opensearch-project · dblock · Sep 7, 2022 · Aug 25, 2022 · Aug 25, 2022 · Aug 25, 2022
@@ -13,6 +13,7 @@ OpenSearch Node.js client
 - [Example use](#example-use)
   - [Setup](#setup)
   - [Sample code](#sample-code)
+  - [With AWS SigV4 signing](#with-aws-sigv4-signing)
 - [Project Resources](#project-resources)
 - [Code of Conduct](#code-of-conduct)
 - [License](#license)
@@ -152,6 +153,94 @@ async function search() {
 search().catch(console.log);
 ```
 
+### With AWS SigV4 signing
+```javascript
+const endpoint = ""; // OpenSearch domain URL e.g. https://search-xxx.region.es.amazonaws.com
+const { Client } = require('@opensearch-project/opensearch');
+const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
+const { defaultProvider } = require("@aws-sdk/credential-provider-node");
+
+async function getClient() {
+  const credentials = await defaultProvider()();
+  var client = new Client({
+    ...AwsV4Signer({
+      credentials: credentials,
+      region: "us-west-2",
+    }),
+    node: endpoint,
+  });
+  return client;
+}
+
+async function search() {
+
+  var client = await getClient();
+
+  var index_name = "books-test-1";
+  var settings = {
+    settings: {
+      index: {
+        number_of_shards: 4,
+        number_of_replicas: 3,
+      },
+    },
+  };
+
+  var response = await client.indices.create({
+    index: index_name,
+    body: settings,
+  });
+
+  console.log("Creating index:");
+  console.log(response.body);
+
+  // Add a document to the index.
+  var document = {
+    title: "The Outsider",
+    author: "Stephen King",
+    year: "2018",
+    genre: "Crime fiction",
+  };
+
+  var id = "1";
+
+  var response = await client.index({
+    id: id,
+    index: index_name,
+    body: document,
+    refresh: true,
+  });
+
+  console.log("Adding document:");
+  console.log(response.body);
+
+  var response = await client.bulk({ body: bulk_documents });
+  console.log(response.body);
+
+  // Search for the document.
+  var query = {
+    query: {
+      match: {
+        title: {
+          query: "The Outsider",
+        },
+      },
+    },
+  };
+
+  var response = await client.search({
+    index: index_name,
+    body: query,
+  });
+
+  console.log("Search results:");
+  console.log(response.body.hits);
+}
+
+search().catch(console.log);
+```
+
+
 ## Project Resources
 
 - [Project Website](https://opensearch.org/)

@@ -0,0 +1,43 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+'use strict';
+const Connection = require('../Connection');
+const aws4 = require('aws4');
+const AwsSigv4SignerError = require('./errors');
+
+function AwsSigv4Signer(opts) {
+  if (opts && (!opts.region || opts.region === null || opts.region === '')) {
+    throw new AwsSigv4SignerError('Region cannot be empty');
+  }
+  if (opts && (!opts.credentials || opts.credentials === null || opts.credentials === '')) {
+    throw new AwsSigv4SignerError('Credentials cannot be empty');
+  }
+
+  function buildSignedRequestObject(request = {}) {
+    request.service = 'es';
+    request.region = opts.region;
+    request.headers = request.headers || {};
+    request.headers['host'] = request.hostname;
+    return aws4.sign(request, opts.credentials);
+  }
+  class AwsSigv4SignerConnection extends Connection {
+    buildRequestObject(params) {
+      const request = super.buildRequestObject(params);
+      return buildSignedRequestObject(request);
+    }
+  }
+  return {
+    Connection: AwsSigv4SignerConnection,
+    buildSignedRequestObject,
+  };
+}
+module.exports = AwsSigv4Signer;
@@ -0,0 +1,25 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+'use strict';
+const { OpenSearchClientError } = require('../errors');
+
+class AwsSigv4SignerError extends OpenSearchClientError {
+  constructor(message, data) {
+    super(message, data);
+    Error.captureStackTrace(this, AwsSigv4SignerError);
+    this.name = 'AwsSigv4SignerError';
+    this.message = message || 'AwsSigv4Signer Error';
+    this.data = data;
+  }
+}
+
+module.exports = AwsSigv4SignerError;
@@ -0,0 +1,38 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+/// <reference types="node" />
+
+import { Credentials } from '@aws-sdk/types';
+import Connection from '../Connection';
+import * as http from 'http';
+import { OpenSearchClientError } from '../errors';
+
+interface AwsSigv4SignerOptions {
+  credentials: Credentials;
