opensearch-aws-sigv4 1.0.0 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 43ed10e26e1b3308e4a19d3d479269c36d27b2244d4d688852afbf80d7fb16c9
4
- data.tar.gz: 7c53006f740126f7f3a19fbc7b9a83f0096484c0240a514c8ff7c843fd8b5c2b
3
+ metadata.gz: 8afd49d01221929f86b5bf1792d12a963cb969b5edc6a9abb242241c31170221
4
+ data.tar.gz: 278f930240341ab20ed9fe5f8182c1344b1825f7af7232001d096a320c90d9f7
5
5
  SHA512:
6
- metadata.gz: f93669b3c6e92edad450f72aab6a53cfe1f0dd80bc2e63dfe4da8b2e9f78f7788933a45092d077d1df0926b9e20c53677529853b36ce6f56541781dba14358d0
7
- data.tar.gz: 6951cf5f5f3da63dc30df598b21cb798945670055db39b8312b78bfd296bb33eea0538940b54cbfd255af9dd78ae49be2cbe11f41802d49320eafc14852f1ae1
6
+ metadata.gz: cf3e31f4899441290c6ea65c452d52a1a21b5c36debc1c3bb1c0545d963526b86321ccaf0b136c75dd0dda5851bfe91a869154a08a3b01db2368ebe45c56955d
7
+ data.tar.gz: 2f5d79ef941d038d2c2f04a39266a8919c1c09626492da0946476b73b57c34565d8fcc05863c084e98f46e75f5d9e9f42416f5048a9674cd179ce1fbcf62c2c5
checksums.yaml.gz.sig CHANGED
Binary file
data/CHANGELOG.md ADDED
@@ -0,0 +1,24 @@
1
+ # CHANGELOG
2
+ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
3
+
4
+ ## [Unreleased]
5
+ ### Added
6
+ - Ability to printout Sigv4 Signature for debugging ([#149](https://github.com/opensearch-project/opensearch-ruby/issues/149))
7
+ ### Changed
8
+ ### Deprecated
9
+ ### Removed
10
+ ### Fixed
11
+
12
+ ### Security
13
+
14
+ ## [1.1.0]
15
+ ### Added
16
+ - Added support for Amazon OpenSearch Serverless ([#131](https://github.com/opensearch-project/opensearch-ruby/issues/131))
17
+ ### Fixed
18
+ - Sign validation requests when using AWS Sigv4 ([#134](https://github.com/opensearch-project/opensearch-ruby/pull/134))
19
+
20
+ ### Security
21
+
22
+ ## 1.0.0
23
+ ### Added
24
+ - Added `OpenSearch::AWS::Sigv4Client` ([#110](https://github.com/opensearch-project/opensearch-ruby/pull/110))
data/README.md CHANGED
@@ -1,62 +1,18 @@
1
- # OpenSearch Aws Sigv4 Client
1
+ - [OpenSearch AWS Sigv4 Client](#opensearch-aws-sigv4-client)
2
+ - [Compatibility](#compatibility)
3
+ - [User Guide](#user-guide)
4
+ - [License](#license)
5
+ # OpenSearch AWS Sigv4 Client
2
6
 
3
- The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for [OpenSearch](http://opensearch.com).
7
+ The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for connecting to [Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/index.html).
4
8
 
5
9
  ## Compatibility
6
10
 
7
- The OpenSearch Aws Sigv4 Client is compatible with Ruby 2.5 and higher.
11
+ See [COMPATIBILITY](../COMPATIBILITY.md).
8
12
 
9
- The client's API is compatible with OpenSearch's API versions from 1.0.0 till current.
13
+ ## User Guide
10
14
 
