VachaShah
commented
1 year ago Hi @graytaylor0, thank you for raising this issue! Would you be up to PR a fix?
Open graytaylor0 opened 1 year ago
VachaShah
commented
1 year ago Hi @graytaylor0, thank you for raising this issue! Would you be up to PR a fix?
graytaylor0
commented
1 year ago Hi @VachaShah,
I'd be happy to make a PR, but I am unsure of how to fix it or debug what is wrong with the current client code
dblock
commented
1 year ago Start by adding a test (unit or integration) that reproduces the issue. I don't see anything method-specific in https://github.com/opensearch-project/opensearch-java/blob/ae4ac0e08e0b60236805fd75e334aa4e05a8c304/java-client/src/main/java/org/opensearch/client/transport/aws/AwsSdk2Transport.java, so we'll need to look into what headers are generated, whether the body is or isn't getting signed, etc.
graytaylor0
commented
1 year ago Created this integration test (https://github.com/opensearch-project/opensearch-java/pull/522) which is currently failing with the sigv4 signature error. What is the best way to compare the request that is being sent by the client to what is expected?
dblock
commented
1 year ago I think it's pretty difficult to know what's expected, so from here I'd debug the code path for a DELETE vs. a POST. I suspect it skips signing the body or something like that.
graytaylor0
commented
1 year ago I did some stepping through with the debugger, and it looked like no different between handling of a DELETE and POST request.
The only thing I do notice is that the Content-Length header is added with a value of the request body length, and the error message says that content length is expected to be empty.
The Canonical String for this request should have been
'DELETE
/_search/point_in_time
accept-encoding:gzip
content-length:
content-type:application/jsonAlso the header for x-amz-content-sha256 is just given a value of "required". I'm guessing this is expected though
graytaylor0
commented
1 year ago Also found a similar past issue that may be helpful (https://github.com/aws/aws-sdk-js/issues/1733)
harshavamsi
commented
1 year ago @graytaylor0 did some initial digging around and it doesn't look like it's an issue with SigV4 signing. I suspect the issue is either with the ApacheHttpClient. You can verify this by setting the first parameter in https://github.com/opensearch-project/opensearch-java/pull/522 for the test case to be true. This will use the async client and the test does pass. Let me do some more in-depth research and post my findings here, but in the meanwhile you can try using the Async client and work around this issue
graytaylor0
commented
1 year ago Hi @harshavamsi. Thanks for the information there. That is very helpful. However, I would like to understand the implications of using an async client instead of the non-async client. How will this impact the other API calls that I am currently making successfully with the non-async client? I'm not sure it makes sense to use the async client just for the sake of this failed delete PIT request.
dblock
commented
11 months ago
What is the bug?
deletePitrequest to opensearch client fails with sigv4 signing mismatchHow can one reproduce the bug?
Create an OpenSearchClient following instructions from here (https://opensearch.org/docs/2.7/clients/java/#connecting-to-amazon-opensearch-service) and then attempt to use the client's
deletePitAPI.I believe this is because it is a DELETE request with a body. The
createPitmethod works as intended. Sending the request results in a sigv4 errorWhat is the expected behavior?
The
deletePitAPI call does not have a signature mismatchWhat is your host/environment?
Mac OS
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
Do you have any additional context?
Add any other context about the problem.