Correct URL handling for Elasticsearch/OpenSearch #3577
Conversation
There was a problem hiding this comment.
Makes me wonder if we should think about setting up an https ES instance in the CI. For now I'm tempted to just pretend nobody thought of that ... but I do worry that your uri breakdown isn't going to do what we want on the production instance, and right now we've got no way to test it short of deploying it...
webbnh
force-pushed
the
es_update
branch
2 times, most recently
from
f262167 to
02f085b
Compare
webbnh
force-pushed
the
es_update
branch
2 times, most recently
from
4bc373e to
c9c9781
Compare
There was a problem hiding this comment.
I find myself wondering about the implications if we install somewhere without a /etc/pki/tls/certs/ca-bundle.crt; but it seems that the CI ran with straight http Elasticsearch so at least that's covered, and I assume this will also work for the staging server.
I suppose we may find further problems when the Opensearch permissions are fixed (if that's really the problem), but for now this looks OK.
In that case (or in any other case where the "trusted CAs" are in some other file), the installation will need to override the default
I concur.
I'm hoping that the remaining blockers are all DevOps issues and not code (etc.) issues, but I'm inclined to hold off on merging this until we have confirmation of that. However, I've rebased on the end of |
| @@ -155,7 +155,7 @@ def __str__(self) -> str: | |||
| class SchemaError(APIAbort): | |||
| """Generic base class for errors in processing a JSON schema.""" | |||
|
|
|||
| def __init__(self, http_status: int = HTTPStatus.BAD_REQUEST): | |||
| def __init__(self, http_status: int = HTTPStatus.BAD_REQUEST, **_kwargs): | |||
There was a problem hiding this comment.
What's the point of adding an unused kwargs??
There was a problem hiding this comment.
It resolved a lint error, probably for ConversionError.__init__() (I don't remember which function specifically -- there are several with similar issues).
There was a problem hiding this comment.
Ugh; this is ugly. OK, so ConversionError is designed with **kwargs to allow callers to pass an http_status through the ConversionError constructor to SchemaError ... but if anyone used other kwargs it wouldn't work, and the explicit declaration here is misleading because SchemaError really doesn't support kwargs. (Pass-through or otherwise.)
I'm curious where you're seeing a lint warning, because I'm not. 😦
There was a problem hiding this comment.
FYI, the http_status is only specified through ConversionError in convert_username and test_exceptions.py ... I don't see any lint annotations. I'm curious exactly what you're seeing, and this workaround bugs me because it shouldn't be necessary.
There was a problem hiding this comment.
Looking at the main branch, I'm getting Unexpected argument on the super().__init__() invocation in DatasetConversionError.__init__(), but, interestingly, I don't get the complaint for the one in ConversionError.__init__(). 🤷
There was a problem hiding this comment.
I presume it's because the linter knows that (in the code in the main branch), Schema.__init__() accepts only one argument which, in the case of ConversionError.__init__(), could be in **kwargs, whereas in the case of DatasetConversionError.__init__() it can't/shouldn't be, since the http_status argument has already been specified explicitly, there.
There was a problem hiding this comment.
Sure, I guess, because DatasetConversionError passes http_status explicitly and doesn't actually use kwargs. (In fact, it can't, aside from repeating the http_status, because it's not good for anything else.)
I think your linter is broken. But if you really want to quiet its ranting, a better "ugly workaround" would be to add an explicit http_status: Optional[int] = None to ConversionError, pass it on, and drop the kwargs entirely from both ConversionError and DatasetConversionError (which, so far as I can see, is never used anyway... maybe it was at one time).
But again, I don't think there's anything illegal or even unreasonable here, and I think this is just an argument against your linter. 😆
There was a problem hiding this comment.
I can't really argue against my linter -- it is more or less built-in to my IDE; and arguing with a linter is, as we know, largely pointless. 🙃
At this point, I'm not inclined to disturb the SchemaError (and children) code any further. Given that the Production deployment seems happy, shall I go ahead and merge this?
There was a problem hiding this comment.
I really dislike adding kwargs here, because it makes no sense and is potentially misleading. But, whatever: it'll never be perfect.
| @@ -155,7 +155,7 @@ def __str__(self) -> str: | |||
| class SchemaError(APIAbort): | |||
| """Generic base class for errors in processing a JSON schema.""" | |||
|
|
|||
| def __init__(self, http_status: int = HTTPStatus.BAD_REQUEST): | |||
| def __init__(self, http_status: int = HTTPStatus.BAD_REQUEST, **_kwargs): | |||
There was a problem hiding this comment.
I really dislike adding kwargs here, because it makes no sense and is potentially misleading. But, whatever: it'll never be perfect.
Now that we are deploying on an OpenSearch service which requires a username/password, remove assumptions around the contents of the ES URL configuration in the Server code.
wait_for_uri(); add defaulting for the port number if it is omitted._get_es_hosts()to return the whole URL instead of the decomposed dict; move the specification of the timeout value to its caller.ca_bundleconfiguration option to theIndexingconfiguration section and pointed the default value for it to/etc/pki/tls/certs/ca-bundle.crt.ca_bundlevalue to the instantiations of theElasticsearchclient and to theRequestsmethods which target Elasticsearch/OpenSearch services.loggerparameter fromget_es()and_get_es_hosts().PBENCH-1302