From 9c9692b2334d786f9beb10a8684d69d4389c9911 Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Sat, 9 Nov 2024 19:55:31 -0500 Subject: [PATCH 1/8] Implement AsyncOpenSearch() parameter `ssl_assert_hostname` to allow disabling SSL hostname verification Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- CHANGELOG.md | 1 + opensearchpy/_async/http_aiohttp.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5fccce1a..a31ac2ca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [Unreleased] ### Added - Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827)) +- Implement `ssl_assert_hostname` boolean parameter for `AsyncOpenSearch.__init__()` ([#dummy](https://github.com/opensearch-project/opensearch-py/pull/dummy)) ### Changed ### Deprecated ### Removed diff --git a/opensearchpy/_async/http_aiohttp.py b/opensearchpy/_async/http_aiohttp.py index 1e3da465..5828fda7 100644 --- a/opensearchpy/_async/http_aiohttp.py +++ b/opensearchpy/_async/http_aiohttp.py @@ -85,6 +85,7 @@ def __init__( client_cert: Any = None, client_key: Any = None, ssl_version: Any = None, + ssl_assert_hostname: bool = True, ssl_assert_fingerprint: Any = None, maxsize: Optional[int] = 10, headers: Any = None, @@ -177,7 +178,7 @@ def __init__( if verify_certs: ssl_context.verify_mode = ssl.CERT_REQUIRED - ssl_context.check_hostname = True + ssl_context.check_hostname = ssl_assert_hostname else: ssl_context.check_hostname = False ssl_context.verify_mode = ssl.CERT_NONE From dff0bf85e62b20bf5ad18ad539cb7930156e6174 Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Sat, 9 Nov 2024 19:59:35 -0500 Subject: [PATCH 2/8] Update PR link Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a31ac2ca..93d1218f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ## [Unreleased] ### Added - Added `AsyncSearch#collapse` ([827](https://github.com/opensearch-project/opensearch-py/pull/827)) -- Implement `ssl_assert_hostname` boolean parameter for `AsyncOpenSearch.__init__()` ([#dummy](https://github.com/opensearch-project/opensearch-py/pull/dummy)) +- Implement `ssl_assert_hostname` boolean parameter for `AsyncOpenSearch.__init__()` ([843](https://github.com/opensearch-project/opensearch-py/pull/843)) ### Changed ### Deprecated ### Removed From 4415da0164f0c1a12083de2e1652ac6a8310acfa Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Thu, 14 Nov 2024 13:38:43 -0500 Subject: [PATCH 3/8] Add test Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- test_opensearchpy/test_async/test_connection.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test_opensearchpy/test_async/test_connection.py b/test_opensearchpy/test_async/test_connection.py index 5c8f6e26..cc327fc6 100644 --- a/test_opensearchpy/test_async/test_connection.py +++ b/test_opensearchpy/test_async/test_connection.py @@ -97,6 +97,12 @@ async def test_ssl_context(self) -> None: assert con.use_ssl assert con.session.connector._ssl == context + async def test_ssl_assert_hostname(self) -> None: + con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False) + await con._create_aiohttp_session() + assert con.use_ssl + assert con.session.connector._ssl.check_hostname is False + async def test_opaque_id(self) -> None: con = AIOHttpConnection(opaque_id="app-1") assert con.headers["x-opaque-id"] == "app-1" From 7752471d2a759ee4aa5c68e302b702c7f2e92cde Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Thu, 14 Nov 2024 14:04:42 -0500 Subject: [PATCH 4/8] Update docs Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- docs/source/api-ref/clients/opensearch_client.md | 4 ++++ docs/source/api-ref/connection.md | 6 +++++- opensearchpy/_async/client/__init__.py | 8 +++++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/source/api-ref/clients/opensearch_client.md b/docs/source/api-ref/clients/opensearch_client.md index 15838f29..4c0845df 100644 --- a/docs/source/api-ref/clients/opensearch_client.md +++ b/docs/source/api-ref/clients/opensearch_client.md @@ -3,3 +3,7 @@ ```{eval-rst} .. autoclass:: opensearchpy.OpenSearch ``` + +```{eval-rst} +.. autoclass:: opensearchpy.AsyncOpenSearch +``` diff --git a/docs/source/api-ref/connection.md b/docs/source/api-ref/connection.md index 8ac0e3ec..3a6ea4b0 100644 --- a/docs/source/api-ref/connection.md +++ b/docs/source/api-ref/connection.md @@ -1,4 +1,4 @@ -# connection +# Connection Types ```{eval-rst} .. autoclass:: opensearchpy.Connection @@ -12,6 +12,10 @@ .. autoclass:: opensearchpy.Urllib3HttpConnection ``` +```{eval-rst} +.. autoclass:: opensearchpy.AIOHttpConnection +``` + ```{eval-rst} .. autoclass:: opensearchpy.connections ``` \ No newline at end of file diff --git a/opensearchpy/_async/client/__init__.py b/opensearchpy/_async/client/__init__.py index 9cd54d38..24b95498 100644 --- a/opensearchpy/_async/client/__init__.py +++ b/opensearchpy/_async/client/__init__.py @@ -109,7 +109,7 @@ class AsyncOpenSearch(Client): ]) If using SSL, there are several parameters that control how we deal with - certificates (see :class:`~opensearchpy.Urllib3HttpConnection` for + certificates (see :class:`~opensearchpy.AIOHttpConnection` for detailed description of the options):: client = OpenSearch( @@ -123,7 +123,7 @@ class AsyncOpenSearch(Client): ) If using SSL, but don't verify the certs, a warning message is showed - optionally (see :class:`~opensearchpy.Urllib3HttpConnection` for + optionally (see :class:`~opensearchpy.AIOHttpConnection` for detailed description of the options):: client = OpenSearch( @@ -132,12 +132,14 @@ class AsyncOpenSearch(Client): use_ssl=True, # no verify SSL certificates verify_certs=False, + # don't verify the hostname in the certificate + ssl_assert_hostname=False, # don't show warnings about ssl certs verification ssl_show_warn=False ) SSL client authentication is supported - (see :class:`~opensearchpy.Urllib3HttpConnection` for + (see :class:`~opensearchpy.AIOHttpConnection` for detailed description of the options):: client = OpenSearch( From 5996efc6db10f4761fac0a3aa4bcd061ce7e8481 Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Thu, 14 Nov 2024 14:30:48 -0500 Subject: [PATCH 5/8] Add test for default value Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- test_opensearchpy/test_async/test_connection.