Implement AsyncOpenSearch() parameter ssl_assert_hostname (#843)
* Implement AsyncOpenSearch() parameter `ssl_assert_hostname` to allow disabling SSL hostname verification Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Update PR link Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Add test Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Update docs Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Add test for default value Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix test failing on Python >3.12.7 Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --------- Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> Signed-off-by: Daniel (dB.) Doubrovkine <dblock@amazon.com> Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com>
This commit is contained in:
+2
-1
@@ -4,7 +4,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
|||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
### Added
|
### Added
|
||||||
- Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827))
|
- Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827))
|
||||||
- Support `pool_maxsize` in `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
|
- Added `pool_maxsize` to `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
|
||||||
|
- Added `ssl_assert_hostname` to `AsyncOpenSearch` ([843](https://github.com/opensearch-project/opensearch-py/pull/843))
|
||||||
### Changed
|
### Changed
|
||||||
### Deprecated
|
### Deprecated
|
||||||
### Removed
|
### Removed
|
||||||
|
|||||||
@@ -3,3 +3,7 @@
|
|||||||
```{eval-rst}
|
```{eval-rst}
|
||||||
.. autoclass:: opensearchpy.OpenSearch
|
.. autoclass:: opensearchpy.OpenSearch
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```{eval-rst}
|
||||||
|
.. autoclass:: opensearchpy.AsyncOpenSearch
|
||||||
|
```
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# connection
|
# Connection Types
|
||||||
|
|
||||||
```{eval-rst}
|
```{eval-rst}
|
||||||
.. autoclass:: opensearchpy.Connection
|
.. autoclass:: opensearchpy.Connection
|
||||||
@@ -12,6 +12,10 @@
|
|||||||
.. autoclass:: opensearchpy.Urllib3HttpConnection
|
.. autoclass:: opensearchpy.Urllib3HttpConnection
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```{eval-rst}
|
||||||
|
.. autoclass:: opensearchpy.AIOHttpConnection
|
||||||
|
```
|
||||||
|
|
||||||
```{eval-rst}
|
```{eval-rst}
|
||||||
.. autoclass:: opensearchpy.connections
|
.. autoclass:: opensearchpy.connections
|
||||||
```
|
```
|
||||||
@@ -109,7 +109,7 @@ class AsyncOpenSearch(Client):
|
|||||||
])
|
])
|
||||||
|
|
||||||
If using SSL, there are several parameters that control how we deal with
|
If using SSL, there are several parameters that control how we deal with
|
||||||
certificates (see :class:`~opensearchpy.Urllib3HttpConnection` for
|
certificates (see :class:`~opensearchpy.AIOHttpConnection` for
|
||||||
detailed description of the options)::
|
detailed description of the options)::
|
||||||
|
|
||||||
client = OpenSearch(
|
client = OpenSearch(
|
||||||
@@ -123,7 +123,7 @@ class AsyncOpenSearch(Client):
|
|||||||
)
|
)
|
||||||
|
|
||||||
If using SSL, but don't verify the certs, a warning message is showed
|
If using SSL, but don't verify the certs, a warning message is showed
|
||||||
optionally (see :class:`~opensearchpy.Urllib3HttpConnection` for
|
optionally (see :class:`~opensearchpy.AIOHttpConnection` for
|
||||||
detailed description of the options)::
|
detailed description of the options)::
|
||||||
|
|
||||||
client = OpenSearch(
|
client = OpenSearch(
|
||||||
@@ -132,12 +132,14 @@ class AsyncOpenSearch(Client):
|
|||||||
use_ssl=True,
|
use_ssl=True,
|
||||||
# no verify SSL certificates
|
# no verify SSL certificates
|
||||||
verify_certs=False,
|
verify_certs=False,
|
||||||
|
# don't verify the hostname in the certificate
|
||||||
|
ssl_assert_hostname=False,
