added support for HTTPS connections to elasticsearch server

2026-04-04 12:48:53 +00:00 · 2019-01-09 18:16:56 +01:00
parent 048fa28160
commit 2ca7bb200a
2 changed files with 22 additions and 3 deletions
--- a/parsedmarc/cli.py
+++ b/parsedmarc/cli.py
@@ -141,6 +141,11 @@ def _main():
                            help="append this suffix to the "
                                 "dmarc_aggregate and dmarc_forensic "
                                 "Elasticsearch index names, joined by _")
+    arg_parser.add_argument("--elasticsearch-use-ssl", default=False, action="store_true",
+                            help="enable ssl connection to elasticsearch server")
+    arg_parser.add_argument("--elasticsearch-ssl-cert-path", default=None,
+                            help="if enabled ssl connection to elasticsearch"
+                            "this is the path to the cert which validates the server")
    arg_parser.add_argument("--hec", help="the URL to a Splunk HTTP Event "
                                          "Collector (HEC)")
    arg_parser.add_argument("--hec-token", help="the authorization token for "
@@ -244,7 +249,8 @@ def _main():
                        es_aggregate_index, suffix)
                    es_forensic_index = "{0}_{1}".format(
                        es_forensic_index, suffix)
-                elastic.set_hosts(args.elasticsearch_host)
+                elastic.set_hosts(args.elasticsearch_host, args.elasticsearch_use_ssl,
+                                  args.elasticsearch_ssl_cert_path)
                elastic.migrate_indexes(aggregate_indexes=[es_aggregate_index],
                                        forensic_indexes=[es_forensic_index])
        except elastic.ElasticsearchError as error:
--- a/parsedmarc/elastic.py
+++ b/parsedmarc/elastic.py
@@ -167,16 +167,29 @@ class AlreadySaved(ValueError):
    """Raised when a report to be saved matches an existing report"""


-def set_hosts(hosts):
+def set_hosts(hosts, use_ssl=False, ssl_cert_path=None):
    """
    Sets the Elasticsearch hosts to use

    Args:
        hosts: A single hostname or URL, or list of hostnames or URLs
+        [use_ssl]: boolean, if True enables HTTPS connection to the server
+        [ssl_cert_path]: string, path to the certificate chain to validate the connection
    """
    if type(hosts) != list:
        hosts = [hosts]
-    connections.create_connection(hosts=hosts, timeout=20)
+    conn_params = {
+        "hosts": hosts,
+        "timeout": 20
+    }
+    if use_ssl:
+        conn_params['use_ssl'] = True
+        if ssl_cert_path:
+            conn_params['verify_certs'] = True
+            conn_params['ca_certs'] = ssl_cert_path
+        else:
+            conn_params['verify_certs'] = False
+    connections.create_connection(**conn_params)


 def create_indexes(names, settings=None):