opensearch-aws-sigv4 1.3.0 → 2.0.0.pre.beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/README.md +11 -5
  4. data/USER_GUIDE.md +49 -41
  5. data/lib/opensearch-aws-sigv4/version.rb +1 -1
  6. data/lib/opensearch-aws-sigv4.rb +40 -77
  7. data/opensearch-aws-sigv4.gemspec +4 -6
  8. data.tar.gz.sig +0 -0
  9. metadata +8 -30
  10. metadata.gz.sig +0 -0
  11. data/spec/unit/open_search/aws/sigv4_client_spec.rb +0 -107
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6a1bbddbba6e3e1872e65075cabeb1386e334a4e21107f0193869174653dfc52
4
- data.tar.gz: 7fe1d0e9522f976db80affd18fb9927af8898a780d2c07a3abe4119a68013eb4
3
+ metadata.gz: 102c17b87f52f20a9d554f36347e9e458d846e6a00c0a98637fc308ba9e2846f
4
+ data.tar.gz: b2f41069ad25a0da064331550b1f83aea76f7abacc384c1c8b44b919057b3513
5
5
  SHA512:
6
- metadata.gz: 9d11753e96e212bc8726dbfc149c788d2a291e44b7593b83860048f560a4988c4826ef5669547bf0b4fa3dd2dac91651a1ce7eb9de2c0c7d82b4df10c32ea88c
7
- data.tar.gz: 593355060580e5f2b72c8be568282fb4f0a89369a75b6f30a9bae696285530fd3b38bd6450728030586bf66fb4d01cdf4d5d048ff4ca808ee6dc5acab896b418
6
+ metadata.gz: 47b70757731a9cd594d1491d95c1576a53eb73cabe494d98813a1b69f3b5eef6d0a37a7f8f4fefdfacc5c7e440a8a1d587199e42fe95b9e9c4c6381bf3dfb710
7
+ data.tar.gz: cdf066b67d5df7e6167d8cb8bd3ec02b94e33d354da124532e5004a5906f035f54d51c07c5f4a2e9d0efc95e26ddd93091d470a2a480a5479a674050e6422a2e
checksums.yaml.gz.sig CHANGED
Binary file
data/README.md CHANGED
@@ -1,14 +1,20 @@
1
1
  [<img src="OpenSearch.svg" width="400">](https://opensearch.org)
2
2
 
3
- # OpenSearch AWS Sigv4 Client
3
+ # OpenSearch AWS SigV4 Request Signer
4
4
 
5
- The `opensearch-aws-sigv4` library provides an AWS Sigv4 client for connecting to [Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/index.html).
6
-
7
- This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
5
+ The `opensearch-aws-sigv4` library provides an AWS Sigv4 request signer for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch.
8
6
 
9
7
  ## Compatibility
10
8
 
11
- The `opensearch-aws-sigv4` library is compatible with all versions of `opensearch-ruby`.
9
+ The compatibility between `opensearch-aws-sigv4` and `opensearch-ruby` is as follows:
10
+
11
+ | `opensearch-aws-sigv4` Version | Compatible `opensearch-ruby` Versions |
12
+ |-------------------------------|--------------------------------------|
13
+ | `< 2.0` | `> 4.0` |
14
+ | `>= 2.0` | `<= 4.0` |
15
+
16
+ - **`opensearch-aws-sigv4 < 2.0`** is compatible with all versions of **`opensearch-ruby > 4.0`**.
17
+ - **`opensearch-aws-sigv4 >= 2.0`** is compatible with all versions of **`opensearch-ruby <= 4.0`**.
12
18
 
13
19
  ## User Guide
14
20
 
data/USER_GUIDE.md CHANGED
@@ -23,7 +23,7 @@ bundle install
23
23
 
24
24
  ## Usage
25
25
 
26
- This library is an AWS Sigv4 wrapper for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch. The `OpenSearch::Aws::Sigv4Client`, therefore, has all features of `OpenSearch::Client`.
26
+ This library provides an AWS SigV4 request signer for [`opensearch-ruby`](https://github.com/opensearch-project/opensearch-ruby/tree/main), which is a Ruby client for OpenSearch.
27
27
 
