opensearch-aws-sigv4 1.2.1 → 2.0.0.pre.beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/README.md +11 -5
  4. data/USER_GUIDE.md +49 -41
  5. data/lib/opensearch-aws-sigv4/version.rb +1 -1
  6. data/lib/opensearch-aws-sigv4.rb +40 -74
  7. data/opensearch-aws-sigv4.gemspec +4 -6
  8. data.tar.gz.sig +0 -0
  9. metadata +19 -35
  10. metadata.gz.sig +0 -0
  11. data/spec/unit/open_search/aws/sigv4_client_spec.rb +0 -101
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3653f0078c0217fcf752f3a3dbd8f5fb69d528f1792c8f15bab2d227729befc4
4
- data.tar.gz: 41e8d376d24bb217f766970265a50c4502d8b7ca6995099619bb5c9051a8e6c4
3
+ metadata.gz: 102c17b87f52f20a9d554f36347e9e458d846e6a00c0a98637fc308ba9e2846f
4
+ data.tar.gz: b2f41069ad25a0da064331550b1f83aea76f7abacc384c1c8b44b919057b3513
5
5
  SHA512:
6
- metadata.gz: 65bd6720403fb13d258a21c0e21c28312d57b04346435388f23ddf976e1aedf190abbb7c469b4cacc0c418b0bd29bb7ee700eae59fb58cac388be5e8067eed72
7
- data.tar.gz: ae9eb85688027bb1b9de52fc62f5c8a3829d99e8414c397b80486e94f225f3393a47ea7cad47bf2b448247d136c9da0b777408fd6ec927b626dd534794862e37
6
+ metadata.gz: 47b70757731a9cd594d1491d95c1576a53eb73cabe494d98813a1b69f3b5eef6d0a37a7f8f4fefdfacc5c7e440a8a1d587199e42fe95b9e9c4c6381bf3dfb710
7
+ data.tar.gz: cdf066b67d5df7e6167d8cb8bd3ec02b94e33d354da124532e5004a5906f035f54d51c07c5f4a2e9d0efc95e26ddd93091d470a2a480a5479a674050e6422a2e
checksums.yaml.gz.sig CHANGED
Binary file
data/README.md CHANGED
@@ -1,14 +1,20 @@
1
1
  [<img src="OpenSearch.svg" width="400">](https://opensearch.org)
2
2
 
3
- # OpenSearch AWS Sigv4 Client
3
+ # OpenSearch AWS SigV4 Request Signer
4
4
 
5
- The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for connecting to [Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/index.html).
6
-
7
- This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
5
+ The `opensearch-aws-sigv4` library provides an AWS Sigv4 request signer for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch.
8
6
 
9
7
  ## Compatibility
10
8
 
11
- The `opensearch-aws-sigv4` library is compatible with all versions of `opensearch-ruby`.
9
+ The compatibility between `opensearch-aws-sigv4` and `opensearch-ruby` is as follows:
10
+
11
+ | `opensearch-aws-sigv4` Version | Compatible `opensearch-ruby` Versions |
12
+ |-------------------------------|--------------------------------------|
13
+ | `< 2.0` | `> 4.0` |
14
+ | `>= 2.0` | `<= 4.0` |
15
+
16
+ - **`opensearch-aws-sigv4 < 2.0`** is compatible with all versions of **`opensearch-ruby > 4.0`**.
17
+ - **`opensearch-aws-sigv4 >= 2.0`** is compatible with all versions of **`opensearch-ruby <= 4.0`**.
12
18
 
13
19
  ## User Guide
14
20
 
data/USER_GUIDE.md CHANGED
@@ -23,7 +23,7 @@ bundle install
23
23
 
24
24
  ## Usage
25
25
 
26
- This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
26
+ This library provides an AWS SigV4 request signer for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch.
27
27
 
