Kubernetes integration

[MrqsRaf]

This Pull Request permit to the backend to request Elasticsearch with authentication if asked by Elastic, but doesn't break the code if no user and password are given.

The second change is about Dockerfile, where we install recode and jq in the image, so we can run the datagouv-get-files script ( from tools repository ), without using another container.

Summary by CodeRabbit

Release Notes

• New Features

  • Elasticsearch connections now support optional HTTP basic authentication configured via environment variables.

• Chores

  • Updated system dependencies.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The changes add two command-line utilities (recode and jq) to the Docker image and implement optional HTTP basic authentication for the Elasticsearch client, sourced from environment variables ES_USER and ES_PWD.

Changes

Cohort / File(s)	Summary
Docker image dependencies Dockerfile	Added recode and jq to the apt-get install command
Elasticsearch authentication code/recipes.py	Elasticsearch client initialization now conditionally applies HTTP basic authentication if ES_USER and ES_PWD environment variables are set; otherwise, uses non-authenticated client initialization

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• code/recipes.py: Verify the environment variable handling and basic auth parameter format for the Elasticsearch client
• Dockerfile: Confirm the new packages don't introduce unexpected dependencies or conflicts

Poem

🐰 With recode and jq in our Docker delight,
Elasticsearch credentials now fit snug and tight,
Environment variables whisper the key,
Auth flows secure, as it ought to be! 🔐

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title 'Kubernetes integration' is vague and does not clearly reflect the actual changes, which are about Elasticsearch authentication support and Dockerfile tool additions.	Update the title to reflect the main changes, such as 'Add Elasticsearch authentication and install recode/jq in Dockerfile' or 'Support authenticated Elasticsearch requests with environment variables'.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[rhanka]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

code/recipes.py (1)

199-220: Consolidate duplicate Elasticsearch client instantiation to reduce maintenance overhead.

The current implementation correctly adds optional HTTP basic authentication with proper fallback behavior. However, the two Elasticsearch client instantiations differ only in the http_auth parameter.

The http_auth parameter with (username, password) tuple format is supported in elasticsearch-py 7.17.7, so this refactoring is safe:

             # Optional basic auth, only from env (ES_USER / ES_PWD)
             es_user = os.getenv("ES_USER")
             es_pwd = os.getenv("ES_PWD")
             
+            es_kwargs = {
+                "host": self.host,
+                "port": self.port,
+                "scheme": self.scheme,
+                "timeout": self.timeout,
+            }
+            
             if es_user and es_pwd:
-                # Authenticated Elasticsearch client
-                self.es = Elasticsearch(
-                    self.host,
-                    port=self.port,
-                    scheme=self.scheme,
-                    timeout=self.timeout,
-                    http_auth=(es_user, es_pwd),
-                )
-            else:
-                # Backwards-compatible, no-auth client
-                self.es = Elasticsearch(
-                    self.host,
-                    port=self.port,
-                    scheme=self.scheme,
-                    timeout=self.timeout,
-                )
+                es_kwargs["http_auth"] = (es_user, es_pwd)
+            
+            self.es = Elasticsearch(**es_kwargs)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b5ccd45 and a0771ec.

📒 Files selected for processing (2)

• Dockerfile (1 hunks)
• code/recipes.py (1 hunks)

🔇 Additional comments (1)

Dockerfile (1)

15-15: LGTM!

The addition of recode and jq utilities aligns with the PR objectives to enable the datagouv-get-files script execution within the container.