opensearch-aws-sigv4 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/CHANGELOG.md +24 -0
- data/README.md +9 -53
- data/USER_GUIDE.md +59 -0
- data/lib/opensearch-aws-sigv4/version.rb +1 -1
- data/lib/opensearch-aws-sigv4.rb +36 -4
- data/opensearch-aws-sigv4.gemspec +2 -2
- data/spec/unit/sigv4_client_spec.rb +11 -7
- data.tar.gz.sig +0 -0
- metadata +6 -2
- metadata.gz.sig +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8afd49d01221929f86b5bf1792d12a963cb969b5edc6a9abb242241c31170221
|
4
|
+
data.tar.gz: 278f930240341ab20ed9fe5f8182c1344b1825f7af7232001d096a320c90d9f7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cf3e31f4899441290c6ea65c452d52a1a21b5c36debc1c3bb1c0545d963526b86321ccaf0b136c75dd0dda5851bfe91a869154a08a3b01db2368ebe45c56955d
|
7
|
+
data.tar.gz: 2f5d79ef941d038d2c2f04a39266a8919c1c09626492da0946476b73b57c34565d8fcc05863c084e98f46e75f5d9e9f42416f5048a9674cd179ce1fbcf62c2c5
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# CHANGELOG
|
2
|
+
Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
3
|
+
|
4
|
+
## [Unreleased]
|
5
|
+
### Added
|
6
|
+
- Ability to printout Sigv4 Signature for debugging ([#149](https://github.com/opensearch-project/opensearch-ruby/issues/149))
|
7
|
+
### Changed
|
8
|
+
### Deprecated
|
9
|
+
### Removed
|
10
|
+
### Fixed
|
11
|
+
|
12
|
+
### Security
|
13
|
+
|
14
|
+
## [1.1.0]
|
15
|
+
### Added
|
16
|
+
- Added support for Amazon OpenSearch Serverless ([#131](https://github.com/opensearch-project/opensearch-ruby/issues/131))
|
17
|
+
### Fixed
|
18
|
+
- Sign validation requests when using AWS Sigv4 ([#134](https://github.com/opensearch-project/opensearch-ruby/pull/134))
|
19
|
+
|
20
|
+
### Security
|
21
|
+
|
22
|
+
## 1.0.0
|
23
|
+
### Added
|
24
|
+
- Added `OpenSearch::AWS::Sigv4Client` ([#110](https://github.com/opensearch-project/opensearch-ruby/pull/110))
|
data/README.md
CHANGED
@@ -1,62 +1,18 @@
|
|
1
|
-
|
1
|
+
- [OpenSearch AWS Sigv4 Client](#opensearch-aws-sigv4-client)
|
2
|
+
- [Compatibility](#compatibility)
|
3
|
+
- [User Guide](#user-guide)
|
4
|
+
- [License](#license)
|
5
|
+
# OpenSearch AWS Sigv4 Client
|
2
6
|
|
3
|
-
The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for [OpenSearch](
|
7
|
+
The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for connecting to [Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/index.html).
|
4
8
|
|
5
9
|
## Compatibility
|
6
10
|
|
7
|
-
|
11
|
+
See [COMPATIBILITY](../COMPATIBILITY.md).
|
8
12
|
|
9
|
-
|
13
|
+
## User Guide
|
10
14
|
|
11
|
-
See [
|
12
|
-
|
13
|
-
## Installation
|
14
|
-
|
15
|
-
Install the package from [Rubygems](https://rubygems.org):
|
16
|
-
|
17
|
-
gem install opensearch-aws-sigv4
|
18
|
-
|
19
|
-
To use an unreleased version, either add it to your `Gemfile` for [Bundler](http://gembundler.com):
|
20
|
-
|
21
|
-
gem 'opensearch-aws-sigv4', git: 'git://github.com/opensearch-project/opensearch-ruby.git'
|
22
|
-
|
23
|
-
or install it from a source code checkout:
|
24
|
-
|
25
|
-
git clone https://github.com/opensearch-project/opensearch-ruby
|
26
|
-
cd opensearch-ruby/opensearch-aws-sigv4
|
27
|
-
bundle install
|
28
|
-
rake install
|
29
|
-
|
30
|
-
## Usage
|
31
|
-
|
32
|
-
This library is an AWS Sigv4 wrapper for
|
33
|
-
[`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby),
|
34
|
-
which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client` is, therefore, has all features of `OpenSearch::Client`.