28
28
  ### Amazon OpenSearch Service
29
29
  To sign requests for the Amazon OpenSearch Service:
@@ -32,22 +32,30 @@ To sign requests for the Amazon OpenSearch Service:
32
32
  require 'opensearch-aws-sigv4'
33
33
  require 'aws-sigv4'
34
34
 
35
- signer = Aws::Sigv4::Signer.new(service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
36
- region: 'us-west-2', # signing service region
37
- access_key_id: 'key_id',
38
- secret_access_key: 'secret')
35
+ request_signer = OpenSearch::Aws::Sigv4RequestSigner.new(
36
+ service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
37
+ region: 'us-west-2', # signing service region
38
+ access_key_id: 'key_id',
39
+ secret_access_key: 'secret'
40
+ )
39
41
 
40
- client = OpenSearch::Aws::Sigv4Client.new({
41
- host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
42
- log: true
43
- }, signer)
42
+ client = OpenSearch::Client.new(
43
+ host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
44
+ request_signer: request_signer
45
+ )
44
46
 
45
47
  # create an index and document
46
48
  index = 'prime'
47
49
  client.indices.create(index: index)
48
- client.index(index: index, id: '1', body: { name: 'Amazon Echo',
49
- msrp: '5999',
50
- year: 2011 })
50
+ client.index(
51
+ index: index,
52
+ id: '1',
53
+ body: {
54
+ name: 'Amazon Echo',
55
+ msrp: '5999',
56
+ year: 2011
57
+ }
58
+ )
51
59
 
52
60
  # search for the document
53
61
  client.search(body: { query: { match: { name: 'Echo' } } })
@@ -60,37 +68,37 @@ client.indices.delete(index: index)
60
68
  ```
61
69
 
62
70
  ### Enable Sigv4 Debug Logging
63
- If you run into credentials errors, usually from expired session, set the `sigv4_debug` option to `true` when creating the client to print out the Sigv4 Signing Debug information.
64
71
 
65
- ```ruby
66
- client = OpenSearch::Aws::Sigv4Client.new({
67
- host: 'https://your.amz-managed-opensearch.domain',
68
- }, signer, sigv4_debug: true)
72
+ The `opensearch-aws-sigv4` gem outputs the contents of the signature at the `debug` level via the logger passed to the `OpenSearch::Client`.
73
+
74
+ To inspect the actual signature content being generated for each request (e.g. for debugging purposes or troubleshooting), pass a logger configured with `DEBUG` level like this:
69
75
 
70
- client.info
76
+ ```ruby
77
+ request_signer = OpenSearch::Aws::Sigv4RequestSigner.new(
78
+ service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
79
+ region: 'us-west-2', # signing service region
80
+ access_key_id: 'key_id',
81
+ secret_access_key: 'secret'
82
+ )
83
+
84
+ logger = Logger.new($stdout)
85
+ logger.level = Logger::DEBUG
86
+
87
+ client = OpenSearch::Client.new(
88
+ host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
89
+ logger: logger,
90
+ request_signer: request_signer
91
+ )
92
+
93
+ puts client.info
71
94
  ```
72
95
 