28
28
  ### Amazon OpenSearch Service
29
29
  To sign requests for the Amazon OpenSearch Service:
@@ -32,22 +32,30 @@ To sign requests for the Amazon OpenSearch Service:
32
32
  require 'opensearch-aws-sigv4'
33
33
  require 'aws-sigv4'
34
34
 
35
- signer = Aws::Sigv4::Signer.new(service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
36
- region: 'us-west-2', # signing service region
37
- access_key_id: 'key_id',
38
- secret_access_key: 'secret')
35
+ request_signer = OpenSearch::Aws::Sigv4RequestSigner.new(
36
+ service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
37
+ region: 'us-west-2', # signing service region
38
+ access_key_id: 'key_id',
39
+ secret_access_key: 'secret'
40
+ )
39
41
 
40
- client = OpenSearch::Aws::Sigv4Client.new({
41
- host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
42
- log: true
43
- }, signer)
42
+ client = OpenSearch::Client.new(
43
+ host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
44
+ request_signer: request_signer
45
+ )
44
46
 
45
47
  # create an index and document
46
48
  index = 'prime'
47
49
  client.indices.create(index: index)
48
- client.index(index: index, id: '1', body: { name: 'Amazon Echo',
49
- msrp: '5999',
50
- year: 2011 })
50
+ client.index(
51
+ index: index,
52
+ id: '1',
53
+ body: {
54
+ name: 'Amazon Echo',
55
+ msrp: '5999',
56
+ year: 2011
57
+ }
58
+ )
51
59
 
52
60
  # search for the document
53
61
  client.search(body: { query: { match: { name: 'Echo' } } })
@@ -60,37 +68,37 @@ client.indices.delete(index: index)
60
68
  ```
61
69
 
62
70
  ### Enable Sigv4 Debug Logging
63
- If you run into credentials errors, usually from expired session, set the `sigv4_debug` option to `true` when creating the client to print out the Sigv4 Signing Debug information.
64
71
 
65
- ```ruby
66
- client = OpenSearch::Aws::Sigv4Client.new({
67
- host: 'https://your.amz-managed-opensearch.domain',
68
- }, signer, sigv4_debug: true)
72
+ The `opensearch-aws-sigv4` gem outputs the contents of the signature at the `debug` level via the logger passed to the `OpenSearch::Client`.
73
+
74
+ To inspect the actual signature content being generated for each request (e.g. for debugging purposes or troubleshooting), pass a logger configured with `DEBUG` level like this:
69
75
 
70
- client.info
76
+ ```ruby
77
+ request_signer = OpenSearch::Aws::Sigv4RequestSigner.new(
78
+ service: 'es', # signing service name, use "aoss" for OpenSearch Serverless
79
+ region: 'us-west-2', # signing service region
80
+ access_key_id: 'key_id',
81
+ secret_access_key: 'secret'
82
+ )
83
+
84
+ logger = Logger.new($stdout)
85
+ logger.level = Logger::DEBUG
86
+
87
+ client = OpenSearch::Client.new(
88
+ host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
89
+ logger: logger,
90
+ request_signer: request_signer
91
+ )
92
+
93
+ puts client.info
71
94
  ```
72
95
 
