Implement AsyncOpenSearch() parameter ssl_assert_hostname (#843)

* Implement AsyncOpenSearch() parameter `ssl_assert_hostname` to allow disabling SSL hostname verification

Signed-off-by: merlinz01 <[email protected]>

* Update PR link

Signed-off-by: merlinz01 <[email protected]>

* Add test

Signed-off-by: merlinz01 <[email protected]>

* Update docs

Signed-off-by: merlinz01 <[email protected]>

* Add test for default value

Signed-off-by: merlinz01 <[email protected]>

* Fix formatting

Signed-off-by: merlinz01 <[email protected]>

* Fix test failing on Python >3.12.7

Signed-off-by: merlinz01 <[email protected]>

* Fix formatting

Signed-off-by: merlinz01 <[email protected]>

---------

Signed-off-by: merlinz01 <[email protected]>
Signed-off-by: Daniel (dB.) Doubrovkine <[email protected]>
Co-authored-by: Daniel (dB.) Doubrovkine <[email protected]>

CHANGELOG.md

@@ -4,7 +4,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ## [Unreleased]
 ### Added
 - Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827))
-- Support `pool_maxsize` in `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
+- Added `pool_maxsize` to `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845))
+- Added `ssl_assert_hostname` to `AsyncOpenSearch` ([843](https://github.com/opensearch-project/opensearch-py/pull/843))
 ### Changed
 ### Deprecated
 ### Removed

docs/source/api-ref/clients/opensearch_client.md

@@ -3,3 +3,7 @@
 ```{eval-rst}
 .. autoclass:: opensearchpy.OpenSearch
 ```
+
+```{eval-rst}
+.. autoclass:: opensearchpy.AsyncOpenSearch
+```

docs/source/api-ref/connection.md

@@ -1,4 +1,4 @@
-# connection 
+# Connection Types 
 
 ```{eval-rst}
 .. autoclass:: opensearchpy.Connection
@@ -12,6 +12,10 @@
 .. autoclass:: opensearchpy.Urllib3HttpConnection
 ```
 
+```{eval-rst}
+.. autoclass:: opensearchpy.AIOHttpConnection
+```
+
 ```{eval-rst}
 .. autoclass:: opensearchpy.connections
 ```

opensearchpy/_async/client/__init__.py

@@ -109,7 +109,7 @@ class AsyncOpenSearch(Client):
         ])
 
     If using SSL, there are several parameters that control how we deal with
-    certificates (see :class:`~opensearchpy.Urllib3HttpConnection` for
+    certificates (see :class:`~opensearchpy.AIOHttpConnection` for
     detailed description of the options)::
 
         client = OpenSearch(
@@ -123,7 +123,7 @@ class AsyncOpenSearch(Client):
         )
 
     If using SSL, but don't verify the certs, a warning message is showed
-    optionally (see :class:`~opensearchpy.Urllib3HttpConnection` for
+    optionally (see :class:`~opensearchpy.AIOHttpConnection` for
     detailed description of the options)::
 
         client = OpenSearch(
@@ -132,12 +132,14 @@ class AsyncOpenSearch(Client):
             use_ssl=True,
             # no verify SSL certificates
             verify_certs=False,
+            # don't verify the hostname in the certificate
+            ssl_assert_hostname=False,
             # don't show warnings about ssl certs verification
             ssl_show_warn=False
         )
 
     SSL client authentication is supported
-    (see :class:`~opensearchpy.Urllib3HttpConnection` for
+    (see :class:`~opensearchpy.AIOHttpConnection` for
     detailed description of the options)::
 
         client = OpenSearch(

opensearchpy/_async/http_aiohttp.py

@@ -85,6 +85,7 @@ def __init__(
         client_cert: Any = None,
         client_key: Any = None,
         ssl_version: Any = None,
+        ssl_assert_hostname: bool = True,
         ssl_assert_fingerprint: Any = None,
         maxsize: Optional[int] = 10,
         headers: Any = None,
@@ -178,7 +179,7 @@ def __init__(
 
             if verify_certs:
                 ssl_context.verify_mode = ssl.CERT_REQUIRED
-                ssl_context.check_hostname = True
+                ssl_context.check_hostname = ssl_assert_hostname
             else:
                 ssl_context.check_hostname = False
                 ssl_context.verify_mode = ssl.CERT_NONE

test_opensearchpy/test_async/test_connection.py

@@ -29,6 +29,7 @@
 import io
 import json
 import ssl
+import sys
 import warnings
 from platform import python_version
 from typing import Any
@@ -97,6 +98,17 @@ async def test_ssl_context(self) -> None:
         assert con.use_ssl
         assert con.session.connector._ssl == context
 
+    async def test_ssl_assert_hostname(self) -> None:
+        con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=True)
+        await con._create_aiohttp_session()
+        assert con.use_ssl
+        assert con.session.connector._ssl.check_hostname is True
+
+        con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False)
+        await con._create_aiohttp_session()
+        assert con.use_ssl
+        assert con.session.connector._ssl.check_hostname is False
+
     async def test_opaque_id(self) -> None:
         con = AIOHttpConnection(opaque_id="app-1")
         assert con.headers["x-opaque-id"] == "app-1"
@@ -217,7 +229,15 @@ async def test_nowarn_when_test_uses_https_if_verify_certs_is_off(self) -> None:
                 use_ssl=True, verify_certs=False, ssl_show_warn=False
             )
             await con._create_aiohttp_session()
-            assert w == []
+            if sys.hexversion < 0x30C0700:
+                assert w == []
+            else:
+                assert len(w) == 1
+                assert (
+                    str(w[0].message) == "enable_cleanup_closed ignored because "
+                    "https://github.com/python/cpython/pull/118960 is fixed in "
+                    "Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)"
+                )
 
         assert isinstance(con.session, aiohttp.ClientSession)