Add support signing requests

[nkhine]

As per https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-request-signing.html do you have plans to implement this?

http://sdk.amazonaws.com/cpp/api/0.14.7/class_aws_1_1_client_1_1_a_w_s_auth_v4_signer.html

[vktr]

Hi! The documentation doesn't mention if it relates to the _search endpoint, which is the only endpoint we're using. It seems as if the signed requests are for putting data back into Elasticsearch which is currently not a focus.

[nkhine]

I am running a microservice in fargate and wanted to use blaze to download the index, but i am unsure how best to setup the authentication without having to pass username/password, any suggestions?

[vktr]

Do you have an Elasticsearch index already? Did you try to point Blaze at it and dump it? Blaze handles basic auth but nothing more.

[nkhine]

AWS doesn't support username:password as it is basic http auth scheme, they use a scheme which takes the url, headers, payload as its input creates an HMAC and sends it to AWS ES - https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html

So for example, from https://docs.aws.amazon.com/apigateway/api-reference/signing-requests/:

curl -X GET \
  https://search-00000000000000.eu-west-1.es.amazonaws.com/_cat/indices \
  -H 'Authorization: AWS4-HMAC-SHA256 Credential=111111/00000000/eu-west-1/es/aws4_request, SignedHeaders=cache-control;content-type;host;postman-token;x-amz-date, Signature=11111111116401882398f46011f14fdb9d55e012a4fb912706d67c1111111111' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Host: search-00000000000001.eu-west-1.es.amazonaws.com' \
  -H 'Postman-Token: 00000000-0000-4001-8006-9291e208a000' \
  -H 'X-Amz-Date: 20191010T240000Z' \
  -H 'cache-control: no-cache'

[vktr]

I'll see if I can add something which doesn't feel bloated or hard to use. What is the easiest way for me to access a protected index?