aioelasticsearch icon indicating copy to clipboard operation
aioelasticsearch copied to clipboard
verified publisher icon aio-libs

Amazon elasticsearch signed requests support

Open hellysmile opened this issue 8 years ago • 5 comments

elasticsearch-py requests based realization http://elasticsearch-py.readthedocs.io/en/master/index.html?#running-on-aws-with-iam

Amazon docs: https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

hellysmile avatar Sep 12 '17 21:09 hellysmile

Pleaase add a link to docs. What the hell is it?

asvetlov avatar Sep 13 '17 16:09 asvetlov

Links attached, sorry

hellysmile avatar Sep 13 '17 17:09 hellysmile

This would be nice to have, but I think it would take some work. Requests allows a callable http_auth object to float all the way through from the transport class to a PreparedRequest object which can then (and probably not safely sooner) process the final body and headers for signing. There are also a few more gymnastics needed, for instance ensuring header date (if provided) matches the signing key's scope date.

At the surface, aiohttp looks similar, but underneath the implementation is different. Headers could, in theory, float through to the ClientSession from the ES init (c/o transport/connection), but after a quick scan I didn't see an opportunity to trigger a callable/hook. Perhaps I'm overlooking an approach within aiohttp.

jeremyblow avatar Dec 07 '17 06:12 jeremyblow

Some hints to reuse parts from aiobotocore https://github.com/elastic/elasticsearch-py/pull/706

hellysmile avatar Jan 23 '18 13:01 hellysmile

any news on this, we need it as well. @hellysmile did you try something with the flow from aiobotocore?

sloev avatar Mar 05 '18 15:03 sloev