Implement AsyncOpenSearch() parameter ssl_assert_hostname (#843)

* Implement AsyncOpenSearch() parameter `ssl_assert_hostname` to allow disabling SSL hostname verification

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

* Update PR link

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

* Add test

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

* Update docs

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

* Add test for default value

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

* Fix formatting

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

* Fix test failing on Python >3.12.7

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

* Fix formatting

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>

---------

Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com>
Signed-off-by: Daniel (dB.) Doubrovkine <dblock@amazon.com>
Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com>
This commit is contained in:
Merlin
2024-11-16 08:29:10 -05:00
committed by GitHub
parent 1269cdc95a
commit 12c379d32d
6 changed files with 39 additions and 7 deletions
+2 -1
View File
@@ -4,7 +4,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
## [Unreleased]
### Added
- Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827))
- Support `pool_maxsize` in `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
- Added `pool_maxsize` to `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
- Added `ssl_assert_hostname` to `AsyncOpenSearch` ([843](https://github.com/opensearch-project/opensearch-py/pull/843))
### Changed
### Deprecated
### Removed
@@ -3,3 +3,7 @@
```{eval-rst}
.. autoclass:: opensearchpy.OpenSearch
```
```{eval-rst}
.. autoclass:: opensearchpy.AsyncOpenSearch
```
+5 -1
View File
@@ -1,4 +1,4 @@
# connection
# Connection Types
```{eval-rst}
.. autoclass:: opensearchpy.Connection
@@ -12,6 +12,10 @@
.. autoclass:: opensearchpy.Urllib3HttpConnection
```
```{eval-rst}
.. autoclass:: opensearchpy.AIOHttpConnection
```
```{eval-rst}
.. autoclass:: opensearchpy.connections
```
+5 -3
View File
@@ -109,7 +109,7 @@ class AsyncOpenSearch(Client):
])
If using SSL, there are several parameters that control how we deal with
certificates (see :class:`~opensearchpy.Urllib3HttpConnection` for
certificates (see :class:`~opensearchpy.AIOHttpConnection` for
detailed description of the options)::
client = OpenSearch(
@@ -123,7 +123,7 @@ class AsyncOpenSearch(Client):
)
If using SSL, but don't verify the certs, a warning message is showed
optionally (see :class:`~opensearchpy.Urllib3HttpConnection` for
optionally (see :class:`~opensearchpy.AIOHttpConnection` for
detailed description of the options)::
client = OpenSearch(
@@ -132,12 +132,14 @@ class AsyncOpenSearch(Client):
use_ssl=True,
# no verify SSL certificates
verify_certs=False,
# don't verify the hostname in the certificate
ssl_assert_hostname=False,
# don't show warnings about ssl certs verification
ssl_show_warn=False
)
SSL client authentication is supported
(see :class:`~opensearchpy.Urllib3HttpConnection` for
(see :class:`~opensearchpy.AIOHttpConnection` for
detailed description of the options)::
client = OpenSearch(
+2 -1
View File
@@ -85,6 +85,7 @@ class AIOHttpConnection(AsyncConnection):
client_cert: Any = None,
client_key: Any = None,
ssl_version: Any = None,
ssl_assert_hostname: bool = True,
ssl_assert_fingerprint: Any = None,
maxsize: Optional[int] = 10,
headers: Any = None,
@@ -178,7 +179,7 @@ class AIOHttpConnection(AsyncConnection):
if verify_certs:
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
ssl_context.check_hostname = ssl_assert_hostname
else:
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
@@ -29,6 +29,7 @@ import gzip
import io
import json
import ssl
import sys
import warnings
from platform import python_version
from typing import Any
@@ -97,6 +98,17 @@ class TestAIOHttpConnection:
assert con.use_ssl
assert con.session.connector._ssl == context
async def test_ssl_assert_hostname(self) -> None:
con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=True)
await con._create_aiohttp_session()
assert con.use_ssl
assert con.session.connector._ssl.check_hostname is True
con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False)
await con._create_aiohttp_session()
assert con.use_ssl
assert con.session.connector._ssl.check_hostname is False
async def test_opaque_id(self) -> None:
con = AIOHttpConnection(opaque_id="app-1")
assert con.headers["x-opaque-id"] == "app-1"
@@ -217,7 +229,15 @@ class TestAIOHttpConnection:
use_ssl=True, verify_certs=False, ssl_show_warn=False
)
await con._create_aiohttp_session()
assert w == []
if sys.hexversion < 0x30C0700:
assert w == []
else:
assert len(w) == 1
assert (
str(w[0].message) == "enable_cleanup_closed ignored because "
"https://github.com/python/cpython/pull/118960 is fixed in "
"Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)"
)
assert isinstance(con.session, aiohttp.ClientSession)