Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AwsSigV4 signing for Amazon OpenSearch Serverless #133

Merged
merged 11 commits into from
Jan 20, 2023
Merged

Support AwsSigV4 signing for Amazon OpenSearch Serverless #133

merged 11 commits into from
Jan 20, 2023

Conversation

Xtansia
Copy link
Collaborator

@Xtansia Xtansia commented Jan 12, 2023
edited
Loading

Description

Support AwsSigV4 signing for Amazon OpenSearch Serverless

  • Make the service ID customizable, so it can be set to "aoss" for serverless
  • Include the x-amz-content-sha256 header
  • Don't sign the content-length header

Relates to #129, however does not solve documenting of methods unsupported by serverless.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

dblock
dblock reviewed Jan 12, 2023
View reviewed changes
USER_GUIDE.md Outdated
@@ -219,6 +220,21 @@ var config = new ConnectionSettings(endpoint, connection);
var client = new OpenSearchClient(config);
```

### Amazon OpenSearch Serverless
To configure signing when making requests to [Amazon OpenSearch Serverless](https://aws.amazon.com/opensearch-service/features/serverless/) is nearly identical to all above configuration for AwsSigV4, the only difference being the need to configure the service identifier.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Maybe not so english :) How about "Use the oass service identifier to make requests to ..."?

dblock
dblock previously approved these changes Jan 12, 2023
View reviewed changes
Copy link
Member

@dblock dblock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good.

Is there any different between managed service and serverless implementation anywhere and have you tested both with this change, including with POSTing a request body (add data)? There shouldn't be any variation between the two.

@Xtansia
Copy link
Collaborator Author

Xtansia commented Jan 12, 2023

This looks good.

Is there any different between managed service and serverless implementation anywhere and have you tested both with this change, including with POSTing a request body (add data)? There shouldn't be any variation between the two.

Have done some testing using BulkIndex and Search on both managed service and serverless with these changes. There's no branching in logic between the two in signing, only difference being the service ID.

Yury-Fridlyand
Yury-Fridlyand previously approved these changes Jan 13, 2023
View reviewed changes
@Yury-Fridlyand
Copy link
Collaborator

Yury-Fridlyand commented Jan 13, 2023
edited
Loading

One test failed for ArtifactsApi. It is not related for the changes, but please consider fixing it (in another PR).

dblock
dblock reviewed Jan 13, 2023
View reviewed changes
src/OpenSearch.Net.Auth.AwsSigV4/AwsSigV4HttpClientHandler.cs Outdated
@@ -20,19 +20,21 @@ internal class AwsSigV4HttpClientHandler : DelegatingHandler
{
private readonly AWSCredentials _credentials;
private readonly RegionEndpoint _region;
private readonly string _serviceId;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to https://docs.aws.amazon.com/general/latest/gr/signing-elements.html this should be called "service code". I see other clients use "service" or "service name". At least I think we shouldn't introduce a new one 😅

Yury-Fridlyand
Yury-Fridlyand previously approved these changes Jan 17, 2023
View reviewed changes
dblock
dblock previously approved these changes Jan 17, 2023
View reviewed changes
@dblock
Copy link
Member

dblock commented Jan 17, 2023

This could use some tests that the service name is passed through.

@Xtansia
Support AwsSigV4 signing for Amazon OpenSearch Serverless
83d9ad9 
- Make the service ID customizable, so it can be set to "aoss" for serverless
- Include the x-amz-content-sha256 header
- Don't sign the content-length header

Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Add changelog entry
e064257 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Add to USER_GUIDE
83e2182 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Wording changes
3df2cce 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Rename serviceId parameter to service and describe as "service code"
4ad2ab1 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Include x-amz-content-sha256 header in canonical/signed headers
46efc81 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Bump AWSSDK.Core
5bb6994 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia Xtansia dismissed stale reviews from dblock and Yury-Fridlyand via 5bb6994 January 17, 2023 23:57
@Xtansia Xtansia force-pushed the feat/opensearch-serverless branch from ba2957a to 5bb6994 Compare January 17, 2023 23:57
@Xtansia Xtansia mentioned this pull request Jan 17, 2023
Closed
dblock
dblock reviewed Jan 18, 2023
View reviewed changes
Copy link
Member

@dblock dblock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good if you can bring it to 🟢.

@Xtansia
Fix use of obsolete method
238778a 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Fix tests
0b18d6b 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
Yury-Fridlyand
Yury-Fridlyand previously approved these changes Jan 19, 2023
View reviewed changes
@Xtansia
Add test to validate service name is passed through signing
f536f07 
Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@Xtansia
Disable meta header in test to make headers & signature stable across…
20c0adc 
… platforms

Signed-off-by: Thomas Farr <tsfarr@amazon.com>
@dblock dblock merged commit 322531c into opensearch-project:main Jan 20, 2023
@Xtansia Xtansia deleted the feat/opensearch-serverless branch January 21, 2023 04:29
@dblock dblock mentioned this pull request Jan 24, 2023
Closed
@wbeckler wbeckler mentioned this pull request Feb 1, 2023
Open
@phillip-proulx phillip-proulx mentioned this pull request Mar 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yury-Fridlyand Yury-Fridlyand Yury-Fridlyand approved these changes

@dblock dblock dblock approved these changes

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@MaxKsyunz MaxKsyunz Awaiting requested review from MaxKsyunz MaxKsyunz is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Xtansia @Yury-Fridlyand @dblock