|
35
|
-
And since `opensearch-ruby` is a dependency of `opensearch-aws-sigv4`, you only need to install `opensearch-aws-sigv4`.
|
36
|
-
|
37
|
-
```ruby
|
38
|
-
require 'opensearch-aws-sigv4'
|
39
|
-
require 'aws-sigv4'
|
40
|
-
|
41
|
-
signer = Aws::Sigv4::Signer.new(service: 'es',
|
42
|
-
region: 'us-west-2',
|
43
|
-
access_key_id: 'key_id',
|
44
|
-
secret_access_key: 'secret')
|
45
|
-
|
46
|
-
client = OpenSearch::Aws::Sigv4Client.new({ log: true }, signer)
|
47
|
-
|
48
|
-
client.cluster.health
|
49
|
-
|
50
|
-
client.transport.reload_connections!
|
51
|
-
|
52
|
-
client.search q: 'test'
|
53
|
-
```
|
54
|
-
|
55
|
-
Please refer to [opensearch-ruby](https://github.com/opensearch-project/opensearch-ruby/blob/main/opensearch-ruby/README.md) documentation for further details.
|
56
|
-
|
57
|
-
## Development
|
58
|
-
|
59
|
-
You can run `rake -T` to check the test tasks. Use `COVERAGE=true` before running a test task to check the coverage with Simplecov.
|
15
|
+
See [USER_GUIDE](USER_GUIDE.md).
|
60
16
|
|
61
17
|
## License
|
62
18
|
|
data/USER_GUIDE.md
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
- [User Guide](#user-guide)
|
2
|
+
- [Setup](#setup)
|
3
|
+
- [Usage](#usage)
|
4
|
+
- [Amazon OpenSearch Service](#amazon-opensearch-service)
|
5
|
+
# User Guide
|
6
|
+
## Setup
|
7
|
+
|
8
|
+
To add the gem to your project, install it using [RubyGems](https://rubygems.org/):
|
9
|
+
|
10
|
+
```
|
11
|
+
gem install opensearch-aws-sigv4
|
12
|
+
```
|
13
|
+
|
14
|
+
or add it to your Gemfile:
|
15
|
+
```
|
16
|
+
gem opensearch-aws-sigv4
|
17
|
+
```
|
18
|
+
and run:
|
19
|
+
```
|
20
|
+
bundle install
|
21
|
+
```
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
|
26
|
+
|
27
|
+
### Amazon OpenSearch Service
|
28
|
+
To sign requests for the Amazon OpenSearch Service:
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
require 'opensearch-aws-sigv4'
|
32
|
+
require 'aws-sigv4'
|
33
|
+
|
34
|
+
signer = Aws::Sigv4::Signer.new(service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
|
35
|
+
region: 'us-west-2', # signing service region
|
36
|
+
access_key_id: 'key_id',
|
37
|
+
secret_access_key: 'secret')
|
38
|
+
|
39
|
+
client = OpenSearch::Aws::Sigv4Client.new({
|
40
|
+
host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
|
41
|
+
log: true
|
42
|
+
}, signer)
|
43
|
+
|
44
|
+
# create an index and document
|
45
|
+
index = 'prime'
|
46
|
+
client.indices.create(index: index)
|
47
|
+
client.index(index: index, id: '1', body: { name: 'Amazon Echo',
|
48
|
+
msrp: '5999',
|
49
|
+
year: 2011 })
|
50
|
+
|
51
|
+
# search for the document
|
52
|
+
client.search(body: { query: { match: { name: 'Echo' } } })
|
53
|
+
|
54
|
+
# delete the document
|
55
|
+
client.delete(index: index, id: '1')
|
56
|
+
|
57
|
+
# delete the index
|
58
|
+
client.indices.delete(index: index)
|
59
|
+
```
|
data/lib/opensearch-aws-sigv4.rb
CHANGED
@@ -39,18 +39,21 @@ module OpenSearch
|
|
39
39
|
# @param [Hash] transport_args arguments for OpenSearch::Transport::Client.
|
40
40
|
# @param [&block] block code block to be passed to OpenSearch::Transport::Client.
|
41
41
|
# @param [Aws::Sigv4::Signer] sigv4_signer an instance of AWS Sigv4 Signer.
|
42
|
-
|
42
|
+
# @param [Hash] options
|
43
|
+
# @option options [Boolean] :sigv4_debug whether to log debug info for Sigv4 Signing
|
44
|
+
def initialize(transport_args = {}, sigv4_signer, options: {}, &block)
|
43
45
|
unless sigv4_signer.is_a?(::Aws::Sigv4::Signer)
|
44
46
|
raise ArgumentError, "Please pass a Aws::Sigv4::Signer. A #{sigv4_signer.class} was given."
