Skip to content

[Elasticsearch] Allow Env Injected Auth#45092

Merged
pickypg merged 2 commits intomainfrom
elasticsearch/allow-env-injected-auth
Jun 27, 2025
Merged

[Elasticsearch] Allow Env Injected Auth#45092
pickypg merged 2 commits intomainfrom
elasticsearch/allow-env-injected-auth

Conversation

@pickypg
Copy link
Copy Markdown
Member

@pickypg pickypg commented Jun 27, 2025

This allows tools to inject the auth parameters via the environment, which enables usage of dynamically deciding what to use for auth in OTel mode while still supporting blank values.

Specifically, this allows end users to specify either username and password or the API Key via configuration, which is not currently possible in the OTel configuration due to #45102.

Proposed commit message

Allow ELASTICSEARCH_READ_USERNAME, ELASTICSEARCH_READ_PASSWORD, and ELASTICSEARCH_READ_API_KEY to be specified in the environment to control auth for Elasticsearch in a receiver context (not the exporter / output layer of Elasticsearch). This also enables the usage of them for the autoops_es module.

Disruptive User Impact

I intentionally added READ_ to avoid disruption. These variables also never existed before, so anyone using them would have been using them to set the configuration already, which helpfully avoids collisions.

Author's Checklist

  • These default to blank, so no functionality really changes.

How to test this PR locally

  • Try using the Elasticsearch module with and without these environment variables.
  • Try using the Elasticsearch module with environment variables, but also config that overrides them and observe that they are overridden (easiest to provide invalid auth in env, but valid in config to test).
  • Try setting all three at the same time (Metricbeat will fail to start because that is an invalid setup just like putting all three directly in config)

Related issues

Use cases

  • Use elasticsearch and autoops_es modules via Kubernetes / Docker
  • Use those modules with something dynamically specifying the auth (i.e., Buildkite) without three (no auth, user/pass, and api key) separate config files

@pickypg
[Elasticsearch] Allow Env Injected Auth
eb5b38b 
This allows tools to inject the auth parameters via the environment,
which enables usage of dynamically deciding what to use for auth in
OTel mode while still supporting blank values.
@pickypg pickypg self-assigned this Jun 27, 2025
@pickypg pickypg requested a review from a team as a code owner June 27, 2025 17:01
@pickypg pickypg added release-note:skip The PR should be ignored when processing the changelog Team:Monitoring Stack Monitoring team backport-9.1 Automated backport to the 9.1 branch labels Jun 27, 2025
@botelastic botelastic Bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jun 27, 2025
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 27, 2025

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@pickypg pickypg enabled auto-merge (squash) June 27, 2025 18:11
maramos-elastic
maramos-elastic approved these changes Jun 27, 2025
View reviewed changes
Copy link
Copy Markdown

@maramos-elastic maramos-elastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@pickypg pickypg merged commit 5ae4c37 into main Jun 27, 2025
47 checks passed
@pickypg pickypg deleted the elasticsearch/allow-env-injected-auth branch June 27, 2025 18:25
mergify Bot pushed a commit that referenced this pull request Jun 27, 2025
@pickypg @mergify
[Elasticsearch] Allow Env Injected Auth (#45092)
c5e7c5e 
This allows tools to inject the auth parameters via the environment,
which enables usage of dynamically deciding what to use for auth in
OTel mode while still supporting blank values.

(cherry picked from commit 5ae4c37)
@mergify mergify Bot mentioned this pull request Jun 27, 2025
Merged
pickypg added a commit that referenced this pull request Jun 27, 2025
@mergify @pickypg
[Elasticsearch] Allow Env Injected Auth (#45092) (#45094)
d6492d5 
This allows tools to inject the auth parameters via the environment,
which enables usage of dynamically deciding what to use for auth in
OTel mode while still supporting blank values.

(cherry picked from commit 5ae4c37)

Co-authored-by: Chris Earle <pickypg@users.noreply.github.com>
@khushijain21 khushijain21 mentioned this pull request Jul 15, 2025
Closed
6 tasks
@pkoutsovasilis pkoutsovasilis mentioned this pull request Aug 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maramos-elastic maramos-elastic maramos-elastic approved these changes

Assignees

@pickypg pickypg

Labels

backport-9.1 Automated backport to the 9.1 branch release-note:skip The PR should be ignored when processing the changelog Team:Monitoring Stack Monitoring team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pickypg @maramos-elastic