Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add Secret handling in OpenSearchDocumentStore #1288

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: Add Secret handling in OpenSearchDocumentStore #1288

wants to merge 6 commits into from

Conversation

vblagoje
Copy link
Member

Why:

Enhances the authentication mechanism within the OpenSearch integration to allow for sensitive credentials to be managed securely using environment variables.

What:

  • Introduced new capability to read OpenSearch credentials (username and password) from environment variables using the Secret class.
  • Updated the initialization process to handle missing environment variables gracefully.
  • Extended serialization and deserialization methods to include the handling of Secret objects for secure storage and retrieval of credentials.

How can it be used:

Environment variable-based authentication can be leveraged by setting:

export OPENSEARCH_USERNAME="your_username"
export OPENSEARCH_PASSWORD="your_password"

Then, initialize the OpenSearchDocumentStore as follows:

document_store = OpenSearchDocumentStore(hosts="your_host")

How did you test it:

Testing involved mocking the OpenSearch client to verify the correct behavior of the authentication logic, including the execution of environment variable-based initialization and validation of serialized objects to check the correct capture of credentials as Secret dictionaries.

Notes for the reviewer:

Focus on the sections handling the http_auth in dict serialization and the test cases for environment-based authentication to ensure consistent and secure handling of credentials. Verify that no credentials are logged or exposed improperly.

@vblagoje vblagoje requested a review from a team as a code owner January 14, 2025 14:35
@vblagoje vblagoje requested review from davidsbatista and tstadel and removed request for a team and davidsbatista January 14, 2025 14:35
@github-actions github-actions bot added integration:opensearch type:documentation Improvements or additions to documentation labels Jan 14, 2025
@vblagoje vblagoje marked this pull request as draft January 14, 2025 14:48
@vblagoje
Copy link
Member Author

This one is not ready yet @tstadel 👍

@vblagoje vblagoje marked this pull request as ready for review January 15, 2025 10:09
@vblagoje
Copy link
Member Author

@tstadel should be ready now, please be really careful with this one 🙏

@tstadel
Copy link
Member

tstadel commented Jan 15, 2025

@vblagoje in general looks good. I'm very confident we don't break anything. But let's please support List[Secret] besides/instead of Tuple[Secret] here. Reason:
YAML does not support tuples, so once you serialize the to_dict output containing tuples to yaml, and deserialize it again you will end up with List[Secret].

import yaml

serialized = OpenSearchDocumentStore().to_dict()
yaml_serialized = yaml.safe_dump(serialized)
yaml_deserialized = yaml.safe_load(yaml_serialized)
# http_auth will be [...] and hence secrets not deserialized
deserialzed = OpenSearchDocumentStore.from_dict(yaml_deserialized)

vblagoje and others added 2 commits January 15, 2025 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tstadel tstadel tstadel left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
integration:langfuse integration:opensearch type:documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for secret management and from_env_var for OpenSearch integration
2 participants
@vblagoje @tstadel