refactor: improve ingestion safety and log sanitization

RinZ27 · RinZ27 · commit 7af9422934b9 · 2026-04-24T22:44:33.000+07:00
diff --git a/ingestion/src/metadata/ingestion/source/database/sas/client.py b/ingestion/src/metadata/ingestion/source/database/sas/client.py
@@ -174,10 +174,12 @@ def get_token(self, base_url, user, password):
         }
         url = base_url + endpoint
         response = requests.request(
-            "POST", url, headers=headers, data=payload, verify=False, timeout=10
+            "POST", url, headers=headers, data=payload, verify=True, timeout=10
         )
         text_response = response.json()
-        logger.info(
-            f"this is user: {user}, password: {password}, text: {text_response}"
+        logger.debug(
+            "Token request for user: %s completed with status: %s",
+            user,
+            response.status_code,
         )
         return response.json()["access_token"]
diff --git a/ingestion/src/metadata/ingestion/source/search/elasticsearch/connection.py b/ingestion/src/metadata/ingestion/source/search/elasticsearch/connection.py
@@ -138,7 +138,7 @@ def get_ssl_context(ssl_config: SslConfig) -> ssl.SSLContext:
         )
         return ssl_context
 
-    return ssl._create_unverified_context()  # pylint: disable=protected-access
+    return ssl.create_default_context()
 
 
 def get_connection(connection: ElasticsearchConnection) -> Elasticsearch:
diff --git a/ingestion/src/metadata/utils/secrets/aws_secrets_manager.py b/ingestion/src/metadata/utils/secrets/aws_secrets_manager.py
@@ -53,10 +53,10 @@ def get_string_value(self, secret_id: str) -> Optional[str]:
         try:
             kwargs = {"SecretId": secret_id}
             response = self.client.get_secret_value(**kwargs)
-            logger.debug("Got value for secret %s.", secret_id)
+            logger.debug("Successfully retrieved value from secrets manager.")
         except ClientError as err:
             logger.debug(traceback.format_exc())
-            logger.error(f"Couldn't get value for secret [{secret_id}]: {err}")
+            logger.error(f"Couldn't get value from secrets manager: {err}")
             raise err
         if "SecretString" in response:
             return (
@@ -65,5 +65,5 @@ def get_string_value(self, secret_id: str) -> Optional[str]:
                 else None
             )
         raise ValueError(
-            f"SecretString for secret [{secret_id}] not present in the response."
+            "SecretString not present in the response."
         )

Original file line number	Diff line number	Diff line change
`@@ -174,10 +174,12 @@ def get_token(self, base_url, user, password):`
`174`	`174`	`}`
`175`	`175`	`url = base_url + endpoint`
`176`	`176`	`response = requests.request(`
`177`		`- "POST", url, headers=headers, data=payload, verify=False, timeout=10`
	`177`	`+ "POST", url, headers=headers, data=payload, verify=True, timeout=10`
`178`	`178`	`)`
`179`	`179`	`text_response = response.json()`
`180`		`- logger.info(`
`181`		`- f"this is user: {user}, password: {password}, text: {text_response}"`
	`180`	`+ logger.debug(`
	`181`	`+ "Token request for user: %s completed with status: %s",`
	`182`	`+ user,`
	`183`	`+ response.status_code,`
`182`	`184`	`)`
`183`	`185`	`return response.json()["access_token"]`
Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ def get_ssl_context(ssl_config: SslConfig) -> ssl.SSLContext:`
`138`	`138`	`)`
`139`	`139`	`return ssl_context`
`140`	`140`
`141`		`- return ssl._create_unverified_context() # pylint: disable=protected-access`
	`141`	`+ return ssl.create_default_context()`
`142`	`142`
`143`	`143`
`144`	`144`	`def get_connection(connection: ElasticsearchConnection) -> Elasticsearch:`