Skip to content

[Elasticsearch] Allow Env Injected Auth #45092

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 27, 2025
Merged

[Elasticsearch] Allow Env Injected Auth #45092

merged 2 commits into from
Jun 27, 2025

Conversation

pickypg
Copy link
Member

@pickypg pickypg commented Jun 27, 2025

This allows tools to inject the auth parameters via the environment, which enables usage of dynamically deciding what to use for auth in OTel mode while still supporting blank values.

Specifically, this allows end users to specify either username and password or the API Key via configuration, which is not currently possible in the OTel configuration due to #45102.

Proposed commit message

Allow ELASTICSEARCH_READ_USERNAME, ELASTICSEARCH_READ_PASSWORD, and ELASTICSEARCH_READ_API_KEY to be specified in the environment to control auth for Elasticsearch in a receiver context (not the exporter / output layer of Elasticsearch). This also enables the usage of them for the autoops_es module.

Disruptive User Impact

I intentionally added READ_ to avoid disruption. These variables also never existed before, so anyone using them would have been using them to set the configuration already, which helpfully avoids collisions.

Author's Checklist

  • These default to blank, so no functionality really changes.

How to test this PR locally

  • Try using the Elasticsearch module with and without these environment variables.
  • Try using the Elasticsearch module with environment variables, but also config that overrides them and observe that they are overridden (easiest to provide invalid auth in env, but valid in config to test).
  • Try setting all three at the same time (Metricbeat will fail to start because that is an invalid setup just like putting all three directly in config)

Related issues

Use cases

  • Use elasticsearch and autoops_es modules via Kubernetes / Docker
  • Use those modules with something dynamically specifying the auth (i.e., Buildkite) without three (no auth, user/pass, and api key) separate config files

@pickypg
[Elasticsearch] Allow Env Injected Auth
eb5b38b 
This allows tools to inject the auth parameters via the environment,
which enables usage of dynamically deciding what to use for auth in
OTel mode while still supporting blank values.
@pickypg pickypg self-assigned this Jun 27, 2025
@pickypg pickypg requested a review from a team as a code owner June 27, 2025 17:01
@pickypg pickypg added release-note:skip The PR should be ignored when processing the changelog Team:Monitoring Stack Monitoring team backport-9.1 Automated backport to the 9.1 branch labels Jun 27, 2025
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 27, 2025
@github-actions GitHub Actions
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@pickypg pickypg enabled auto-merge (squash) June 27, 2025 18:11
maramos-elastic
maramos-elastic approved these changes Jun 27, 2025
View reviewed changes
Copy link

@maramos-elastic maramos-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pickypg pickypg merged commit 5ae4c37 into main Jun 27, 2025
47 checks passed
@pickypg pickypg deleted the elasticsearch/allow-env-injected-auth branch June 27, 2025 18:25
mergify bot pushed a commit that referenced this pull request Jun 27, 2025
@pickypg @mergify
[Elasticsearch] Allow Env Injected Auth (#45092)
c5e7c5e 
This allows tools to inject the auth parameters via the environment,
which enables usage of dynamically deciding what to use for auth in
OTel mode while still supporting blank values.

(cherry picked from commit 5ae4c37)
@mergify mergify bot mentioned this pull request Jun 27, 2025
Merged
pickypg added a commit that referenced this pull request Jun 27, 2025
@mergify @pickypg
[Elasticsearch] Allow Env Injected Auth (#45092) (#45094)
d6492d5 
This allows tools to inject the auth parameters via the environment,
which enables usage of dynamically deciding what to use for auth in
OTel mode while still supporting blank values.

(cherry picked from commit 5ae4c37)

Co-authored-by: Chris Earle <pickypg@users.noreply.github.com>
@khushijain21 khushijain21 mentioned this pull request Jul 15, 2025
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maramos-elastic maramos-elastic maramos-elastic approved these changes

Assignees

@pickypg pickypg

Labels
backport-9.1 Automated backport to the 9.1 branch release-note:skip The PR should be ignored when processing the changelog Team:Monitoring Stack Monitoring team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pickypg @maramos-elastic