Commit a654d509 authored by Changzheng Liu's avatar Changzheng Liu

Switch to faraday_middleware-aws-sigv4 gem for signing Elasticsearch request in AWS

parent 5ef5f413
...@@ -133,8 +133,10 @@ gem 'seed-fu', '~> 2.3.7' ...@@ -133,8 +133,10 @@ gem 'seed-fu', '~> 2.3.7'
gem 'elasticsearch-model', '~> 6.1' gem 'elasticsearch-model', '~> 6.1'
gem 'elasticsearch-rails', '~> 6.1', require: 'elasticsearch/rails/instrumentation' gem 'elasticsearch-rails', '~> 6.1', require: 'elasticsearch/rails/instrumentation'
gem 'elasticsearch-api', '~> 6.8' gem 'elasticsearch-api', '~> 6.8'
gem 'aws-sdk' gem 'aws-sdk-core', '~> 3'
gem 'faraday_middleware-aws-signers-v4' gem 'aws-sdk-cloudformation', '~> 1'
gem 'aws-sdk-s3', '~> 1'
gem 'faraday_middleware-aws-sigv4', '~>0.3.0'
# Markdown and HTML processing # Markdown and HTML processing
gem 'html-pipeline', '~> 2.12' gem 'html-pipeline', '~> 2.12'
......
...@@ -93,16 +93,25 @@ GEM ...@@ -93,16 +93,25 @@ GEM
encryptor (~> 3.0.0) encryptor (~> 3.0.0)
attr_required (1.0.1) attr_required (1.0.1)
awesome_print (1.8.0) awesome_print (1.8.0)
aws-eventstream (1.0.3) aws-eventstream (1.1.0)
aws-sdk (2.11.374) aws-partitions (1.345.0)
aws-sdk-resources (= 2.11.374) aws-sdk-cloudformation (1.41.0)
aws-sdk-core (2.11.374) aws-sdk-core (~> 3, >= 3.99.0)
aws-sigv4 (~> 1.0) aws-sigv4 (~> 1.1)
aws-sdk-core (3.104.3)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.239.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0) jmespath (~> 1.0)
aws-sdk-resources (2.11.374) aws-sdk-kms (1.36.0)
aws-sdk-core (= 2.11.374) aws-sdk-core (~> 3, >= 3.99.0)
aws-sigv4 (1.1.0) aws-sigv4 (~> 1.1)
aws-eventstream (~> 1.0, >= 1.0.2) aws-sdk-s3 (1.75.0)
aws-sdk-core (~> 3, >= 3.104.1)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.1)
aws-sigv4 (1.2.1)
aws-eventstream (~> 1, >= 1.0.2)
babosa (1.0.2) babosa (1.0.2)
base32 (0.3.2) base32 (0.3.2)
batch-loader (1.4.0) batch-loader (1.4.0)
...@@ -306,9 +315,9 @@ GEM ...@@ -306,9 +315,9 @@ GEM
faraday (~> 0.8) faraday (~> 0.8)
faraday_middleware (0.14.0) faraday_middleware (0.14.0)
faraday (>= 0.7.4, < 1.0) faraday (>= 0.7.4, < 1.0)
faraday_middleware-aws-signers-v4 (0.1.7) faraday_middleware-aws-sigv4 (0.3.0)
aws-sdk-resources (~> 2) aws-sigv4 (~> 1.0)
faraday (~> 0.9) faraday (>= 0.15)
faraday_middleware-multi_json (0.0.6) faraday_middleware-multi_json (0.0.6)
faraday_middleware faraday_middleware
multi_json multi_json
...@@ -1183,7 +1192,9 @@ DEPENDENCIES ...@@ -1183,7 +1192,9 @@ DEPENDENCIES
atlassian-jwt (~> 0.2.0) atlassian-jwt (~> 0.2.0)
attr_encrypted (~> 3.1.0) attr_encrypted (~> 3.1.0)
awesome_print awesome_print
aws-sdk aws-sdk-cloudformation (~> 1)
aws-sdk-core (~> 3)
aws-sdk-s3 (~> 1)
babosa (~> 1.0.2) babosa (~> 1.0.2)
base32 (~> 0.3.0) base32 (~> 0.3.0)
batch-loader (~> 1.4.0) batch-loader (~> 1.4.0)
...@@ -1230,7 +1241,7 @@ DEPENDENCIES ...@@ -1230,7 +1241,7 @@ DEPENDENCIES
escape_utils (~> 1.1) escape_utils (~> 1.1)
factory_bot_rails (~> 5.1.0) factory_bot_rails (~> 5.1.0)
faraday (~> 0.12) faraday (~> 0.12)
faraday_middleware-aws-signers-v4 faraday_middleware-aws-sigv4 (~> 0.3.0)
fast_blank fast_blank
ffaker (~> 2.10) ffaker (~> 2.10)
flipper (~> 0.17.1) flipper (~> 0.17.1)
......
---
title: Switch to faraday_middleware-aws-sigv4 gem for signing Elasticsearch request
in AWS
merge_request: 38016
author:
type: other
# frozen_string_literal: true # frozen_string_literal: true
require 'faraday_middleware/aws_sigv4'
module Gitlab module Gitlab
module Elastic module Elastic
module Client module Client
...@@ -19,7 +21,7 @@ module Gitlab ...@@ -19,7 +21,7 @@ module Gitlab
region = config[:aws_region] region = config[:aws_region]
::Elasticsearch::Client.new(base_config) do |fmid| ::Elasticsearch::Client.new(base_config) do |fmid|
fmid.request(:aws_signers_v4, credentials: creds, service_name: 'es', region: region) fmid.request(:aws_sigv4, credentials_provider: creds, service: 'es', region: region)
end end
else else
::Elasticsearch::Client.new(base_config) ::Elasticsearch::Client.new(base_config)
......
...@@ -37,7 +37,7 @@ RSpec.describe Gitlab::Elastic::Client do ...@@ -37,7 +37,7 @@ RSpec.describe Gitlab::Elastic::Client do
stub_request(:get, 'http://example-elastic:9200/foo/_all/1') stub_request(:get, 'http://example-elastic:9200/foo/_all/1')
.with( .with(
headers: { headers: {
'Authorization' => 'AWS4-HMAC-SHA256 Credential=0/20170303/us-east-1/es/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-opaque-id, Signature=c3180885fb19ca2cf4673a361aa47615dddd3ed52159fffcfeda9e732d7c91b8', 'Authorization' => 'AWS4-HMAC-SHA256 Credential=0/20170303/us-east-1/es/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-opaque-id, Signature=746fa5a8a7f3859697d46a754550b1eb357413c481c91d22f17b8a0129c0121e',
'Content-Type' => 'application/json', 'Content-Type' => 'application/json',
'X-Amz-Content-Sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'X-Amz-Content-Sha256' => 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855',
'X-Amz-Date' => '20170303T133952Z' 'X-Amz-Date' => '20170303T133952Z'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment