Add AwsSigV4 signing functionality

README.md

@@ -152,6 +152,93 @@ async function search() {
 search().catch(console.log);
 ```
 
+### With AWS SigV4 signing
+```javascript
+const host = ""; // Opensearch domain URL e.g. https://search-xxx.region.es.amazonaws.com
+const { Client, AwsV4Signer } = require('@opensearch-project/opensearch');
+const { defaultProvider } = require("@aws-sdk/credential-provider-node");
+
+async function getClient() {
+  const credentials = await defaultProvider()();
+  var client = new Client({
+    ...AwsV4Signer({
+      credentials: credentials,
+      region: "us-west-2",
+    }),
+    node: host,
+  });
+  return client;
+}
+
+async function search() {
+
+  var client = await getClient();
+
+  var index_name = "books-test-1";
+  var settings = {
+    settings: {
+      index: {
+        number_of_shards: 4,
+        number_of_replicas: 3,
+      },
+    },
+  };
+
+  var response = await client.indices.create({
+    index: index_name,
+    body: settings,
+  });
+
+  console.log("Creating index:");
+  console.log(response.body);
+
+  // Add a document to the index.
+  var document = {
+    title: "The Outsider",
+    author: "Stephen King",
+    year: "2018",
+    genre: "Crime fiction",
+  };
+
+  var id = "1";
+
+  var response = await client.index({
+    id: id,
+    index: index_name,
+    body: document,
+    refresh: true,
+  });
+
+  console.log("Adding document:");
+  console.log(response.body);
+
+  var response = await client.bulk({ body: bulk_documents });
+  console.log(response.body);
+
+  // Search for the document.
+  var query = {
+    query: {
+      match: {
+        title: {
+          query: "The Outsider",
+        },
+      },
+    },
+  };
+
+  var response = await client.search({
+    index: index_name,
+    body: query,
+  });
+
+  console.log("Search results:");
+  console.log(response.body.hits);
+}
+
+search().catch(console.log);
+```
+
+
 ## Project Resources
 
 - [Project Website](https://opensearch.org/)

index.d.ts

@@ -56,6 +56,7 @@ import {
   ResurrectEvent,
   BasicAuth,
 } from './lib/pool';
+import AwsV4Signer from './lib/AwsV4Signer';
 import Serializer from './lib/Serializer';
 import Helpers from './lib/Helpers';
 import * as errors from './lib/errors';
@@ -5050,4 +5051,5 @@ export {
   ClientOptions,
   NodeOptions,
   ClientExtendsCallbackOptions,
+  AwsV4Signer
 };

index.js

@@ -47,6 +47,7 @@ if (clientVersion.includes('-')) {
   // clean prerelease
   clientVersion = clientVersion.slice(0, clientVersion.indexOf('-')) + 'p';
 }
+const AwsV4Signer = require('./lib/AwsV4Signer');
 
 const kInitialOptions = Symbol('opensearchjs-initial-options');
 const kChild = Symbol('opensearchjs-child');
@@ -348,4 +349,5 @@ module.exports = {
   Serializer,
   events,
   errors,
+  AwsV4Signer,
 };

index.mjs

@@ -38,3 +38,4 @@ export const Connection = mod.Connection;
 export const Serializer = mod.Serializer;
 export const events = mod.events;
 export const errors = mod.errors;
+export const awsV4Signer = mod.AwsV4Signer;

lib/AwsV4Signer.d.ts

@@ -0,0 +1,47 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { Credentials } from '@aws-sdk/types';
+import Connection from './Connection';
+import * as http from 'http';
+
+interface AwsV4SignerOptions {
+  credentials: Credentials;
+  region: string;
+}
+
+export interface AwsV4SignerResponse {
+  Connection: Connection;
+  buildSignedRequestObject(request: any): http.ClientRequestArgs;
+}
+
+export default function AwsV4Signer(opts: AwsV4SignerOptions): AwsV4SignerResponse;
+
+export {};

lib/AwsV4Signer.js

@@ -0,0 +1,62 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+'use strict';
+const Connection = require('./Connection');
+const aws4 = require('aws4');
+const { AwsV4SignerError } = require('./errors');
+
+function AwsV4Signer(opts) {
+  if (opts && (!opts.region || opts.region === null || opts.region === '')) {
+    throw new AwsV4SignerError('Region cannot be empty');
+  }
+  if (opts && (!opts.credentials || opts.credentials === null || opts.credentials === '')) {
+    throw new AwsV4SignerError('Credentials cannot be empty');
+  }
+
+  function buildSignedRequestObject(request = {}) {
+    request.service = 'es';
+    request.region = opts.region;
+    request.headers = request.headers || {};
+    request.headers['host'] = request.hostname;
+    return aws4.sign(request, opts.credentials);
+  }
+  class AwsV4SignedConnection extends Connection {
+    buildRequestObject(params) {
+      const request = super.buildRequestObject(params);
+      return buildSignedRequestObject(request);
+    }
+  }
+  return {
+    Connection: AwsV4SignedConnection,
+    buildSignedRequestObject,
+  };
+}
+module.exports = AwsV4Signer;

lib/errors.d.ts

@@ -117,3 +117,10 @@ export declare class NotCompatibleError<
   meta: ApiResponse<TResponse, TContext>;
   constructor(meta: ApiResponse);
 }
+
+export declare class AwsV4SignerError extends OpenSearchClientError {
+  name: string;
+  message: string;
+  data: any;
+  constructor(message: string, data: any);
+}

lib/errors.js

@@ -158,6 +158,16 @@ class NotCompatibleError extends OpenSearchClientError {
   }
 }
 
+class AwsV4SignerError extends OpenSearchClientError {
+  constructor(message, data) {
+    super(message, data);
+    Error.captureStackTrace(this, AwsV4SignerError);
+    this.name = 'AwsV4SignerError';
+    this.message = message || 'AwsV4Signer Error';
+    this.data = data;
+  }
+}
+
 module.exports = {
   OpenSearchClientError,
   TimeoutError,
@@ -169,4 +179,5 @@ module.exports = {
   ResponseError,
   RequestAbortedError,
   NotCompatibleError,
+  AwsV4SignerError,
 };

package.json

@@ -77,6 +77,8 @@
     "xmlbuilder2": "^2.4.1"
   },
   "dependencies": {
+    "@aws-sdk/credential-provider-node": "^3.154.0",
+    "aws4": "^1.11.0",
     "debug": "^4.3.1",
     "hpagent": "^0.1.1",
     "ms": "^2.1.3",

test/types/awsv4signer.test-d.ts

@@ -0,0 +1,48 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { expectType } from 'tsd';
+import { AwsV4Signer } from '../../';
+import { AwsV4SignerResponse } from '../../lib/AwsV4Signer';
+
+const mockCreds = {
+  accessKeyId: 'mockCredAccessKeyId',
+  secretAccessKey: 'mockCredSecretAccessKey',
+};
+
+const mockRegion = 'us-west-2';
+
+{
+  const AwsV4SignerOptions = { credentials: mockCreds, region: mockRegion };
+
+  const auth = AwsV4Signer(AwsV4SignerOptions);
+
+  expectType<AwsV4SignerResponse>(auth);
+}