RubyGems - opensearch-aws-sigv4 - Versions diffs - 1.0.0 → 1.2.0 - Mend

opensearch-aws-sigv4 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +24 -0
data/README.md +9 -53
data/USER_GUIDE.md +59 -0
data/lib/opensearch-aws-sigv4/version.rb +1 -1
data/lib/opensearch-aws-sigv4.rb +36 -4
data/opensearch-aws-sigv4.gemspec +2 -2
data/spec/unit/sigv4_client_spec.rb +11 -7
data.tar.gz.sig +0 -0
metadata +6 -2
metadata.gz.sig +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43ed10e26e1b3308e4a19d3d479269c36d27b2244d4d688852afbf80d7fb16c9
-  data.tar.gz: 7c53006f740126f7f3a19fbc7b9a83f0096484c0240a514c8ff7c843fd8b5c2b
+  metadata.gz: 8afd49d01221929f86b5bf1792d12a963cb969b5edc6a9abb242241c31170221
+  data.tar.gz: 278f930240341ab20ed9fe5f8182c1344b1825f7af7232001d096a320c90d9f7
 SHA512:
-  metadata.gz: f93669b3c6e92edad450f72aab6a53cfe1f0dd80bc2e63dfe4da8b2e9f78f7788933a45092d077d1df0926b9e20c53677529853b36ce6f56541781dba14358d0
-  data.tar.gz: 6951cf5f5f3da63dc30df598b21cb798945670055db39b8312b78bfd296bb33eea0538940b54cbfd255af9dd78ae49be2cbe11f41802d49320eafc14852f1ae1
+  metadata.gz: cf3e31f4899441290c6ea65c452d52a1a21b5c36debc1c3bb1c0545d963526b86321ccaf0b136c75dd0dda5851bfe91a869154a08a3b01db2368ebe45c56955d
+  data.tar.gz: 2f5d79ef941d038d2c2f04a39266a8919c1c09626492da0946476b73b57c34565d8fcc05863c084e98f46e75f5d9e9f42416f5048a9674cd179ce1fbcf62c2c5

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,24 @@
+# CHANGELOG
+Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+## [Unreleased]
+### Added
+- Ability to printout Sigv4 Signature for debugging ([#149](https://github.com/opensearch-project/opensearch-ruby/issues/149))
+### Changed
+### Deprecated
+### Removed
+### Fixed
+### Security
+## [1.1.0]
+### Added
+- Added support for Amazon OpenSearch Serverless ([#131](https://github.com/opensearch-project/opensearch-ruby/issues/131))
+### Fixed
+- Sign validation requests when using AWS Sigv4 ([#134](https://github.com/opensearch-project/opensearch-ruby/pull/134))
+### Security
+## 1.0.0
+### Added
+- Added `OpenSearch::AWS::Sigv4Client` ([#110](https://github.com/opensearch-project/opensearch-ruby/pull/110))

data/README.md CHANGED Viewed

@@ -1,62 +1,18 @@
-# OpenSearch Aws Sigv4 Client
+- [OpenSearch AWS Sigv4 Client](#opensearch-aws-sigv4-client)
+  - [Compatibility](#compatibility)
+  - [User Guide](#user-guide)
+  - [License](#license)
+# OpenSearch AWS Sigv4 Client
-The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for [OpenSearch](http://opensearch.com).
+The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for connecting to [Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/index.html).
 ## Compatibility
-The OpenSearch Aws Sigv4 Client is compatible with Ruby 2.5 and higher.
+See [COMPATIBILITY](../COMPATIBILITY.md).
-The client's API is compatible with OpenSearch's API versions from 1.0.0 till current.
+## User Guide
-See [COMPATIBILITY](../COMPATIBILITY.md) for more details.
-## Installation
-Install the package from [Rubygems](https://rubygems.org):
-    gem install opensearch-aws-sigv4
-To use an unreleased version, either add it to your `Gemfile` for [Bundler](http://gembundler.com):
-    gem 'opensearch-aws-sigv4', git: 'git://github.com/opensearch-project/opensearch-ruby.git'
-or install it from a source code checkout:
-    git clone https://github.com/opensearch-project/opensearch-ruby
-    cd opensearch-ruby/opensearch-aws-sigv4
-    bundle install
-    rake install
-## Usage
-This library is an AWS Sigv4 wrapper for
-[`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby),
-which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client` is, therefore, has all features of `OpenSearch::Client`.
-And since `opensearch-ruby` is a dependency of `opensearch-aws-sigv4`, you only need to install `opensearch-aws-sigv4`.
-```ruby
-require 'opensearch-aws-sigv4'
-require 'aws-sigv4'
-signer = Aws::Sigv4::Signer.new(service: 'es',
-                                region: 'us-west-2',
-                                access_key_id: 'key_id',
-                                secret_access_key: 'secret')
-client = OpenSearch::Aws::Sigv4Client.new({ log: true }, signer)
-client.cluster.health
-client.transport.reload_connections!
-client.search q: 'test'
-```
-Please refer to [opensearch-ruby](https://github.com/opensearch-project/opensearch-ruby/blob/main/opensearch-ruby/README.md) documentation for further details.
-## Development
-You can run `rake -T` to check the test tasks. Use `COVERAGE=true` before running a test task to check the coverage with Simplecov.
+See [USER_GUIDE](USER_GUIDE.md).
 ## License