73
- ```shell
74
- (2023-04-25 11:02:59 -0600) Sigv4 - STRING TO SIGN:
75
- AWS4-HMAC-SHA256
76
- 20230425T170259Z
77
- 20230425/us-east-1/aoss/aws4_request
78
- 0e20bdc5eda484f2b0e65f8a33514c48471500da91b1f0c8bb6b86770b5dc6c4
79
-
80
- (2023-04-25 11:02:59 -0600) Sigv4 - CANONICAL REQUEST:
81
- GET
82
- /
83
-
84
- host:your.amz-managed-opensearch.domain
85
- x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
86
- x-amz-date:20230425T170259Z
87
-
88
- host;x-amz-content-sha256;x-amz-date
89
- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
90
-
91
- (2023-04-25 11:02:59 -0600) Sigv4 - SIGNATURE HEADERS:
92
- {"host"=>"your.amz-managed-opensearch.domain",
93
- "x-amz-date"=>"20230425T170259Z",
94
- "x-amz-content-sha256"=>"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
95
- "authorization"=>"AWS4-HMAC-SHA256 Credential=ABCDEFGH/20230425/us-east-1/aoss/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=858f171c834231ae3c885c670217f94c68f010e85c50b0ad095444966fb5df0c"}
96
+ This will output log messages like this:
97
+
98
+ ```
99
+ I, [2025-03-31T20:32:24.398301 #77479] INFO -- : Signing request with AWS SigV4: GET http://your.amz-managed-opensearch.domain/
100
+ D, [2025-03-31T20:32:24.399198 #77479] DEBUG -- : Signed headers with AWS SigV4: {"host" => "your.amz-managed-opensearch.domain", "x-amz-date" => "20250331T113224Z", "x-amz-content-sha256" => "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "authorization" => "AWS4-HMAC-SHA256 Credential=key_id/20250331/us-west-2/es/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=57c69c2da9597c40625e2dbef3806bdfa0e9e50c99918d2ae10a264110352e51"}
101
+ ...
96
102
  ```
103
+
104
+ By default, the signer will use the logger from the `opensearch-ruby` gem. To ensure safe logging in a production environment, make sure its level is set to `INFO` to avoid logging debug-level signed headers.
data/lib/opensearch-aws-sigv4/version.rb CHANGED
@@ -12,7 +12,7 @@
12
12
  module OpenSearch
13
13
  module Aws
14
14
  module Sigv4
15
- VERSION = '1.3.0'
15
+ VERSION = '2.0.0-beta.1'
16
16
  end
17
17
  end
18
18
  end
data/lib/opensearch-aws-sigv4.rb CHANGED
@@ -14,100 +14,63 @@ require 'opensearch-ruby'
14
14
  require 'aws-sigv4/signer'
15
15
  require 'faraday'
16
16
  require 'json'
17
+ require 'forwardable'
17
18
 
18
19
  module OpenSearch
19
20
  module Aws
20
- # AWS Sigv4 Wrapper for OpenSearch::Client.
21
- # This client accepts a Sigv4 Signer during initialization, and signs every request
22
- # with a Sigv4 Signature with the provided signer.
21
+ # AWS Sigv4 request signer for <tt>OpenSearch::Transport::Client</tt>.
23
22
  #
24
- # @example
25
- # signer = Aws::Sigv4::Signer.new(service: 'es',
26
- # region: 'us-east-1',
27
- # access_key_id: '<access_key_id>',
28
- # secret_access_key: '<secret_access_key>',
29
- # session_token: '<session_token>')
23
+ # @link https://github.com/opensearch-project/opensearch-ruby/blob/main/DEVELOPER_GUIDE.md#create-a-request-signer
30
24
  #
31
- # client = OpenSearch::Aws::Sigv4Client.new(
32
- # { host: 'https://my-os-domain.us-east-1.es.amazonaws.com/' },
33
- # signer
34
- # )
25
+ # @param [Hash] options Signer options
26
+ # @option options [String] :service ('es') The AWS service name.
27
+ # @option options [String] :region The AWS region.
28
+ # @option options [String] :access_key_id The AWS access key ID.
29
+ # @option options [String] :secret_access_key The AWS secret access key.
30
+ # @option options [String] :session_token (optional) The AWS session token.
35
31
  #
36
- # puts client.cat.health
32
+ # @example
33
+ # client = OpenSearch::Client.new({
34
+ # host: 'https://my-os-domain.us-east-1.es.amazonaws.com/',
35
