From 2606260943700da1f42d37e040ab23d8eb53cb4e Mon Sep 17 00:00:00 2001 From: Tomasz Hoscilo Date: Thu, 6 Apr 2023 22:34:35 +0200 Subject: [PATCH] Add HttpNtlmAuth Add NLTM auth. Update README. --- README.rst | 9 +++++++-- cmreslogging/handlers.py | 21 +++++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index 459dd83..0970c66 100644 --- a/README.rst +++ b/README.rst @@ -45,6 +45,11 @@ Additional requirements for Kerberos support Additionally, the package support optionally kerberos authentication by adding the following dependecy - requests-kerberos +Additional requirements for NTLM support +============================================ +Additionally, the package support optionally NTLM authentication by adding the following dependency + - requests-ntlm + Additional requirements for AWS IAM user authentication (request signing) ========================================================================= Additionally, the package support optionally AWS IAM user authentication by adding the following dependecy @@ -100,8 +105,8 @@ The constructors takes the following parameters: [{'host':'host1','port':9200}, {'host':'host2','port':9200}] - - auth_type: The authentication currently support CMRESHandler.AuthType = NO_AUTH, BASIC_AUTH, KERBEROS_AUTH - - auth_details: When CMRESHandler.AuthType.BASIC_AUTH is used this argument must contain a tuple of string with the user and password that will be used to authenticate against the Elasticsearch servers, for example ('User','Password') + - auth_type: The authentication currently support CMRESHandler.AuthType = NO_AUTH, BASIC_AUTH, KERBEROS_AUTH, NTLM_AUTH + - auth_details: When ``CMRESHandler.AuthType.BASIC_AUTH`` or ``CMRESHandler.AuthType.NTLM_AUTH`` is used this argument must contain a tuple of string with the user and password that will be used to authenticate against the Elasticsearch servers, for example ('User','Password') - aws_access_key: When ``CMRESHandler.AuthType.AWS_SIGNED_AUTH`` is used this argument must contain the AWS key id of the the AWS IAM user - aws_secret_key: When ``CMRESHandler.AuthType.AWS_SIGNED_AUTH`` is used this argument must contain the AWS secret key of the the AWS IAM user - aws_region: When ``CMRESHandler.AuthType.AWS_SIGNED_AUTH`` is used this argument must contain the AWS region of the the AWS Elasticsearch servers, for example ``'us-east'`` diff --git a/cmreslogging/handlers.py b/cmreslogging/handlers.py index 52e250a..67760ea 100644 --- a/cmreslogging/handlers.py +++ b/cmreslogging/handlers.py @@ -21,6 +21,12 @@ except ImportError: AWS4AUTH_SUPPORTED = False +try: + from requests_ntlm import HttpNtlmAuth + NTLM_AUTH_SUPPORTED = True +except ImportError: + NTLM_AUTH_SUPPORTED = False + from cmreslogging.serializers import CMRESSerializer @@ -43,6 +49,7 @@ class AuthType(Enum): BASIC_AUTH = 1 KERBEROS_AUTH = 2 AWS_SIGNED_AUTH = 3 + NTLM_AUTH = 4 class IndexNameFrequency(Enum): """ Index type supported @@ -254,6 +261,20 @@ def __get_es_client(self): ) return self._client + if self.auth_type == CMRESHandler.AuthType.NTLM_AUTH: + if not NTLM_AUTH_SUPPORTED: + raise EnvironmentError("HttpNtlmAuth not available. Please install \"requests_ntlm\"") + if self._client is None: + ntlm_auth = HttpNtlmAuth(username=self.auth_details[0], + password=self.auth_details[1]) + return Elasticsearch(hosts=self.hosts, + http_auth=ntlm_auth, + verify_certs=self.verify_certs, + serializer=self.serializer, + node_class='requests') + return self._client + + raise ValueError("Authentication method not supported") def test_es_source(self):