shyim
commented
1 year ago For a real integration test, we would need a real instance in GitHub Actions
Closed dblock closed 1 year ago
shyim
commented
1 year ago For a real integration test, we would need a real instance in GitHub Actions
dblock
commented
1 year ago I think we should add a way to run tests easily against an instance - adding it to CI is a different story. As an example in https://github.com/acm19/aws-request-signing-apache-interceptor there's make run_sample that's documented.
marciuz
commented
1 year ago I have been trying for about 24 hours to connect but I always get the message
PHP Fatal error: Uncaught OpenSearch\Common\Exceptions\Forbidden403Exception: {"status":403,"request-id":"223ed502-478d-9ba6-b577-66eefcc5ff86","error":{"reason":"Customer authentication failed: ResultDetail: { Code=InvalidSignature, Message=Invalid signature, does not match, }","type":"AccessDenied"}}
in [..]/vendor/opensearch-project/opensearch-php/src/OpenSearch/Connections/Connection.php:654 something seems to be missing in the authentication, is that right?
dblock
commented
1 year ago marciuz
commented
1 year ago {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "aoss:*",
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "aoss:*",
"Resource": "arn:aws:aoss:*:353384070638:collection/*"
}
]
}this is the code:
<?php
$client = (new \OpenSearch\ClientBuilder())
->setHosts(['https://__myhost__.eu-central-1.aoss.amazonaws.com'])
->setSigV4Region('eu-central-1')
->setSigV4Service('aoss')
// I have my credential in .aws/credentials
->setSigV4CredentialProvider(true)
// But I tested also like this...
->setSigV4CredentialProvider([
'key' => '__mykey__',
'secret' => '__mysecret__',
])
// ->setSSLVerification(true) // ... tested with and without it...
->build();But when I'm try a simple $client->search I receive always the error reported.
dblock
commented
1 year ago @marciuz support for custom signing service name was added in https://github.com/opensearch-project/opensearch-php/pull/117 and AFAIK hasn't been released, so setSigV4Service should be failing.
I can try to help. Let's get to a clear repro on a super simple sample that we know works. I happen to have one.
main branch as described here. SERVICE that can be aoss but defaults to es.shyim
commented
1 year ago Should we maybe just release a new version? :)
harshavamsi
commented
1 year ago The changes in #117 probably do not work with serverless. I will raise a new PR that fixes things in a minute.
marciuz
commented
1 year ago Thanks, in any case I will test your solution and let you know.
Il giorno mar 7 feb 2023 alle ore 20:49 Harsha Vamsi Kalluri < @.***> ha scritto:
The changes in #117 https://github.com/opensearch-project/opensearch-php/pull/117 probably do not work with serverless. I will raise a new PR that fixes things in a minute.
— Reply to this email directly, view it on GitHub https://github.com/opensearch-project/opensearch-php/issues/113#issuecomment-1421353616, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKKXEZ2XVRT3OV3H2K5OPLWWKRN7ANCNFSM6AAAAAATQFLXQE . You are receiving this because you were mentioned.Message ID: @.***>
harshavamsi
commented
1 year ago marciuz
commented
1 year ago Excellent, I tested the #119 and works! Thank you for your work.
shouze
commented
1 year ago @harshavamsi I confirm on my side too, can't wait for a new release!
harshavamsi
commented
1 year ago Closing via #119
Is your feature request related to a problem?
estoaoss.What solution would you like?
Document support for OpenSearch Serverless in the compatibility matrix, add integration tests.
Do you have any additional context?
Coming from https://github.com/opensearch-project/opensearch-clients/issues/44