73
- ```shell
74
- (2023-04-25 11:02:59 -0600) Sigv4 - STRING TO SIGN:
75
- AWS4-HMAC-SHA256
76
- 20230425T170259Z
77
- 20230425/us-east-1/aoss/aws4_request
78
- 0e20bdc5eda484f2b0e65f8a33514c48471500da91b1f0c8bb6b86770b5dc6c4
79
-
80
- (2023-04-25 11:02:59 -0600) Sigv4 - CANONICAL REQUEST:
81
- GET
82
- /
83
-
84
- host:your.amz-managed-opensearch.domain
85
- x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
86
- x-amz-date:20230425T170259Z
87
-
88
- host;x-amz-content-sha256;x-amz-date
89
- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
90
-
91
- (2023-04-25 11:02:59 -0600) Sigv4 - SIGNATURE HEADERS:
92
- {"host"=>"your.amz-managed-opensearch.domain",
93
- "x-amz-date"=>"20230425T170259Z",
94
- "x-amz-content-sha256"=>"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
95
- "authorization"=>"AWS4-HMAC-SHA256 Credential=ABCDEFGH/20230425/us-east-1/aoss/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=858f171c834231ae3c885c670217f94c68f010e85c50b0ad095444966fb5df0c"}
96
+ This will output log messages like this:
97
+
98
+ ```
99
+ I, [2025-03-31T20:32:24.398301 #77479] INFO -- : Signing request with AWS SigV4: GET http://your.amz-managed-opensearch.domain/
100
+ D, [2025-03-31T20:32:24.399198 #77479] DEBUG -- : Signed headers with AWS SigV4: {"host" => "your.amz-managed-opensearch.domain", "x-amz-date" => "20250331T113224Z", "x-amz-content-sha256" => "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "authorization" => "AWS4-HMAC-SHA256 Credential=key_id/20250331/us-west-2/es/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=57c69c2da9597c40625e2dbef3806bdfa0e9e50c99918d2ae10a264110352e51"}
101
+ ...
96
102
  ```
103
+
104
+ By default, the signer will use the logger from the `opensearch-ruby` gem. To ensure safe logging in a production environment, make sure its level is set to `INFO` to avoid logging debug-level signed headers.
data/lib/opensearch-aws-sigv4/version.rb CHANGED
@@ -12,7 +12,7 @@
12
12
  module OpenSearch
13
13
  module Aws
14
14
  module Sigv4
15
- VERSION = '1.2.1'
15
+ VERSION = '2.0.0-beta.1'
16
16
  end
17
17
  end
18
18
  end
data/lib/opensearch-aws-sigv4.rb CHANGED
@@ -14,97 +14,63 @@ require 'opensearch-ruby'
14
14
  require 'aws-sigv4/signer'
15
15
  require 'faraday'
16
16
  require 'json'
17
+ require 'forwardable'
17
18
 
18
19
  module OpenSearch
19
20
  module Aws
20
- # AWS Sigv4 Wrapper for OpenSearch::Client.
21
- # This client accepts a Sigv4 Signer during initialization, and signs every request
22
- # with a Sigv4 Signature with the provided signer.
21
+ # AWS Sigv4 request signer for <tt>OpenSearch::Transport::Client</tt>.
23
22
  #
24
- # @example
25
- # signer = Aws::Sigv4::Signer.new(service: 'es',
26
- # region: 'us-east-1',
27
- # access_key_id: '<access_key_id>',
28
- # secret_access_key: '<secret_access_key>',
29
- # session_token: '<session_token>')
23
+ # @link https://github.com/opensearch-project/opensearch-ruby/blob/main/DEVELOPER_GUIDE.md#create-a-request-signer
30
24
  #
31
- # client = OpenSearch::Aws::Sigv4Client.new(
32
- # { host: 'https://my-os-domain.us-east-1.es.amazonaws.com/' },
33
- # signer
34
- # )
25
+ # @param [Hash] options Signer options
26
+ # @option options [String] :service ('es') The AWS service name.
27
