Skip to content

Commit 58aa041

Browse files
authored
Fixed Sigv4 Signing for Managed Service (opensearch-project#279)
Fixed SigV4 Signing for Async Requests with QueryStrings Signed-off-by: Theo Truong <theotr@amazon.com> Signed-off-by: Theo Truong <theotr@amazon.com>
1 parent 4059251 commit 58aa041

File tree

7 files changed

+22
-6
lines changed

7 files changed

+22
-6
lines changed

.github/workflows/unified-release.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ jobs:
99
strategy:
1010
fail-fast: false
1111
matrix:
12-
stack_version: ['2.1.0']
12+
stack_version: ['2.1.1']
1313

1414
steps:
1515
- name: Checkout

CHANGELOG.md

+11-3
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,23 @@
11
# CHANGELOG
22
Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
33

4-
## [Unreleased]
4+
## [2.1.1]
55
### Added
66
### Changed
77
### Deprecated
8-
98
### Removed
10-
119
### Fixed
10+
- Fixed SigV4 Signing for Managed Service ([#279](https://github.com/opensearch-project/opensearch-py/pull/279))
11+
- Fixed SigV4 Signing for Async Requests with QueryStrings ([#272](https://github.com/opensearch-project/opensearch-py/pull/279))
12+
### Security
1213

14+
## [2.1.0]
15+
### Added
16+
- Added Support for AOSS ([#268](https://github.com/opensearch-project/opensearch-py/pull/268))
17+
### Changed
18+
### Deprecated
19+
### Removed
20+
### Fixed
1321
### Security
1422

1523
## [2.0.1]

opensearchpy/_version.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -24,4 +24,4 @@
2424
# specific language governing permissions and limitations
2525
# under the License.
2626

27-
__versionstr__ = "2.1.0"
27+
__versionstr__ = "2.1.1"

opensearchpy/helpers/asyncsigner.py

+3-1
Original file line numberDiff line numberDiff line change
@@ -46,11 +46,13 @@ def _sign_request(self, method, url, query_string, body):
4646
# create an AWS request object and sign it using SigV4Auth
4747
aws_request = AWSRequest(
4848
method=method,
49-
url="".join([url, query_string]),
49+
url=url,
50+
data=body,
5051
)
5152

5253
sig_v4_auth = SigV4Auth(self.credentials, self.service, self.region)
5354
sig_v4_auth.add_auth(aws_request)
55+
aws_request.headers["X-Amz-Content-SHA256"] = sig_v4_auth.payload(aws_request)
5456

5557
# copy the headers from AWS request object into the prepared_request
5658
return dict(aws_request.headers.items())

opensearchpy/helpers/signer.py

+4
Original file line numberDiff line numberDiff line change
@@ -80,12 +80,16 @@ def _sign_request(self, prepared_request): # type: ignore
8080
aws_request = AWSRequest(
8181
method=prepared_request.method.upper(),
8282
url=url,
83+
data=prepared_request.body,
8384
)
8485

8586
sig_v4_auth = SigV4Auth(self.credentials, self.service, self.region)
8687
sig_v4_auth.add_auth(aws_request)
8788

8889
# copy the headers from AWS request object into the prepared_request
8990
prepared_request.headers.update(dict(aws_request.headers.items()))
91+
prepared_request.headers["X-Amz-Content-SHA256"] = sig_v4_auth.payload(
92+
aws_request
93+
)
9094

9195
return prepared_request

test_opensearchpy/test_async/test_asyncsigner.py

+1
Original file line numberDiff line numberDiff line change
@@ -78,3 +78,4 @@ async def test_aws_signer_async_when_service_is_specified(self):
7878
self.assertIn("Authorization", headers)
7979
self.assertIn("X-Amz-Date", headers)
8080
self.assertIn("X-Amz-Security-Token", headers)
81+
self.assertIn("X-Amz-Content-SHA256", headers)

test_opensearchpy/test_connection.py

+1
Original file line numberDiff line numberDiff line change
@@ -332,6 +332,7 @@ def test_aws_signer_as_http_auth(self):
332332
self.assertIn("Authorization", prepared_request.headers)
333333
self.assertIn("X-Amz-Date", prepared_request.headers)
334334
self.assertIn("X-Amz-Security-Token", prepared_request.headers)
335+
self.assertIn("X-Amz-Content-SHA256", prepared_request.headers)
335336

336337
@pytest.mark.skipif(
337338
sys.version_info < (3, 6), reason="AWSV4SignerAuth requires python3.6+"

0 commit comments

Comments
 (0)