Skip to content

Add user/password elasticsearch authentication #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
fabianaromagnoli wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Add user/password elasticsearch authentication #41

fabianaromagnoli wants to merge 3 commits into from

Conversation

@fabianaromagnoli
Copy link
Member

@fabianaromagnoli fabianaromagnoli commented Apr 9, 2025

This PR makes ESB work when Elasticsearch has security pack enabled and requires authentication with username and password.

fabianaromagnoli
fabianaromagnoli commented Apr 9, 2025
View reviewed changes
composer.json
"doctrine/annotations": "^1.8",
"ramsey/uuid": "^3.8",
"webgriffe/amp-elasticsearch": "^2.1",
"webgriffe/amp-elasticsearch": "dev-allow-es-authentication",
Copy link
Member Author

@fabianaromagnoli fabianaromagnoli Apr 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be changed to require the correct release version of webgriffe/amp-elasticsearch

fabianaromagnoli
fabianaromagnoli commented Apr 9, 2025
View reviewed changes
docker-compose.yml
- "discovery.type=${ES_DISCOVERY_TYPE:-single-node}"
- "ES_JAVA_OPTS=${ES_JAVA_OPTS:--Xms512m -Xmx512m}"
- xpack.security.enabled=true
- action.destructive_requires_name= false # because in unit tests setup we delete all indexes, and wildcards and _all are not allowed with security enabled
Copy link
Member Author

@fabianaromagnoli fabianaromagnoli Apr 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be removed: it needs to work also with this restriction active. We use _all wildcard in tests/KernelTestCase.php:106, but we could remove that, reading all indexes first (I think the _all wildcard is allowed when reading), and deleting them one by one.

fabianaromagnoli
fabianaromagnoli commented Apr 9, 2025
View reviewed changes
services.yml
- method: 'setCredentials'
arguments:
- '%elasticsearch_user%'
- '%elasticsearch_password%'
Copy link
Member Author

@fabianaromagnoli fabianaromagnoli Apr 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if someone is working with Elasticsearch without the security pack, meaning no user/password authentication is required? We need to ensure backward compatibility and support scenarios where a username and password are not provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmenozzi mmenozzi Awaiting requested review from mmenozzi

@LucaGallinari LucaGallinari Awaiting requested review from LucaGallinari

@azambon azambon Awaiting requested review from azambon

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fabianaromagnoli