Added support for AWS Sigv4 for UrlLib3. #547
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: dblock <dblock@amazon.com>
dblock
force-pushed
the
urllib3-aws-sig-v4
branch
from
2a50056
to
a732d44
Compare
Codecov Report
@@ Coverage Diff @@
## main #547 +/- ##
==========================================
+ Coverage 70.63% 70.66% +0.02%
==========================================
Files 83 83
Lines 7857 7877 +20
==========================================
+ Hits 5550 5566 +16
- Misses 2307 2311 +4
|
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
dblock
changed the title
dblock
force-pushed
the
urllib3-aws-sig-v4
branch
2 times, most recently
from
c9f113f
to
fb9e1b9
Compare
dblock
requested review from
VachaShah,
harshavamsi,
axeoman,
deztructor,
Shephalimittal,
saimedhi and
florianvazelle
as code owners
|
@harshavamsi would appreciate your CR since you did support for the requests connection class. |
Signed-off-by: dblock <dblock@amazon.com>
dblock
force-pushed
the
urllib3-aws-sig-v4
branch
from
fb9e1b9
to
f8f2b62
Compare
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
dblock
force-pushed
the
urllib3-aws-sig-v4
branch
from
b709e40
to
8d5aeb0
Compare
Signed-off-by: dblock <dblock@amazon.com>
VachaShah
reviewed
Oct 23, 2023
| # Modifications Copyright OpenSearch Contributors. See | ||
| # GitHub history for details. | ||
| # | ||
| # Licensed to Elasticsearch B.V. under one or more contributor |
There was a problem hiding this comment.
Do we need this license here?
There was a problem hiding this comment.
Yes, this code was refactored out of test_connection.py, so let's keep it.
guides/auth.md
Outdated
| @@ -9,24 +9,24 @@ OpenSearch allows you to use different methods for the authentication via `conne | |||
|
|
|||
| ## IAM Authentication | |||
|
|
|||
| Opensearch-py supports IAM-based authentication via `AWSV4SignerAuth`, which uses `RequestHttpConnection` as the transport class for communicating with OpenSearch clusters running in Amazon Managed OpenSearch and OpenSearch Serverless, and works in conjunction with [botocore](https://pypi.org/project/botocore/). | |||
| Opensearch-py supports IAM-based authentication via `RequestsAWSV4SignerAuth` and `Urllib3AWSV4SignerAuth`, which use `RequestHttpConnection` and `Urllib3HttpConnection` respectively, as the transport classes for communicating with OpenSearch clusters running in Amazon Managed OpenSearch and OpenSearch Serverless, and works in conjunction with [botocore](https://pypi.org/project/botocore/). | |||
There was a problem hiding this comment.
Do we recommend Urllib3AWSV4SignerAuth here?
There was a problem hiding this comment.
I've clarified the documentation in cb76874.
| self.signer = AWSV4Signer(credentials, region, service) | ||
|
|
||
| def __call__(self, method: str, url: str, body: Any) -> Dict[str, str]: | ||
| return self.signer.sign(method, url, body) |
There was a problem hiding this comment.
RequestsAWSV4SignerAuth returns prepared request while Urllib3AWSV4SignerAuth returns the headers, should we keep them consistent?
There was a problem hiding this comment.
The requests library expect a callable that derives from requests.auth.AuthBase and receives a request object. It's called inside the requests library.
The urllib3 library doesn't support such an interface. It actually splits the client constructor and exposes a perform_request method. That's where we have the method, URL, and body, and call auth. There's no "request" object here.
We could make a similar interface to AuthBase for urllib3, but it cannot be the same interface because that one exists in the requests library. Since these signer classes aren't interchangeable at all, they don't need to derive from the same class, and I already moved the common parts into AWSV4Signer.
There was a problem hiding this comment.
That makes sense, thank you!
