Skip to content

Fix OpenSearch connection error with empty port parameter#1004

Merged
pragya811 merged 2 commits into
mainfrom
jenkins_fix5
Jun 19, 2026
Merged

Fix OpenSearch connection error with empty port parameter#1004
pragya811 merged 2 commits into
mainfrom
jenkins_fix5

Conversation

@pragya811

@pragya811 pragya811 commented Jun 17, 2026

Copy link
Copy Markdown
Member

Type of change

Note: Fill x in []

  • bug
  • enhancement
  • documentation
  • dependencies

Description

Handle empty es_port and es_host parameters gracefully to prevent 'invalid literal for int()' error when ElasticSearch/OpenSearch connection parameters are not provided in Jenkins jobs.

Changes:

  • Add validation to check for empty host/port before conversion
  • Convert port to integer once and reuse the value
  • Provide clearer error message when connection parameters are missing
  • Allow jobs to continue with es=None when ES is not configured

For security reasons, all pull requests need to be approved first before running any automated CI

Assisted-by: Cursor

Handle empty es_port and es_host parameters gracefully to prevent
'invalid literal for int()' error when ElasticSearch/OpenSearch
connection parameters are not provided in Jenkins jobs.

Changes:
- Add validation to check for empty host/port before conversion
- Convert port to integer once and reuse the value
- Provide clearer error message when connection parameters are missing
- Allow jobs to continue with es=None when ES is not configured

Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

ElasticSearchOperations.__init__ now handles missing es_host or es_port gracefully by logging a warning and returning early, setting the ES client to None instead of raising an error. The es_port is parsed once to an integer and reused to select the URL scheme (https only on port 443) for Elasticsearch and to condition SSL configuration in OpenSearch. Five API methods now guard against unconfigured ES, returning early with safe defaults (False, None, or empty dict).

Changes

ES/OpenSearch client initialization and operational guards

Layer / File(s) Summary
Init validation, early exit, and port parsing for scheme/SSL selection
cloud_governance/common/elasticsearch/elasticsearch_operations.py
When es_host or es_port is missing, __init__ logs a warning, sets the ES client and bulk function to None, and returns early. The es_port is parsed once to es_port_int and used to derive the Elasticsearch URL scheme (https on port 443, otherwise http) and to decide OpenSearch SSL enablement based on a port 443 check.
Defensive early returns in API methods when ES is unconfigured
cloud_governance/common/elasticsearch/elasticsearch_operations.py
upload_to_elasticsearch, update_elasticsearch_index, upload_data_in_bulk, verify_elastic_index_doc_id, and get_es_data_by_id now short-circuit early with debug logging and return safe defaults (False, None, or empty dict) when the ES client is not configured.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title directly corresponds to the main change: handling OpenSearch connection errors when the port parameter is empty.
Docstring Coverage ✅ Passed Docstring coverage is 85.71% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The pull request description accurately describes the changeset, explaining the handling of empty es_port and es_host parameters to prevent conversion errors.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
cloud_governance/common/elasticsearch/elasticsearch_operations.py (2)

56-69: ⚠️ Potential issue | 🟠 Major

TLS certificate verification is disabled on secure connections.

When HTTPS/SSL is used, verify_certs=False (line 59 for Elasticsearch and line 68 for OpenSearch) weakens transport security and enables MITM risk. Make certificate verification configurable via environment variable with secure defaults.

Suggested direction
+        es_verify_certs = str(self.__environment_variables_dict.get('ES_VERIFY_CERTS', 'true')).lower() == 'true'
...
-                self.__es = Elasticsearch(hosts, basic_auth=basic_auth, verify_certs=False,
+                self.__es = Elasticsearch(hosts, basic_auth=basic_auth, verify_certs=es_verify_certs,
                                           request_timeout=self.__timeout, max_retries=2)
...
                 if es_port_int == 443:
                     add_host['use_ssl'] = True
-                    add_host['verify_certs'] = False
+                    add_host['verify_certs'] = es_verify_certs
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cloud_governance/common/elasticsearch/elasticsearch_operations.py` around
lines 56 - 69, The TLS certificate verification is hardcoded to False for both
Elasticsearch and OpenSearch client connections, which disables critical
security checks. Modify the code to make certificate verification configurable
through an environment variable while maintaining secure defaults. For the
Elasticsearch constructor call, replace the hardcoded verify_certs=False
parameter with a configurable value read from an environment variable that
defaults to True. Similarly, for the OpenSearch constructor call, add
configuration for certificate verification through an environment variable with
a secure default. This will allow operators to configure the behavior without
compromising security by default.