|
45
47
|
end
|
46
48
|
|
47
49
|
@sigv4_signer = sigv4_signer
|
48
|
-
|
50
|
+
@sigv4_debug = options[:sigv4_debug]
|
51
|
+
@logger = nil
|
52
|
+
super(transport_args, &block)
|
49
53
|
end
|
50
54
|
|
51
55
|
# @see OpenSearch::Transport::Transport::Base::perform_request
|
52
56
|
def perform_request(method, path, params = {}, body = nil, headers = nil)
|
53
|
-
verify_open_search unless @verified
|
54
57
|
signature_body = body.is_a?(Hash) ? body.to_json : body.to_s
|
55
58
|
signature = sigv4_signer.sign_request(
|
56
59
|
http_method: method,
|
@@ -58,17 +61,46 @@ module OpenSearch
|
|
58
61
|
headers: headers,
|
59
62
|
body: signature_body)
|
60
63
|
headers = (headers || {}).merge(signature.headers)
|
61
|
-
|
64
|
+
|
65
|
+
log_signature_info(signature)
|
66
|
+
super(method, path, params, body, headers)
|
62
67
|
end
|
63
68
|
|
64
69
|
private
|
65
70
|
|
71
|
+
def verify_open_search
|
72
|
+
@verified = true
|
73
|
+
end
|
74
|
+
|
66
75
|
def signature_url(path, params)
|
67
76
|
host = @transport.transport.hosts.dig(0, :host)
|
68
77
|
path = '/' + path unless path.start_with?('/')
|
69
78
|
query_string = params.empty? ? '' : "#{Faraday::Utils::ParamsHash[params].to_query}"
|
70
79
|
URI::HTTP.build(host: host, path: path, query: query_string)
|
71
80
|
end
|
81
|
+
|
82
|
+
# @param [Aws::Sigv4::Signature] signature
|
83
|
+
def log_signature_info(signature)
|
84
|
+
return unless @sigv4_debug
|
85
|
+
|
86
|
+
log('string to sign', signature.string_to_sign)
|
87
|
+
log('canonical request', signature.canonical_request)
|
88
|
+
log('signature headers', signature.headers)
|
89
|
+
end
|
90
|
+
|
91
|
+
def log(title, message)
|
92
|
+
logger.debug("#{title.upcase}:\n\e[36m#{message}\e[0m")
|
93
|
+
end
|
94
|
+
|
95
|
+
def logger
|
96
|
+
return @logger if @logger
|
97
|
+
|
98
|
+
require 'logger'
|
99
|
+
@logger = Logger.new(
|
100
|
+
STDOUT,
|
101
|
+
progname: 'Sigv4',
|
102
|
+
formatter: proc { |_severity, datetime, progname, msg| "\e[34m(#{datetime}) #{progname} - #{msg}\e[0m\n\n" })
|
103
|
+
end
|
72
104
|
end
|
73
105
|
end
|
74
106
|
end
|
@@ -16,8 +16,8 @@ signing_key_path = File.expand_path("../gem-private_key.pem")
|
|
16
16
|
Gem::Specification.new do |s|
|
17
17
|
s.name = 'opensearch-aws-sigv4'
|
18
18
|
s.version = OpenSearch::Aws::Sigv4::VERSION
|
19
|
-
s.authors = ['Theo Truong']
|
20
|
-
s.email = ['theo.nam.truong@gmail.com']
|
19
|
+
s.authors = ['Theo Truong', 'Robin Roestenburg']
|
20
|
+
s.email = ['theo.nam.truong@gmail.com', 'robin.roestenburg@4me.com']
|
21
21
|
s.summary = 'Ruby AWS Sigv4 Client for OpenSearch'
|
22
22
|
s.homepage = 'https://opensearch.org/docs/latest'
|
23
23
|
s.license = 'Apache-2.0'
|
@@ -13,7 +13,7 @@ require 'timecop'
|
|
13
13
|
|
14
14
|
describe OpenSearch::Aws::Sigv4Client do
|
15
15
|
subject(:client) do
|
16
|
-
|
16
|
+
described_class.new(
|
17
17
|
