsif headers
+            headers.delete(CONTENT_ENCODING)
+          end
+
+          [body, headers]
+        end
+
         def decompress_response(body)
-          return body unless use_compression?
           return body unless gzipped?(body)
 
           io = StringIO.new(body)
@@ -399,6 +413,8 @@ module Elasticsearch
         end
 
         def gzipped?(body)
+          return unless body && !body.empty?
+
           body[0..1].unpack(HEX_STRING_DIRECTIVE)[0] == GZIP_FIRST_TWO_BYTES
         end
 
@@ -432,8 +448,12 @@ module Elasticsearch
           end
         end
 
-        def warnings(warning)
-          warn("warning: #{warning}")
+        def connection_headers(connection)
+          if defined?(Elasticsearch::Transport::Transport::HTTP::Manticore) && self.class == Elasticsearch::Transport::Transport::HTTP::Manticore
+            @request_options[:headers]
+          else
+            connection.connection.headers
+          end
         end
       end
     end

data/lib/elasticsearch/transport/transport/connections/connection.rb

@@ -33,6 +33,7 @@ module Elasticsearch
           DEFAULT_RESURRECT_TIMEOUT = 60
 
           attr_reader :host, :connection, :options, :failures, :dead_since
+          attr_accessor :verified
 
           # @option arguments [Hash]   :host       Host information (example: `{host: 'localhost', port: 9200}`)
           # @option arguments [Object] :connection The transport-specific physical connection or "session"
@@ -42,6 +43,7 @@ module Elasticsearch
             @host       = arguments[:host].is_a?(Hash) ? Redacted.new(arguments[:host]) : arguments[:host]
             @connection = arguments[:connection]
             @options    = arguments[:options] || {}
+            @verified   = false
             @state_mutex = Mutex.new
 
             @options[:resurrect_timeout] ||= DEFAULT_RESURRECT_TIMEOUT
@@ -153,7 +155,6 @@ module Elasticsearch
             "<#{self.class.name} host: #{host} (#{dead? ? 'dead since ' + dead_since.to_s : 'alive'})>"
           end
         end
-
       end
     end
   end

data/lib/elasticsearch/transport/transport/http/curb.rb

@@ -19,29 +19,31 @@ module Elasticsearch
   module Transport
     module Transport
       module HTTP
-
         # Alternative HTTP transport implementation, using the [_Curb_](https://rubygems.org/gems/curb) client.
         #
         # @see Transport::Base
         #
         class Curb
           include Base
-
           # Performs the request by invoking {Transport::Base#perform_request} with a block.
           #
           # @return [Response]
           # @see    Transport::Base#perform_request
           #
           def perform_request(method, path, params={}, body=nil, headers=nil, opts={})
-            super do |connection, url|
+            super do |connection, _url|
               connection.connection.url = connection.full_url(path, params)
+              body = body ? __convert_to_json(body) : nil
+              body, headers = compress_request(body, headers)
 
               case method
               when 'HEAD'
                 connection.connection.set :nobody, true
               when 'GET', 'POST', 'PUT', 'DELETE'
                 connection.connection.set :nobody, false
-                connection.connection.put_data = __convert_to_json(body) if body
+
+                connection.connection.put_data = body if body
+
                 if headers
                   if connection.connection.headers
                     connection.connection.headers.merge!(headers)

data/lib/elasticsearch/transport/transport/http/faraday.rb

@@ -44,12 +44,13 @@ module Elasticsearch
                           headers
                         end
 
-              response = connection.connection.run_request(
-                method.downcase.to_sym,
-                url,
-                (body ? __convert_to_json(body) : nil),
-                headers
-              )
+              body = body ? __convert_to_json(body) : nil
+              body, headers = compress_request(body, headers)
+
+              response = connection.connection.run_request(method.downcase.to_sym,
+                                                           url,
+                                                           body,
+                                                           headers)
 
               Response.new response.status, decompress_response(response.body), response.headers
             end
@@ -62,7 +63,7 @@ module Elasticsearch
           def __build_connection(host, options={}, block=nil)
             client = ::Faraday.new(__full_url(host), options, &block)
             apply_headers(client, options)
-            Connections::Connection.new :host => host, :connection => client
+            Connections::Connection.new(host: host, connection: client)
           end
 