11
- See [COMPATIBILITY](../COMPATIBILITY.md) for more details.
12
-
13
- ## Installation
14
-
15
- Install the package from [Rubygems](https://rubygems.org):
16
-
17
- gem install opensearch-aws-sigv4
18
-
19
- To use an unreleased version, either add it to your `Gemfile` for [Bundler](http://gembundler.com):
20
-
21
- gem 'opensearch-aws-sigv4', git: 'git://github.com/opensearch-project/opensearch-ruby.git'
22
-
23
- or install it from a source code checkout:
24
-
25
- git clone https://github.com/opensearch-project/opensearch-ruby
26
- cd opensearch-ruby/opensearch-aws-sigv4
27
- bundle install
28
- rake install
29
-
30
- ## Usage
31
-
32
- This library is an AWS Sigv4 wrapper for
33
- [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby),
34
- which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client` is, therefore, has all features of `OpenSearch::Client`.
35
- And since `opensearch-ruby` is a dependency of `opensearch-aws-sigv4`, you only need to install `opensearch-aws-sigv4`.
36
-
37
- ```ruby
38
- require 'opensearch-aws-sigv4'
39
- require 'aws-sigv4'
40
-
41
- signer = Aws::Sigv4::Signer.new(service: 'es',
42
- region: 'us-west-2',
43
- access_key_id: 'key_id',
44
- secret_access_key: 'secret')
45
-
46
- client = OpenSearch::Aws::Sigv4Client.new({ log: true }, signer)
47
-
48
- client.cluster.health
49
-
50
- client.transport.reload_connections!
51
-
52
- client.search q: 'test'
53
- ```
54
-
55
- Please refer to [opensearch-ruby](https://github.com/opensearch-project/opensearch-ruby/blob/main/opensearch-ruby/README.md) documentation for further details.
56
-
57
- ## Development
58
-
59
- You can run `rake -T` to check the test tasks. Use `COVERAGE=true` before running a test task to check the coverage with Simplecov.
15
+ See [USER_GUIDE](USER_GUIDE.md).
60
16
 
61
17
  ## License
62
18
 
data/USER_GUIDE.md ADDED
@@ -0,0 +1,59 @@
1
+ - [User Guide](#user-guide)
2
+ - [Setup](#setup)
3
+ - [Usage](#usage)
4
+ - [Amazon OpenSearch Service](#amazon-opensearch-service)
5
+ # User Guide
6
+ ## Setup
7
+
8
+ To add the gem to your project, install it using [RubyGems](https://rubygems.org/):
9
+
10
+ ```
11
+ gem install opensearch-aws-sigv4
12
+ ```
13
+
14
+ or add it to your Gemfile:
15
+ ```
16
+ gem opensearch-aws-sigv4
17
+ ```
18
+ and run:
19
+ ```
20
+ bundle install
21
+ ```
22
+
23
+ ## Usage
24
+
25
+ This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
26
+
27
+ ### Amazon OpenSearch Service
28
+ To sign requests for the Amazon OpenSearch Service:
29
+
30
+ ```ruby
31
+ require 'opensearch-aws-sigv4'
32
+ require 'aws-sigv4'
33
+
34
+ signer = Aws::Sigv4::Signer.new(service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
35
+ region: 'us-west-2', # signing service region
36
+ access_key_id: 'key_id',
37
+ secret_access_key: 'secret')
38
+
39
+ client = OpenSearch::Aws::Sigv4Client.new({
40
+ host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
41
+ log: true
42
+ }, signer)
43
+
44
+ # create an index and document
45
+ index = 'prime'
46
+ client.indices.create(index: index)
47
+ client.index(index: index, id: '1', body: { name: 'Amazon Echo',
48
+ msrp: '5999',
49
+ year: 2011 })
50
+
51
+ # search for the document
52
+ client.search(body: { query: { match: { name: 'Echo' } } })
53
+
54
+ # delete the document
55
+ client.delete(index: index, id: '1')
56
+
57
+ # delete the index
58
+ client.indices.delete(index: index)
59
+ ```
@@ -10,7 +10,7 @@
10
10
  module OpenSearch
11
11
  module Aws
12
12
  module Sigv4
13
- VERSION = '1.0.0'.freeze
13
+ VERSION = '1.2.0'.freeze
14
14
  end
15
15
  end
16
16
  end
@@ -39,18 +39,21 @@ module OpenSearch
39
39
  # @param [Hash] transport_args arguments for OpenSearch::Transport::Client.
40
40
  # @param [&block] block code block to be passed to OpenSearch::Transport::Client.
41
41
  # @param [Aws::Sigv4::Signer] sigv4_signer an instance of AWS Sigv4 Signer.
42
- def initialize(transport_args = {}, sigv4_signer, &block)
42
+ # @param [Hash] options
43
+ # @option options [Boolean] :sigv4_debug whether to log debug info for Sigv4 Signing
44
+ def initialize(transport_args = {}, sigv4_signer, options: {}, &block)
43
45
  unless sigv4_signer.is_a?(::Aws::Sigv4::Signer)
44
46
  raise ArgumentError, "Please pass a Aws::Sigv4::Signer. A #{sigv4_signer.class} was given."
45
47
  end
46
48
 