+ # @option options [String] :region The AWS region.
28
+ # @option options [String] :access_key_id The AWS access key ID.
29
+ # @option options [String] :secret_access_key The AWS secret access key.
30
+ # @option options [String] :session_token (optional) The AWS session token.
35
31
  #
36
- # puts client.cat.health
32
+ # @example
33
+ # client = OpenSearch::Client.new({
34
+ # host: 'https://my-os-domain.us-east-1.es.amazonaws.com/',
35
+ # request_signer: OpenSearch::Aws::Sigv4RequestSigner.new(
36
+ # service: 'es',
37
+ # region: 'us-east-1',
38
+ # access_key_id: '<access_key_id>',
39
+ # secret_access_key: '<secret_access_key>',
40
+ # session_token: '<session_token>'
41
+ # )
42
+ # })
37
43
  #
38
- # @attr [Aws::Sigv4::Signer] sigv4_signer Signer used to sign every request
39
- class Sigv4Client < ::OpenSearch::Client
40
- attr_accessor :sigv4_signer
44
+ # puts client.cat.health
45
+ class Sigv4RequestSigner
46
+ extend Forwardable
47
+
48
+ attr_reader :signer
41
49
 
42
- # @param [Hash] transport_args arguments for OpenSearch::Transport::Client.
43
- # @param [&block] block code block to be passed to OpenSearch::Transport::Client.
44
- # @param [Aws::Sigv4::Signer] sigv4_signer an instance of AWS Sigv4 Signer.
45
- # @param [Hash] options
46
- # @option options [Boolean] :sigv4_debug whether to log debug info for Sigv4 Signing
47
- def initialize(transport_args, sigv4_signer, options: {}, &block)
48
- unless sigv4_signer.is_a?(::Aws::Sigv4::Signer)
49
- raise ArgumentError, "Please pass a Aws::Sigv4::Signer. A #{sigv4_signer.class} was given."
50
- end
50
+ def_delegators :@signer, :service, :region, :credentials_provider, :unsigned_headers, :apply_checksum_header
51
51
 
52
- @sigv4_signer = sigv4_signer
53
- @sigv4_debug = options[:sigv4_debug]
54
- @logger = nil
55
- super(transport_args, &block)
52
+ def initialize(options = {})
53
+ @signer = ::Aws::Sigv4::Signer.new({
54
+ service: 'es'
55
+ }.merge(options))
56
56
  end
57
57
 
58
- # @see OpenSearch::Transport::Transport::Base::perform_request
59
- def perform_request(method, path, params = {}, body = nil, headers = nil)
58
+ def sign_request(method:, path:, params:, body:, headers:, host:, port:, url:, logger:) # rubocop:disable Lint/UnusedMethodArgument
59
+ logger&.info("Signing request with AWS SigV4: #{method} #{url}")
60
+
60
61
  signature_body = body.is_a?(Hash) ? body.to_json : body.to_s
61
- signature = sigv4_signer.sign_request(
62
+ signature = @signer.sign_request(
62
63
  http_method: method,
63
- url: signature_url(path, params),
64
+ url: url,
64
65
  headers: headers,
65
- body: signature_body
66
+ body: signature_body,
67
+ logger: logger
66
68
  )
67
- headers = (headers || {}).merge(signature.headers)
68
-
69
- log_signature_info(signature)
70
- super(method, path, params, signature_body, headers)
71
- end
72
69
 
73
- private
74
-
75
- def verify_open_search
76
- @verified = true
77
- end
70
+ signed_headers = signature.headers
71
+ logger&.debug("Signed headers with AWS SigV4: #{signed_headers}")
78
72
 
79
- def signature_url(path, params)
80
- host = @transport.transport.hosts.dig(0, :host)
81
- path = "/#{path}" unless path.start_with?('/')
82
- query_string = params.empty? ? '' : Faraday::Utils::ParamsHash[params].to_query.to_s
