From 12c379d32d86bde3f942dce6f80fa651d64fdf26 Mon Sep 17 00:00:00 2001 From: Merlin <158784988+merlinz01@users.noreply.github.com> Date: Sat, 16 Nov 2024 08:29:10 -0500 Subject: [PATCH] Implement AsyncOpenSearch() parameter `ssl_assert_hostname` (#843) * Implement AsyncOpenSearch() parameter `ssl_assert_hostname` to allow disabling SSL hostname verification Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Update PR link Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Add test Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Update docs Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Add test for default value Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix test failing on Python >3.12.7 Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> * Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --------- Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> Signed-off-by: Daniel (dB.) Doubrovkine Co-authored-by: Daniel (dB.) Doubrovkine --- CHANGELOG.md | 3 ++- .../api-ref/clients/opensearch_client.md | 4 ++++ docs/source/api-ref/connection.md | 6 ++++- opensearchpy/_async/client/__init__.py | 8 ++++--- opensearchpy/_async/http_aiohttp.py | 3 ++- .../test_async/test_connection.py | 22 ++++++++++++++++++- 6 files changed, 39 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2430c8bf2..8f11b9453 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [Unreleased] ### Added - Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827)) -- Support `pool_maxsize` in `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845)) +- Added `pool_maxsize` to `AsyncOpenSearch` ([845](https://github.com/opensearch-project/opensearch-py/pull/845)) +- Added `ssl_assert_hostname` to `AsyncOpenSearch` ([843](https://github.com/opensearch-project/opensearch-py/pull/843)) ### Changed ### Deprecated ### Removed diff --git a/docs/source/api-ref/clients/opensearch_client.md b/docs/source/api-ref/clients/opensearch_client.md index 15838f29a..4c0845df3 100644 --- a/docs/source/api-ref/clients/opensearch_client.md +++ b/docs/source/api-ref/clients/opensearch_client.md @@ -3,3 +3,7 @@ ```{eval-rst} .. autoclass:: opensearchpy.OpenSearch ``` + +```{eval-rst} +.. autoclass:: opensearchpy.AsyncOpenSearch +``` diff --git a/docs/source/api-ref/connection.md b/docs/source/api-ref/connection.md index 8ac0e3ec6..3a6ea4b08 100644 --- a/docs/source/api-ref/connection.md +++ b/docs/source/api-ref/connection.md @@ -1,4 +1,4 @@ -# connection +# Connection Types ```{eval-rst} .. autoclass:: opensearchpy.Connection @@ -12,6 +12,10 @@ .. autoclass:: opensearchpy.Urllib3HttpConnection ``` +```{eval-rst} +.. autoclass:: opensearchpy.AIOHttpConnection +``` + ```{eval-rst} .. autoclass:: opensearchpy.connections ``` \ No newline at end of file diff --git a/opensearchpy/_async/client/__init__.py b/opensearchpy/_async/client/__init__.py index 9cd54d388..24b954989 100644 --- a/opensearchpy/_async/client/__init__.py +++ b/opensearchpy/_async/client/__init__.py @@ -109,7 +109,7 @@ class AsyncOpenSearch(Client): ]) If using SSL, there are several parameters that control how we deal with - certificates (see :class:`~opensearchpy.Urllib3HttpConnection` for + certificates (see :class:`~opensearchpy.AIOHttpConnection` for detailed description of the options):: client = OpenSearch( @@ -123,7 +123,7 @@ class AsyncOpenSearch(Client): ) If using SSL, but don't verify the certs, a warning message is showed - optionally (see :class:`~opensearchpy.Urllib3HttpConnection` for + optionally (see :class:`~opensearchpy.AIOHttpConnection` for detailed description of the options):: client = OpenSearch( @@ -132,12 +132,14 @@ class AsyncOpenSearch(Client): use_ssl=True, # no verify SSL certificates verify_certs=False, + # don't verify the hostname in the certificate + ssl_assert_hostname=False, # don't show warnings about ssl certs verification ssl_show_warn=False ) SSL client authentication is supported - (see :class:`~opensearchpy.Urllib3HttpConnection` for + (see :class:`~opensearchpy.AIOHttpConnection` for detailed description of the options):: client = OpenSearch( diff --git a/opensearchpy/_async/http_aiohttp.py b/opensearchpy/_async/http_aiohttp.py index ed1d26e7e..1de476346 100644 --- a/opensearchpy/_async/http_aiohttp.py +++ b/opensearchpy/_async/http_aiohttp.py @@ -85,6 +85,7 @@ def __init__( client_cert: Any = None, client_key: Any = None, ssl_version: Any = None, + ssl_assert_hostname: bool = True, ssl_assert_fingerprint: Any = None, maxsize: Optional[int] = 10, headers: Any = None, @@ -178,7 +179,7 @@ def __init__( if verify_certs: ssl_context.verify_mode = ssl.CERT_REQUIRED - ssl_context.check_hostname = True + ssl_context.check_hostname = ssl_assert_hostname else: ssl_context.check_hostname = False ssl_context.verify_mode = ssl.CERT_NONE diff --git a/test_opensearchpy/test_async/test_connection.py b/test_opensearchpy/test_async/test_connection.py index 5c8f6e260..c7d7b4a30 100644 --- a/test_opensearchpy/test_async/test_connection.py +++ b/test_opensearchpy/test_async/test_connection.py @@ -29,6 +29,7 @@ import io import json import ssl +import sys import warnings from platform import python_version from typing import Any @@ -97,6 +98,17 @@ async def test_ssl_context(self) -> None: assert con.use_ssl assert con.session.connector._ssl == context + async def test_ssl_assert_hostname(self) -> None: + con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=True) + await con._create_aiohttp_session() + assert con.use_ssl + assert con.session.connector._ssl.check_hostname is True + + con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False) + await con._create_aiohttp_session() + assert con.use_ssl + assert con.session.connector._ssl.check_hostname is False + async def test_opaque_id(self) -> None: con = AIOHttpConnection(opaque_id="app-1") assert con.headers["x-opaque-id"] == "app-1" @@ -217,7 +229,15 @@ async def test_nowarn_when_test_uses_https_if_verify_certs_is_off(self) -> None: use_ssl=True, verify_certs=False, ssl_show_warn=False ) await con._create_aiohttp_session() - assert w == [] + if sys.hexversion < 0x30C0700: + assert w == [] + else: + assert len(w) == 1 + assert ( + str(w[0].message) == "enable_cleanup_closed ignored because " + "https://github.com/python/cpython/pull/118960 is fixed in " + "Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)" + ) assert isinstance(con.session, aiohttp.ClientSession)