data/USER_GUIDE.md ADDED Viewed

@@ -0,0 +1,59 @@
+- [User Guide](#user-guide)
+  - [Setup](#setup)
+  - [Usage](#usage)
+    - [Amazon OpenSearch Service](#amazon-opensearch-service)
+# User Guide
+## Setup
+To add the gem to your project, install it using [RubyGems](https://rubygems.org/):
+```
+gem install opensearch-aws-sigv4
+```
+or add it to your Gemfile:
+```
+gem opensearch-aws-sigv4
+```
+and run:
+```
+bundle install
+```
+## Usage
+This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main/opensearch-ruby), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
+### Amazon OpenSearch Service
+To sign requests for the Amazon OpenSearch Service:
+```ruby
+require 'opensearch-aws-sigv4'
+require 'aws-sigv4'
+signer = Aws::Sigv4::Signer.new(service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
+                                region: 'us-west-2', # signing service region
+                                access_key_id: 'key_id',
+                                secret_access_key: 'secret')
+client = OpenSearch::Aws::Sigv4Client.new({
+    host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
+    log: true
+}, signer)
+# create an index and document
+index = 'prime'
+client.indices.create(index: index)
+client.index(index: index, id: '1', body: { name: 'Amazon Echo',
+                                            msrp: '5999',
+                                            year: 2011 })
+# search for the document
+client.search(body: { query: { match: { name: 'Echo' } } })
+# delete the document
+client.delete(index: index, id: '1')
+# delete the index
+client.indices.delete(index: index)
+```

data/lib/opensearch-aws-sigv4/version.rb CHANGED Viewed

@@ -10,7 +10,7 @@
 module OpenSearch
   module Aws
     module Sigv4
-      VERSION = '1.0.0'.freeze
+      VERSION = '1.2.0'.freeze
     end
   end
 end

data/lib/opensearch-aws-sigv4.rb CHANGED Viewed

@@ -39,18 +39,21 @@ module OpenSearch
       # @param [Hash] transport_args arguments for OpenSearch::Transport::Client.
       # @param [&block] block code block to be passed to OpenSearch::Transport::Client.
       # @param [Aws::Sigv4::Signer] sigv4_signer an instance of AWS Sigv4 Signer.
-      def initialize(transport_args = {}, sigv4_signer, &block)
+      # @param [Hash] options
+      # @option options [Boolean] :sigv4_debug whether to log debug info for Sigv4 Signing
+      def initialize(transport_args = {}, sigv4_signer, options: {}, &block)
         unless sigv4_signer.is_a?(::Aws::Sigv4::Signer)
           raise ArgumentError, "Please pass a Aws::Sigv4::Signer. A #{sigv4_signer.class} was given."
         end
         @sigv4_signer = sigv4_signer
-        super transport_args, &block
+        @sigv4_debug = options[:sigv4_debug]
+        @logger = nil
+        super(transport_args, &block)
       end
       # @see OpenSearch::Transport::Transport::Base::perform_request
       def perform_request(method, path, params = {}, body = nil, headers = nil)
-        verify_open_search unless @verified
         signature_body = body.is_a?(Hash) ? body.to_json : body.to_s
         signature = sigv4_signer.sign_request(
           http_method: method,
@@ -58,17 +61,46 @@ module OpenSearch
           headers: headers,
           body: signature_body)
         headers = (headers || {}).merge(signature.headers)
-        @transport.perform_request(method, path, params, body, headers)
+        log_signature_info(signature)
+        super(method, path, params, body, headers)
       end
       private
+      def verify_open_search
+        @verified = true
+      end
       def signature_url(path, params)
         host = @transport.transport.hosts.dig(0, :host)
         path = '/' + path unless path.start_with?('/')
         query_string = params.empty? ? '' : "#{Faraday::Utils::ParamsHash[params].to_query}"
         URI::HTTP.build(host: host, path: path, query: query_string)
       end
+      # @param [Aws::Sigv4::Signature] signature
+      def log_signature_info(signature)
+        return unless @sigv4_debug
+        log('string to sign', signature.string_to_sign)
+        log('canonical request', signature.canonical_request)
+        log('signature headers', signature.headers)
+      end
+      def log(title, message)
+        logger.debug("#{title.upcase}:\n\e[36m#{message}\e[0m")
+      end
+      def logger
+        return @logger if @logger
+        require 'logger'
+        @logger = Logger.new(
+          STDOUT,
+          progname: 'Sigv4',
+          formatter: proc { |_severity, datetime, progname, msg| "\e[34m(#{datetime})  #{progname} - #{msg}\e[0m\n\n" })
+      end
     end
   end
 end

