Closed IanHoang closed 11 months ago
This feels like an OSB problem because the AWS service is definitely es
and aoss
, not aos
, no?
@dblock AWS service uses es
for AWS CLI still but OSB only has a check added by a contributor a few months back:
if aws_log_in_dict["service"] not in ['es', 'aoss']:
self.logger.error("Service for aws log in should be one of 'es' or 'aoss'")
raise exceptions.SystemSetupError(
"Cannot specify service as '{}'. Accepted values are 'es' or 'aoss'.".format(
aws_log_in_dict["service"])
)
Since OSB relies on opensearch-py to communicate with target clusters, I believe the contributor added this check because opensearch-py might not support aos
at the moment and also has the following line:
https://github.com/opensearch-project/opensearch-py/blob/84ac172ddc54b3e6c975d36221d16ec3e78a2fe9/opensearchpy/helpers/signer.py#L51
@IanHoang That default is correct, the service code is "es". Service codes are used to scope service credentials. Do you not agree?
@dblock You're right, thanks for calling this out! opensearch-py uses botocore, which still uses es
. Closing this issue
What is the bug?
When users are using OSB to test a SigV4 authenticated opensearch cluster, they set the environment variable to
aos
oraoss
. However, AWSSigV4Auth class takeses
instead ofaos
. This could be misleading to new OpenSearch users.Are there any plans to support
aos
on top ofes
andaoss
?How can one reproduce the bug?
Error encountered:
What is the expected behavior?
opensearch-py should accept
aos
as well on top ofes
andaoss
.What is your host/environment?
Occurs on MacOS, Linux and with Amazon Managed-Service Clusters
Do you have any screenshots?
N/A
Do you have any additional context?
N/A