Implement AsyncOpenSearch() parameter ssl_assert_hostname (#843)
* Implement AsyncOpenSearch() parameter `ssl_assert_hostname` to allow disabling SSL hostname verification Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Update PR link Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Add test Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Update docs Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Add test for default value Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix test failing on Python >3.12.7 Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --------- Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> Signed-off-by: Daniel (dB.) Doubrovkine <dblock@amazon.com> Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com>
This commit is contained in:
+2
-1
@@ -4,7 +4,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
||||
## [Unreleased]
|
||||
### Added
|
||||
- Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827))
|
||||
- Support `pool_maxsize` in `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
|
||||
- Added `pool_maxsize` to `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
|
||||
- Added `ssl_assert_hostname` to `AsyncOpenSearch` ([843](https://github.com/opensearch-project/opensearch-py/pull/843))
|
||||
### Changed
|
||||
### Deprecated
|
||||
### Removed
|
||||
|
||||
@@ -3,3 +3,7 @@
|
||||
```{eval-rst}
|
||||
.. autoclass:: opensearchpy.OpenSearch
|
||||
```
|
||||
|
||||
```{eval-rst}
|
||||
.. autoclass:: opensearchpy.AsyncOpenSearch
|
||||
```
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# connection
|
||||
# Connection Types
|
||||
|
||||
```{eval-rst}
|
||||
.. autoclass:: opensearchpy.Connection
|
||||
@@ -12,6 +12,10 @@
|
||||
.. autoclass:: opensearchpy.Urllib3HttpConnection
|
||||
```
|
||||
|
||||
```{eval-rst}
|
||||
.. autoclass:: opensearchpy.AIOHttpConnection
|
||||
```
|
||||
|
||||
```{eval-rst}
|
||||
.. autoclass:: opensearchpy.connections
|
||||
```
|
||||
@@ -109,7 +109,7 @@ class AsyncOpenSearch(Client):
|
||||
])
|
||||
|
||||
If using SSL, there are several parameters that control how we deal with
|
||||
certificates (see :class:`~opensearchpy.Urllib3HttpConnection` for
|
||||
certificates (see :class:`~opensearchpy.AIOHttpConnection` for
|
||||
detailed description of the options)::
|
||||
|
||||
client = OpenSearch(
|
||||
@@ -123,7 +123,7 @@ class AsyncOpenSearch(Client):
|
||||
)
|
||||
|
||||
If using SSL, but don't verify the certs, a warning message is showed
|
||||
optionally (see :class:`~opensearchpy.Urllib3HttpConnection` for
|
||||
optionally (see :class:`~opensearchpy.AIOHttpConnection` for
|
||||
detailed description of the options)::
|
||||
|
||||
client = OpenSearch(
|
||||
@@ -132,12 +132,14 @@ class AsyncOpenSearch(Client):
|
||||
use_ssl=True,
|
||||
# no verify SSL certificates
|
||||
verify_certs=False,
|
||||
# don't verify the hostname in the certificate
|
||||
ssl_assert_hostname=False,
|
||||
# don't show warnings about ssl certs verification
|
||||
ssl_show_warn=False
|
||||
)
|
||||
|
||||
SSL client authentication is supported
|
||||
(see :class:`~opensearchpy.Urllib3HttpConnection` for
|
||||
(see :class:`~opensearchpy.AIOHttpConnection` for
|
||||
detailed description of the options)::
|
||||
|
||||
client = OpenSearch(
|
||||
|
||||
@@ -85,6 +85,7 @@ class AIOHttpConnection(AsyncConnection):
|
||||
client_cert: Any = None,
|
||||
client_key: Any = None,
|
||||
ssl_version: Any = None,
|
||||
ssl_assert_hostname: bool = True,
|
||||
ssl_assert_fingerprint: Any = None,
|
||||
maxsize: Optional[int] = 10,
|
||||
headers: Any = None,
|
||||
@@ -178,7 +179,7 @@ class AIOHttpConnection(AsyncConnection):
|
||||
|
||||
if verify_certs:
|
||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssl_context.check_hostname = True
|
||||
ssl_context.check_hostname = ssl_assert_hostname
|
||||
else:
|
||||
ssl_context.check_hostname = False
|
||||
ssl_context.verify_mode = ssl.CERT_NONE
|
||||
|
||||
@@ -29,6 +29,7 @@ import gzip
|
||||
import io
|
||||
import json
|
||||
import ssl
|
||||
import sys
|
||||
import warnings
|
||||
from platform import python_version
|
||||
from typing import Any
|
||||
@@ -97,6 +98,17 @@ class TestAIOHttpConnection:
|
||||
assert con.use_ssl
|
||||
assert con.session.connector._ssl == context
|
||||
|
||||
async def test_ssl_assert_hostname(self) -> None:
|
||||
con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=True)
|
||||
await con._create_aiohttp_session()
|
||||
assert con.use_ssl
|
||||
assert con.session.connector._ssl.check_hostname is True
|
||||
|
||||
con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False)
|
||||
await con._create_aiohttp_session()
|
||||
assert con.use_ssl
|
||||
assert con.session.connector._ssl.check_hostname is False
|
||||
|
||||
async def test_opaque_id(self) -> None:
|
||||
con = AIOHttpConnection(opaque_id="app-1")
|
||||
assert con.headers["x-opaque-id"] == "app-1"
|
||||
@@ -217,7 +229,15 @@ class TestAIOHttpConnection:
|
||||
use_ssl=True, verify_certs=False, ssl_show_warn=False
|
||||
)
|
||||
await con._create_aiohttp_session()
|
||||
assert w == []
|
||||
if sys.hexversion < 0x30C0700:
|
||||
assert w == []
|
||||
else:
|
||||
assert len(w) == 1
|
||||
assert (
|
||||
str(w[0].message) == "enable_cleanup_closed ignored because "
|
||||
"https://github.com/python/cpython/pull/118960 is fixed in "
|
||||
"Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)"
|
||||
)
|
||||
|
||||
assert isinstance(con.session, aiohttp.ClientSession)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user