Revert "[Manual Backport 2.x][MD] Support SigV4 as a new auth type of…

… datasource (#3058) (#3458)" (#3464)

This reverts commit 448c755.

Signed-off-by: Josh Romero <rmerqg@amazon.com>

CHANGELOG.md

@@ -15,7 +15,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450))
 
 ### 📈 Features/Enhancements
-- [Multiple DataSource] Add support for SigV4 authentication ([#3058](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3058))
 
 ### 🐛 Bug Fixes
 

package.json

@@ -133,7 +133,7 @@
     "@hapi/podium": "^4.1.3",
     "@hapi/vision": "^6.1.0",
     "@hapi/wreck": "^17.1.0",
-    "@opensearch-project/opensearch": "^2.1.0",
+    "@opensearch-project/opensearch": "^1.1.0",
     "@osd/ace": "1.0.0",
     "@osd/analytics": "1.0.0",
     "@osd/apm-config-loader": "1.0.0",
@@ -166,7 +166,6 @@
     "dns-sync": "^0.2.1",
     "elastic-apm-node": "^3.7.0",
     "elasticsearch": "^16.7.0",
-    "http-aws-es": "6.0.0",
     "execa": "^4.0.2",
     "expiry-js": "0.1.7",
     "fast-deep-equal": "^3.1.1",
@@ -335,7 +334,6 @@
     "@types/zen-observable": "^0.8.0",
     "@typescript-eslint/eslint-plugin": "^3.10.0",
     "@typescript-eslint/parser": "^3.10.0",
-    "@types/http-aws-es": "6.0.2",
     "angular-aria": "^1.8.0",
     "angular-mocks": "^1.8.2",
     "angular-recursion": "^1.0.5",

packages/osd-opensearch/package.json

@@ -12,7 +12,7 @@
     "osd:watch": "node scripts/build --watch"
   },
   "dependencies": {
-    "@opensearch-project/opensearch": "^2.1.0",
+    "@opensearch-project/opensearch": "^1.1.0",
     "@osd/dev-utils": "1.0.0",
     "abort-controller": "^3.0.0",
     "chalk": "^4.1.0",

src/dev/jest/config.js

@@ -52,8 +52,6 @@ export default {
   moduleNameMapper: {
     '@elastic/eui$': '<rootDir>/node_modules/@elastic/eui/test-env',
     '@elastic/eui/lib/(.*)?': '<rootDir>/node_modules/@elastic/eui/test-env/$1',
-    '@opensearch-project/opensearch/aws':
-      '<rootDir>/node_modules/@opensearch-project/opensearch/lib/aws',
     '^src/plugins/(.*)': '<rootDir>/src/plugins/$1',
     '^test_utils/(.*)': '<rootDir>/src/test_utils/public/$1',
     '^fixtures/(.*)': '<rootDir>/src/fixtures/$1',

src/plugins/data_source/common/data_sources/types.ts

@@ -11,20 +11,8 @@ export interface DataSourceAttributes extends SavedObjectAttributes {
   endpoint: string;
   auth: {
     type: AuthType;
-    credentials: UsernamePasswordTypedContent | SigV4Content | undefined;
+    credentials: UsernamePasswordTypedContent | undefined;
   };
-  lastUpdatedTime?: string;
-}
-
-/**
- * Multiple datasource supports authenticating as IAM user, it doesn't support IAM role.
- * Because IAM role session requires temporary security credentials through assuming role,
- * which makes no sense to store the credentials.
- */
-export interface SigV4Content extends SavedObjectAttributes {
-  accessKey: string;
-  secretKey: string;
-  region: string;
 }
 
 export interface UsernamePasswordTypedContent extends SavedObjectAttributes {
@@ -35,5 +23,4 @@ export interface UsernamePasswordTypedContent extends SavedObjectAttributes {
 export enum AuthType {
   NoAuth = 'no_auth',
   UsernamePasswordType = 'username_password',
-  SigV4 = 'sigv4',
 }

src/plugins/data_source/server/client/client_pool.ts

@@ -7,12 +7,11 @@ import { Client } from '@opensearch-project/opensearch';
 import { Client as LegacyClient } from 'elasticsearch';
 import LRUCache from 'lru-cache';
 import { Logger } from 'src/core/server';
-import { AuthType } from '../../common/data_sources';
 import { DataSourcePluginConfigType } from '../../config';
 
 export interface OpenSearchClientPoolSetup {
-  getClientFromPool: (endpoint: string, authType: AuthType) => Client | LegacyClient | undefined;
-  addClientToPool: (endpoint: string, authType: AuthType, client: Client | LegacyClient) => void;
+  getClientFromPool: (id: string) => Client | LegacyClient | undefined;
+  addClientToPool: (endpoint: string, client: Client | LegacyClient) => void;
 }
 
