-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding x-amz-content-sha256 header for signed requests #339
Merged
VachaShah
merged 8 commits into
opensearch-project:main
from
VachaShah:add-content-sha256-header
Jan 24, 2023
Merged
Changes from all commits
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
bfc1ac1
Adding X-Amz-Content-Sha256 header for signed requests
VachaShah 81f1045
Adding CHANGELOG entry
VachaShah 301e2e4
Adding documentation comment
VachaShah 4d917fe
Adding tests
VachaShah e88486c
Addressing comments
VachaShah eed32d5
Addressing comments
VachaShah 57492fc
Removing refresh policy for integ tests for Sigv4
VachaShah 66c4eb1
Updating the developer guide
VachaShah File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,9 +12,7 @@ | |
import org.junit.Assert; | ||
import org.opensearch.client.opensearch.OpenSearchAsyncClient; | ||
import org.opensearch.client.opensearch.OpenSearchClient; | ||
import org.opensearch.client.opensearch._types.OpType; | ||
import org.opensearch.client.opensearch._types.OpenSearchException; | ||
import org.opensearch.client.opensearch._types.Refresh; | ||
import org.opensearch.client.opensearch.core.IndexRequest; | ||
import org.opensearch.client.opensearch.core.IndexResponse; | ||
import org.opensearch.client.opensearch.core.SearchResponse; | ||
|
@@ -51,11 +49,14 @@ void testClient(boolean async) throws Exception { | |
final OpenSearchClient client = getClient(async, null, null); | ||
|
||
SimplePojo doc1 = new SimplePojo("Document 1", "The text of document 1"); | ||
addDoc(client, "id1", doc1, false); | ||
addDoc(client, "id1", doc1); | ||
SimplePojo doc2 = new SimplePojo("Document 2", "The text of document 2"); | ||
addDoc(client, "id2", doc2, false); | ||
addDoc(client, "id2", doc2); | ||
SimplePojo doc3 = getLongDoc("Long Document 3", 1000000); | ||
addDoc(client, "id3", doc3, true); | ||
addDoc(client, "id3", doc3); | ||
|
||
// wait for the document to index | ||
Thread.sleep(1000); | ||
|
||
SearchResponse<SimplePojo> response = query(client, "NotPresent", null); | ||
Assert.assertEquals(0, response.hits().hits().size()); | ||
|
@@ -77,12 +78,15 @@ void testClientAsync(boolean async) throws Exception { | |
final OpenSearchAsyncClient client = getAsyncClient(async, null, null); | ||
|
||
SimplePojo doc1 = new SimplePojo("Document 1", "The text of document 1"); | ||
CompletableFuture<IndexResponse> add1 = addDoc(client, "id1", doc1, false); | ||
CompletableFuture<IndexResponse> add1 = addDoc(client, "id1", doc1); | ||
SimplePojo doc2 = new SimplePojo("Document 2", "The text of document 2"); | ||
CompletableFuture<IndexResponse> add2 = addDoc(client, "id2", doc2, false); | ||
CompletableFuture<IndexResponse> add2 = addDoc(client, "id2", doc2); | ||
SimplePojo doc3 = getLongDoc("Long Document 3", 1000000); | ||
CompletableFuture<IndexResponse> add3 = CompletableFuture.allOf(add1, add2).thenCompose( | ||
unused -> addDoc(client, "id3", doc3, true)); | ||
unused -> addDoc(client, "id3", doc3)); | ||
|
||
// wait for the document to index | ||
Thread.sleep(1000); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is a recipe for flakyness .... |
||
|
||
List<SearchResponse<SimplePojo>> results = add3.thenCompose(unused -> { | ||
CompletableFuture<SearchResponse<SimplePojo>> r1 = query(client, "NotPresent", null); | ||
|
@@ -107,29 +111,21 @@ void testClientAsync(boolean async) throws Exception { | |
} | ||
|
||
|
||
private void addDoc(OpenSearchClient client, String id, SimplePojo doc, boolean wait) throws Exception { | ||
private void addDoc(OpenSearchClient client, String id, SimplePojo doc) throws Exception { | ||
IndexRequest.Builder<SimplePojo> req = new IndexRequest.Builder<SimplePojo>() | ||
.index(TEST_INDEX) | ||
.document(doc) | ||
.id(id) | ||
.opType(OpType.Index); | ||
if (wait) { | ||
req.refresh(Refresh.WaitFor); | ||
} | ||
.id(id); | ||
client.index(req.build()); | ||
} | ||
|
||
private CompletableFuture<IndexResponse> addDoc( | ||
OpenSearchAsyncClient client, String id, SimplePojo doc, boolean wait | ||
OpenSearchAsyncClient client, String id, SimplePojo doc | ||
) { | ||
IndexRequest.Builder<SimplePojo> req = new IndexRequest.Builder<SimplePojo>() | ||
.index(TEST_INDEX) | ||
.document(doc) | ||
.id(id) | ||
.opType(OpType.Index); | ||
if (wait) { | ||
req.refresh(Refresh.WaitFor); | ||
} | ||
.id(id); | ||
try { | ||
return client.index(req.build()); | ||
} catch (Exception e) { | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What a weird API! Took me a while to find https://github.com/aws/aws-sdk-java-v2/blob/0510a17ae41d601cf5f03e7af01e4519a6b3a744/core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AbstractAws4Signer.java#L97 that handles this.
Is there a higher level method we can use like https://github.com/aws/aws-sdk-java-v2/blob/0510a17ae41d601cf5f03e7af01e4519a6b3a744/core/auth/src/main/java/software/amazon/awssdk/auth/signer/Aws4UnsignedPayloadSigner.java#L69 so we don't have to hard-code "required"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah it took me a while to find too. We use
Aws4Signer
which does not have the sign method overriden likeAws4UnsignedPayloadSigner
. According to documentation, theAws4UnsignedPayloadSigner
is similar toAws4Signer
but just addsUNSIGNED-PAYLOAD
when protocol is HTTPS. Can we useAws4UnsignedPayloadSigner
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it works we sure can I think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried the
Aws4UnsignedPayloadSigner
but it does not work for Amazon OpenSearch Service since it signs the payload withUNSIGNED_PAYLOAD
over https protocol. Works for Amazon OpenSearch Serverless. I can PR this change on their repo may be as a new signer class but for now looks like we might have to use the hard-coded "required".