           # Returns an array of implementation specific connection errors.

data/lib/elasticsearch/transport/transport/http/manticore.rb

@@ -63,6 +63,7 @@ module Elasticsearch
           include Base
 
           def initialize(arguments={}, &block)
+            @request_options = { headers: (arguments.dig(:transport_options, :headers) || {}) }
             @manticore = build_client(arguments[:options] || {})
             super(arguments, &block)
           end
@@ -82,7 +83,10 @@ module Elasticsearch
           #
           def perform_request(method, path, params={}, body=nil, headers=nil, opts={})
             super do |connection, url|
-              params[:body] = __convert_to_json(body) if body
+              body = body ? __convert_to_json(body) : nil
+              body, headers = compress_request(body, @request_options[:headers])
+
+              params[:body] = body if body
               params[:headers] = headers if headers
               params = params.merge @request_options
               case method
@@ -109,7 +113,6 @@ module Elasticsearch
           # @return [Connections::Collection]
           #
           def __build_connections
-            @request_options = {}
             apply_headers(@request_options, options[:transport_options])
             apply_headers(@request_options, options)
 
@@ -155,11 +158,11 @@ module Elasticsearch
           private
 
           def apply_headers(request_options, options)
-            headers = (options && options[:headers]) || {}
+            headers = options&.[](:headers) || {}
             headers[CONTENT_TYPE_STR] = find_value(headers, CONTENT_TYPE_REGEX) || DEFAULT_CONTENT_TYPE
             headers[USER_AGENT_STR] = find_value(headers, USER_AGENT_REGEX) || user_agent_header
             headers[ACCEPT_ENCODING] = GZIP if use_compression?
-            request_options.merge!(headers: headers)
+            request_options[:headers].merge!(headers)
           end
 
           def user_agent_header

data/lib/elasticsearch/transport/version.rb

@@ -17,6 +17,6 @@
 
 module Elasticsearch
   module Transport
-    VERSION = '7.14.0'.freeze
+    VERSION = '7.16.0'.freeze
   end
 end

data/lib/elasticsearch/transport.rb

@@ -18,6 +18,7 @@
 require 'uri'
 require 'time'
 require 'timeout'
+require 'zlib'
 require 'multi_json'
 require 'faraday'
 

data/spec/elasticsearch/transport/client_spec.rb

@@ -1466,28 +1466,19 @@ describe Elasticsearch::Transport::Client do
     end
 
     context 'when Elasticsearch response includes a warning header' do
+      let(:logger) { double('logger', warn: '', warn?: '', info?: '', info: '', debug?: '', debug: '') }
       let(:client) do
-        Elasticsearch::Transport::Client.new(hosts: hosts)
+        Elasticsearch::Transport::Client.new(hosts: hosts, logger: logger)
       end
 
       let(:warning) { 'Elasticsearch warning: "deprecation warning"' }
 
       it 'prints a warning' do
-        allow_any_instance_of(Elasticsearch::Transport::Transport::Response).to receive(:headers) do
-          { 'warning' => warning }
-        end
-
-        begin
-          stderr      = $stderr
-          fake_stderr = StringIO.new
-          $stderr     = fake_stderr
-
-          client.perform_request('GET', '/')
-          fake_stderr.rewind
-          expect(fake_stderr.string).to eq("warning: #{warning}\n")
-        ensure
-          $stderr = stderr
+        expect_any_instance_of(Faraday::Connection).to receive(:run_request) do
+          Elasticsearch::Transport::Transport::Response.new(200, {}, { 'warning' => warning })
         end
+        client.perform_request('GET', '/')
+        expect(logger).to have_received(:warn).with(warning)
       end
     end
 
@@ -1668,6 +1659,29 @@ describe Elasticsearch::Transport::Client do
         end
       end
 
+      context 'when retry_on_failure is true and delay_on_retry is specified' do
+        context 'when a node is unreachable' do
+          let(:hosts) do
+            [ELASTICSEARCH_HOSTS.first, "foobar1", "foobar2"]
+          end
+
+          let(:options) do
+            { retry_on_failure: true, delay_on_retry: 3000 }
+          end
+
+          let(:responses) do
+            5.times.collect do
+              client.perform_request('GET', '_nodes/_local')
+            end
+          end
+
+          it 'retries on failure' do
+            allow_any_instance_of(Object).to receive(:sleep).with(3000 / 1000)
+            expect(responses.all? { true }).to be(true)
+          end
+        end
+      end
+
       context 'when reload_on_failure is true' do
 
         let(:hosts) do
@@ -1727,7 +1741,7 @@ describe Elasticsearch::Transport::Client do
             end
 
             it 'sets the Accept-Encoding header' do
-              expect(client.transport.connections[0].connection.headers['Accept-Encoding'])
+              expect(client.transport.connections[0].connection.headers['Accept-Encoding']).to eq 'gzip'
             end
 
             it 'preserves the other headers' do
@@ -1746,7 +1760,7 @@ describe Elasticsearch::Transport::Client do
             end
 
             it 'sets the Accept-Encoding header' do
-              expect(client.transport.connections[0].connection.headers['Accept-Encoding'])
+              expect(client.transport.connections[0].connection.headers['Accept-Encoding']).to eq 'gzip'
             end
 