47
49
  @sigv4_signer = sigv4_signer
48
- super transport_args, &block
50
+ @sigv4_debug = options[:sigv4_debug]
51
+ @logger = nil
52
+ super(transport_args, &block)
49
53
  end
50
54
 
51
55
  # @see OpenSearch::Transport::Transport::Base::perform_request
52
56
  def perform_request(method, path, params = {}, body = nil, headers = nil)
53
- verify_open_search unless @verified
54
57
  signature_body = body.is_a?(Hash) ? body.to_json : body.to_s
55
58
  signature = sigv4_signer.sign_request(
56
59
  http_method: method,
@@ -58,17 +61,46 @@ module OpenSearch
58
61
  headers: headers,
59
62
  body: signature_body)
60
63
  headers = (headers || {}).merge(signature.headers)
61
- @transport.perform_request(method, path, params, body, headers)
64
+
65
+ log_signature_info(signature)
66
+ super(method, path, params, body, headers)
62
67
  end
63
68
 
64
69
  private
65
70
 
71
+ def verify_open_search
72
+ @verified = true
73
+ end
74
+
66
75
  def signature_url(path, params)
67
76
  host = @transport.transport.hosts.dig(0, :host)
68
77
  path = '/' + path unless path.start_with?('/')
69
78
  query_string = params.empty? ? '' : "#{Faraday::Utils::ParamsHash[params].to_query}"
70
79
  URI::HTTP.build(host: host, path: path, query: query_string)
71
80
  end
81
+
82
+ # @param [Aws::Sigv4::Signature] signature
83
+ def log_signature_info(signature)
84
+ return unless @sigv4_debug
85
+
86
+ log('string to sign', signature.string_to_sign)
87
+ log('canonical request', signature.canonical_request)
88
+ log('signature headers', signature.headers)
89
+ end
90
+
91
+ def log(title, message)
92
+ logger.debug("#{title.upcase}:\n\e[36m#{message}\e[0m")
93
+ end
94
+
95
+ def logger
96
+ return @logger if @logger
97
+
98
+ require 'logger'
99
+ @logger = Logger.new(
100
+ STDOUT,
101
+ progname: 'Sigv4',
102
+ formatter: proc { |_severity, datetime, progname, msg| "\e[34m(#{datetime}) #{progname} - #{msg}\e[0m\n\n" })
103
+ end
72
104
  end
73
105
  end
74
106
  end
@@ -16,8 +16,8 @@ signing_key_path = File.expand_path("../gem-private_key.pem")
16
16
  Gem::Specification.new do |s|
17
17
  s.name = 'opensearch-aws-sigv4'
18
18
  s.version = OpenSearch::Aws::Sigv4::VERSION
19
- s.authors = ['Theo Truong']
20
- s.email = ['theo.nam.truong@gmail.com']
19
+ s.authors = ['Theo Truong', 'Robin Roestenburg']
20
+ s.email = ['theo.nam.truong@gmail.com', 'robin.roestenburg@4me.com']
21
21
  s.summary = 'Ruby AWS Sigv4 Client for OpenSearch'
22
22
  s.homepage = 'https://opensearch.org/docs/latest'
23
23
  s.license = 'Apache-2.0'
@@ -13,7 +13,7 @@ require 'timecop'
13
13
 
