forked from amundsen-io/amundsen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.py
128 lines (105 loc) · 4.62 KB
/
config.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# Copyright Contributors to the Amundsen project.
# SPDX-License-Identifier: Apache-2.0
import os
from typing import Any, Optional
STATS_FEATURE_KEY = 'STATS'
# Elasticsearch client configuration
PROXY_ENDPOINT = 'PROXY_ENDPOINT'
PROXY_USER = 'PROXY_USER'
PROXY_PASSWORD = 'PROXY_PASSWORD'
ELASTICSEARCH_CLIENT = 'ELASTICSEARCH_CLIENT'
# Elasticsearch proxy class configuration
ES_PROXY_CLIENT = 'ES_PROXY_CLIENT'
ES_INDEX_ALIAS_TEMPLATE = 'ES_INDEX_ALIAS_TEMPLATE'
PROXY_CLIENTS = {
'ELASTICSEARCH': 'search_service.proxy.elasticsearch.ElasticsearchProxy',
'ELASTICSEARCH_V2': 'search_service.proxy.es_proxy_v2.ElasticsearchProxyV2',
'ELASTICSEARCH_V2_1': 'search_service.proxy.es_proxy_v2_1.ElasticsearchProxyV2_1'
}
class Config:
# specify the alias string template under which the ES index exists for each resource
ES_INDEX_ALIAS_TEMPLATE = '{resource}_search_index_v2_1'
ES_PROXY_CLIENT = PROXY_CLIENTS[os.environ.get('ES_PROXY_CLIENT', 'ELASTICSEARCH_V2_1')]
LOG_FORMAT = '%(asctime)s.%(msecs)03d [%(levelname)s] %(module)s.%(funcName)s:%(lineno)d (%(process)d:'\
'%(threadName)s) - %(message)s'
LOG_DATE_FORMAT = '%Y-%m-%dT%H:%M:%S%z'
LOG_LEVEL = 'INFO'
# Path to the logging configuration file to be used by `fileConfig()` method
# https://docs.python.org/3.7/library/logging.config.html#logging.config.fileConfig
# LOG_CONFIG_FILE = 'search_service/logging.conf'
LOG_CONFIG_FILE = None
SWAGGER_ENABLED = os.environ.get('SWAGGER_ENABLED', False)
class LocalConfig(Config):
DEBUG = False
TESTING = False
STATS = False
LOCAL_HOST = '0.0.0.0'
PROXY_PORT = '9200'
PROXY_ENDPOINT = os.environ.get('PROXY_ENDPOINT',
'http://{LOCAL_HOST}:{PORT}'.format(
LOCAL_HOST=LOCAL_HOST,
PORT=PROXY_PORT)
)
ES_PROXY_CLIENT = PROXY_CLIENTS[os.environ.get('ES_PROXY_CLIENT', 'ELASTICSEARCH_V2_1')]
ELASTICSEARCH_CLIENT = os.environ.get('ELASTICSEARCH_CLIENT') # type: Optional[Any]
PROXY_USER = os.environ.get('CREDENTIALS_PROXY_USER', 'elastic')
PROXY_PASSWORD = os.environ.get('CREDENTIALS_PROXY_PASSWORD', 'elastic')
SWAGGER_ENABLED = True
SWAGGER_TEMPLATE_PATH = os.path.join('api', 'swagger_doc', 'template.yml')
SWAGGER = {
'openapi': '3.0.2',
'title': 'Search Service',
'uiversion': 3
}
class AwsSearchConfig(LocalConfig):
"""
Class sets up special case of Elasticsearch client with AWS token-based authentication,
to enable usage of AWS Elasticsearch Service as a Elasticsearch Proxy backend.
To connect to AWS Elasticsearch domain set environmental variable PROXY_ENDPOINT
to domain's VPC endpoint, without the leading protol part (i.e. https://).
Also, you need to set environmental variable AWS_REGION to the region in which your
AWS Elasticsearch domain is running.
To assess AWS Elasticsearch domain correctly you need to setup AWS credentials with
a role that enables reading and writting to Elasticsearch Service domain;
see the sample CloudFormation IAM policy below::
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:user/test-user"
]
},
"Action": [
"es:ESHttpGet",
"es:ESHttpPut"
],
"Resource": "arn:aws:es:us-west-1:987654321098:domain/test-domain/test-index/_search"
}
]
}
If you run Amundsen on Kubernetes use IAM roles for service accounts
(https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
"""
import boto3
from elasticsearch import Elasticsearch, RequestsHttpConnection
from requests_aws4auth import AWS4Auth
service = 'es'
host = os.environ.get('PROXY_ENDPOINT')
port = 443
use_ssl = True
verify_certs = True
region = os.environ.get('AWS_REGION')
credentials = boto3.Session().get_credentials()
if all([host, region, credentials]):
aws_auth = AWS4Auth(region=region, service=service, refreshable_credentials=credentials)
client = Elasticsearch(
hosts=[{'host': host, 'port': port}],
http_auth=aws_auth,
use_ssl=use_ssl,
verify_certs=verify_certs,
connection_class=RequestsHttpConnection
)
ELASTICSEARCH_CLIENT = client