[Elasticsearch Feed] Authentication Error Bug FIx (demisto#27614)

* Add debug logs * Add differentiation between authentication methods * Remove extra debug logs * Update docker image * Update release notes * Add known_words section to .pack-ignore fille * Update Release Notes * Update authentication related UTs
xsoar-contrib · Jul 26, 2023 · d9aae30 · d9aae30
1 parent 17bcac7
commit d9aae30
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 17 deletions.
diff --git a/Packs/FeedElasticsearch/.pack-ignore b/Packs/FeedElasticsearch/.pack-ignore
@@ -1,3 +1,3 @@
 [known_words]
 Elasticsearch
-Opensearch
+Opensearch
diff --git a/Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch.py b/Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch.py
@@ -65,8 +65,12 @@ def __init__(self, insecure=None, server=None, username=None, password=None, api
 
     def _elasticsearch_builder(self):
         """Builds an Elasticsearch obj with the necessary credentials, proxy settings and secure connection."""
-        es = Elasticsearch(hosts=[self._server], connection_class=RequestsHttpConnection, http_auth=self._http_auth,
-                           verify_certs=self._insecure, proxies=self._proxy, api_key=self._api_key)
+        if self._api_key:
+            es = Elasticsearch(hosts=[self._server], connection_class=RequestsHttpConnection,
+                               verify_certs=self._insecure, proxies=self._proxy, api_key=self._api_key)
+        else:
+            es = Elasticsearch(hosts=[self._server], connection_class=RequestsHttpConnection, http_auth=self._http_auth,
+                               verify_certs=self._insecure, proxies=self._proxy)
         # this should be passed as api_key via Elasticsearch init, but this code ensures it'll be set correctly
         if self._api_key and hasattr(es, 'transport'):
             es.transport.get_connection().session.headers['authorization'] = self._get_api_key_header_val(self._api_key)

diff --git a/Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch.yml b/Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch.yml
@@ -182,3 +182,5 @@ script:
   subtype: python3
   type: python
 fromversion: 5.5.0
+tests:
+- No tests (auto formatted)
diff --git a/Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch_test.py b/Packs/FeedElasticsearch/Integrations/FeedElasticsearch/FeedElasticsearch_test.py
@@ -225,35 +225,54 @@ def test_create_enrichment_batches_mult_indicators():
 
 
 def test_elasticsearch_builder_called_with_username_password(mocker):
-    from elasticsearch import Elasticsearch
+    """
+    Given:
+        - basic authentication parameters are provided (username and password)
+    When:
+        - creating an Elasticsearch client
+    Then:
+        - ensure the client is created with the correct parameters
+    """
     import FeedElasticsearch as esf
-    es_mock = mocker.patch.object(Elasticsearch, '__init__', return_value=None)
+    es_mock = mocker.patch.object(esf.Elasticsearch, '__init__', return_value=None)
     username = 'demisto'
     password = 'mock'
-    client = esf.ElasticsearchClient(username=username, password=password)
-    client._elasticsearch_builder()
-    assert es_mock.call_args[1].get('http_auth') == (username, password)
+    esf.ElasticsearchClient(username=username, password=password)
+    assert es_mock.call_args[1].get('http_auth') == ('demisto', 'mock')
     assert es_mock.call_args[1].get('api_key') is None
 
 
 def test_elasticsearch_builder_called_with_api_key(mocker):
-    from elasticsearch import Elasticsearch
+    """
+    Given:
+        - api key authentication parameters are provided (api key id and api key)
+    When:
+        - creating an Elasticsearch client
+    Then:
+        - ensure the client is created with the correct parameters
+    """
     import FeedElasticsearch as esf
-    es_mock = mocker.patch.object(Elasticsearch, '__init__', return_value=None)
+    es_mock = mocker.patch.object(esf.Elasticsearch, '__init__', return_value=None)
     api_id = 'demisto'
     api_key = 'mock'
-    client = esf.ElasticsearchClient(api_key=api_key, api_id=api_id)
-    client._elasticsearch_builder()
+    esf.ElasticsearchClient(api_key=api_key, api_id=api_id)
     assert es_mock.call_args[1].get('http_auth') is None
     assert es_mock.call_args[1].get('api_key') == (api_id, api_key)
 
 
 def test_elasticsearch_builder_called_with_no_creds(mocker):
-    from elasticsearch import Elasticsearch
+    """
+    Given:
+        - no authentication parameter are provided
+    When:
+        - creating an Elasticsearch client
+    Then:
+        - ensure the client is created with the correct parameters (edge this, this use-case should not happen as '401
+          Unauthorized - Incorrect or invalid username or password' message will be returned
+    """
     import FeedElasticsearch as esf
-    es_mock = mocker.patch.object(Elasticsearch, '__init__', return_value=None)
-    client = esf.ElasticsearchClient()
-    client._elasticsearch_builder()
+    es_mock = mocker.patch.object(esf.Elasticsearch, '__init__', return_value=None)
+    esf.ElasticsearchClient()
     assert es_mock.call_args[1].get('http_auth') is None
     assert es_mock.call_args[1].get('api_key') is None
 

diff --git a/Packs/FeedElasticsearch/ReleaseNotes/1_1_1.md b/Packs/FeedElasticsearch/ReleaseNotes/1_1_1.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Elasticsearch Feed
+
+- Fixed an issue where API key based authentication failed due to lack differentiation between authentication methods.
+- Updated the Docker image to: *demisto/py3-tools:1.0.0.64131*.
diff --git a/Packs/FeedElasticsearch/pack_metadata.json b/Packs/FeedElasticsearch/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Elasticsearch Feed",
     "description": "Indicators feed from Elasticsearch database",
     "support": "xsoar",
-    "currentVersion": "1.1.0",
+    "currentVersion": "1.1.1",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",