14
14
  describe OpenSearch::Aws::Sigv4Client do
15
15
  subject(:client) do
16
- OpenSearch::Aws::Sigv4Client.new(
16
+ described_class.new(
17
17
  { host: 'http://localhost:9200',
18
18
  transport_options: { ssl: { verify: false } } },
19
19
  signer)
@@ -50,17 +50,16 @@ describe OpenSearch::Aws::Sigv4Client do
50
50
  _double
51
51
  end
52
52
  let(:signed_headers) do
53
- { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
53
+ { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
54
54
  'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' \
55
55
  'Signature=9c4c690110483308f62a91c2ca873857750bca2607ba1aabdae0d2303950310a',
56
- 'host' => 'localhost',
57
- 'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
58
- 'x-amz-date' => '20220101T000000Z' }
56
+ 'host' => 'localhost',
57
+ 'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
58
+ 'x-amz-date' => '20220101T000000Z' }
59
59
  end
60
-
60
+
61
61
  before(:each) do
62
62
  Timecop.freeze(Time.utc(2022))
63
- allow(client).to receive(:verify_open_search) { true }
64
63
  client.transport = transport_double
65
64
  end
66
65
 
@@ -71,5 +70,10 @@ describe OpenSearch::Aws::Sigv4Client do
71
70
  expect(output).to eq(response)
72
71
  expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, '', signed_headers)
73
72
  end
73
+
74
+ it 'skips the opensearch verification' do
75
+ expect(client).to_not receive(:open_search_validation_request)
76
+ client.perform_request('GET', '/_stats', {}, '', {})
77
+ end
74
78
  end
75
79
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,10 +1,11 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: opensearch-aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Theo Truong
8
+ - Robin Roestenburg
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain:
@@ -30,7 +31,7 @@ cert_chain:
30
31
  r+j7FLyKuk5DzIxiCp8QN5dU71BbGUmsHf/C5UV76WLPOFX/szeaHhPwpjR3sK7r
31
32
  5zLgCV1KP7cgDdCYMlmZGeSViU8NV+Yy8/ghrzGpqVw=
32
33
  -----END CERTIFICATE-----
33
- date: 2022-11-30 00:00:00.000000000 Z
34
+ date: 2023-02-28 00:00:00.000000000 Z
34
35
  dependencies:
35
36
  - !ruby/object:Gem::Dependency
36
37
  name: aws-sigv4
@@ -205,6 +206,7 @@ description: 'Ruby AWS Sigv4 Client for OpenSearch
205
206
  '
206
207
  email:
207
208
  - theo.nam.truong@gmail.com
209
+ - robin.roestenburg@4me.com
208
210
  executables:
209
211
  - opensearch_sigv4_console
210
212
  extensions: []
@@ -213,10 +215,12 @@ extra_rdoc_files:
213
215
  - LICENSE
214
216
  files:
215
217
  - ".gitignore"
218
+ - CHANGELOG.md
216
219
  - Gemfile
217
220
  - LICENSE
218
221
  - README.md
219
222
  - Rakefile
223
+ - USER_GUIDE.md
220
224
  - bin/opensearch_sigv4_console
221
225
  - lib/opensearch-aws-sigv4.rb
222
226
  - lib/opensearch-aws-sigv4/version.rb
metadata.gz.sig CHANGED
@@ -1,2 +1,3 @@
1
- )2�60U�$��������
2
- ��6PwM0~D͹P����bӒ56��1G`���V�<`L
1
+ ��m��F���Z}����]I�⇁�H.�3���O�� 
2
+ #M��f����ES��,sT���-D|��D�>�hU&5IʞV �����������(B��cז� s<҇~���
3
+ zQ�b��8whݮD����Y������"��� ��<e8]�Db���21���z3=T�Ȑ, ��X� _ńu#��@���0���s8�����5��s�CB����΂��}M��Sf��?􊸼z�Z����}��N�AF�be