83
- URI::HTTP.build(host: host, path: path, query: query_string)
84
- end
85
-
86
- # @param [Aws::Sigv4::Signature] signature
87
- def log_signature_info(signature)
88
- return unless @sigv4_debug
89
-
90
- log('string to sign', signature.string_to_sign)
91
- log('canonical request', signature.canonical_request)
92
- log('signature headers', signature.headers)
93
- end
94
-
95
- def log(title, message)
96
- logger.debug("#{title.upcase}:\n\e[36m#{message}\e[0m")
97
- end
98
-
99
- def logger
100
- return @logger if @logger
101
-
102
- require 'logger'
103
- @logger = Logger.new(
104
- $stdout,
105
- progname: 'Sigv4',
106
- formatter: proc { |_severity, datetime, progname, msg| "\e[34m(#{datetime}) #{progname} - #{msg}\e[0m\n\n" }
107
- )
73
+ (headers || {}).merge(signed_headers)
108
74
  end
109
75
  end
110
76
  end
data/opensearch-aws-sigv4.gemspec CHANGED
@@ -33,7 +33,6 @@ Gem::Specification.new do |s|
33
33
  }
34
34
 
35
35
  s.files = Dir['lib/**/*', '*.gemspec']
36
- s.test_files = Dir['spec/unit/**/*']
37
36
  s.require_paths = ['lib']
38
37
  s.bindir = 'bin'
39
38
  s.executables = 'opensearch_sigv4_console'
@@ -41,14 +40,13 @@ Gem::Specification.new do |s|
41
40
  s.extra_rdoc_files = %w[README.md USER_GUIDE.md LICENSE]
42
41
  s.rdoc_options = ['--charset=UTF-8']
43
42
 
44
- signing_key = File.expand_path('gem-private_key.pem')
43
+ signing_key = File.expand_path(ENV.fetch('GEM_PRIVATE_KEY', 'gem-private_key.pem'))
45
44
  if $PROGRAM_NAME.end_with?('gem') && ARGV.first == 'build' && File.exist?(signing_key)
46
45
  s.signing_key = signing_key
47
- s.cert_chain = ['.github/opensearch-rubygems.pem']
46
+ s.cert_chain = [ENV.fetch('GEM_PUBLIC_CERT', '.github/opensearch-rubygems.pem')]
48
47
  end
49
48
 
50
- s.required_ruby_version = '>= 2.4'
49
+ s.required_ruby_version = '>= 3.0'
51
50
 
52
- s.add_dependency 'aws-sigv4', '>= 1'
53
- s.add_dependency 'opensearch-ruby', '>= 1.0.1'
51
+ s.add_dependency 'aws-sigv4', '~> 1'
54
52
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,18 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: opensearch-aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 2.0.0.pre.beta.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - OpenSearch Contributors
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain:
11
11
  - |
12
12
  -----BEGIN CERTIFICATE-----
13
13
  MIIDfDCCAmSgAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMRMwEQYDVQQDDApvcGVu
14
14
  c2VhcmNoMRYwFAYKCZImiZPyLGQBGRYGYW1hem9uMRMwEQYKCZImiZPyLGQBGRYD
15
- Y29tMB4XDTIzMDgyNDIwNDIwNFoXDTI0MDgyMzIwNDIwNFowQjETMBEGA1UEAwwK
15
+ Y29tMB4XDTI0MDcyNjIzMjIyN1oXDTI1MDcyNjIzMjIyN1owQjETMBEGA1UEAwwK
16
16
  b3BlbnNlYXJjaDEWMBQGCgmSJomT8ixkARkWBmFtYXpvbjETMBEGCgmSJomT8ixk
17
17
  ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1z3/jcitjV
18
18
  umXwRFn+JSBBd36qZB54Dtucf6+E2fmNPzBRhgYN5XJy/+clQJ9NIJV7C8H52P3V
@@ -23,43 +23,29 @@ cert_chain:
23
23
  zfR37/NQFkECAwEAAaN9MHswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
24
24
  BBYEFJJ2myhLXK742btavNbG0IWrMNBIMCAGA1UdEQQZMBeBFW9wZW5zZWFyY2hA
25
25
  YW1hem9uLmNvbTAgBgNVHRIEGTAXgRVvcGVuc2VhcmNoQGFtYXpvbi5jb20wDQYJ
26
- KoZIhvcNAQELBQADggEBABAQpnELuY5AgdNUIlIVRVATO6iZOXTbt3a9oVbQdLPe
27