data/opensearch-aws-sigv4.gemspec CHANGED Viewed

@@ -16,8 +16,8 @@ signing_key_path = File.expand_path("../gem-private_key.pem")
 Gem::Specification.new do |s|
   s.name          = 'opensearch-aws-sigv4'
   s.version       = OpenSearch::Aws::Sigv4::VERSION
-  s.authors       = ['Theo Truong']
-  s.email         = ['theo.nam.truong@gmail.com']
+  s.authors       = ['Theo Truong', 'Robin Roestenburg']
+  s.email         = ['theo.nam.truong@gmail.com', 'robin.roestenburg@4me.com']
   s.summary       = 'Ruby AWS Sigv4 Client for OpenSearch'
   s.homepage      = 'https://opensearch.org/docs/latest'
   s.license       = 'Apache-2.0'

data/spec/unit/sigv4_client_spec.rb CHANGED Viewed

@@ -13,7 +13,7 @@ require 'timecop'
 describe OpenSearch::Aws::Sigv4Client do
   subject(:client) do
-    OpenSearch::Aws::Sigv4Client.new(
+    described_class.new(
       { host: 'http://localhost:9200',
         transport_options: { ssl: { verify: false } } },
       signer)
@@ -50,17 +50,16 @@ describe OpenSearch::Aws::Sigv4Client do
       _double
     end
     let(:signed_headers) do
-       { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
+      { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
                             'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' \
                             'Signature=9c4c690110483308f62a91c2ca873857750bca2607ba1aabdae0d2303950310a',
-         'host' => 'localhost',
-         'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
-         'x-amz-date' => '20220101T000000Z' }
+        'host' => 'localhost',
+        'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
+        'x-amz-date' => '20220101T000000Z' }
     end
     before(:each) do
       Timecop.freeze(Time.utc(2022))
-      allow(client).to receive(:verify_open_search) { true }
       client.transport = transport_double
     end
@@ -71,5 +70,10 @@ describe OpenSearch::Aws::Sigv4Client do
       expect(output).to eq(response)
       expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, '', signed_headers)
     end
+    it 'skips the opensearch verification' do
+      expect(client).to_not receive(:open_search_validation_request)
+      client.perform_request('GET', '/_stats', {}, '', {})
+    end
   end
 end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,10 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: opensearch-aws-sigv4
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Theo Truong
+- Robin Roestenburg
 autorequire:
 bindir: bin
 cert_chain:
@@ -30,7 +31,7 @@ cert_chain:
   r+j7FLyKuk5DzIxiCp8QN5dU71BbGUmsHf/C5UV76WLPOFX/szeaHhPwpjR3sK7r
   5zLgCV1KP7cgDdCYMlmZGeSViU8NV+Yy8/ghrzGpqVw=
   -----END CERTIFICATE-----
-date: 2022-11-30 00:00:00.000000000 Z
+date: 2023-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
@@ -205,6 +206,7 @@ description: 'Ruby AWS Sigv4 Client for OpenSearch
   '
 email:
 - theo.nam.truong@gmail.com
+- robin.roestenburg@4me.com
 executables:
 - opensearch_sigv4_console
 extensions: []
@@ -213,10 +215,12 @@ extra_rdoc_files:
 - LICENSE
 files:
 - ".gitignore"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
+- USER_GUIDE.md
 - bin/opensearch_sigv4_console
 - lib/opensearch-aws-sigv4.rb
 - lib/opensearch-aws-sigv4/version.rb

metadata.gz.sig CHANGED Viewed

@@ -1,2 +1,3 @@
-)2�60U�$��������
-��6P�wM0~D͹P����bӒ56��1G`���V�<`L�
+��m��F���Z}����]I�⇁�H.�3���O��
+#M��f����E�S��,sT���-D|��D�>�hU&5IʞV�����������(�B��cז�s<҇~���
+zQ�b��8whݮD����Y������"��� ��<e8]�Db���21���z3=T�Ȑ, ��X� _ńu#��@���0���s8�����5��s�CB����΂��}M��Sf��?􊸼z�Z����}��N�AF�be