RubyGems - opensearch-aws-sigv4 - Versions diffs - 1.0.0 → 1.2.0 - Mend

opensearch-aws-sigv4 1.0.0 → 1.2.0

Files changed (12) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +24 -0
data/README.md +9 -53
data/USER_GUIDE.md +59 -0
data/lib/opensearch-aws-sigv4/version.rb +1 -1
data/lib/opensearch-aws-sigv4.rb +36 -4
data/opensearch-aws-sigv4.gemspec +2 -2
data/spec/unit/sigv4_client_spec.rb +11 -7
data.tar.gz.sig +0 -0
metadata +6 -2
metadata.gz.sig +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43ed10e26e1b3308e4a19d3d479269c36d27b2244d4d688852afbf80d7fb16c9
-  data.tar.gz: 7c53006f740126f7f3a19fbc7b9a83f0096484c0240a514c8ff7c843fd8b5c2b
+  metadata.gz: 8afd49d01221929f86b5bf1792d12a963cb969b5edc6a9abb242241c31170221
+  data.tar.gz: 278f930240341ab20ed9fe5f8182c1344b1825f7af7232001d096a320c90d9f7
 SHA512:
-  metadata.gz: f93669b3c6e92edad450f72aab6a53cfe1f0dd80bc2e63dfe4da8b2e9f78f7788933a45092d077d1df0926b9e20c53677529853b36ce6f56541781dba14358d0
-  data.tar.gz: 6951cf5f5f3da63dc30df598b21cb798945670055db39b8312b78bfd296bb33eea0538940b54cbfd255af9dd78ae49be2cbe11f41802d49320eafc14852f1ae1
+  metadata.gz: cf3e31f4899441290c6ea65c452d52a1a21b5c36debc1c3bb1c0545d963526b86321ccaf0b136c75dd0dda5851bfe91a869154a08a3b01db2368ebe45c56955d
+  data.tar.gz: 2f5d79ef941d038d2c2f04a39266a8919c1c09626492da0946476b73b57c34565d8fcc05863c084e98f46e75f5d9e9f42416f5048a9674cd179ce1fbcf62c2c5

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,24 @@
+# CHANGELOG
+Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+## [Unreleased]
+### Added
+- Ability to printout Sigv4 Signature for debugging ([#149](https://github.com/opensearch-project/opensearch-ruby/issues/149))
+### Changed
+### Deprecated
+### Removed
+### Fixed
+### Security
+## [1.1.0]
+### Added
+- Added support for Amazon OpenSearch Serverless ([#131](https://github.com/opensearch-project/opensearch-ruby/issues/131))
+### Fixed
+- Sign validation requests when using AWS Sigv4 ([#134](https://github.com/opensearch-project/opensearch-ruby/pull/134))
+### Security
+## 1.0.0
+### Added
+- Added `OpenSearch::AWS::Sigv4Client` ([#110](https://github.com/opensearch-project/opensearch-ruby/pull/110))

data/README.md CHANGED Viewed

@@ -1,62 +1,18 @@
-# OpenSearch Aws Sigv4 Client
+- [OpenSearch AWS Sigv4 Client](#opensearch-aws-sigv4-client)
+  - [Compatibility](#compatibility)
+  - [User Guide](#user-guide)
+  - [License](#license)
+# OpenSearch AWS Sigv4 Client
-The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for [OpenSearch](http://opensearch.com).
+The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for connecting to [Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/index.html).
 ## Compatibility
-The OpenSearch Aws Sigv4 Client is compatible with Ruby 2.5 and higher.
+See [COMPATIBILITY](../COMPATIBILITY.md).
-The client's API is compatible with OpenSearch's API versions from 1.0.0 till current.
+## User Guide
-See [COMPATIBILITY](../COMPATIBILITY.md) for more details.
-## Installation
-Install the package from [Rubygems](https://rubygems.org):
-    gem install opensearch-aws-sigv4
-To use an unreleased version, either add it to your `Gemfile` for [Bundler](http://gembundler.com):
-    gem 'opensearch-aws-sigv4', git: 'git://github.com/opensearch-project/opensearch-ruby.git'
-or install it from a source code checkout:
-    git clone https://github.com/opensearch-project/opensearch-ruby
-    cd opensearch-ruby/opensearch-aws-sigv4
-    bundle install
-    rake install
-## Usage
-This library is an AWS Sigv4 wrapper for
-[`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby),
-which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client` is, therefore, has all features of `OpenSearch::Client`.
-And since `opensearch-ruby` is a dependency of `opensearch-aws-sigv4`, you only need to install `opensearch-aws-sigv4`.
-```ruby
-require 'opensearch-aws-sigv4'
-require 'aws-sigv4'
-signer = Aws::Sigv4::Signer.new(service: 'es',
-                                region: 'us-west-2',
-                                access_key_id: 'key_id',
-                                secret_access_key: 'secret')
-client = OpenSearch::Aws::Sigv4Client.new({ log: true }, signer)
-client.cluster.health
-client.transport.reload_connections!
-client.search q: 'test'
-```
-Please refer to [opensearch-ruby](https://github.com/opensearch-project/opensearch-ruby/blob/main/opensearch-ruby/README.md) documentation for further details.
-## Development
-You can run `rake -T` to check the test tasks. Use `COVERAGE=true` before running a test task to check the coverage with Simplecov.
+See [USER_GUIDE](USER_GUIDE.md).
 ## License