+ # request_signer: OpenSearch::Aws::Sigv4RequestSigner.new(
36
+ # service: 'es',
37
+ # region: 'us-east-1',
38
+ # access_key_id: '<access_key_id>',
39
+ # secret_access_key: '<secret_access_key>',
40
+ # session_token: '<session_token>'
41
+ # )
42
+ # })
37
43
  #
38
- # @attr [Aws::Sigv4::Signer] sigv4_signer Signer used to sign every request
39
- class Sigv4Client < ::OpenSearch::Client
40
- attr_accessor :sigv4_signer
44
+ # puts client.cat.health
45
+ class Sigv4RequestSigner
46
+ extend Forwardable
47
+
48
+ attr_reader :signer
41
49
 
42
- # @param [Hash] transport_args arguments for OpenSearch::Transport::Client.
43
- # @param [&block] block code block to be passed to OpenSearch::Transport::Client.
44
- # @param [Aws::Sigv4::Signer] sigv4_signer an instance of AWS Sigv4 Signer.
45
- # @param [Hash] options
46
- # @option options [Boolean] :sigv4_debug whether to log debug info for Sigv4 Signing
47
- def initialize(transport_args, sigv4_signer, options: {}, &block)
48
- unless sigv4_signer.is_a?(::Aws::Sigv4::Signer)
49
- raise ArgumentError, "Please pass a Aws::Sigv4::Signer. A #{sigv4_signer.class} was given."
50
- end
50
+ def_delegators :@signer, :service, :region, :credentials_provider, :unsigned_headers, :apply_checksum_header
51
51
 
52
- @sigv4_signer = sigv4_signer
53
- @sigv4_debug = options[:sigv4_debug]
54
- @logger = nil
55
- super(transport_args, &block)
52
+ def initialize(options = {})
53
+ @signer = ::Aws::Sigv4::Signer.new({
54
+ service: 'es'
55
+ }.merge(options))
56
56
  end
57
57
 
58
- # @see OpenSearch::Transport::Transport::Base::perform_request
59
- def perform_request(method, path, params = {}, body = nil, headers = nil)
58
+ def sign_request(method:, path:, params:, body:, headers:, host:, port:, url:, logger:) # rubocop:disable Lint/UnusedMethodArgument
59
+ logger&.info("Signing request with AWS SigV4: #{method} #{url}")
60
+
60
61
  signature_body = body.is_a?(Hash) ? body.to_json : body.to_s
61
- signature = sigv4_signer.sign_request(
62
+ signature = @signer.sign_request(
62
63
  http_method: method,
63
- url: signature_url(path, params),
64
+ url: url,
64
65
  headers: headers,
65
- body: signature_body
66
+ body: signature_body,
67
+ logger: logger
66
68
  )
67
- headers = (headers || {}).merge(signature.headers)
68
-
69
- log_signature_info(signature)
70
- super(method, path, params, signature_body, headers)
71
- end
72
69
 
73
- private
74
-
75
- def verify_open_search
76
- @verified = true
77
- end
70
+ signed_headers = signature.headers
71
+ logger&.debug("Signed headers with AWS SigV4: #{signed_headers}")
78
72
 
79
- def signature_url(path, params)
80
- host = @transport.transport.hosts.dig(0, :host)
81
- path = "/#{path}" unless path.start_with?('/')
82
- params = params.clone
83
- params.delete(:ignore)
84
- params.delete('ignore')
85
- query_string = params.empty? ? '' : Faraday::Utils::ParamsHash[params].to_query.to_s
86
- URI::HTTP.build(host: host, path: path, query: query_string)
87
- end
88
-
89
- # @param [Aws::Sigv4::Signature] signature
90
- def log_signature_info(signature)
91
- return unless @sigv4_debug
92
-
93
- log('string to sign', signature.string_to_sign)
94
- log('canonical request', signature.canonical_request)
95
- log('signature headers', signature.headers)
96
- end
97
-
98
- def log(title, message)
99
- logger.debug("#{title.upcase}:\n\e[36m#{message}\e[0m")
100
- end
101
-
102
- def logger
103
- return @logger if @logger
104
-
105
- require 'logger'
106
- @logger = Logger.new(
107
- $stdout,
108
- progname: 'Sigv4',
109
- formatter: proc { |_severity, datetime, progname, msg| "\e[34m(#{datetime}) #{progname} - #{msg}\e[0m\n\n" }
110
- )
73
+ (headers || {}).merge(signed_headers)
111
74
  end
112
