Skip to content

feat: Add Secret handling in OpenSearchDocumentStore #1288

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jan 16, 2025
Merged

feat: Add Secret handling in OpenSearchDocumentStore #1288

merged 9 commits into from
Jan 16, 2025

Conversation

vblagoje
Copy link
Member

Why:

Enhances the authentication mechanism within the OpenSearch integration to allow for sensitive credentials to be managed securely using environment variables.

What:

  • Introduced new capability to read OpenSearch credentials (username and password) from environment variables using the Secret class.
  • Updated the initialization process to handle missing environment variables gracefully.
  • Extended serialization and deserialization methods to include the handling of Secret objects for secure storage and retrieval of credentials.

How can it be used:

Environment variable-based authentication can be leveraged by setting:

export OPENSEARCH_USERNAME="your_username"
export OPENSEARCH_PASSWORD="your_password"

Then, initialize the OpenSearchDocumentStore as follows:

document_store = OpenSearchDocumentStore(hosts="your_host")

How did you test it:

Testing involved mocking the OpenSearch client to verify the correct behavior of the authentication logic, including the execution of environment variable-based initialization and validation of serialized objects to check the correct capture of credentials as Secret dictionaries.

Notes for the reviewer:

Focus on the sections handling the http_auth in dict serialization and the test cases for environment-based authentication to ensure consistent and secure handling of credentials. Verify that no credentials are logged or exposed improperly.

@vblagoje vblagoje requested a review from a team as a code owner January 14, 2025 14:35
@vblagoje vblagoje requested review from davidsbatista and tstadel and removed request for a team and davidsbatista January 14, 2025 14:35
@github-actions github-actions bot added integration:opensearch type:documentation Improvements or additions to documentation labels Jan 14, 2025
@vblagoje vblagoje marked this pull request as draft January 14, 2025 14:48
@vblagoje
Copy link
Member Author

This one is not ready yet @tstadel 👍

@vblagoje vblagoje marked this pull request as ready for review January 15, 2025 10:09
@vblagoje
Copy link
Member Author

@tstadel should be ready now, please be really careful with this one 🙏

@tstadel
Copy link
Member

tstadel commented Jan 15, 2025

@vblagoje in general looks good. I'm very confident we don't break anything. But let's please support List[Secret] besides/instead of Tuple[Secret] here. Reason:
YAML does not support tuples, so once you serialize the to_dict output containing tuples to yaml, and deserialize it again you will end up with List[Secret].

import yaml

serialized = OpenSearchDocumentStore().to_dict()
yaml_serialized = yaml.safe_dump(serialized)
yaml_deserialized = yaml.safe_load(yaml_serialized)
# http_auth will be [...] and hence secrets not deserialized
deserialzed = OpenSearchDocumentStore.from_dict(yaml_deserialized)

vblagoje and others added 2 commits January 15, 2025 14:34
@vblagoje
Copy link
Member Author

@tstadel although the init parameters for secrets use tuple they are always serialized as a list as you can see in the tests. I wanted to remain 100% backward compatible here so all changes are focused only on secrets addition and making sure everything else stays the same.

tstadel
tstadel approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@tstadel tstadel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That works! Thanks for applying the changes! 🚀

@vblagoje vblagoje merged commit 232eb3d into main Jan 16, 2025
8 checks passed
@vblagoje vblagoje deleted the opensearch_params branch January 16, 2025 13:35
Amnah199 pushed a commit that referenced this pull request Jan 28, 2025
@vblagoje @tstadel @Amnah199
feat: Add Secret handling in OpenSearchDocumentStore (#1288)
9e89c01 
* Add Secret handling in OpenSearchDocumentStore

* only serialize auth secrets when values are resolvable

* Update integrations/opensearch/src/haystack_integrations/document_stores/opensearch/document_store.py

Co-authored-by: tstadel <[email protected]>

* Fixes

* Revert accidental commit

* Special list of Secrets handling only, keep everything else as it was before

* Small improvement

* More simplifications

---------

Co-authored-by: tstadel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tstadel tstadel tstadel approved these changes

Assignees
No one assigned
Labels
integration:langfuse integration:opensearch type:documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for secret management and from_env_var for OpenSearch integration
2 participants
@vblagoje @tstadel