update config

jonhealy1 · jonhealy1 · commit 05423b55179d · 2023-11-22T12:48:30.000+08:00
diff --git a/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py b/stac_fastapi/elasticsearch/stac_fastapi/elasticsearch/config.py
@@ -1,34 +1,44 @@
 """API configuration."""
 import os
+import ssl
 from typing import Any, Dict, Set
 
 from elasticsearch import AsyncElasticsearch, Elasticsearch  # type: ignore
 from stac_fastapi.types.config import ApiSettings
 
 
 def _es_config() -> Dict[str, Any]:
+    # Determine the scheme (http or https)
+    use_ssl = os.getenv("ES_USE_SSL", "true").lower() == "true"
+    scheme = "https" if use_ssl else "http"
+
+    # Configure the hosts parameter with the correct scheme
+    hosts = [f"{scheme}://{os.getenv('ES_HOST')}:{os.getenv('ES_PORT')}"]
+
+    # Initialize the configuration dictionary
     config = {
-        "hosts": [{"host": os.getenv("ES_HOST"), "port": os.getenv("ES_PORT")}],
-        "headers": {"accept": "application/vnd.elasticsearch+json; compatible-with=7"},
-        "use_ssl": True,
-        "verify_certs": True,
+        "hosts": hosts,
+        "headers": {"accept": "application/vnd.elasticsearch+json; compatible-with=7"}
     }
 
-    if (u := os.getenv("ES_USER")) and (p := os.getenv("ES_PASS")):
-        config["http_auth"] = (u, p)
+    # Explicitly exclude SSL settings when not using SSL
+    if not use_ssl:
+        return config
 
-    if (v := os.getenv("ES_USE_SSL")) and v == "false":
-        config["use_ssl"] = False
+    # Include SSL settings if using https
+    config["ssl_version"] = ssl.TLSVersion.TLSv1_2
+    config["verify_certs"] = os.getenv("ES_VERIFY_CERTS", "true").lower() != "false"
 
-    if (v := os.getenv("ES_VERIFY_CERTS")) and v == "false":
-        config["verify_certs"] = False
+    # Include CA Certificates if verifying certs
+    if config["verify_certs"]:
+        config["ca_certs"] = os.getenv("CURL_CA_BUNDLE", "/etc/ssl/certs/ca-certificates.crt")
 
-    if v := os.getenv("CURL_CA_BUNDLE"):
-        config["ca_certs"] = v
+    # Handle authentication
+    if (u := os.getenv("ES_USER")) and (p := os.getenv("ES_PASS")):
+        config["http_auth"] = (u, p)
 
     return config
 
-
 _forbidden_fields: Set[str] = {"type"}
 
 
