Elasticsearch integration throws a 401 with special character in password
Summary
When passing a password that contains a special character in the URL for the Elasticsearch integration, a 401 error is returned.
What is the current bug behavior?
Unable to use a password that contains a special character in the URL with the Elasticsearch integration.
What is the expected correct behavior?
Passwords containing special characters should be allowed.
Relevant logs and/or screenshots
They tested hitting Elasticsearch directly with the password and had access. It only breaks when going through GitLab.
Elasticsearch::Transport::Transport::Errors::Unauthorized: [401] {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic-api] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elastic-api] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/gitlab/elastic/helper.rb:29:in `create_empty_index'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:60:in `block (3 levels) in <top (required)>'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:10:in `block (3 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'
Output of checks
Gitlab 12.1.16-ee
Customer ticket: https://gitlab.zendesk.com/agent/tickets/130164 (internal use)
Workaround
Please use URI acceptable symbols for the password, see What are the safe characters for making URLs?
"-" / "." / "_" / "~"
Edited by Alexander Strachan