From 81aeb7339fa6940ed3e728d0c2ad297643af439f Mon Sep 17 00:00:00 2001 From: Grzegorz Pustulka Date: Thu, 29 May 2025 15:27:21 +0200 Subject: [PATCH 1/2] Database authorization capability with SSL disabled --- .../stac_fastapi/elasticsearch/config.py | 8 +++---- .../stac_fastapi/opensearch/config.py | 24 +++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py b/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py index d371c6a5..49495854 100644 --- a/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py +++ b/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py @@ -52,6 +52,10 @@ def _es_config() -> Dict[str, Any]: if http_compress: config["http_compress"] = True + # Handle authentication + if (u := os.getenv("ES_USER")) and (p := os.getenv("ES_PASS")): + config["http_auth"] = (u, p) + # Explicitly exclude SSL settings when not using SSL if not use_ssl: return config @@ -64,10 +68,6 @@ def _es_config() -> Dict[str, Any]: if config["verify_certs"]: config["ca_certs"] = os.getenv("CURL_CA_BUNDLE", certifi.where()) - # Handle authentication - if (u := os.getenv("ES_USER")) and (p := os.getenv("ES_PASS")): - config["http_auth"] = (u, p) - return config diff --git a/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py b/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py index d3811376..3fe4d71b 100644 --- a/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py +++ b/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py @@ -40,18 +40,6 @@ def _es_config() -> Dict[str, Any]: if http_compress: config["http_compress"] = True - # Explicitly exclude SSL settings when not using SSL - if not use_ssl: - return config - - # Include SSL settings if using https - config["ssl_version"] = ssl.PROTOCOL_SSLv23 - config["verify_certs"] = get_bool_env("ES_VERIFY_CERTS", default=True) - - # Include CA Certificates if verifying certs - if config["verify_certs"]: - config["ca_certs"] = os.getenv("CURL_CA_BUNDLE", certifi.where()) - # Handle authentication if (u := os.getenv("ES_USER")) and (p := os.getenv("ES_PASS")): config["http_auth"] = (u, p) @@ -65,6 +53,18 @@ def _es_config() -> Dict[str, Any]: config["headers"] = headers + # Explicitly exclude SSL settings when not using SSL + if not use_ssl: + return config + + # Include SSL settings if using https + config["ssl_version"] = ssl.PROTOCOL_SSLv23 + config["verify_certs"] = get_bool_env("ES_VERIFY_CERTS", default=True) + + # Include CA Certificates if verifying certs + if config["verify_certs"]: + config["ca_certs"] = os.getenv("CURL_CA_BUNDLE", certifi.where()) + return config From 846bc85ff66ee3cecfe0039b1fcf04c4d9449e10 Mon Sep 17 00:00:00 2001 From: Grzegorz Pustulka Date: Thu, 29 May 2025 17:35:37 +0200 Subject: [PATCH 2/2] updated changelog.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83f7967a..85997d33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Updated mkdocs/ sfeos doucmentation page [#386](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/386) +### Fixed + +- Added the ability to authenticate with OpenSearch/ElasticSearch with SSL disabled [#388](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/388) + ## [v5.0.0a0] - 2025-05-29 ### Added