54-67: ⚠️ Potential issue | 🟠 Major

Use the parsed port for OpenSearch host construction too.

Line 63 passes self.__es_port (string) instead of es_port_int. The OpenSearch Python client requires the port parameter to be an integer; passing a string will cause configuration errors. The Elasticsearch path correctly uses the parsed integer at line 57, so the OpenSearch path should do the same for consistency and correctness.

Suggested fix
-                add_host = {'host': self.__es_host, 'port': self.__es_port}
+                add_host = {'host': self.__es_host, 'port': es_port_int}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cloud_governance/common/elasticsearch/elasticsearch_operations.py` around
lines 54 - 67, In the OpenSearch configuration block (the else clause), the
add_host dictionary is being constructed with self.__es_port as a string value,
but it should use the already-parsed es_port_int variable instead. On the line
where add_host is assigned with the host and port, replace self.__es_port with
es_port_int to ensure the port parameter is passed as an integer, matching the
approach used in the Elasticsearch path above it and ensuring compatibility with
the OpenSearch Python client requirements.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@cloud_governance/common/elasticsearch/elasticsearch_operations.py`:
- Around line 56-69: The TLS certificate verification is hardcoded to False for
both Elasticsearch and OpenSearch client connections, which disables critical
security checks. Modify the code to make certificate verification configurable
through an environment variable while maintaining secure defaults. For the
Elasticsearch constructor call, replace the hardcoded verify_certs=False
parameter with a configurable value read from an environment variable that
defaults to True. Similarly, for the OpenSearch constructor call, add
configuration for certificate verification through an environment variable with
a secure default. This will allow operators to configure the behavior without
compromising security by default.
- Around line 54-67: In the OpenSearch configuration block (the else clause),
the add_host dictionary is being constructed with self.__es_port as a string
value, but it should use the already-parsed es_port_int variable instead. On the
line where add_host is assigned with the host and port, replace self.__es_port
with es_port_int to ensure the port parameter is passed as an integer, matching
the approach used in the Elasticsearch path above it and ensuring compatibility
with the OpenSearch Python client requirements.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 571da4e1-2ba8-432d-b3ab-1786c1fd07a7

📥 Commits

Reviewing files that changed from the base of the PR and between 0c99ac2 and c8436f3.

📒 Files selected for processing (1)
  • cloud_governance/common/elasticsearch/elasticsearch_operations.py

@pragya811 pragya811 requested a review from ebattat June 17, 2026 16:23
Comment thread cloud_governance/common/elasticsearch/elasticsearch_operations.py Outdated

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@cloud_governance/common/elasticsearch/elasticsearch_operations.py`:
- Around line 52-57: The no-ES mode is incompletely protected as self.__es can
be None but public methods like get_elasticsearch_index_by_id, get_index_hits,
fetch_data_by_es_query, delete_data_in_between_in_es, delete_data_in_es, and
post_query all directly dereference self.__es without guarding against None. Add
a consistent check at the start of each of these public methods to verify that
self.__es is not None before attempting to use it, and return a safe default
value (such as an empty result or None) or raise a consistent, informative
exception when ElasticSearch is not configured, ensuring graceful degradation in
no-ES mode.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: a3adf2a8-a067-405e-bda0-fbe930ffeafb

📥 Commits

Reviewing files that changed from the base of the PR and between c8436f3 and 8c79ffa.

📒 Files selected for processing (1)
  • cloud_governance/common/elasticsearch/elasticsearch_operations.py

Comment thread cloud_governance/common/elasticsearch/elasticsearch_operations.py

@ebattat ebattat left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@pragya811 pragya811 merged commit 035330e into main Jun 19, 2026
59 checks passed
@github-project-automation github-project-automation Bot moved this from In progress to Done in Cloud-Governance project Jun 19, 2026
@pragya811 pragya811 deleted the jenkins_fix5 branch June 19, 2026 06:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

2 participants