update to allow no credentials for multitenancy

docker/sweepers_driver.py

@@ -40,15 +40,9 @@
 #
 # - The EN (i.e. primary) OpenSearch endpoint is provided in the environment
 #   variable PROV_ENDPOINT
-# - The username/password is provided as a JSON key/value in the environment
+# - [OPTIONAL] The username/password is provided as a JSON key/value in the environment
 #   variable PROV_CREDENTIALS
-# - The remotes available through cross cluster search to be processed are
-#   provided as a JSON list of strings - each string containing the space
-#   separated list of remotes (as they appear on the provenance command line)
-#   Each set of remotes is used in an execution of provenance. The value of
-#   this is specified in the environment variable PROV_REMOTES. If this
-#   variable is empty or not defined, provenance is run without specifying
-#   remotes and only the PROV_ENDPOINT is processed.
+# - The relevant node id (ex. en-prod) is provided in the environment variable MULTITENANCY_NODE_ID
 # - The directory containing the provenance.py file is in PATH and is
 #   executable.
 #
@@ -83,18 +77,19 @@
     raise RuntimeError('Environment variable PROV_ENDPOINT must be provided')
 log.info(f'Targeting OpenSearch endpoint "{opensearch_endpoint}"')
 
-try:
-    provCredentialsStr = os.environ["PROV_CREDENTIALS"]
-except KeyError:
-    raise RuntimeError('Environment variable PROV_CREDENTIALS must be provided')
-
-try:
-    provCredentials = json.loads(provCredentialsStr)
-    username = list(provCredentials.keys())[0]
-    password = provCredentials[username]
-except Exception as err:
-    logging.error(err)
-    raise ValueError(f'Failed to parse username/password from PROV_CREDENTIALS value "{provCredentialsStr}": {err}')
+provCredentialsStr = os.environ.get("PROV_CREDENTIALS", "")
+
+# Check that credentials are properly-formed, if supplied
+if len(provCredentialsStr.strip()) > 0:
+    try:
+        provCredentials = json.loads(provCredentialsStr)
+        username = list(provCredentials.keys())[0]
+        password = provCredentials[username]
+    except Exception as err:
+        logging.error(err)
+        raise ValueError(f'Failed to parse username/password from PROV_CREDENTIALS value "{provCredentialsStr}": {err}')
+else:
+    username, password = None, None
 
 log_level = parse_log_level(os.environ.get('LOGLEVEL', 'INFO'))
 

src/pds/registrysweepers/utils/db/client.py

@@ -1,5 +1,6 @@
 import json
 import os
+from typing import Union
 
 from opensearchpy.client import OpenSearch
 
@@ -9,15 +10,19 @@ def get_opensearch_client_from_environment(verify_certs: bool = True) -> OpenSea
     # TODO: consider re-working these environment variables at some point
 
     endpoint_url = os.environ["PROV_ENDPOINT"]
-    creds_str = os.environ["PROV_CREDENTIALS"]
-    creds_dict = json.loads(creds_str)
-
-    username, password = creds_dict.popitem()
+    creds_str = os.environ.get("PROV_CREDENTIALS", "").strip()
+    if len(creds_str) > 0:
+        creds_dict = json.loads(creds_str)
+        username, password = creds_dict.popitem()
+    else:
+        username, password = None, None
 
     return get_opensearch_client(endpoint_url, username, password, verify_certs)
 
 
-def get_opensearch_client(endpoint_url: str, username: str, password: str, verify_certs: bool = True) -> OpenSearch:
+def get_opensearch_client(
+    endpoint_url: str, username: Union[str, None] = None, password: Union[str, None] = None, verify_certs: bool = True
+) -> OpenSearch:
     try:
         scheme, host, port_str = endpoint_url.replace("://", ":", 1).split(":")
         port = int(port_str)
@@ -27,7 +32,7 @@ def get_opensearch_client(endpoint_url: str, username: str, password: str, verif
         )
 
     use_ssl = scheme.lower() == "https"
-    auth = (username, password)
+    auth = (username, password) if username is not None else None
 
     return OpenSearch(
         hosts=[{"host": host, "port": int(port)}], http_auth=auth, use_ssl=use_ssl, verify_certs=verify_certs