+  region: string;
+}
+
+interface AwsSigv4SignerResponse {
+  Connection: Connection;
+  buildSignedRequestObject(request: any): http.ClientRequestArgs;
+}
+
+declare function AwsSigv4Signer(opts: AwsSigv4SignerOptions): AwsSigv4SignerResponse;
+
+declare class AwsSigv4SignerError extends OpenSearchClientError {
+  name: string;
+  message: string;
+  data: any;
+  constructor(message: string, data: any);
+}
+
+export { AwsSigv4Signer, AwsSigv4SignerOptions, AwsSigv4SignerResponse, AwsSigv4SignerError };
@@ -0,0 +1,20 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+'use strict';
+
+const AwsSigv4Signer = require('./AwsSigv4Signer');
+const AwsSigv4SignerError = require('./errors');
+
+module.exports = {
+  AwsSigv4Signer,
+  AwsSigv4SignerError,
+};
@@ -8,10 +8,21 @@
       "require": "./index.js",
       "import": "./index.mjs"
     },
+    "./aws": "./lib/aws/index.js",
     "./": "./"
   },
+  "typesVersions": {
+    "*": {
+      ".": [
+        "index.d.ts"
+      ],
+      "aws": [
+        "./lib/aws/index.d.ts"
+      ]
+    }
+  },
   "homepage": "https://www.opensearch.org/",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "versionCanary": "7.10.0-canary.6",
   "keywords": [
     "opensearch",
@@ -77,6 +88,8 @@
     "xmlbuilder2": "^2.4.1"
   },
   "dependencies": {
+    "@aws-sdk/credential-provider-node": "^3.154.0",
+    "aws4": "^1.11.0",
     "debug": "^4.3.1",
     "hpagent": "^0.1.1",
     "ms": "^2.1.3",

@@ -0,0 +1,29 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+import { expectType } from 'tsd';
+const { v4: uuidv4 } = require('uuid');
+import { AwsSigv4SignerResponse, AwsSigv4Signer } from '../../lib/aws';
+
+const mockCreds = {
+  accessKeyId: uuidv4(),
+  secretAccessKey: uuidv4(),
+};
+
+const mockRegion = 'us-west-2';
+
+{
+  const AwsSigv4SignerOptions = { credentials: mockCreds, region: mockRegion };
+
+  const auth = AwsSigv4Signer(AwsSigv4SignerOptions);
+
+  expectType<AwsSigv4SignerResponse>(auth);
+}
@@ -42,8 +42,8 @@ import { ConnectionOptions } from '../../lib/Connection';
     agent: { keepAlive: false },
     status: 'alive',
     roles: {},
-    auth: { username: 'username', password: 'password' }
-  })
+    auth: { username: 'username', password: 'password' },
+  });
 
   expectType<Connection>(conn);
   expectType<URL>(conn.url);

diff --git a/test/unit/awssigv4signer.test.js b/test/unit/awssigv4signer.test.js
@@ -0,0 +1,81 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+const { test } = require('tap');
+const { URL } = require('url');
+const { v4: uuidv4 } = require('uuid');
+const AwsSigv4Signer = require('../../lib/aws/AwsSigv4Signer');
+const AwsSigv4SignerError = require('../../lib/aws/errors');
+const { Connection } = require('../../index');
+
+test('Sign with SigV4', (t) => {
+  t.plan(2);
+
+  const mockCreds = {
+    accessKeyId: uuidv4(),
+    secretAccessKey: uuidv4(),
+  };
+
+  const mockRegion = 'us-west-2';
+
+  const AwsSigv4SignerOptions = { credentials: mockCreds, region: mockRegion };
+
+  const auth = AwsSigv4Signer(AwsSigv4SignerOptions);
+
+  const connection = new Connection({
+    url: new URL('https://localhost:9200'),
+  });
+
+  const request = connection.buildRequestObject({
+    path: '/hello',
+    method: 'GET',
+    headers: {
+      'X-Custom-Test': true,
+    },
+  });
+  const signedRequest = auth.buildSignedRequestObject(request);
+  t.hasProp(signedRequest.headers, 'X-Amz-Date');
+  t.hasProp(signedRequest.headers, 'Authorization');
+});
+
+test('Sign with SigV4 failure (with empty region)', (t) => {
+  t.plan(2);
+
+  const mockCreds = {
+    accessKeyId: uuidv4(),
+    secretAccessKey: uuidv4(),
+  };
+
+  const AwsSigv4SignerOptions = { credentials: mockCreds };
+
+  try {
+    AwsSigv4Signer(AwsSigv4SignerOptions);
+    t.fail('Should fail');
+  } catch (err) {
+    t.ok(err instanceof AwsSigv4SignerError);
+    t.equal(err.message, 'Region cannot be empty');
+  }
+});
+
+test('Sign with SigV4 failure (with empty credentials)', (t) => {
+  t.plan(2);
+
+  const mockRegion = 'us-west-2';
+
+  const AwsSigv4SignerOptions = { region: mockRegion };
+
+  try {
+    AwsSigv4Signer(AwsSigv4SignerOptions);
+    t.fail('Should fail');
+  } catch (err) {
+    t.ok(err instanceof AwsSigv4SignerError);
+    t.equal(err.message, 'Credentials cannot be empty');
+  }
+});