opensearch-aws-sigv4 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +18 -0
- data/README.md +40 -1
- data/lib/opensearch-aws-sigv4/version.rb +1 -1
- data/lib/opensearch-aws-sigv4.rb +6 -3
- data/opensearch-aws-sigv4.gemspec +2 -2
- data/spec/unit/sigv4_client_spec.rb +11 -7
- data.tar.gz.sig +0 -0
- metadata +5 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0c18c127380978f8f6c155763004c09c2f47f8fe510060f78f5e2dd22dfda7d9
|
|
4
|
+
data.tar.gz: 1bf9b1df47af0b02f6e95950aab3bd51aa107e0d1b70dad9b210c894bcc5074f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6425d6f4b4925292cca4d1ab444643b40399ce6728b865715537df1c061c776bcb759b9fbd1f5d891a72e78ebf457ec601f4d3e0bb106e151d274a9aadb0e81c
|
|
7
|
+
data.tar.gz: 0376e3c9a1b67e4885335ecd1a751cd2db67725242f5a09f84cfa905dcbed18b2cbe64043e8ffcbb1b638bc5b71917982be13da6186c6f04cbb9f10f73c18d1f
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# CHANGELOG
|
|
2
|
+
Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
|
3
|
+
|
|
4
|
+
## [Unreleased]
|
|
5
|
+
### Added
|
|
6
|
+
- Added support for Amazon OpenSearch Serverless ([#131](https://github.com/opensearch-project/opensearch-ruby/issues/131))
|
|
7
|
+
|
|
8
|
+
### Changed
|
|
9
|
+
### Deprecated
|
|
10
|
+
### Removed
|
|
11
|
+
### Fixed
|
|
12
|
+
- Sign validation requests when using AWS Sigv4 ([#134](https://github.com/opensearch-project/opensearch-ruby/pull/134))
|
|
13
|
+
|
|
14
|
+
### Security
|
|
15
|
+
|
|
16
|
+
## 1.0.0
|
|
17
|
+
### Added
|
|
18
|
+
- Added `OpenSearch::AWS::Sigv4Client` ([#110](https://github.com/opensearch-project/opensearch-ruby/pull/110))
|
data/README.md
CHANGED
|
@@ -34,6 +34,9 @@ This library is an AWS Sigv4 wrapper for
|
|
|
34
34
|
which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client` is, therefore, has all features of `OpenSearch::Client`.
|
|
35
35
|
And since `opensearch-ruby` is a dependency of `opensearch-aws-sigv4`, you only need to install `opensearch-aws-sigv4`.
|
|
36
36
|
|
|
37
|
+
### Amazon Managed OpenSearch
|
|
38
|
+
Via the Sigv4 Client, you can interact with an Amazon Managed OpenSearch cluster just like would with a self-managed cluster:
|
|
39
|
+
|
|
37
40
|
```ruby
|
|
38
41
|
require 'opensearch-aws-sigv4'
|
|
39
42
|
require 'aws-sigv4'
|
|
@@ -43,7 +46,10 @@ signer = Aws::Sigv4::Signer.new(service: 'es',
|
|
|
43
46
|
access_key_id: 'key_id',
|
|
44
47
|
secret_access_key: 'secret')
|
|
45
48
|
|
|
46
|
-
client = OpenSearch::Aws::Sigv4Client.new(
|
|
49
|
+
client = OpenSearch::Aws::Sigv4Client.new(
|
|
50
|
+
{ host: 'https://your.amz-managed-opensearch.domain',
|
|
51
|
+
log: true },
|
|
52
|
+
signer)
|
|
47
53
|
|
|
48
54
|
client.cluster.health
|
|
49
55
|
|
|
@@ -54,6 +60,39 @@ client.search q: 'test'
|
|
|
54
60
|
|
|
55
61
|
Please refer to [opensearch-ruby](https://github.com/opensearch-project/opensearch-ruby/blob/main/opensearch-ruby/README.md) documentation for further details.
