refactor: improve ingestion safety and log sanitization

Author: RinZ27

ingestion/src/metadata/ingestion/source/database/sas/client.py

@@ -41,7 +41,7 @@ def __init__(self, config: SASConnection):
             auth_token=self.get_auth_token,
             api_version="",
             allow_redirects=True,
-            verify=False,
+            verify=True,
         )
         self.client = TrackedREST(client_config, source_name="sas")
         # custom setting
@@ -174,10 +174,11 @@ def get_token(self, base_url, user, password):
         }
         url = base_url + endpoint
         response = requests.request(
-            "POST", url, headers=headers, data=payload, verify=False, timeout=10
+            "POST", url, headers=headers, data=payload, verify=True, timeout=10
         )
-        text_response = response.json()
-        logger.info(
-            f"this is user: {user}, password: {password}, text: {text_response}"
+        logger.debug(
+            "Token request for user: %s completed with status: %s",
+            user,
+            response.status_code,
         )
         return response.json()["access_token"]

ingestion/src/metadata/ingestion/source/search/elasticsearch/connection.py

@@ -138,7 +138,7 @@ def get_ssl_context(ssl_config: SslConfig) -> ssl.SSLContext:
         )
         return ssl_context
 
-    return ssl._create_unverified_context()  # pylint: disable=protected-access
+    return ssl.create_default_context()
 
 
 def get_connection(connection: ElasticsearchConnection) -> Elasticsearch:

ingestion/src/metadata/utils/secrets/aws_secrets_manager.py

@@ -53,10 +53,10 @@ def get_string_value(self, secret_id: str) -> Optional[str]:
         try:
             kwargs = {"SecretId": secret_id}
             response = self.client.get_secret_value(**kwargs)
-            logger.debug("Got value for secret %s.", secret_id)
+            logger.debug("Successfully retrieved value from secrets manager.")
         except ClientError as err:
             logger.debug(traceback.format_exc())
-            logger.error(f"Couldn't get value for secret [{secret_id}]: {err}")
+            logger.error("Couldn't get value from secrets manager: %s", err)
             raise err
         if "SecretString" in response:
             return (
@@ -65,5 +65,5 @@ def get_string_value(self, secret_id: str) -> Optional[str]:
                 else None
             )
         raise ValueError(
-            f"SecretString for secret [{secret_id}] not present in the response."
+            "SecretString not present in the response."
         )