-
Notifications
You must be signed in to change notification settings - Fork 757
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
connect Elasticsearch with username and password #833
Conversation
common/elasticsearch/config.go
Outdated
Indices map[string]string `yaml:indices` //nolint:govet | ||
URL url.URL `yaml:"url"` //nolint:govet | ||
Username *string `yaml:"username"` | ||
Password *string `yaml:"password"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we even want to support putting passwords to yaml files? A more secure way I think would be to only accept passwords programmatically. Now that we added server options, this can be done elegantly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
at least our current solution allows password in yaml:
https://github.com/temporalio/temporal/blob/master/common/service/config/config.go#L224
one more thing is accept passwords programmatically
requires the user to use our service like lib, while currently users can basically directly use our published docker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one more thing: the user / pass can be passed in from environment vars: https://github.com/temporalio/temporal/blob/master/docker/config_template.yaml#L32
this is how the secrets were used in my prev company
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's true. Why *string
and not string
like on the other cases?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that is true
@linvon could you plz change the *string
to string
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I've changed it
Thank you, @linvon! |
What changed?
Why?
Elasticsearch is not supported well
How did you test it?
local build and connect to ES on cloud service
Potential risks
Supplementary changes, no risk