75
  end
113
76
  end
data/opensearch-aws-sigv4.gemspec CHANGED
@@ -33,7 +33,6 @@ Gem::Specification.new do |s|
33
33
  }
34
34
 
35
35
  s.files = Dir['lib/**/*', '*.gemspec']
36
- s.test_files = Dir['spec/unit/**/*']
37
36
  s.require_paths = ['lib']
38
37
  s.bindir = 'bin'
39
38
  s.executables = 'opensearch_sigv4_console'
@@ -41,14 +40,13 @@ Gem::Specification.new do |s|
41
40
  s.extra_rdoc_files = %w[README.md USER_GUIDE.md LICENSE]
42
41
  s.rdoc_options = ['--charset=UTF-8']
43
42
 
44
- signing_key = File.expand_path('gem-private_key.pem')
43
+ signing_key = File.expand_path(ENV.fetch('GEM_PRIVATE_KEY', 'gem-private_key.pem'))
45
44
  if $PROGRAM_NAME.end_with?('gem') && ARGV.first == 'build' && File.exist?(signing_key)
46
45
  s.signing_key = signing_key
47
- s.cert_chain = ['.github/opensearch-rubygems.pem']
46
+ s.cert_chain = [ENV.fetch('GEM_PUBLIC_CERT', '.github/opensearch-rubygems.pem')]
48
47
  end
49
48
 
50
- s.required_ruby_version = '>= 2.5'
49
+ s.required_ruby_version = '>= 3.0'
51
50
 
52
- s.add_dependency 'aws-sigv4', '>= 1'
53
- s.add_dependency 'opensearch-ruby', '>= 1.0.1', '< 4.0'
51
+ s.add_dependency 'aws-sigv4', '~> 1'
54
52
  end
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: opensearch-aws-sigv4
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 2.0.0.pre.beta.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - OpenSearch Contributors
@@ -30,42 +30,22 @@ cert_chain:
30
30
  m0rB25J1sO2yjlalRdBoV5p7OKaWG4CGMr+q6vCC2za7yrtZiYOOv+KpWmheTwds
31
31
  P1nbdIL2eAXGfNU3cbtYisS1sSYi7VSkS52pVk8Jgtw=
32
32
  -----END CERTIFICATE-----
33
- date: 2025-03-18 00:00:00.000000000 Z
33
+ date: 2025-04-04 00:00:00.000000000 Z
34
34
  dependencies:
35
35
  - !ruby/object:Gem::Dependency
36
36
  name: aws-sigv4
37
37
  requirement: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - ">="
39
+ - - "~>"
40
40
  - !ruby/object:Gem::Version
41
41
  version: '1'
42
42
  type: :runtime
43
43
  prerelease: false
44
44
  version_requirements: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - ">="
46
+ - - "~>"
47
47
  - !ruby/object:Gem::Version
48
48
  version: '1'
49
- - !ruby/object:Gem::Dependency
50
- name: opensearch-ruby
51
- requirement: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - ">="
54
- - !ruby/object:Gem::Version
55
- version: 1.0.1
56
- - - "<"
57
- - !ruby/object:Gem::Version
58
- version: '4.0'
59
- type: :runtime
60
- prerelease: false
61
- version_requirements: !ruby/object:Gem::Requirement
62
- requirements:
63
- - - ">="
64
- - !ruby/object:Gem::Version
65
- version: 1.0.1
66
- - - "<"
67
- - !ruby/object:Gem::Version
68
- version: '4.0'
69
49
  description: |
70
50
  A wrapper for opensearch-ruby gem that provides AWS Sigv4 signing.
71
51
  It behaves like OpenSearch::Client, but signs every request with AWS Sigv4
@@ -87,7 +67,6 @@ files:
87
67
  - lib/opensearch-aws-sigv4/version.rb
88
68
  - lib/opensearch_aws_sigv4.rb
89
69
  - opensearch-aws-sigv4.gemspec
90
- - spec/unit/open_search/aws/sigv4_client_spec.rb
91
70
  homepage: https://github.com/opensearch-project/opensearch-ruby-aws-sigv4
92
71
  licenses:
93
72
  - Apache-2.0
@@ -106,16 +85,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
106
85
  requirements:
107
86
  - - ">="
108
87
  - !ruby/object:Gem::Version
109
- version: '2.5'
88
+ version: '3.0'
110
89
  required_rubygems_version: !ruby/object:Gem::Requirement
111
90
  requirements:
112
- - - ">="
91
+ - - ">"
113
92
  - !ruby/object:Gem::Version
114
- version: '0'
93
+ version: 1.3.1
115
94
  requirements: []
116
95
  rubygems_version: 3.3.27
117
96
  signing_key:
118
97
  specification_version: 4
119
98
  summary: Ruby AWS Sigv4 Client for OpenSearch
120
- test_files:
121
