Backport/backport 377 to 1.x (#400)

* Backport #366 into 1.x Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> * Add missing types for AwsSigv4SignerOptions.service (#377) * Add missing types for AwsSigv4SignerOptions.service Signed-off-by: magoz <apps@magoz.is> * update changelog with Add missing types for AwsSigv4SignerOptions.service Signed-off-by: magoz <apps@magoz.is> * fix: service is optional Signed-off-by: magoz <apps@magoz.is> --------- Signed-off-by: magoz <apps@magoz.is> (cherry picked from commit c44cc1c) --------- Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Co-authored-by: Magoz <apps@magoz.is>
opensearch-project · Feb 22, 2023 · 73d8028 · 73d8028
1 parent 8156473
commit 73d8028
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/lib/aws/AwsSigv4Signer.js b/lib/aws/AwsSigv4Signer.js
@@ -14,6 +14,7 @@ const Connection = require('../Connection')
 const Transport = require('../Transport')
 const aws4 = require('aws4')
 const AwsSigv4SignerError = require('./errors')
+const crypto = require('crypto')
 
 const getAwsSDKCredentialsProvider = async () => {
   // First try V3
@@ -78,7 +79,12 @@ function AwsSigv4Signer (opts = {}) {
     request.region = opts.region
     request.headers = request.headers || {}
     request.headers.host = request.hostname
-    return aws4.sign(request, credentialsState.credentials)
+    const signed = aws4.sign(request, credentialsState.credentials)
+    signed.headers['x-amz-content-sha256'] = crypto
+      .createHash('sha256')
+      .update(request.body || '', 'utf8')
+      .digest('hex')
+    return signed
   }
 
   class AwsSigv4SignerConnection extends Connection {

diff --git a/lib/aws/index.d.ts b/lib/aws/index.d.ts
@@ -20,6 +20,7 @@ import { OpenSearchClientError } from '../errors';
 interface AwsSigv4SignerOptions {
   getCredentials: () => Promise<Credentials>;
   region: string;
+  service?: 'es' | 'aoss';
 }
 
 interface AwsSigv4SignerResponse {

diff --git a/test/unit/lib/aws/awssigv4signer.test.js b/test/unit/lib/aws/awssigv4signer.test.js
@@ -17,7 +17,7 @@ const { Connection } = require('../../../../index')
 const { Client, buildServer } = require('../../../utils')
 
 test('Sign with SigV4', (t) => {
-  t.plan(3)
+  t.plan(4)
 
   const mockCreds = {
     accessKeyId: uuidv4(),
@@ -51,6 +51,10 @@ test('Sign with SigV4', (t) => {
   const signedRequest = auth.buildSignedRequestObject(request)
   t.hasProp(signedRequest.headers, 'X-Amz-Date')
   t.hasProp(signedRequest.headers, 'Authorization')
+  t.same(
+    signedRequest.headers['x-amz-content-sha256'],
+    'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+  )
   t.same(signedRequest.service, 'es')
 })