# HG changeset patch # User Thierry Florac # Date 1520256833 -3600 # Node ID 7cc2aec2876c5ce10ad6d62b9309165ee5723b41 # Parent 78867d93d4904e2f717a59504287bbdcb6fd7fc6 Added 0MQ authentication and access control diff -r 78867d93d490 -r 7cc2aec2876c src/pyams_content_es/include.py --- a/src/pyams_content_es/include.py Thu Feb 22 10:15:31 2018 +0100 +++ b/src/pyams_content_es/include.py Mon Mar 05 14:33:53 2018 +0100 @@ -22,7 +22,7 @@ import sys # import interfaces -from pyams_content_es.interfaces import INDEXER_HANDLER_KEY, INDEXER_STARTER_KEY +from pyams_content_es.interfaces import INDEXER_HANDLER_KEY, INDEXER_STARTER_KEY, INDEXER_AUTH_KEY, INDEXER_CLIENTS_KEY from pyramid.interfaces import IApplicationCreated # import packages @@ -65,7 +65,10 @@ # create content indexer process try: process = ContentIndexerProcess(settings.get(INDEXER_HANDLER_KEY, '127.0.0.1:5557'), - ContentIndexerMessageHandler, registry) + ContentIndexerMessageHandler, + settings.get(INDEXER_AUTH_KEY), + settings.get(INDEXER_CLIENTS_KEY), + registry) logger.info('Starting Elasticsearch content indexer {0!r}...'.format(process)) process.start() if process.is_alive(): diff -r 78867d93d490 -r 7cc2aec2876c src/pyams_content_es/interfaces/__init__.py --- a/src/pyams_content_es/interfaces/__init__.py Thu Feb 22 10:15:31 2018 +0100 +++ b/src/pyams_content_es/interfaces/__init__.py Mon Mar 05 14:33:53 2018 +0100 @@ -31,6 +31,8 @@ INDEXER_NAME = 'ElasticSearch content indexer' INDEXER_STARTER_KEY = 'pyams_content.es.start_handler' INDEXER_HANDLER_KEY = 'pyams_content.es.tcp_handler' +INDEXER_AUTH_KEY = 'pyams_content.es.allow_auth' +INDEXER_CLIENTS_KEY = 'pyams_content.es.allow_clients' # @@ -45,6 +47,9 @@ required=False, vocabulary="PyAMS ZODB connections") + def get_socket(self): + """Get 0MQ socket matching utility settings""" + def index_document(self, document): """Index given document""" diff -r 78867d93d490 -r 7cc2aec2876c src/pyams_content_es/process.py --- a/src/pyams_content_es/process.py Thu Feb 22 10:15:31 2018 +0100 +++ b/src/pyams_content_es/process.py Mon Mar 05 14:33:53 2018 +0100 @@ -168,6 +168,6 @@ class ContentIndexerProcess(ZMQProcess): """Content indexer ZMQ process""" - def __init__(self, zmq_address, handler, registry): - ZMQProcess.__init__(self, zmq_address, handler) + def __init__(self, zmq_address, handler, auth, clients, registry): + ZMQProcess.__init__(self, zmq_address, handler, auth, clients) self.registry = registry diff -r 78867d93d490 -r 7cc2aec2876c src/pyams_content_es/utility.py --- a/src/pyams_content_es/utility.py Thu Feb 22 10:15:31 2018 +0100 +++ b/src/pyams_content_es/utility.py Mon Mar 05 14:33:53 2018 +0100 @@ -16,7 +16,7 @@ # import standard library # import interfaces -from pyams_content_es.interfaces import IContentIndexerUtility, INDEXER_HANDLER_KEY +from pyams_content_es.interfaces import IContentIndexerUtility, INDEXER_HANDLER_KEY, INDEXER_AUTH_KEY from zope.intid.interfaces import IIntIds # import packages @@ -34,15 +34,15 @@ zodb_name = FieldProperty(IContentIndexerUtility['zodb_name']) - def _get_socket(self): + def get_socket(self): registry = get_global_registry() handler = registry.settings.get(INDEXER_HANDLER_KEY, False) if handler: - return zmq_socket(handler) + return zmq_socket(handler, auth=registry.settings.get(INDEXER_AUTH_KEY)) def index_document(self, document): """Send index request for given document""" - socket = self._get_socket() + socket = self.get_socket() if socket is None: return [501, "No socket handler defined in configuration file"] intids = get_utility(IIntIds) @@ -53,7 +53,7 @@ def unindex_document(self, document): """Send unindex request for given document""" - socket = self._get_socket() + socket = self.get_socket() if socket is None: return [501, "No socket handler defined in configuration file"] intids = get_utility(IIntIds) @@ -64,7 +64,7 @@ def test_process(self): """Send test request to indexer process""" - socket = self._get_socket() + socket = self.get_socket() if socket is None: return [501, "No socket handler defined in configuration file"] socket.send_json(['test', {}])