Added 0MQ authentication and access control
authorThierry Florac <thierry.florac@onf.fr>
Mon, 05 Mar 2018 14:33:53 +0100
changeset 50 7cc2aec2876c
parent 49 78867d93d490
child 51 d2f833a2ec62
Added 0MQ authentication and access control
src/pyams_content_es/include.py
src/pyams_content_es/interfaces/__init__.py
src/pyams_content_es/process.py
src/pyams_content_es/utility.py
--- a/src/pyams_content_es/include.py	Thu Feb 22 10:15:31 2018 +0100
+++ b/src/pyams_content_es/include.py	Mon Mar 05 14:33:53 2018 +0100
@@ -22,7 +22,7 @@
 import sys
 
 # import interfaces
-from pyams_content_es.interfaces import INDEXER_HANDLER_KEY, INDEXER_STARTER_KEY
+from pyams_content_es.interfaces import INDEXER_HANDLER_KEY, INDEXER_STARTER_KEY, INDEXER_AUTH_KEY, INDEXER_CLIENTS_KEY
 from pyramid.interfaces import IApplicationCreated
 
 # import packages
@@ -65,7 +65,10 @@
         # create content indexer process
         try:
             process = ContentIndexerProcess(settings.get(INDEXER_HANDLER_KEY, '127.0.0.1:5557'),
-                                            ContentIndexerMessageHandler, registry)
+                                            ContentIndexerMessageHandler,
+                                            settings.get(INDEXER_AUTH_KEY),
+                                            settings.get(INDEXER_CLIENTS_KEY),
+                                            registry)
             logger.info('Starting Elasticsearch content indexer {0!r}...'.format(process))
             process.start()
             if process.is_alive():
--- a/src/pyams_content_es/interfaces/__init__.py	Thu Feb 22 10:15:31 2018 +0100
+++ b/src/pyams_content_es/interfaces/__init__.py	Mon Mar 05 14:33:53 2018 +0100
@@ -31,6 +31,8 @@
 INDEXER_NAME = 'ElasticSearch content indexer'
 INDEXER_STARTER_KEY = 'pyams_content.es.start_handler'
 INDEXER_HANDLER_KEY = 'pyams_content.es.tcp_handler'
+INDEXER_AUTH_KEY = 'pyams_content.es.allow_auth'
+INDEXER_CLIENTS_KEY = 'pyams_content.es.allow_clients'
 
 
 #
@@ -45,6 +47,9 @@
                        required=False,
                        vocabulary="PyAMS ZODB connections")
 
+    def get_socket(self):
+        """Get 0MQ socket matching utility settings"""
+
     def index_document(self, document):
         """Index given document"""
 
--- a/src/pyams_content_es/process.py	Thu Feb 22 10:15:31 2018 +0100
+++ b/src/pyams_content_es/process.py	Mon Mar 05 14:33:53 2018 +0100
@@ -168,6 +168,6 @@
 class ContentIndexerProcess(ZMQProcess):
     """Content indexer ZMQ process"""
 
-    def __init__(self, zmq_address, handler, registry):
-        ZMQProcess.__init__(self, zmq_address, handler)
+    def __init__(self, zmq_address, handler, auth, clients, registry):
+        ZMQProcess.__init__(self, zmq_address, handler, auth, clients)
         self.registry = registry
--- a/src/pyams_content_es/utility.py	Thu Feb 22 10:15:31 2018 +0100
+++ b/src/pyams_content_es/utility.py	Mon Mar 05 14:33:53 2018 +0100
@@ -16,7 +16,7 @@
 # import standard library
 
 # import interfaces
-from pyams_content_es.interfaces import IContentIndexerUtility, INDEXER_HANDLER_KEY
+from pyams_content_es.interfaces import IContentIndexerUtility, INDEXER_HANDLER_KEY, INDEXER_AUTH_KEY
 from zope.intid.interfaces import IIntIds
 
 # import packages
@@ -34,15 +34,15 @@
 
     zodb_name = FieldProperty(IContentIndexerUtility['zodb_name'])
 
-    def _get_socket(self):
+    def get_socket(self):
         registry = get_global_registry()
         handler = registry.settings.get(INDEXER_HANDLER_KEY, False)
         if handler:
-            return zmq_socket(handler)
+            return zmq_socket(handler, auth=registry.settings.get(INDEXER_AUTH_KEY))
 
     def index_document(self, document):
         """Send index request for given document"""
-        socket = self._get_socket()
+        socket = self.get_socket()
         if socket is None:
             return [501, "No socket handler defined in configuration file"]
         intids = get_utility(IIntIds)
@@ -53,7 +53,7 @@
 
     def unindex_document(self, document):
         """Send unindex request for given document"""
-        socket = self._get_socket()
+        socket = self.get_socket()
         if socket is None:
             return [501, "No socket handler defined in configuration file"]
         intids = get_utility(IIntIds)
@@ -64,7 +64,7 @@
 
     def test_process(self):
         """Send test request to indexer process"""
-        socket = self._get_socket()
+        socket = self.get_socket()
         if socket is None:
             return [501, "No socket handler defined in configuration file"]
         socket.send_json(['test', {}])