- BfMObZyJydg0+leyR3oFyN9ZIFiEFwpd0biFf39DuC0M6Oge0Rv4oO9GRI3yyv77
28
- 9m59he+5DI3hbqtGje108oqRe61NZMlKcy/DCBVkzzZFsJ17GC09tY/gwhmNRtLV
29
- 3vYIEY6vmn57wrGn1NUzWdG+x/XVjYPw5Kwo+/rCxxZqpVTklMqVWV43N/lFrUOe
30
- 1DlemA1SsUBIoF7CwtVd/RTG/K1iT6nBD08fdKxodMhI5ujkP3N7gkxzRf6aKN4z
31
- glnDJYZjluKBUsKTOLdPW1CZpb0AHLpNqDf8SVHsPFk=
26
+ KoZIhvcNAQELBQADggEBAB1D6Ba88KkTApeUl0Iv/WKie1WNi+6o3KQhqqLt+xjB
27
+ oiBLLdQpKwH7k/TkCmfo9/8lY1sa3Pxckuw2fNVDaVhEHX56fmTUPoOjkyPS4H19
28
+ YEKFBeY6U1aF7a2piN58j4EcPP7Kv0KD3RlaEwKbYJTiOy/0f5XjWqVYKOS+DrjM
29
+ EMhX0gWR5oucydDNSi5hkggPYqCZnW9q6yo+k/FW+DK33CeUm69D6elFx7qPGhEx
30
+ m0rB25J1sO2yjlalRdBoV5p7OKaWG4CGMr+q6vCC2za7yrtZiYOOv+KpWmheTwds
31
+ P1nbdIL2eAXGfNU3cbtYisS1sSYi7VSkS52pVk8Jgtw=
32
32
  -----END CERTIFICATE-----
33
- date: 2023-10-03 00:00:00.000000000 Z
33
+ date: 2025-04-04 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: aws-sigv4
37
37
  requirement: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - ">="
39
+ - - "~>"
40
40
  - !ruby/object:Gem::Version
41
41
  version: '1'
42
42
  type: :runtime
43
43
  prerelease: false
44
44
  version_requirements: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - ">="
46
+ - - "~>"
47
47
  - !ruby/object:Gem::Version
48
48
  version: '1'
49
- - !ruby/object:Gem::Dependency
50
- name: opensearch-ruby
51
- requirement: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - ">="
54
- - !ruby/object:Gem::Version
55
- version: 1.0.1
56
- type: :runtime
57
- prerelease: false
58
- version_requirements: !ruby/object:Gem::Requirement
59
- requirements:
60
- - - ">="
61
- - !ruby/object:Gem::Version
62
- version: 1.0.1
63
49
  description: |
64
50
  A wrapper for opensearch-ruby gem that provides AWS Sigv4 signing.
65
51
  It behaves like OpenSearch::Client, but signs every request with AWS Sigv4
@@ -81,7 +67,6 @@ files:
81
67
  - lib/opensearch-aws-sigv4/version.rb
82
68
  - lib/opensearch_aws_sigv4.rb
83
69
  - opensearch-aws-sigv4.gemspec
84
- - spec/unit/open_search/aws/sigv4_client_spec.rb
85
70
  homepage: https://github.com/opensearch-project/opensearch-ruby-aws-sigv4
86
71
  licenses:
87
72
  - Apache-2.0
@@ -91,7 +76,7 @@ metadata:
91
76
  source_code_uri: https://github.com/opensearch-project/opensearch-ruby-aws-sigv4/tree/main
92
77
  bug_tracker_uri: https://github.com/opensearch-project/opensearch-ruby-aws-sigv4/issues
93
78
  changelog_uri: https://github.com/opensearch-project/opensearch-ruby-aws-sigv4/blob/main/CHANGELOG.md
94
- post_install_message:
79
+ post_install_message:
95
80
  rdoc_options:
96
81
  - "--charset=UTF-8"
97
82
  require_paths:
@@ -100,16 +85,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
100
85
  requirements:
101
86
  - - ">="
102
87
  - !ruby/object:Gem::Version
103
- version: '2.4'
88
+ version: '3.0'
104
89
  required_rubygems_version: !ruby/object:Gem::Requirement
105
90
  requirements:
106
- - - ">="
91
+ - - ">"
107
92
  - !ruby/object:Gem::Version
108
- version: '0'
93
+ version: 1.3.1
109
94
  requirements: []
110
- rubygems_version: 3.3.26
111
- signing_key:
95
+ rubygems_version: 3.3.27
96
+ signing_key:
112
97
  specification_version: 4
113
98
  summary: Ruby AWS Sigv4 Client for OpenSearch
114
- test_files:
115
- - spec/unit/open_search/aws/sigv4_client_spec.rb
99
+ test_files: []
