From db786458f4c48291d36c49276ed90e5afd1817ca Mon Sep 17 00:00:00 2001 From: James Date: Fri, 29 Mar 2024 00:24:43 -0400 Subject: [PATCH 1/2] user cerifi.where() to find ca_certs --- .../elasticsearch/stac_fastapi/elasticsearch/config.py | 6 +++--- stac_fastapi/opensearch/stac_fastapi/opensearch/config.py | 5 ++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py b/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py index 10cf95e9..5e23e96a 100644 --- a/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py +++ b/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py @@ -3,6 +3,8 @@ import ssl from typing import Any, Dict, Set +import certifi + from elasticsearch import AsyncElasticsearch, Elasticsearch # type: ignore from stac_fastapi.types.config import ApiSettings @@ -31,9 +33,7 @@ def _es_config() -> Dict[str, Any]: # Include CA Certificates if verifying certs if config["verify_certs"]: - config["ca_certs"] = os.getenv( - "CURL_CA_BUNDLE", "/etc/ssl/certs/ca-certificates.crt" - ) + config["ca_certs"] = os.getenv("CURL_CA_BUNDLE", certifi.where()) # Handle authentication if (u := os.getenv("ES_USER")) and (p := os.getenv("ES_PASS")): diff --git a/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py b/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py index cd34e318..3104213d 100644 --- a/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py +++ b/stac_fastapi/opensearch/stac_fastapi/opensearch/config.py @@ -3,6 +3,7 @@ import ssl from typing import Any, Dict, Set +import certifi from opensearchpy import AsyncOpenSearch, OpenSearch from stac_fastapi.types.config import ApiSettings @@ -32,9 +33,7 @@ def _es_config() -> Dict[str, Any]: # Include CA Certificates if verifying certs if config["verify_certs"]: - config["ca_certs"] = os.getenv( - "CURL_CA_BUNDLE", "/etc/ssl/certs/ca-certificates.crt" - ) + config["ca_certs"] = os.getenv("CURL_CA_BUNDLE", certifi.where()) # Handle authentication if (u := os.getenv("ES_USER")) and (p := os.getenv("ES_PASS")): From dec8305222e7731286957217ba166f4738d7a216 Mon Sep 17 00:00:00 2001 From: James Date: Fri, 29 Mar 2024 00:31:28 -0400 Subject: [PATCH 2/2] changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f768d50f..8c9c86f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Updated the pip_docker example to use stac-fastapi.elasticsearch 2.1.0 and the elasticsearch 8.11.0 docker image. [#216](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/216) - Updated the Data Loader CLI tool to accept a base_url, a data directory, a custom collection id, and an option to use bulk insert. [#218](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/218) +- Changed the default `ca_certs` value to use `certifi.where()` to find the installed certificate authority. [#222](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/222) ### Fixed