API key Authentication (#1010)

This commit is contained in:
Philip Krauss
2019-09-20 15:01:31 +02:00
committed by Honza Král
parent dd206ad5c5
commit c4bc2e420d
5 changed files with 72 additions and 0 deletions
+22
View File
@@ -230,6 +230,28 @@ description of the options.
.. _certifi: http://certifiio.readthedocs.io/en/latest/
APIKey Authentication
~~~~~~~~~~~~~~~~~~~~~~
You can configure the client to use Elasticsearch's `API Key`_ for connecting to your cluster.
Please note this authentication method has been introduced with release of Elasticsearch ``6.7.0``.
from elasticsearch import Elasticsearch
# you can use the api key tuple
es = Elasticsearch(
['node-1', 'node-2', 'node-3'],
api_key=('id', 'api_key'),
)
# or you pass the base 64 encoded token
es = Elasticsearch(
['node-1', 'node-2', 'node-3'],
api_key='base64encoded tuple',
)
.. _API Key: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html
Logging
~~~~~~~
+12
View File
@@ -1,4 +1,5 @@
import logging
import base64
from platform import python_version
@@ -183,3 +184,14 @@ class Connection(object):
def _get_default_user_agent(self):
return "elasticsearch-py/%s (Python %s)" % (__versionstr__, python_version())
def _get_api_key_header_val(self, api_key):
"""
Check the type of the passed api_key and return the correct header value
for the `API Key authentication <https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html>`
:arg api_key, either a tuple or a base64 encoded string
"""
if isinstance(api_key, (tuple, list)):
s = "{0}:{1}".format(api_key[0], api_key[1]).encode('utf-8')
return "ApiKey " + base64.b64encode(s).decode('utf-8')
return "ApiKey " + api_key
@@ -36,6 +36,7 @@ class RequestsHttpConnection(Connection):
separate cert and key files (client_cert will contain only the cert)
:arg headers: any custom http headers to be add to requests
:arg cloud_id: The Cloud ID from ElasticCloud. Convient way to connect to cloud instances.
:arg api_key: optional API Key authentication as either base64 encoded string or a tuple.
Other host connection params will be ignored.
"""
@@ -52,6 +53,7 @@ class RequestsHttpConnection(Connection):
client_key=None,
headers=None,
cloud_id=None,
api_key=None,
**kwargs
):
if not REQUESTS_AVAILABLE:
@@ -80,6 +82,8 @@ class RequestsHttpConnection(Connection):
elif isinstance(http_auth, string_types):
http_auth = tuple(http_auth.split(":", 1))
self.session.auth = http_auth
if api_key is not None:
self.session.headers['authorization'] = self._get_api_key_header_val(api_key)
self.base_url = "http%s://%s:%d%s" % (
"s" if self.use_ssl else "",
host,
+4
View File
@@ -74,6 +74,7 @@ class Urllib3HttpConnection(Connection):
:arg headers: any custom http headers to be add to requests
:arg http_compress: Use gzip compression
:arg cloud_id: The Cloud ID from ElasticCloud. Convient way to connect to cloud instances.
:arg api_key: optional API Key authentication as either base64 encoded string or a tuple.
Other host connection params will be ignored.
"""
@@ -96,6 +97,7 @@ class Urllib3HttpConnection(Connection):
ssl_context=None,
http_compress=False,
cloud_id=None,
api_key=None,
**kwargs
):
@@ -128,6 +130,8 @@ class Urllib3HttpConnection(Connection):
self.headers.setdefault("content-type", "application/json")
self.headers.setdefault("user-agent", self._get_default_user_agent())
if api_key is not None:
self.headers.setdefault('authorization', self._get_api_key_header_val(api_key))
pool_class = urllib3.HTTPConnectionPool
kw = {}
+30
View File
@@ -44,6 +44,21 @@ class TestUrllib3Connection(TestCase):
con.host, "https://0fd50f62320ed6539f6cb48e1b68.example.cloud.com:9243"
)
def test_api_key_auth(self):
# test with tuple
con = Urllib3HttpConnection(
cloud_id="foobar:ZXhhbXBsZS5jbG91ZC5jb20kMGZkNTBmNjIzMjBlZDY1MzlmNmNiNDhlMWI2OCRhYzUzOTVhODgz\nNDU2NmM5ZjE1Y2Q4ZTQ5MGE=\n",
api_key=("elastic", "changeme1"),
)
self.assertEquals(con.headers["authorization"], "ApiKey ZWxhc3RpYzpjaGFuZ2VtZTE=")
# test with base64 encoded string
con = Urllib3HttpConnection(
cloud_id="foobar:ZXhhbXBsZS5jbG91ZC5jb20kMGZkNTBmNjIzMjBlZDY1MzlmNmNiNDhlMWI2OCRhYzUzOTVhODgz\nNDU2NmM5ZjE1Y2Q4ZTQ5MGE=\n",
api_key="ZWxhc3RpYzpjaGFuZ2VtZTI=",
)
self.assertEquals(con.headers["authorization"], "ApiKey ZWxhc3RpYzpjaGFuZ2VtZTI=")
def test_http_compression(self):
con = Urllib3HttpConnection(http_compress=True)
self.assertTrue(con.http_compress)
@@ -181,6 +196,21 @@ class TestRequestsConnection(TestCase):
con.host, "https://0fd50f62320ed6539f6cb48e1b68.example.cloud.com:9243"
)
def test_api_key_auth(self):
# test with tuple
con = RequestsHttpConnection(
cloud_id="foobar:ZXhhbXBsZS5jbG91ZC5jb20kMGZkNTBmNjIzMjBlZDY1MzlmNmNiNDhlMWI2OCRhYzUzOTVhODgz\nNDU2NmM5ZjE1Y2Q4ZTQ5MGE=\n",
api_key=("elastic", "changeme1"),
)
self.assertEquals(con.session.headers["authorization"], "ApiKey ZWxhc3RpYzpjaGFuZ2VtZTE=")
# test with base64 encoded string
con = RequestsHttpConnection(
cloud_id="foobar:ZXhhbXBsZS5jbG91ZC5jb20kMGZkNTBmNjIzMjBlZDY1MzlmNmNiNDhlMWI2OCRhYzUzOTVhODgz\nNDU2NmM5ZjE1Y2Q4ZTQ5MGE=\n",
api_key="ZWxhc3RpYzpjaGFuZ2VtZTI=",
)
self.assertEquals(con.session.headers["authorization"], "ApiKey ZWxhc3RpYzpjaGFuZ2VtZTI=")
def test_uses_https_if_verify_certs_is_off(self):
with warnings.catch_warnings(record=True) as w:
con = self._get_mock_connection(