metadata.gz.sig CHANGED
Binary file
data/spec/unit/open_search/aws/sigv4_client_spec.rb DELETED
@@ -1,101 +0,0 @@
1
- # SPDX-License-Identifier: Apache-2.0
2
- #
3
- # The OpenSearch Contributors require contributions made to
4
- # this file be licensed under the Apache-2.0 license or a
5
- # compatible open source license.
6
- #
7
- # Modifications Copyright OpenSearch Contributors. See
8
- # GitHub history for details.
9
-
10
- # frozen_string_literal: true
11
-
12
- require_relative '../../../spec_helper'
13
- require 'aws-sigv4'
14
- require 'timecop'
15
-
16
- describe OpenSearch::Aws::Sigv4Client do
17
- subject(:client) do
18
- described_class.new(
19
- { host: 'http://localhost:9200',
20
- transport_options: { ssl: { verify: false } } },
21
- signer
22
- )
23
- end
24
-
25
- let(:signer) do
26
- Aws::Sigv4::Signer.new(service: 'es',
27
- region: 'us-west-2',
28
- access_key_id: 'key_id',
29
- secret_access_key: 'secret')
30
- end
31
-
32
- describe '.initialize' do
33
- context 'when a Sigv4 Signer is NOT provided' do
34
- let(:signer) { nil }
35
-
36
- it 'raises an argument error' do
37
- expect { client }.to raise_error ArgumentError, 'Please pass a Aws::Sigv4::Signer. A NilClass was given.'
38
- end
39
- end
40
-
41
- context 'when a Sigv4 Signer is provided' do
42
- it 'does NOT raise any error' do
43
- expect { client }.not_to raise_error
44
- end
45
- end
46
- end
47
-
48
- describe '#perform_request' do
49
- let(:response) { { body: 'Response Body' } }
50
- let(:transport_double) do
51
- double = instance_double(OpenSearch::Transport::Client, perform_request: response)
52
- allow(double).to receive_message_chain(:transport, :hosts, :dig).and_return('localhost')
53
- double
54
- end
55
- let(:signed_headers) do
56
- { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
57
- 'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' \
58
- 'Signature=9c4c690110483308f62a91c2ca873857750bca2607ba1aabdae0d2303950310a',
59
- 'host' => 'localhost',
60
- 'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
61
- 'x-amz-date' => '20220101T000000Z' }
62
- end
63
-
64
- before do
65
- Timecop.freeze(Time.utc(2022))
66
- client.transport = transport_double
67
- end
68
-
69
- after { Timecop.return }
70
-
71
- it 'signs the request before passing it to @transport' do
72
- output = client.perform_request('GET', '/', {}, '', {})
73
- expect(output).to eq(response)
74
- expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, '', signed_headers)
75
- end
76
-
77
- it 'skips the opensearch verification' do
78
- allow(client).to receive(:open_search_validation_request)
79
- client.perform_request('GET', '/_stats', {}, '', {})
80
- expect(client).not_to have_received(:open_search_validation_request)
81
- end
82
-
83
- it 'passes the same body to sign_request and super' do
84
- body = {
85
- char_filter: {
86
- test: {
87
- type: 'mapping',
88
- mappings: ["’ => '"]
89
- }
90
- }
91
- }
92
- signature_body = body.to_json
93
-
94
- allow(signer).to receive(:sign_request).with(a_hash_including(body: signature_body)).and_call_original
95
-
96
- client.perform_request('GET', '/', {}, body, {})
97
-
98
- expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, signature_body, kind_of(Hash))
99
- end
100
- end
101
- end