data/USER_GUIDE.md ADDED Viewed

@@ -0,0 +1,59 @@
+- [User Guide](#user-guide)
+  - [Setup](#setup)
+  - [Usage](#usage)
+    - [Amazon OpenSearch Service](#amazon-opensearch-service)
+# User Guide
+## Setup
+To add the gem to your project, install it using [RubyGems](https://rubygems.org/):
+```
+gem install opensearch-aws-sigv4
+```
+or add it to your Gemfile:
+```
+gem opensearch-aws-sigv4
+```
+and run:
+```
+bundle install
+```
+## Usage
+This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
+### Amazon OpenSearch Service
+To sign requests for the Amazon OpenSearch Service:
+```ruby
+require 'opensearch-aws-sigv4'
+require 'aws-sigv4'
+signer = Aws::Sigv4::Signer.new(service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
+                                region: 'us-west-2', # signing service region
+                                access_key_id: 'key_id',
+                                secret_access_key: 'secret')
+client = OpenSearch::Aws::Sigv4Client.new({
+    host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
+    log: true
+}, signer)
+# create an index and document
+index = 'prime'
+client.indices.create(index: index)
+client.index(index: index, id: '1', body: { name: 'Amazon Echo',
+                                            msrp: '5999',
+                                            year: 2011 })
+# search for the document
+client.search(body: { query: { match: { name: 'Echo' } } })
+# delete the document
+client.delete(index: index, id: '1')
+# delete the index
+client.indices.delete(index: index)
+```

data/lib/opensearch-aws-sigv4/version.rb CHANGED Viewed

@@ -10,7 +10,7 @@
 module OpenSearch
   module Aws
     module Sigv4
-      VERSION = '1.0.0'.freeze
+      VERSION = '1.2.0'.freeze
     end
   end
 end

data/lib/opensearch-aws-sigv4.rb CHANGED Viewed

@@ -39,18 +39,21 @@ module OpenSearch
       # @param [Hash] transport_args arguments for OpenSearch::Transport::Client.
       # @param [&block] block code block to be passed to OpenSearch::Transport::Client.
       # @param [Aws::Sigv4::Signer] sigv4_signer an instance of AWS Sigv4 Signer.
-      def initialize(transport_args = {}, sigv4_signer, &block)
+      # @param [Hash] options
+      # @option options [Boolean] :sigv4_debug whether to log debug info for Sigv4 Signing
+      def initialize(transport_args = {}, sigv4_signer, options: {}, &block)
         unless sigv4_signer.is_a?(::Aws::Sigv4::Signer)
           raise ArgumentError, "Please pass a Aws::Sigv4::Signer. A #{sigv4_signer.class} was given."
         end
         @sigv4_signer = sigv4_signer
-        super transport_args, &block
+        @sigv4_debug = options[:sigv4_debug]
+        @logger = nil
+        super(transport_args, &block)
       end
       # @see OpenSearch::Transport::Transport::Base::perform_request
       def perform_request(method, path, params = {}, body = nil, headers = nil)
-        verify_open_search unless @verified
         signature_body = body.is_a?(Hash) ? body.to_json : body.to_s
         signature = sigv4_signer.sign_request(
           http_method: method,
@@ -58,17 +61,46 @@ module OpenSearch
           headers: headers,
           body: signature_body)
         headers = (headers || {}).merge(signature.headers)
-        @transport.perform_request(method, path, params, body, headers)
+        log_signature_info(signature)
+        super(method, path, params, body, headers)
       end
       private
+      def verify_open_search
+        @verified = true
+      end
       def signature_url(path, params)
         host = @transport.transport.hosts.dig(0, :host)
         path = '/' + path unless path.start_with?('/')
         query_string = params.empty? ? '' : "#{Faraday::Utils::ParamsHash[params].to_query}"
         URI::HTTP.build(host: host, path: path, query: query_string)
       end
+      # @param [Aws::Sigv4::Signature] signature
+      def log_signature_info(signature)
+        return unless @sigv4_debug
+        log('string to sign', signature.string_to_sign)
+        log('canonical request', signature.canonical_request)
+        log('signature headers', signature.headers)
+      end
+      def log(title, message)
+        logger.debug("#{title.upcase}:\n\e[36m#{message}\e[0m")
+      end
+      def logger
+        return @logger if @logger
+        require 'logger'
+        @logger = Logger.new(
+          STDOUT,
+          progname: 'Sigv4',
+          formatter: proc { |_severity, datetime, progname, msg| "\e[34m(#{datetime})  #{progname} - #{msg}\e[0m\n\n" })
+      end
     end
   end
 end