|
||||||
# don't show warnings about ssl certs verification
|
# don't show warnings about ssl certs verification
|
||||||
ssl_show_warn=False
|
ssl_show_warn=False
|
||||||
)
|
)
|
||||||
|
|
||||||
SSL client authentication is supported
|
SSL client authentication is supported
|
||||||
(see :class:`~opensearchpy.Urllib3HttpConnection` for
|
(see :class:`~opensearchpy.AIOHttpConnection` for
|
||||||
detailed description of the options)::
|
detailed description of the options)::
|
||||||
|
|
||||||
client = OpenSearch(
|
client = OpenSearch(
|
||||||
|
|||||||
@@ -85,6 +85,7 @@ class AIOHttpConnection(AsyncConnection):
|
|||||||
client_cert: Any = None,
|
client_cert: Any = None,
|
||||||
client_key: Any = None,
|
client_key: Any = None,
|
||||||
ssl_version: Any = None,
|
ssl_version: Any = None,
|
||||||
|
ssl_assert_hostname: bool = True,
|
||||||
ssl_assert_fingerprint: Any = None,
|
ssl_assert_fingerprint: Any = None,
|
||||||
maxsize: Optional[int] = 10,
|
maxsize: Optional[int] = 10,
|
||||||
headers: Any = None,
|
headers: Any = None,
|
||||||
@@ -178,7 +179,7 @@ class AIOHttpConnection(AsyncConnection):
|
|||||||
|
|
||||||
if verify_certs:
|
if verify_certs:
|
||||||
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
ssl_context.verify_mode = ssl.CERT_REQUIRED
|
||||||
ssl_context.check_hostname = True
|
ssl_context.check_hostname = ssl_assert_hostname
|
||||||
else:
|
else:
|
||||||
ssl_context.check_hostname = False
|
ssl_context.check_hostname = False
|
||||||
ssl_context.verify_mode = ssl.CERT_NONE
|
ssl_context.verify_mode = ssl.CERT_NONE
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ import gzip
|
|||||||
import io
|
import io
|
||||||
import json
|
import json
|
||||||
import ssl
|
import ssl
|
||||||
|
import sys
|
||||||
import warnings
|
import warnings
|
||||||
from platform import python_version
|
from platform import python_version
|
||||||
from typing import Any
|
from typing import Any
|
||||||
@@ -97,6 +98,17 @@ class TestAIOHttpConnection:
|
|||||||
assert con.use_ssl
|
assert con.use_ssl
|
||||||
assert con.session.connector._ssl == context
|
assert con.session.connector._ssl == context
|
||||||
|
|
||||||
|
async def test_ssl_assert_hostname(self) -> None:
|
||||||
|
con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=True)
|
||||||
|
await con._create_aiohttp_session()
|
||||||
|
assert con.use_ssl
|
||||||
|
assert con.session.connector._ssl.check_hostname is True
|
||||||
|
|
||||||
|
con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False)
|
||||||
|
await con._create_aiohttp_session()
|
||||||
|
assert con.use_ssl
|
||||||
|
assert con.session.connector._ssl.check_hostname is False
|
||||||
|
|
||||||
async def test_opaque_id(self) -> None:
|
async def test_opaque_id(self) -> None:
|
||||||
con = AIOHttpConnection(opaque_id="app-1")
|
con = AIOHttpConnection(opaque_id="app-1")
|
||||||
assert con.headers["x-opaque-id"] == "app-1"
|
assert con.headers["x-opaque-id"] == "app-1"
|
||||||
@@ -217,7 +229,15 @@ class TestAIOHttpConnection:
|
|||||||
use_ssl=True, verify_certs=False, ssl_show_warn=False
|
use_ssl=True, verify_certs=False, ssl_show_warn=False
|
||||||
)
|
)
|
||||||
await con._create_aiohttp_session()
|
await con._create_aiohttp_session()
|
||||||
assert w == []
|
if sys.hexversion < 0x30C0700:
|
||||||
|
assert w == []
|
||||||
|
else:
|
||||||
|
assert len(w) == 1
|
||||||
|
assert (
|
||||||
|
str(w[0].message) == "enable_cleanup_closed ignored because "
|
||||||
|
"https://github.com/python/cpython/pull/118960 is fixed in "
|
||||||
|
"Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)"
|
||||||
|
)
|
||||||
|
|
||||||
assert isinstance(con.session, aiohttp.ClientSession)
|
assert isinstance(con.session, aiohttp.ClientSession)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user