{ host: 'http://localhost:9200',
|
18
18
|
transport_options: { ssl: { verify: false } } },
|
19
19
|
signer)
|
@@ -50,17 +50,16 @@ describe OpenSearch::Aws::Sigv4Client do
|
|
50
50
|
_double
|
51
51
|
end
|
52
52
|
let(:signed_headers) do
|
53
|
-
|
53
|
+
{ 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
|
54
54
|
'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' \
|
55
55
|
'Signature=9c4c690110483308f62a91c2ca873857750bca2607ba1aabdae0d2303950310a',
|
56
|
-
|
57
|
-
|
58
|
-
|
56
|
+
'host' => 'localhost',
|
57
|
+
'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
|
58
|
+
'x-amz-date' => '20220101T000000Z' }
|
59
59
|
end
|
60
|
-
|
60
|
+
|
61
61
|
before(:each) do
|
62
62
|
Timecop.freeze(Time.utc(2022))
|
63
|
-
allow(client).to receive(:verify_open_search) { true }
|
64
63
|
client.transport = transport_double
|
65
64
|
end
|
66
65
|
|
@@ -71,5 +70,10 @@ describe OpenSearch::Aws::Sigv4Client do
|
|
71
70
|
expect(output).to eq(response)
|
72
71
|
expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, '', signed_headers)
|
73
72
|
end
|
73
|
+
|
74
|
+
it 'skips the opensearch verification' do
|
75
|
+
expect(client).to_not receive(:open_search_validation_request)
|
76
|
+
client.perform_request('GET', '/_stats', {}, '', {})
|
77
|
+
end
|
74
78
|
end
|
75
79
|
end
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,10 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: opensearch-aws-sigv4
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Theo Truong
|
8
|
+
- Robin Roestenburg
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain:
|
@@ -30,7 +31,7 @@ cert_chain:
|
|
30
31
|
r+j7FLyKuk5DzIxiCp8QN5dU71BbGUmsHf/C5UV76WLPOFX/szeaHhPwpjR3sK7r
|
31
32
|
5zLgCV1KP7cgDdCYMlmZGeSViU8NV+Yy8/ghrzGpqVw=
|
32
33
|
-----END CERTIFICATE-----
|
33
|
-
date:
|
34
|
+
date: 2023-02-28 00:00:00.000000000 Z
|
34
35
|
dependencies:
|
35
36
|
- !ruby/object:Gem::Dependency
|
36
37
|
name: aws-sigv4
|
@@ -205,6 +206,7 @@ description: 'Ruby AWS Sigv4 Client for OpenSearch
|
|
205
206
|
'
|
206
207
|
email:
|
207
208
|
- theo.nam.truong@gmail.com
|
209
|
+
- robin.roestenburg@4me.com
|
208
210
|
executables:
|
209
211
|
- opensearch_sigv4_console
|
210
212
|
extensions: []
|
@@ -213,10 +215,12 @@ extra_rdoc_files:
|
|
213
215
|
- LICENSE
|
214
216
|
files:
|
215
217
|
- ".gitignore"
|
218
|
+
- CHANGELOG.md
|
216
219
|
- Gemfile
|
217
220
|
- LICENSE
|
218
221
|
- README.md
|
219
222
|
- Rakefile
|
223
|
+
- USER_GUIDE.md
|
220
224
|
- bin/opensearch_sigv4_console
|
221
225
|
- lib/opensearch-aws-sigv4.rb
|
222
226
|
- lib/opensearch-aws-sigv4/version.rb
|
metadata.gz.sig
CHANGED
@@ -1,2 +1,3 @@
|
|
1
|
-
|
2
|
-
��
|
1
|
+
��m��F���Z}����]I�⇁�H.�3���O��
|
2
|
+
#M��f����E�S��,sT���-D|��D�>�hU&5IʞV�����������(�B��cז�s<҇~���
|
3
|
+
zQ�b��8whݮD����Y������"��� ��<e8]�Db���21���z3=T�Ȑ, ��X� _ńu#��@���0���s8�����5��s�CB������}M��Sf��?z�Z����}��N�AF�be
|