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/test_opensearchpy/test_async/test_connection.py b/test_opensearchpy/test_async/test_connection.py index cc327fc6..6d58ca5e 100644 --- a/test_opensearchpy/test_async/test_connection.py +++ b/test_opensearchpy/test_async/test_connection.py @@ -98,11 +98,17 @@ async def test_ssl_context(self) -> None: assert con.session.connector._ssl == context async def test_ssl_assert_hostname(self) -> None: + con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=True) + await con._create_aiohttp_session() + assert con.use_ssl + assert con.session.connector._ssl.check_hostname is True + con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False) await con._create_aiohttp_session() assert con.use_ssl assert con.session.connector._ssl.check_hostname is False + async def test_opaque_id(self) -> None: con = AIOHttpConnection(opaque_id="app-1") assert con.headers["x-opaque-id"] == "app-1" From 0a598d46a841b72ab870e9b07cd51e226de66020 Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Thu, 14 Nov 2024 16:55:04 -0500 Subject: [PATCH 6/8] Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- test_opensearchpy/test_async/test_connection.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test_opensearchpy/test_async/test_connection.py b/test_opensearchpy/test_async/test_connection.py index 6d58ca5e..9ad21b5d 100644 --- a/test_opensearchpy/test_async/test_connection.py +++ b/test_opensearchpy/test_async/test_connection.py @@ -102,13 +102,12 @@ async def test_ssl_assert_hostname(self) -> None: await con._create_aiohttp_session() assert con.use_ssl assert con.session.connector._ssl.check_hostname is True - + con = AIOHttpConnection(use_ssl=True, ssl_assert_hostname=False) await con._create_aiohttp_session() assert con.use_ssl assert con.session.connector._ssl.check_hostname is False - async def test_opaque_id(self) -> None: con = AIOHttpConnection(opaque_id="app-1") assert con.headers["x-opaque-id"] == "app-1" From 7569dc47ab79364d824f39de61b671d956d6a820 Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Fri, 15 Nov 2024 18:37:50 -0500 Subject: [PATCH 7/8] Fix test failing on Python >3.12.7 Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- test_opensearchpy/test_async/test_connection.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/test_opensearchpy/test_async/test_connection.py b/test_opensearchpy/test_async/test_connection.py index 9ad21b5d..1b4e8100 100644 --- a/test_opensearchpy/test_async/test_connection.py +++ b/test_opensearchpy/test_async/test_connection.py @@ -29,6 +29,7 @@ import io import json import ssl +import sys import warnings from platform import python_version from typing import Any @@ -228,7 +229,13 @@ async def test_nowarn_when_test_uses_https_if_verify_certs_is_off(self) -> None: use_ssl=True, verify_certs=False, ssl_show_warn=False ) await con._create_aiohttp_session() - assert w == [] + if sys.hexversion < 0x30c0700: + assert w == [] + else: + assert len(w) == 1 + assert (str(w[0].message) == "enable_cleanup_closed ignored because " + "https://github.com/python/cpython/pull/118960 is fixed in " + "Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)") assert isinstance(con.session, aiohttp.ClientSession) From 227fbaa15623eb2c782d6fd3d873680a3333b0ad Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Fri, 15 Nov 2024 18:39:29 -0500 Subject: [PATCH 8/8] Fix formatting Signed-off-by: merlinz01 <158784988+merlinz01@users.noreply.github.com> --- test_opensearchpy/test_async/test_connection.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/test_opensearchpy/test_async/test_connection.py b/test_opensearchpy/test_async/test_connection.py index 1b4e8100..c7d7b4a3 100644 --- a/test_opensearchpy/test_async/test_connection.py +++ b/test_opensearchpy/test_async/test_connection.py @@ -229,13 +229,15 @@ async def test_nowarn_when_test_uses_https_if_verify_certs_is_off(self) -> None: use_ssl=True, verify_certs=False, ssl_show_warn=False ) await con._create_aiohttp_session() - if sys.hexversion < 0x30c0700: + if sys.hexversion < 0x30C0700: assert w == [] else: assert len(w) == 1 - assert (str(w[0].message) == "enable_cleanup_closed ignored because " - "https://github.com/python/cpython/pull/118960 is fixed in " - "Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)") + assert ( + str(w[0].message) == "enable_cleanup_closed ignored because " + "https://github.com/python/cpython/pull/118960 is fixed in " + "Python version sys.version_info(major=3, minor=12, micro=7, releaselevel='final', serial=0)" + ) assert isinstance(con.session, aiohttp.ClientSession)