Elasticsearch integration throws a 401 with special character in password

Summary

When passing a password that contains a special character in the URL for the Elasticsearch integration, a 401 error is returned.

What is the current bug behavior?

Unable to use a password that contains a special character in the URL with the Elasticsearch integration.

What is the expected correct behavior?

Passwords containing special characters should be allowed.

Relevant logs and/or screenshots

They tested hitting Elasticsearch directly with the password and had access. It only breaks when going through GitLab.

Elasticsearch::Transport::Transport::Errors::Unauthorized: [401] {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic-api] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"unable to authenticate user [elastic-api] for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/gitlab/elastic/helper.rb:29:in `create_empty_index'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:60:in `block (3 levels) in <top (required)>'
/opt/gitlab/embedded/service/gitlab-rails/ee/lib/tasks/gitlab/elastic.rake:10:in `block (3 levels) in <top (required)>'
/opt/gitlab/embedded/bin/bundle:23:in `load'
/opt/gitlab/embedded/bin/bundle:23:in `<main>'

Output of checks

Gitlab 12.1.16-ee

Customer ticket: https://gitlab.zendesk.com/agent/tickets/130164 (internal use)

Workaround

Please use URI acceptable symbols for the password, see What are the safe characters for making URLs?

"-" / "." / "_" / "~"