Merge pull request ome#92 from khaledk2/secure_elasticsearch_onnection

Secure the connection with the elsticsearch

.github/workflows/main.yml

@@ -24,10 +24,14 @@ jobs:
           --health-retries 5
 
       elasticsearch:
-        image: elasticsearch:7.16.2
+        image: elasticsearch:8.8.1
         ports:
           - 9200/tcp
-        options: -e="discovery.type=single-node" --health-cmd="curl http://localhost:9200/_cluster/health" --health-interval=10s --health-timeout=5s --health-retries=10
+        env:
+          es_api_basic_auth_username: "elastic"
+          ELASTIC_PASSWORD: "elasticsearch_user_password"
+
+        options: -e="discovery.type=single-node" --health-cmd="curl -k -u elastic:elasticsearch_user_password  https://localhost:9200/_cluster/health" --health-interval=10s --health-timeout=5s --health-retries=10
 
     steps:
       - uses: actions/checkout@v2
@@ -84,5 +88,3 @@ jobs:
           file: deployment/docker/centos/Dockerfile
           push: true
           tags: ${{ join(fromJson(steps.gettags.outputs.tags)) }}
-
-

configurations/app_config.yml

@@ -6,9 +6,11 @@ DATABASE_NAME : "omero"
 CACHE_FOLDER : "path/to/folder/app_data"
 SECRET_KEY : "fsdasdh3424vvcsd467fgh"
 ASYNCHRONOUS_SEARCH : True
-ELASTICSEARCH_URL : "http://localhost:9200"
+ELASTICSEARCH_URL : "https://localhost:9200"
 IDR_TEST_FILE_URL : "https://raw.githubusercontent.com/IDR/idr.openmicroscopy.org/master/_data/studies.tsv"
 PAGE_SIZE : 1000
 CACHE_ROWS : 10000
 MAX_RETUNED_ITEMS : 1700000
 ELASTICSEARCH_BACKUP_FOLDER: "path/to/elasticsearch/backup/folder"
+verify_certs: False
+ELASTIC_PASSWORD: elasticsearch_user_password

configurations/configuration.py

@@ -20,6 +20,7 @@
 import yaml
 from shutil import copyfile
 import os
+import json
 
 
 def load_configuration_variables_from_file(config):
@@ -29,6 +30,20 @@ def load_configuration_variables_from_file(config):
         cofg = yaml.load(f)
     for x, y in cofg.items():
         setattr(config, x, y)
+    if hasattr(config, "verify_certs"):
+        try:
+            verify_certs = json.load(config.verify_certs)
+        except Exception as ex:
+            print(str(ex))
+            verify_certs = False
+    else:
+        verify_certs = False
+    config.verify_certs = verify_certs
+    if not verify_certs:
+        import requests
+        from requests.packages.urllib3.exceptions import InsecureRequestWarning
+
+        requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 
 
 def set_database_connection_variables(config):

docs/configuration/configuration_installation.rst

@@ -14,10 +14,12 @@ The application should have the access attributes (e.g, URL, username, password,
       * ``DATABASE_NAME``
       * ``ELASTICSEARCH__URL``
       * ``PAGE_SIZE``
+      * ``ELASTIC_PASSWORD``
     * Although the user can edit this file to set the values, there are some methods inside :omero_search_engine:`manage.py <manage.py>` which could help to set the configuration e.g.
 
       * ``set_database_configuration``
       * ``set_elasticsearch_configuration``
+      * ``set_elasticsearch_password``
 
 * When the app runs for the first time, it will look for the application configuration file.
 

manage.py

@@ -192,6 +192,24 @@ def set_elasticsearch_configuration(elasticsearch_url=None):
         search_omero_app.logger.info("No attribute is provided")
 
 
+@manager.command
+@manager.option("-e", "--elasticsearch_password", help="set elasticsearch password")
+def set_elasticsearch_password(elasticsearch_password=None):
+    if elasticsearch_password:
+        update_config_file({"ELASTIC_PASSWORD": elasticsearch_password})
+    else:
+        search_omero_app.logger.info("No attribute is provided")
+
+
+@manager.command
+@manager.option("-v", "--verify_certs", help="set elasticsearch password")
+def set_verify_certs(verify_certs=None):
+    if verify_certs:
+        update_config_file({"verify_certs": verify_certs})
+    else:
+        search_omero_app.logger.info("No attribute is provided")
+
+
 @manager.command
 @manager.option("-c", "--cache_folder", help="cache folder path")
 def set_cache_folder(cache_folder=None):

omero_search_engine/__init__.py

@@ -22,7 +22,6 @@
 import logging
 from elasticsearch import Elasticsearch
 from flasgger import Swagger, LazyString, LazyJSONEncoder
-
 from omero_search_engine.database.database_connector import DatabaseConnector
 from configurations.configuration import (
     configLooader,
@@ -54,7 +53,6 @@
     "version": "0.2.0",
 }
 
-
 swagger = Swagger(search_omero_app, template=template)
 
 app_config = load_configuration_variables_from_file(config_)
@@ -72,12 +70,17 @@ def create_app(config_name="development"):
     search_omero_app.app_context().push()
     search_omero_app.app_context()
     search_omero_app.app_context().push()
+    ELASTIC_PASSWORD = app_config.ELASTIC_PASSWORD
+
     es_connector = Elasticsearch(
         app_config.ELASTICSEARCH_URL.split(","),
+        verify_certs=app_config.verify_certs,
         timeout=130,
         max_retries=20,
         retry_on_timeout=True,
         connections_per_node=10,
+        scheme="https",
+        http_auth=("elastic", ELASTIC_PASSWORD),
     )
 
     search_omero_app.config["database_connector"] = database_connector