- - spec/unit/open_search/aws/sigv4_client_spec.rb
99
+ test_files: []
metadata.gz.sig CHANGED
Binary file
data/spec/unit/open_search/aws/sigv4_client_spec.rb DELETED
@@ -1,107 +0,0 @@
1
- # SPDX-License-Identifier: Apache-2.0
2
- #
3
- # The OpenSearch Contributors require contributions made to
4
- # this file be licensed under the Apache-2.0 license or a
5
- # compatible open source license.
6
- #
7
- # Modifications Copyright OpenSearch Contributors. See
8
- # GitHub history for details.
9
-
10
- # frozen_string_literal: true
11
-
12
- require_relative '../../../spec_helper'
13
- require 'aws-sigv4'
14
- require 'timecop'
15
-
16
- describe OpenSearch::Aws::Sigv4Client do
17
- subject(:client) do
18
- described_class.new(
19
- { host: 'http://localhost:9200',
20
- transport_options: { ssl: { verify: false } } },
21
- signer
22
- )
23
- end
24
-
25
- let(:signer) do
26
- Aws::Sigv4::Signer.new(service: 'es',
27
- region: 'us-west-2',
28
- access_key_id: 'key_id',
29
- secret_access_key: 'secret')
30
- end
31
-
32
- describe '.initialize' do
33
- context 'when a Sigv4 Signer is NOT provided' do
34
- let(:signer) { nil }
35
-
36
- it 'raises an argument error' do
37
- expect { client }.to raise_error ArgumentError, 'Please pass a Aws::Sigv4::Signer. A NilClass was given.'
38
- end
39
- end
40
-
41
- context 'when a Sigv4 Signer is provided' do
42
- it 'does NOT raise any error' do
43
- expect { client }.not_to raise_error
44
- end
45
- end
46
- end
47
-
48
- describe '#perform_request' do
49
- let(:response) { { body: 'Response Body' } }
50
- let(:transport_double) do
51
- double = instance_double(OpenSearch::Transport::Client, perform_request: response)
52
- allow(double).to receive_message_chain(:transport, :hosts, :dig).and_return('localhost')
53
- double
54
- end
55
- let(:signed_headers) do
56
- { 'authorization' => 'AWS4-HMAC-SHA256 Credential=key_id/20220101/us-west-2/es/aws4_request, '\
57
- 'SignedHeaders=host;x-amz-content-sha256;x-amz-date, ' \
58
- 'Signature=9c4c690110483308f62a91c2ca873857750bca2607ba1aabdae0d2303950310a',
59
- 'host' => 'localhost',
60
- 'x-amz-content-sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
61
- 'x-amz-date' => '20220101T000000Z' }
62
- end
63
-
64
- before do
65
- Timecop.freeze(Time.utc(2022))
66
- client.transport = transport_double
67
- end
68
-
69
- after { Timecop.return }
70
-
71
- it 'signs the request before passing it to @transport' do
72
- output = client.perform_request('GET', '/', {}, '', {})
73
- expect(output).to eq(response)
74
- expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, '', signed_headers)
75
- end
76
-
77
- it 'excludes the `ignore` param to make a signature' do
78
- output = client.perform_request('GET', '/', { ignore: 404 }, '', {})
79
- expect(output).to eq(response)
80
- expect(transport_double).to have_received(:perform_request).with('GET', '/', { ignore: 404 }, '', signed_headers)
81
- end
82
-
83
- it 'skips the opensearch verification' do
84
- allow(client).to receive(:open_search_validation_request)
85
- client.perform_request('GET', '/_stats', {}, '', {})
86
- expect(client).not_to have_received(:open_search_validation_request)
87
- end
88
-
89
- it 'passes the same body to sign_request and super' do
90
- body = {
91
- char_filter: {
92
- test: {
93
- type: 'mapping',
94
- mappings: ["’ => '"]
95
- }
96
- }
97
- }
98
- signature_body = body.to_json
99
-
100
- allow(signer).to receive(:sign_request).with(a_hash_including(body: signature_body)).and_call_original
101
-
102
- client.perform_request('GET', '/', {}, body, {})
103
-
104
- expect(transport_double).to have_received(:perform_request).with('GET', '/', {}, signature_body, kind_of(Hash))
105
- end
106
- end
107
- end