From 456e2deb6ea2db656e6e8f9a8d313556522fc5c6 Mon Sep 17 00:00:00 2001 From: Jason Parraga Date: Mon, 6 Nov 2023 00:18:41 -0800 Subject: [PATCH 1/2] Remove option to configure AWS request signing Signed-off-by: Jason Parraga --- provider/provider.go | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/provider/provider.go b/provider/provider.go index 9d61841..4521f47 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -50,7 +50,6 @@ type ProviderConf struct { token string tokenName string parsedUrl *url.URL - signAWSRequests bool osVersion string pingTimeoutSeconds int awsRegion string @@ -181,12 +180,6 @@ func Provider() *schema.Provider { Description: "A X509 key to connect to opensearch", DefaultFunc: schema.EnvDefaultFunc("OS_CLIENT_KEY_PATH", ""), }, - "sign_aws_requests": { - Type: schema.TypeBool, - Optional: true, - Default: true, - Description: "Enable signing of AWS opensearch requests. The `url` must refer to AWS ES domain (`*..es.amazonaws.com`), or `aws_region` must be specified explicitly.", - }, "aws_signature_service": { Type: schema.TypeString, Optional: true, @@ -265,7 +258,6 @@ func providerConfigure(c context.Context, d *schema.ResourceData) (interface{}, token: d.Get("token").(string), tokenName: d.Get("token_name").(string), parsedUrl: parsedUrl, - signAWSRequests: d.Get("sign_aws_requests").(bool), awsSig4Service: d.Get("aws_signature_service").(string), osVersion: d.Get("opensearch_version").(string), pingTimeoutSeconds: d.Get("version_ping_timeout").(int), @@ -291,22 +283,26 @@ func getClient(conf *ProviderConf) (*elastic7.Client, error) { elastic7.SetHealthcheck(conf.healthchecking), } + var signRequests = true + if conf.parsedUrl.User.Username() != "" { p, _ := conf.parsedUrl.User.Password() opts = append(opts, elastic7.SetBasicAuth(conf.parsedUrl.User.Username(), p)) + signRequests = false // Disable request signing for basic auth } if conf.username != "" && conf.password != "" { opts = append(opts, elastic7.SetBasicAuth(conf.username, conf.password)) + signRequests = false // Disable request signing for basic auth } - if m := awsUrlRegexp.FindStringSubmatch(conf.parsedUrl.Hostname()); m != nil && conf.signAWSRequests { + if m := awsUrlRegexp.FindStringSubmatch(conf.parsedUrl.Hostname()); m != nil && signRequests { log.Printf("[INFO] Using AWS: %+v", m[1]) client, err := awsHttpClient(m[1], conf, map[string]string{}) if err != nil { return nil, err } opts = append(opts, elastic7.SetHttpClient(client), elastic7.SetSniff(false)) - } else if awsRegion := conf.awsRegion; conf.awsRegion != "" && conf.signAWSRequests { + } else if awsRegion := conf.awsRegion; conf.awsRegion != "" && signRequests { log.Printf("[INFO] Using AWS: %+v", awsRegion) client, err := awsHttpClient(awsRegion, conf, map[string]string{}) if err != nil { From 5d39f574324164b2b9766d7695a0193e37f72618 Mon Sep 17 00:00:00 2001 From: Jason Parraga Date: Mon, 6 Nov 2023 00:18:48 -0800 Subject: [PATCH 2/2] Update docs Signed-off-by: Jason Parraga --- docs/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index a35cbc0..4a5d8e4 100644 --- a/docs/index.md +++ b/docs/index.md @@ -78,7 +78,6 @@ EOF - `insecure` (Boolean) Disable SSL verification of API calls - `opensearch_version` (String) opensearch Version - `password` (String) Password to use to connect to opensearch using basic auth -- `sign_aws_requests` (Boolean) Enable signing of AWS opensearch requests. The `url` must refer to AWS ES domain (`*..es.amazonaws.com`), or `aws_region` must be specified explicitly. - `sniff` (Boolean) Set the node sniffing option for the opensearch client. Client won't work with sniffing if nodes are not routable. - `token` (String) A bearer token or ApiKey for an Authorization header, e.g. Active Directory API key. - `token_name` (String) The type of token, usually ApiKey or Bearer