Skip to content

Fix use of HTTP credentials #220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chosak merged 1 commit into from
Aug 27, 2025
Merged

Fix use of HTTP credentials #220

chosak merged 1 commit into from
Aug 27, 2025

Conversation

@chosak
Copy link
Member

@chosak chosak commented Aug 15, 2025

The current implementation doesn't properly pass username/password credentials when connecting to Elasticsearch using HTTP (as opposed to connecting with AWS credentials).

The version 7.x Python elasticsearch library doesn't support the http_auth parameter currently specified, see code here.

Instead, the username/password must be passed as part of the HTTP hostname. Additionally, the use_ssl parameter needs to be set if connecting via HTTPS.

To test, try connecting to an ES server using ES_HOST/ES_PORT both with and without ES_USER/ES_PASSWORD. I've confirmed this on our infrastructure.

See internal DEVPLAT-1569 for additional context, and cfpb/ccdb-data-pipeline#75 for a similar fix in ccdb-data-pipeline.

@chosak
Fix use of HTTP credentials
b91d8fe 
The current implementation doesn't properly pass username/password
credentials when connecting to Elasticsearch using HTTP (as opposed to
connecting with AWS credentials).

The version 7.x Python elasticsearch library doesn't support the
http_auth parameter currently specified, see code here:

https://github.com/elastic/elasticsearch-py/blob/e275834941ea053c300e2c4bc494fccd5265f127/elasticsearch/client/__init__.py#L63

Instead, the username/password must be passed as part of the HTTP
hostname. Additionally, the use_ssl parameter needs to be set if
connecting via HTTPS.
@chosak chosak requested review from higs4281 and imuchnik August 15, 2025 20:31
higs4281
higs4281 approved these changes Aug 26, 2025
View reviewed changes
Copy link
Member

@higs4281 higs4281 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple questions:

Is this in service of local/Docker usage, or a step toward Alto?
As part of this, could we update the API's elasticsearch code to 7.13.4, as the pipeline does?

@chosak
Copy link
Member Author

chosak commented Aug 26, 2025

@higs4281 this is a step toward the new environment; in that environment, we connect to AWS OpenSearch using username/password credentials.

I'm happy to also include an upgrade to elasticsearch==7.13.4, I just wanted to keep the changes minimal. Would you prefer me to include that here?

@higs4281
Copy link
Member

higs4281 commented Aug 27, 2025

@higs4281 this is a step toward the new environment; in that environment, we connect to AWS OpenSearch using username/password credentials.

I'm happy to also include an upgrade to elasticsearch==7.13.4, I just wanted to keep the changes minimal. Would you prefer me to include that here?

You can leave it out and I'll push a separate PR for something we should have done long ago.

@chosak chosak merged commit 080c778 into main Aug 27, 2025
1 check passed
@chosak chosak deleted the fix/http-credentials branch August 27, 2025 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@higs4281 higs4281 higs4281 approved these changes

@imuchnik imuchnik Awaiting requested review from imuchnik

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chosak @higs4281