 /**
@@ -22,28 +21,23 @@ export interface OpenSearchClientPoolSetup {
  * It reuse TPC connections for each OpenSearch endpoint.
  */
 export class OpenSearchClientPool {
-  // LRU cache of client
+  // LRU cache
   //   key: data source endpoint
-  //   value: OpenSearch client | Legacy client
-  private clientCache?: LRUCache<string, Client | LegacyClient>;
-  // LRU cache of aws clients
-  //   key: endpoint + dataSourceId + lastUpdatedTime together to support update case.
-  //   value: OpenSearch client | Legacy client
-  private awsClientCache?: LRUCache<string, Client | LegacyClient>;
+  //   value: OpenSearch client object | Legacy client object
+  private cache?: LRUCache<string, Client | LegacyClient>;
   private isClosed = false;
 
   constructor(private logger: Logger) {}
 
   public setup(config: DataSourcePluginConfigType): OpenSearchClientPoolSetup {
     const logger = this.logger;
     const { size } = config.clientPool;
-    const MAX_AGE = 15 * 60 * 1000; // by default, TCP connection times out in 15 minutes
 
-    this.clientCache = new LRUCache({
+    this.cache = new LRUCache({
       max: size,
-      maxAge: MAX_AGE,
+      maxAge: 15 * 60 * 1000, // by default, TCP connection times out in 15 minutes
 
-      async dispose(key, client) {
+      async dispose(endpoint, client) {
         try {
           await client.close();
         } catch (error: any) {
@@ -56,34 +50,12 @@ export class OpenSearchClientPool {
     });
     this.logger.info(`Created data source client pool of size ${size}`);
 
-    // aws client specific pool
-    this.awsClientCache = new LRUCache({
-      max: size,
-      maxAge: MAX_AGE,
-
-      async dispose(key, client) {
-        try {
-          await client.close();
-        } catch (error: any) {
-          logger.warn(
-            `Error closing OpenSearch client when removing from aws client pool: ${error.message}`
-          );
-        }
-      },
-    });
-    this.logger.info(`Created data source aws client pool of size ${size}`);
-
-    const getClientFromPool = (key: string, authType: AuthType) => {
-      const selectedCache = authType === AuthType.SigV4 ? this.awsClientCache : this.clientCache;
-
-      return selectedCache!.get(key);
+    const getClientFromPool = (endpoint: string) => {
+      return this.cache!.get(endpoint);
     };
 
-    const addClientToPool = (key: string, authType: string, client: Client | LegacyClient) => {
-      const selectedCache = authType === AuthType.SigV4 ? this.awsClientCache : this.clientCache;
-      if (!selectedCache?.has(key)) {
-        return selectedCache!.set(key, client);
-      }
+    const addClientToPool = (endpoint: string, client: Client | LegacyClient) => {
+      this.cache!.set(endpoint, client);
     };
 
     return {
@@ -99,15 +71,7 @@ export class OpenSearchClientPool {
     if (this.isClosed) {
       return;
     }
-
-    try {
-      await Promise.all([
-        ...this.clientCache!.values().map((client) => client.close()),
-        ...this.awsClientCache!.values().map((client) => client.close()),
-      ]);
-      this.isClosed = true;
-    } catch (error) {
-      this.logger.error(`Error closing clients in pool. ${error}`);
-    }
+    await Promise.all(this.cache!.values().map((client) => client.close()));
+    this.isClosed = true;
   }
 }

src/plugins/data_source/server/client/configure_client.test.ts

@@ -137,7 +137,7 @@ describe('configureClient', () => {
       configureClient(dataSourceClientParams, clientPoolSetup, config, logger)
     ).rejects.toThrowError();
 
-    expect(ClientMock).not.toHaveBeenCalled();
+    expect(ClientMock).toHaveBeenCalledTimes(1);
     expect(savedObjectsMock.get).toHaveBeenCalledTimes(1);
     expect(decodeAndDecryptSpy).toHaveBeenCalledTimes(1);
   });
@@ -152,7 +152,7 @@ describe('configureClient', () => {
       configureClient(dataSourceClientParams, clientPoolSetup, config, logger)
     ).rejects.toThrowError();
 
-    expect(ClientMock).not.toHaveBeenCalled();
+    expect(ClientMock).toHaveBeenCalledTimes(1);
     expect(savedObjectsMock.get).toHaveBeenCalledTimes(1);
     expect(decodeAndDecryptSpy).toHaveBeenCalledTimes(1);
   });