2024-01-27 09:28:30 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
# Elasticsearch Recon Ingestion Scripts (ERIS) - Developed by Acidvegas (https://git.acid.vegas/eris)
|
2024-03-06 03:19:11 +00:00
|
|
|
# sniff_patch.py [asyncronous developement]
|
2024-01-27 09:28:30 +00:00
|
|
|
|
|
|
|
# Note:
|
|
|
|
# This is a patch for the elasticsearch 8.x client to fix the sniff_* options.
|
|
|
|
# This patch is only needed if you use the sniff_* options and only works with basic auth.
|
|
|
|
# Call init_elasticsearch() with normal Elasticsearch params.
|
|
|
|
#
|
|
|
|
# Source:
|
|
|
|
# - https://github.com/elastic/elasticsearch-py/issues/2005#issuecomment-1645641960
|
2024-01-27 06:13:11 +00:00
|
|
|
|
|
|
|
import base64
|
2024-01-27 09:28:30 +00:00
|
|
|
|
2024-03-06 03:19:11 +00:00
|
|
|
import elasticsearch._async.client as async_client
|
2024-01-27 06:13:11 +00:00
|
|
|
from elasticsearch.exceptions import SerializationError, ConnectionError
|
|
|
|
|
|
|
|
|
2024-03-08 17:13:57 +00:00
|
|
|
async def init_elasticsearch(*args, **kwargs):
|
2024-01-27 09:28:30 +00:00
|
|
|
'''
|
2024-03-06 03:19:11 +00:00
|
|
|
Initialize the Async Elasticsearch client with the sniff patch.
|
2024-03-08 17:13:57 +00:00
|
|
|
|
2024-03-06 03:19:11 +00:00
|
|
|
:param args: Async Elasticsearch positional arguments.
|
|
|
|
:param kwargs: Async Elasticsearch keyword arguments.
|
2024-01-27 09:28:30 +00:00
|
|
|
'''
|
2024-03-12 02:46:48 +00:00
|
|
|
async_client.default_sniff_callback = await _override_sniff_callback(kwargs['basic_auth'])
|
2024-01-27 09:28:30 +00:00
|
|
|
|
2024-03-06 03:19:11 +00:00
|
|
|
return async_client.AsyncElasticsearch(*args, **kwargs)
|
2024-01-27 06:13:11 +00:00
|
|
|
|
2024-01-27 09:28:30 +00:00
|
|
|
|
2024-03-12 02:46:48 +00:00
|
|
|
async def _override_sniff_callback(basic_auth):
|
2024-01-27 09:28:30 +00:00
|
|
|
'''
|
2024-01-27 06:13:11 +00:00
|
|
|
Taken from https://github.com/elastic/elasticsearch-py/blob/8.8/elasticsearch/_sync/client/_base.py#L166
|
|
|
|
Completely unmodified except for adding the auth header to the elastic request.
|
|
|
|
Allows us to continue using the sniff_* options while this is broken in the library.
|
|
|
|
|
|
|
|
TODO: Remove this when this issue is patched:
|
2024-01-27 09:28:30 +00:00
|
|
|
- https://github.com/elastic/elasticsearch-py/issues/2005
|
|
|
|
'''
|
2024-01-27 06:13:11 +00:00
|
|
|
auth_str = base64.b64encode(':'.join(basic_auth).encode()).decode()
|
2024-03-06 03:19:11 +00:00
|
|
|
sniffed_node_callback = async_client._base._default_sniffed_node_callback
|
2024-01-27 06:13:11 +00:00
|
|
|
|
2024-03-08 17:13:57 +00:00
|
|
|
async def modified_sniff_callback(transport, sniff_options):
|
2024-01-27 06:13:11 +00:00
|
|
|
for _ in transport.node_pool.all():
|
|
|
|
try:
|
2024-03-06 03:19:11 +00:00
|
|
|
meta, node_infos = await transport.perform_request(
|
2024-01-27 09:28:30 +00:00
|
|
|
'GET',
|
|
|
|
'/_nodes/_all/http',
|
2024-03-06 03:19:11 +00:00
|
|
|
headers={
|
2024-01-27 09:28:30 +00:00
|
|
|
'accept': 'application/vnd.elasticsearch+json; compatible-with=8',
|
2024-03-08 17:13:57 +00:00
|
|
|
'authorization': f'Basic {auth_str}' # This auth header is missing in 8.x releases of the client, and causes 401s
|
2024-01-27 06:13:11 +00:00
|
|
|
},
|
2024-03-06 03:19:11 +00:00
|
|
|
request_timeout=(
|
2024-01-27 06:13:11 +00:00
|
|
|
sniff_options.sniff_timeout
|
|
|
|
if not sniff_options.is_initial_sniff
|
|
|
|
else None
|
|
|
|
),
|
|
|
|
)
|
|
|
|
except (SerializationError, ConnectionError):
|
|
|
|
continue
|
|
|
|
|
|
|
|
if not 200 <= meta.status <= 299:
|
|
|
|
continue
|
|
|
|
|
|
|
|
node_configs = []
|
2024-01-27 09:28:30 +00:00
|
|
|
for node_info in node_infos.get('nodes', {}).values():
|
|
|
|
address = node_info.get('http', {}).get('publish_address')
|
|
|
|
if not address or ':' not in address:
|
2024-01-27 06:13:11 +00:00
|
|
|
continue
|
|
|
|
|
2024-01-27 09:28:30 +00:00
|
|
|
if '/' in address:
|
2024-01-27 06:13:11 +00:00
|
|
|
# Support 7.x host/ip:port behavior where http.publish_host has been set.
|
2024-01-27 09:28:30 +00:00
|
|
|
fqdn, ipaddress = address.split('/', 1)
|
2024-01-27 06:13:11 +00:00
|
|
|
host = fqdn
|
2024-01-27 09:28:30 +00:00
|
|
|
_, port_str = ipaddress.rsplit(':', 1)
|
2024-01-27 06:13:11 +00:00
|
|
|
port = int(port_str)
|
|
|
|
else:
|
2024-01-27 09:28:30 +00:00
|
|
|
host, port_str = address.rsplit(':', 1)
|
2024-01-27 06:13:11 +00:00
|
|
|
port = int(port_str)
|
|
|
|
|
|
|
|
assert sniffed_node_callback is not None
|
2024-03-08 17:13:57 +00:00
|
|
|
|
|
|
|
# Pay not mind to this, it's just a workaround for my own setup.
|
|
|
|
#host = elastic.domain.com
|
|
|
|
#port = int(str(port).replace('', ''))
|
|
|
|
|
|
|
|
sniffed_node = sniffed_node_callback(node_info, meta.node.replace(host=host, port=port))
|
|
|
|
|
2024-01-27 06:13:11 +00:00
|
|
|
if sniffed_node is None:
|
|
|
|
continue
|
|
|
|
|
|
|
|
# Use the node which was able to make the request as a base.
|
|
|
|
node_configs.append(sniffed_node)
|
|
|
|
|
|
|
|
if node_configs:
|
|
|
|
return node_configs
|
|
|
|
|
|
|
|
return []
|
|
|
|
|
2024-03-08 17:13:57 +00:00
|
|
|
return modified_sniff_callback
|