data/opensearch-aws-sigv4.gemspec CHANGED Viewed

@@ -16,8 +16,8 @@ signing_key_path = File.expand_path("../gem-private_key.pem")
 Gem::Specification.new do |s|
   s.name          = 'opensearch-aws-sigv4'
   s.version       = OpenSearch::Aws::Sigv4::VERSION
-  s.authors       = ['Theo Truong']
-  s.email         = ['theo.nam.truong@gmail.com']
+  s.authors       = ['Theo Truong', 'Robin Roestenburg']
+  s.email         = ['theo.nam.truong@gmail.com', 'robin.roestenburg@4me.com']
   s.summary       = 'Ruby AWS Sigv4 Client for OpenSearch'
   s.homepage      = 'https://opensearch.org/docs/latest'
   s.license       = 'Apache-2.0'

data/spec/unit/sigv4_client_spec.rb CHANGED Viewed

@@ -13,7 +13,7 @@ require 'timecop'
 describe OpenSearch::Aws::Sigv4Client do
   subject(:client) do
-    OpenSearch::Aws::Sigv4Client.new(
+    described_class.new(
       { host: 'http://localhost:9200',
         transport_options: { ssl: { verify: false } } },
       signer)
@@ -50,17 +50,16 @@ describe OpenSearch::Aws::Sigv4Client do
       _double
     end
     let(:signed_headers) do
-       { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
+      { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
                             'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' \
                             'Signature=9c4c690110483308f62a91c2ca873857750bca2607ba1aabdae0d2303950310a',
-         'host' => 'localhost',
-         'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
-         'x-amz-date' => '20220101T000000Z' }
+        'host' => 'localhost',
+        'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
+        'x-amz-date' => '20220101T000000Z' }
     end
     before(:each) do
       Timecop.freeze(Time.utc(2022))
-      allow(client).to receive(:verify_open_search) { true }
       client.transport = transport_double
     end
@@ -71,5 +70,10 @@ describe OpenSearch::Aws::Sigv4Client do
       expect(output).to eq(response)
       expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, '', signed_headers)
     end
+    it 'skips the opensearch verification' do
+      expect(client).to_not receive(:open_search_validation_request)
+      client.perform_request('GET', '/_stats', {}, '', {})
+    end
   end
 end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,10 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: opensearch-aws-sigv4
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Theo Truong
+- Robin Roestenburg
 autorequire:
 bindir: bin
 cert_chain:
@@ -30,7 +31,7 @@ cert_chain:
   r+j7FLyKuk5DzIxiCp8QN5dU71BbGUmsHf/C5UV76WLPOFX/szeaHhPwpjR3sK7r
   5zLgCV1KP7cgDdCYMlmZGeSViU8NV+Yy8/ghrzGpqVw=
   -----END CERTIFICATE-----
-date: 2022-11-30 00:00:00.000000000 Z
+date: 2023-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
@@ -205,6 +206,7 @@ description: 'Ruby AWS Sigv4 Client for OpenSearch
   '
 email:
 - theo.nam.truong@gmail.com
+- robin.roestenburg@4me.com
 executables:
 - opensearch_sigv4_console
 extensions: []
@@ -213,10 +215,12 @@ extra_rdoc_files:
 - LICENSE
 files:
 - ".gitignore"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
+- USER_GUIDE.md
 - bin/opensearch_sigv4_console
 - lib/opensearch-aws-sigv4.rb
 - lib/opensearch-aws-sigv4/version.rb

metadata.gz.sig CHANGED Viewed

@@ -1,2 +1,3 @@
-)2�60U�$��������
-��6P�wM0~D͹P����bӒ56��1G`���V�<`L�
+��m��F���Z}����]I�⇁�H.�3���O��
+#M��f����E�S��,sT���-D|��D�>�hU&5IʞV�����������(�B��cז�s<҇~���
+zQ�b��8whݮD����Y������"��� ��<e8]�Db���21���z3=T�Ȑ, ��X� _ńu#��@���0���s8�����5��s�CB����΂��}M��Sf��?􊸼z�Z����}��N�AF�be