fix(ingestion): definitive fix for ES SSL context and log sanitization

Signed-off-by: RinZ27 <222222878+RinZ27@users.noreply.github.com>

Author: RinZ27

ingestion/src/metadata/ingestion/source/search/elasticsearch/connection.py

@@ -138,7 +138,7 @@ def get_ssl_context(ssl_config: SslConfig) -> ssl.SSLContext:
         )
         return ssl_context
 
-    return ssl._create_unverified_context()  # pylint: disable=protected-access
+    return ssl.create_default_context()
 
 
 def get_connection(connection: ElasticsearchConnection) -> Elasticsearch:

ingestion/src/metadata/utils/secrets/aws_secrets_manager.py

@@ -56,8 +56,8 @@ def get_string_value(self, secret_id: str) -> Optional[str]:
             logger.debug("Got value for secret %s.", secret_id)
         except ClientError as err:
             logger.debug(traceback.format_exc())
-            logger.error(f"Couldn't get value for secret [{secret_id}]: {err}")
-            raise err
+            logger.error(f"Couldn't get value from secrets manager: {err}")
+            raise err  # noqa: TRY201
         if "SecretString" in response:
             return (
                 response["SecretString"]

openmetadata-integration-tests/src/test/java/org/openmetadata/it/factories/SearchServiceTestFactory.java

@@ -27,7 +27,9 @@ public static SearchService createElasticSearch(TestNamespace ns) {
     String name = ns.prefix("elasticService_" + uniqueId);
 
     ElasticSearchConnection esConn =
-        new ElasticSearchConnection().withHostPort(URI.create("http://localhost:9200"));
+        new ElasticSearchConnection()
+            .withHostPort(URI.create("http://localhost:9200"))
+            .withVerifySSL(VerifySSL.IGNORE);
 
     SearchConnection conn = new SearchConnection().withConfig(esConn);
 

openmetadata-integration-tests/src/test/java/org/openmetadata/it/tests/SearchServiceResourceIT.java

@@ -160,7 +160,8 @@ void post_searchServiceWithElasticSearchConnection_200_OK(TestNamespace ns) {
     ElasticSearchConnection conn =
         new ElasticSearchConnection()
             .withHostPort(URI.create("http://localhost:9200"))
-            .withAuthType(auth);
+            .withAuthType(auth)
+            .withVerifySSL(VerifySSL.IGNORE);
 
     CreateSearchService request =
         new CreateSearchService()
@@ -294,3 +295,6 @@ void test_listSearchServices(TestNamespace ns) {
     assertTrue(response.getData().size() >= 3);
   }
 }
+>= 3);
+  }
+}

openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/sasConnection.json

@@ -114,6 +114,16 @@
     "supportsMetadataExtraction": {
       "title": "Supports Metadata Extraction",
       "$ref": "../connectionBasicType.json#/definitions/supportsMetadataExtraction"
+    },
+    "sslConfig": {
+      "title": "SSL Config",
+      "$ref": "../../../../security/ssl/verifySSLConfig.json#/definitions/sslConfig"
+    },
+    "verifySSL": {
+      "title": "Verify SSL",
+      "description": "Client SSL verification. Make sure to configure the SSLConfig if enabled.",
+      "$ref": "../../../../security/ssl/verifySSLConfig.json#/definitions/verifySSL",
+      "default": "validate"
     }
   },
   "required": ["username", "password", "serverHost"],