|
|
56
62
|
|
|
63
|
+
### Amazon OpenSearch Serverless
|
|
64
|
+
You can also use this client to connect to Amazon OpenSearch Serverless (AOSS). Remember to change the service for the signer to `aoss`:
|
|
65
|
+
|
|
66
|
+
```ruby
|
|
67
|
+
require 'opensearch-aws-sigv4'
|
|
68
|
+
require 'aws-sigv4'
|
|
69
|
+
|
|
70
|
+
signer = Aws::Sigv4::Signer.new(service: 'aoss',
|
|
71
|
+
region: 'us-west-2',
|
|
72
|
+
access_key_id: 'key_id',
|
|
73
|
+
secret_access_key: 'secret')
|
|
74
|
+
|
|
75
|
+
client = OpenSearch::Aws::Sigv4Client.new(
|
|
76
|
+
{ host: 'https://your.amz-opensearch-serverless.endpoint',
|
|
77
|
+
log: true },
|
|
78
|
+
signer)
|
|
79
|
+
|
|
80
|
+
index = 'prime'
|
|
81
|
+
client.indices.create(index: index)
|
|
82
|
+
client.index(index: index, id: '1', body: { name: 'Amazon Echo',
|
|
83
|
+
msrp: '5999',
|
|
84
|
+
year: 2011 })
|
|
85
|
+
client.search(body: { query: { match: { name: 'Echo' } } })
|
|
86
|
+
client.delete(index: index, id: '1')
|
|
87
|
+
client.indices.delete(index: index)
|
|
88
|
+
|
|
89
|
+
# Most administrative commands like the ones below will result in a 404 error for AOSS
|
|
90
|
+
client.cluster.stats
|
|
91
|
+
client.cat.health
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
*NOTES:* AOSS does NOT support all API endpoints provided by a standard OpenSearch cluster. Refer to [AOSS Developer's Guide](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-genref.html) for more detail.
|
|
95
|
+
|
|
57
96
|
## Development
|
|
58
97
|
|
|
59
98
|
You can run `rake -T` to check the test tasks. Use `COVERAGE=true` before running a test task to check the coverage with Simplecov.
|
data/lib/opensearch-aws-sigv4.rb
CHANGED
|
@@ -45,12 +45,11 @@ module OpenSearch
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
@sigv4_signer = sigv4_signer
|
|
48
|
-
super
|
|
48
|
+
super(transport_args, &block)
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
# @see OpenSearch::Transport::Transport::Base::perform_request
|
|
52
52
|
def perform_request(method, path, params = {}, body = nil, headers = nil)
|
|
53
|
-
verify_open_search unless @verified
|
|
54
53
|
signature_body = body.is_a?(Hash) ? body.to_json : body.to_s
|
|
55
54
|
signature = sigv4_signer.sign_request(
|
|
56
55
|
http_method: method,
|
|
@@ -58,11 +57,15 @@ module OpenSearch
|
|
|
58
57
|
headers: headers,
|
|
59
58
|
body: signature_body)
|
|
60
59
|
headers = (headers || {}).merge(signature.headers)
|
|
61
|
-
|
|
60
|
+
super(method, path, params, body, headers)
|
|
62
61
|
end
|
|
63
62
|
|
|
64
63
|
private
|
|
65
64
|
|
|
65
|
+
def verify_open_search
|
|
66
|
+
@verified = true
|
|
67
|
+
end
|
|
68
|
+
|
|
66
69
|
def signature_url(path, params)
|
|
67
70
|
host = @transport.transport.hosts.dig(0, :host)
|
|
68
71
|
path = '/' + path unless path.start_with?('/')
|
|
@@ -16,8 +16,8 @@ signing_key_path = File.expand_path("../gem-private_key.pem")
|
|
|
16
16
|
Gem::Specification.new do |s|
|
|
17
17
|
s.name = 'opensearch-aws-sigv4'
|
|
18
18
|
s.version = OpenSearch::Aws::Sigv4::VERSION
|
|
19
|
-
s.authors = ['Theo Truong']
