Skip to content

Commit

Permalink
AwsSdk2Transport throw exception when using ApacheHttpClient to make …
Browse files Browse the repository at this point in the history
…an unsupported DELETE/GET request with a body (opensearch-project#1256)

* AwsSdk2Transport throw exception when using ApacheHttpClient to make an unsupported DELETE/GET request with a body

The AWS SDK's ApacheHttpClient implementation does not send the request body on DELETE or GET requests, https://github.com/aws/aws-sdk-java-v2/blob/master/http-clients/apache-client/src/main/java/software/amazon/awssdk/http/apache/internal/impl/ApacheHttpRequestFactory.java#L118-L137.

Additionally moves to the supported `AwsV4HttpSigner` as `Aws4Signer` is now deprecated: https://github.com/aws/aws-sdk-java-v2/blob/88abec27e7d5d35b21545c7e05875a7cc3d0f46e/core/auth/src/main/java/software/amazon/awssdk/auth/signer/Aws4Signer.java

Signed-off-by: Thomas Farr <tsfarr@amazon.com>

* Add guide note

Signed-off-by: Thomas Farr <tsfarr@amazon.com>

* Fix javadoc

Signed-off-by: Thomas Farr <tsfarr@amazon.com>

* Re-use ContentStreamProvider

Signed-off-by: Thomas Farr <tsfarr@amazon.com>

* Also validate URLConnection client

Signed-off-by: Thomas Farr <tsfarr@amazon.com>

* spotless

Signed-off-by: Thomas Farr <tsfarr@amazon.com>

* Test HEAD and OPTIONS

Signed-off-by: Thomas Farr <tsfarr@amazon.com>

---------

Signed-off-by: Thomas Farr <tsfarr@amazon.com>
(cherry picked from commit e8e3a99)
  • Loading branch information
Xtansia committed Nov 12, 2024
1 parent a7a9a0b commit c9cf0bb
Show file tree
Hide file tree
Showing 8 changed files with 995 additions and 83 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
### Dependencies

### Changed
- Changed AwsSdk2Transport to pre-emptively throw an exception when using AWS SDK's ApacheHttpClient to make an unsupported DELETE/GET request with a body ([#1256](https://github.com/opensearch-project/opensearch-java/pull/1256))

### Deprecated

Expand Down
9 changes: 7 additions & 2 deletions guides/auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,19 @@

Requests to [OpenSearch Service and OpenSearch Serverless](https://docs.aws.amazon.com/opensearch-service/index.html) must be signed using the AWS signing protocol. Use `AwsSdk2Transport` to send signed requests.

> ⚠️ **Warning** ⚠️
> Using `software.amazon.awssdk.http.apache.ApacheHttpClient` is discouraged as it does not support request bodies on GET or DELETE requests.
> This leads to incorrect handling of requests such as `OpenSearchClient.clearScroll()` and `OpenSearchClient.deletePit()`.
> As such `AwsSdk2Transport` will throw a `TransportException` if an unsupported request is encountered while using `ApacheHttpClient`.
```java
SdkHttpClient httpClient = ApacheHttpClient.builder().build();
SdkHttpClient httpClient = AwsCrtHttpClient.builder().build();

OpenSearchClient client = new OpenSearchClient(
new AwsSdk2Transport(
httpClient,
"search-...us-west-2.es.amazonaws.com", // OpenSearch endpoint, without https://
"es" // signing service name, use "aoss" for OpenSearch Serverless
"es", // signing service name, use "aoss" for OpenSearch Serverless
Region.US_WEST_2, // signing service region
AwsSdk2TransportOptions.builder().build()
)
Expand Down
33 changes: 23 additions & 10 deletions java-client/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,13 @@ tasks.withType<ProcessResources> {

tasks.withType<Javadoc>().configureEach{
options {
this as StandardJavadocDocletOptions
encoding = "UTF-8"
addMultilineStringsOption("tag").setValue(listOf(
"apiNote:a:API Note:",
"implSpec:a:Implementation Requirements:",
"implNote:a:Implementation Note:",
))
}
}

Expand Down Expand Up @@ -170,7 +176,6 @@ val integrationTest = task<Test>("integrationTest") {
val opensearchVersion = "2.12.0"

dependencies {

val jacksonVersion = "2.17.0"
val jacksonDatabindVersion = "2.17.0"

Expand Down Expand Up @@ -200,7 +205,6 @@ dependencies {
implementation("jakarta.annotation", "jakarta.annotation-api", "1.3.5")

// Apache 2.0

implementation("com.fasterxml.jackson.core", "jackson-core", jacksonVersion)
implementation("com.fasterxml.jackson.core", "jackson-databind", jacksonDatabindVersion)
testImplementation("com.fasterxml.jackson.datatype", "jackson-datatype-jakarta-jsonp", jacksonVersion)
Expand All @@ -213,16 +217,21 @@ dependencies {
implementation("org.apache.httpcomponents.core5", "httpcore5-h2", "5.3.1")

// For AwsSdk2Transport
"awsSdk2SupportCompileOnly"("software.amazon.awssdk","sdk-core","[2.15,3.0)")
"awsSdk2SupportCompileOnly"("software.amazon.awssdk","auth","[2.15,3.0)")
testImplementation("software.amazon.awssdk","sdk-core","[2.15,3.0)")
testImplementation("software.amazon.awssdk","auth","[2.15,3.0)")
testImplementation("software.amazon.awssdk","aws-crt-client","[2.15,3.0)")
testImplementation("software.amazon.awssdk","apache-client","[2.15,3.0)")
testImplementation("software.amazon.awssdk","sts","[2.15,3.0)")
"awsSdk2SupportCompileOnly"("software.amazon.awssdk", "sdk-core", "[2.21,3.0)")
"awsSdk2SupportCompileOnly"("software.amazon.awssdk", "auth", "[2.21,3.0)")
"awsSdk2SupportCompileOnly"("software.amazon.awssdk", "http-auth-aws", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "sdk-core", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "auth", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "http-auth-aws", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "aws-crt-client", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "apache-client", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "netty-nio-client", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "url-connection-client", "[2.21,3.0)")
testImplementation("software.amazon.awssdk", "sts", "[2.21,3.0)")

testImplementation("org.apache.logging.log4j", "log4j-api","[2.17.1,3.0)")
testImplementation("org.apache.logging.log4j", "log4j-core","[2.17.1,3.0)")

// EPL-2.0 OR BSD-3-Clause
// https://eclipse-ee4j.github.io/yasson/
implementation("org.eclipse", "yasson", "2.0.2")
Expand All @@ -234,6 +243,10 @@ dependencies {
testImplementation("junit", "junit" , "4.13.2") {
exclude(group = "org.hamcrest")
}

// The Bouncy Castle License (MIT): https://www.bouncycastle.org/licence.html
testImplementation("org.bouncycastle", "bcprov-lts8on", "2.73.6")
testImplementation("org.bouncycastle", "bcpkix-lts8on", "2.73.6")
}

licenseReport {
Expand Down
Loading

0 comments on commit c9cf0bb

Please sign in to comment.