connect Elasticsearch with username and password #833
Conversation
common/elasticsearch/config.go
Outdated
| Indices map[string]string `yaml:indices` //nolint:govet | ||
| URL url.URL `yaml:"url"` //nolint:govet | ||
| Username *string `yaml:"username"` | ||
| Password *string `yaml:"password"` |
There was a problem hiding this comment.
Do we even want to support putting passwords to yaml files? A more secure way I think would be to only accept passwords programmatically. Now that we added server options, this can be done elegantly.
There was a problem hiding this comment.
at least our current solution allows password in yaml:
https://github.com/temporalio/temporal/blob/master/common/service/config/config.go#L224
one more thing is accept passwords programmatically requires the user to use our service like lib, while currently users can basically directly use our published docker.
There was a problem hiding this comment.
one more thing: the user / pass can be passed in from environment vars: https://github.com/temporalio/temporal/blob/master/docker/config_template.yaml#L32
this is how the secrets were used in my prev company
There was a problem hiding this comment.
That's true. Why *string and not string like on the other cases?
There was a problem hiding this comment.
that is true
@linvon could you plz change the *string to string?
There was a problem hiding this comment.
Sure, I've changed it
|
Thank you, @linvon! |
What changed?
Why?
Elasticsearch is not supported well
How did you test it?
local build and connect to ES on cloud service
Potential risks
Supplementary changes, no risk