             it 'preserves the other headers' do
@@ -1765,7 +1779,7 @@ describe Elasticsearch::Transport::Client do
             end
 
             it 'sets the Accept-Encoding header' do
-              expect(client.transport.connections[0].connection.headers['Accept-Encoding'])
+              expect(client.transport.connections[0].connection.headers['Accept-Encoding']).to eq 'gzip'
             end
 
             it 'preserves the other headers' do
@@ -1784,7 +1798,7 @@ describe Elasticsearch::Transport::Client do
             end
 
             it 'sets the Accept-Encoding header' do
-              expect(client.transport.connections[0].connection.headers['Accept-Encoding'])
+              expect(client.transport.connections[0].connection.headers['Accept-Encoding']).to eq 'gzip'
             end
 
             it 'preserves the other headers' do
@@ -1803,7 +1817,7 @@ describe Elasticsearch::Transport::Client do
             end
 
             it 'sets the Accept-Encoding header' do
-              expect(client.transport.connections[0].connection.headers['Accept-Encoding'])
+              expect(client.transport.connections[0].connection.headers['Accept-Encoding']).to eq 'gzip'
             end
 
             it 'preserves the other headers' do
@@ -1827,7 +1841,7 @@ describe Elasticsearch::Transport::Client do
         end
 
         it 'sets the Accept-Encoding header' do
-          expect(client.transport.connections[0].connection.headers['Accept-Encoding'])
+          expect(client.transport.connections[0].connection.headers['Accept-Encoding']).to eq 'gzip'
         end
 
         it 'preserves the other headers' do
@@ -1895,7 +1909,6 @@ describe Elasticsearch::Transport::Client do
       end
 
       context 'when request headers are specified' do
-
         let(:response) do
           client.perform_request('GET', '/', {}, nil, { 'Content-Type' => 'application/yaml' })
         end
@@ -1906,9 +1919,7 @@ describe Elasticsearch::Transport::Client do
       end
 
       describe 'selector' do
-
         context 'when the round-robin selector is used' do
-
           let(:nodes) do
             3.times.collect do
               client.perform_request('GET', '_nodes/_local').body['nodes'].to_a[0][1]['name']
@@ -1989,4 +2000,76 @@ describe Elasticsearch::Transport::Client do
       end
     end
   end
+
+  context 'CA Fingerprinting' do
+    context 'when setting a ca_fingerprint' do
+      after do
+        File.delete('./certificate.crt')
+        File.delete('./certificate.key')
+      end
+
+      let(:certificate) do
+        system(
+          'openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=BE/O=Test/CN=Test"' \
+          ' -keyout certificate.key -out certificate.crt',
+          err: File::NULL
+        )
+        OpenSSL::X509::Certificate.new File.read('./certificate.crt')
+      end
+
+      let(:client) do
+        Elasticsearch::Transport::Client.new(
+          host: 'https://elastic:changeme@localhost:9200',
+          ca_fingerprint: OpenSSL::Digest::SHA256.hexdigest(certificate.to_der)
+        )
+      end
+
+      it 'validates CA fingerprints on perform request' do
+        expect(client.transport.connections.connections.map(&:verified).uniq).to eq [false]
+        allow(client.transport).to receive(:perform_request) { 'Hello' }
+
+        server = double('server').as_null_object
+        allow(TCPSocket).to receive(:new) { server }
+        socket = double('socket')
+        allow(OpenSSL::SSL::SSLSocket).to receive(:new) { socket }
+        allow(socket).to receive(:connect) { nil }
+        allow(socket).to receive(:peer_cert_chain) { [certificate] }
+
+        response = client.perform_request('GET', '/')
+        expect(client.transport.connections.connections.map(&:verified).uniq).to eq [true]
+        expect(response).to eq 'Hello'
+      end
+    end
+
+    context 'when using an http host' do
+      let(:client) do
+        Elasticsearch::Transport::Client.new(
+          host: 'http://elastic:changeme@localhost:9200',
+          ca_fingerprint: 'test'
+        )
+      end
+
+      it 'raises an error' do
+        expect do
+          client.perform_request('GET', '/')
+        end.to raise_exception(Elasticsearch::Transport::Transport::Error)
+      end
+    end
+
+    context 'when not setting a ca_fingerprint' do
+      let(:client) do
+        Elasticsearch::Transport::Client.new(
+          host: 'http://elastic:changeme@localhost:9200'
+        )
+      end
+
+      it 'has unvalidated connections' do
+        allow(client).to receive(:validate_ca_fingerprints) { nil }
+        allow(client.transport).to receive(:perform_request) { nil }
+
+        client.perform_request('GET', '/')
+        expect(client).to_not have_received(:validate_ca_fingerprints)
+      end
+    end
+  end
 end