|
|
20
|
-
s.email = ['theo.nam.truong@gmail.com']
|
|
19
|
+
s.authors = ['Theo Truong', 'Robin Roestenburg']
|
|
20
|
+
s.email = ['theo.nam.truong@gmail.com', 'robin.roestenburg@4me.com']
|
|
21
21
|
s.summary = 'Ruby AWS Sigv4 Client for OpenSearch'
|
|
22
22
|
s.homepage = 'https://opensearch.org/docs/latest'
|
|
23
23
|
s.license = 'Apache-2.0'
|
|
@@ -13,7 +13,7 @@ require 'timecop'
|
|
|
13
13
|
|
|
14
14
|
describe OpenSearch::Aws::Sigv4Client do
|
|
15
15
|
subject(:client) do
|
|
16
|
-
|
|
16
|
+
described_class.new(
|
|
17
17
|
{ host: 'http://localhost:9200',
|
|
18
18
|
transport_options: { ssl: { verify: false } } },
|
|
19
19
|
signer)
|
|
@@ -50,17 +50,16 @@ describe OpenSearch::Aws::Sigv4Client do
|
|
|
50
50
|
_double
|
|
51
51
|
end
|
|
52
52
|
let(:signed_headers) do
|
|
53
|
-
|
|
53
|
+
{ 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
|
|
54
54
|
'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' \
|
|
55
55
|
'Signature=9c4c690110483308f62a91c2ca873857750bca2607ba1aabdae0d2303950310a',
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
56
|
+
'host' => 'localhost',
|
|
57
|
+
'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
|
|
58
|
+
'x-amz-date' => '20220101T000000Z' }
|
|
59
59
|
end
|
|
60
|
-
|
|
60
|
+
|
|
61
61
|
before(:each) do
|
|
62
62
|
Timecop.freeze(Time.utc(2022))
|
|
63
|
-
allow(client).to receive(:verify_open_search) { true }
|
|
64
63
|
client.transport = transport_double
|
|
65
64
|
end
|
|
66
65
|
|
|
@@ -71,5 +70,10 @@ describe OpenSearch::Aws::Sigv4Client do
|
|
|
71
70
|
expect(output).to eq(response)
|
|
72
71
|
expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, '', signed_headers)
|
|
73
72
|
end
|
|
73
|
+
|
|
74
|
+
it 'skips the opensearch verification' do
|
|
75
|
+
expect(client).to_not receive(:open_search_validation_request)
|
|
76
|
+
client.perform_request('GET', '/_stats', {}, '', {})
|
|
77
|
+
end
|
|
74
78
|
end
|
|
75
79
|
end
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: opensearch-aws-sigv4
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Theo Truong
|
|
8
|
+
- Robin Roestenburg
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain:
|
|
@@ -30,7 +31,7 @@ cert_chain:
|
|
|
30
31
|
r+j7FLyKuk5DzIxiCp8QN5dU71BbGUmsHf/C5UV76WLPOFX/szeaHhPwpjR3sK7r
|
|
31
32
|
5zLgCV1KP7cgDdCYMlmZGeSViU8NV+Yy8/ghrzGpqVw=
|
|
32
33
|
-----END CERTIFICATE-----
|
|
33
|
-
date:
|
|
34
|
+
date: 2023-01-20 00:00:00.000000000 Z
|
|
34
35
|
dependencies:
|
|
35
36
|
- !ruby/object:Gem::Dependency
|
|
36
37
|
name: aws-sigv4
|
|
@@ -205,6 +206,7 @@ description: 'Ruby AWS Sigv4 Client for OpenSearch
|
|
|
205
206
|
'
|
|
206
207
|
email:
|
|
207
208
|
- theo.nam.truong@gmail.com
|
|
209
|
+
- robin.roestenburg@4me.com
|
|
208
210
|
executables:
|
|
209
211
|
- opensearch_sigv4_console
|
|
210
212
|
extensions: []
|
|
@@ -213,6 +215,7 @@ extra_rdoc_files:
|
|
|
213
215
|
- LICENSE
|
|
214
216
|
files:
|
|
215
217
|
- ".gitignore"
|
|
218
|
+
- CHANGELOG.md
|
|
216
219
|
- Gemfile
|
|
217
220
|
- LICENSE
|
|
218
221
|
- README.md
|
metadata.gz.sig
CHANGED
|
Binary file
|