…uestHttpConnection. Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
Signed-off-by: dblock <dblock@amazon.com>
|
@VachaShah I wrote some more tests and addressed your comments. LMK if there's anything else needed for this one |
Djcarrillo6
added a commit
to Djcarrillo6/opensearch-py
that referenced
this pull request
Oct 25, 2023
Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Added a guide on making raw JSON REST requests. (opensearch-project#542) Signed-off-by: dblock <dblock@amazon.com> Added document lifecycle guide & sample code. Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Updated CHANGELOG Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Added support for AWS Sigv4 for UrlLib3. (opensearch-project#547) * WIP: Added support for AWS Sigv4 for UrlLib3. Signed-off-by: dblock <dblock@amazon.com> * Refactored common implementation. Signed-off-by: dblock <dblock@amazon.com> * Added sigv4 samples. Signed-off-by: dblock <dblock@amazon.com> * Updated CHANGELOG. Signed-off-by: dblock <dblock@amazon.com> * Add documentation. Signed-off-by: dblock <dblock@amazon.com> * Use the correct class in tests. Signed-off-by: dblock <dblock@amazon.com> * Renamed samples. Signed-off-by: dblock <dblock@amazon.com> * Split up requests and urllib3 unit tests. Signed-off-by: dblock <dblock@amazon.com> * Rename AWSV4Signer. Signed-off-by: dblock <dblock@amazon.com> * Clarified documentation of when to use Urllib3AWSV4SignerAuth vs. RequestHttpConnection. Signed-off-by: dblock <dblock@amazon.com> * Move fetch_url inside the signer class. Signed-off-by: dblock <dblock@amazon.com> * Added unit test for Urllib3AWSV4SignerAuth adding headers. Signed-off-by: dblock <dblock@amazon.com> * Added unit test for signing to include query string. Signed-off-by: dblock <dblock@amazon.com> --------- Signed-off-by: dblock <dblock@amazon.com> Remove support for Python 2.x. (opensearch-project#548) Signed-off-by: dblock <dblock@amazon.com> Fixed guide & added link in USER_GUIDE.md Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com> Added support for AWS Sigv4 for UrlLib3. (opensearch-project#547) * WIP: Added support for AWS Sigv4 for UrlLib3. Signed-off-by: dblock <dblock@amazon.com> * Refactored common implementation. Signed-off-by: dblock <dblock@amazon.com> * Added sigv4 samples. Signed-off-by: dblock <dblock@amazon.com> * Updated CHANGELOG. Signed-off-by: dblock <dblock@amazon.com> * Add documentation. Signed-off-by: dblock <dblock@amazon.com> * Use the correct class in tests. Signed-off-by: dblock <dblock@amazon.com> * Renamed samples. Signed-off-by: dblock <dblock@amazon.com> * Split up requests and urllib3 unit tests. Signed-off-by: dblock <dblock@amazon.com> * Rename AWSV4Signer. Signed-off-by: dblock <dblock@amazon.com> * Clarified documentation of when to use Urllib3AWSV4SignerAuth vs. RequestHttpConnection. Signed-off-by: dblock <dblock@amazon.com> * Move fetch_url inside the signer class. Signed-off-by: dblock <dblock@amazon.com> * Added unit test for Urllib3AWSV4SignerAuth adding headers. Signed-off-by: dblock <dblock@amazon.com> * Added unit test for signing to include query string. Signed-off-by: dblock <dblock@amazon.com> --------- Signed-off-by: dblock <dblock@amazon.com> Remove support for Python 2.x. (opensearch-project#548) Signed-off-by: dblock <dblock@amazon.com> Fixed guide & added link in USER_GUIDE.md opensearch-project#3 Signed-off-by: Djcarrillo6 <djcarrillo6@yahoo.com>
This was referenced Nov 17, 2023
roma2023
pushed a commit
to roma2023/opensearch-py
that referenced
this pull request
Dec 28, 2023
* WIP: Added support for AWS Sigv4 for UrlLib3. Signed-off-by: dblock <dblock@amazon.com> * Refactored common implementation. Signed-off-by: dblock <dblock@amazon.com> * Added sigv4 samples. Signed-off-by: dblock <dblock@amazon.com> * Updated CHANGELOG. Signed-off-by: dblock <dblock@amazon.com> * Add documentation. Signed-off-by: dblock <dblock@amazon.com> * Use the correct class in tests. Signed-off-by: dblock <dblock@amazon.com> * Renamed samples. Signed-off-by: dblock <dblock@amazon.com> * Split up requests and urllib3 unit tests. Signed-off-by: dblock <dblock@amazon.com> * Rename AWSV4Signer. Signed-off-by: dblock <dblock@amazon.com> * Clarified documentation of when to use Urllib3AWSV4SignerAuth vs. RequestHttpConnection. Signed-off-by: dblock <dblock@amazon.com> * Move fetch_url inside the signer class. Signed-off-by: dblock <dblock@amazon.com> * Added unit test for Urllib3AWSV4SignerAuth adding headers. Signed-off-by: dblock <dblock@amazon.com> * Added unit test for signing to include query string. Signed-off-by: dblock <dblock@amazon.com> --------- Signed-off-by: dblock <dblock@amazon.com> Signed-off-by: roma2023 <romasaparhan19@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
AWSV4SignerAuthin favor ofRequestsAWSV4SignerAuthUrllib3AWSV4SignerAuthin the documentation since that transport is faster.Testing
AOS
AOSS
Issues Resolved
Closes #546
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.