Addd examples on how to connect with Sigv4 for AOS and AOSS (#3250)

* Addd examples on how to connect with Sigv4 for AOS and AOSS

Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com>

* Changed some grammar

Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com>

* Changed more grammar

Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com>

---------

Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com>
This commit is contained in:
Harsha Vamsi Kalluri 2023-03-09 06:47:18 -08:00 committed by GitHub
parent f01567de44
commit 7fb9e5b848
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 575 additions and 67 deletions

View File

@ -89,6 +89,59 @@ var client = new OpenSearchLowLevelClient(settings);
``` ```
{% include copy.html %} {% include copy.html %}
## Connecting to Amazon OpenSearch Service
The following example illustrates connecting to Amazon OpenSearch Service:
```cs
using OpenSearch.Client;
using OpenSearch.Net.Auth.AwsSigV4;
namespace Application
{
class Program
{
static void Main(string[] args)
{
var endpoint = new Uri("https://search-xxx.region.es.amazonaws.com");
var connection = new AwsSigV4HttpConnection(RegionEndpoint.APSoutheast2, service: AwsSigV4HttpConnection.OpenSearchService);
var config = new ConnectionSettings(endpoint, connection);
var client = new OpenSearchClient(config);
Console.WriteLine($"{client.RootNodeInfo().Version.Distribution}: {client.RootNodeInfo().Version.Number}");
}
}
}
```
{% include copy.html %}
## Connecting to Amazon OpenSearch Serverless
The following example illustrates connecting to Amazon OpenSearch Serverless Service:
```cs
using OpenSearch.Client;
using OpenSearch.Net.Auth.AwsSigV4;
namespace Application
{
class Program
{
static void Main(string[] args)
{
var endpoint = new Uri("https://search-xxx.region.aoss.amazonaws.com");
var connection = new AwsSigV4HttpConnection(RegionEndpoint.APSoutheast2, service: AwsSigV4HttpConnection.OpenSearchServerlessService);
var config = new ConnectionSettings(endpoint, connection);
var client = new OpenSearchClient(config);
Console.WriteLine($"{client.RootNodeInfo().Version.Distribution}: {client.RootNodeInfo().Version.Number}");
}
}
}
```
{% include copy.html %}
## Using ConnectionSettings ## Using ConnectionSettings
`ConnectionConfiguration` is used to pass configuration options to the OpenSearch.Net client. `ConnectionSettings` inherits from `ConnectionConfiguration` and provides additional configuration options. `ConnectionConfiguration` is used to pass configuration options to the OpenSearch.Net client. `ConnectionSettings` inherits from `ConnectionConfiguration` and provides additional configuration options.

View File

@ -55,6 +55,130 @@ client, err := opensearch.NewClient(opensearch.Config{
``` ```
{% include copy.html %} {% include copy.html %}
## Connecting to Amazon OpenSearch Service
The following example illustrates connecting to Amazon OpenSearch Service:
```go
package main
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
opensearch "github.com/opensearch-project/opensearch-go/v2"
opensearchapi "github.com/opensearch-project/opensearch-go/v2/opensearchapi"
requestsigner "github.com/opensearch-project/opensearch-go/v2/signer/awsv2"
)
const endpoint = "" // e.g. https://opensearch-domain.region.com or Amazon OpenSearch Serverless endpoint
func main() {
ctx := context.Background()
awsCfg, err := config.LoadDefaultConfig(ctx,
config.WithRegion("<AWS_REGION>"),
config.WithCredentialsProvider(
getCredentialProvider("<AWS_ACCESS_KEY>", "<AWS_SECRET_ACCESS_KEY>", "<AWS_SESSION_TOKEN>"),
),
)
if err != nil {
log.Fatal(err) // Do not log.fatal in a production ready app.
}
// Create an AWS request Signer and load AWS configuration using default config folder or env vars.
signer, err := requestsigner.NewSignerWithService(awsCfg, "es")
if err != nil {
log.Fatal(err) // Do not log.fatal in a production ready app.
}
// Create an opensearch client and use the request-signer
client, err := opensearch.NewClient(opensearch.Config{
Addresses: []string{endpoint},
Signer: signer,
})
if err != nil {
log.Fatal("client creation err", err)
}
}
func getCredentialProvider(accessKey, secretAccessKey, token string) aws.CredentialsProviderFunc {
return func(ctx context.Context) (aws.Credentials, error) {
c := &aws.Credentials{
AccessKeyID: accessKey,
SecretAccessKey: secretAccessKey,
SessionToken: token,
}
return *c, nil
}
}
```
{% include copy.html %}
## Connecting to Amazon OpenSearch Serverless
The following example illustrates connecting to Amazon OpenSearch Serverless Service:
```go
package main
import (
"context"
"log"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
opensearch "github.com/opensearch-project/opensearch-go/v2"
opensearchapi "github.com/opensearch-project/opensearch-go/v2/opensearchapi"
requestsigner "github.com/opensearch-project/opensearch-go/v2/signer/awsv2"
)
const endpoint = "" // e.g. https://opensearch-domain.region.com or Amazon OpenSearch Serverless endpoint
func main() {
ctx := context.Background()
awsCfg, err := config.LoadDefaultConfig(ctx,
config.WithRegion("<AWS_REGION>"),
config.WithCredentialsProvider(
getCredentialProvider("<AWS_ACCESS_KEY>", "<AWS_SECRET_ACCESS_KEY>", "<AWS_SESSION_TOKEN>"),
),
)
if err != nil {
log.Fatal(err) // Do not log.fatal in a production ready app.
}
// Create an AWS request Signer and load AWS configuration using default config folder or env vars.
signer, err := requestsigner.NewSignerWithService(awsCfg, "aoss")
if err != nil {
log.Fatal(err) // Do not log.fatal in a production ready app.
}
// Create an opensearch client and use the request-signer
client, err := opensearch.NewClient(opensearch.Config{
Addresses: []string{endpoint},
Signer: signer,
})
if err != nil {
log.Fatal("client creation err", err)
}
}
func getCredentialProvider(accessKey, secretAccessKey, token string) aws.CredentialsProviderFunc {
return func(ctx context.Context) (aws.Credentials, error) {
c := &aws.Credentials{
AccessKeyID: accessKey,
SecretAccessKey: secretAccessKey,
SessionToken: token,
}
return *c, nil
}
}
```
{% include copy.html %}
The Go client constructor takes an `opensearch.Config{}` type, which can be customized using options such as a list of OpenSearch node addresses or a username and password combination. The Go client constructor takes an `opensearch.Config{}` type, which can be customized using options such as a list of OpenSearch node addresses or a username and password combination.
To connect to multiple OpenSearch nodes, specify them in the `Addresses` parameter: To connect to multiple OpenSearch nodes, specify them in the `Addresses` parameter:

View File

@ -23,7 +23,7 @@ To start using the OpenSearch Java client, ensure that you have the following de
<dependency> <dependency>
<groupId>org.opensearch.client</groupId> <groupId>org.opensearch.client</groupId>
<artifactId>opensearch-java</artifactId> <artifactId>opensearch-java</artifactId>
<version>2.0.0</version> <version>2.2.0</version>
</dependency> </dependency>
``` ```
{% include copy.html %} {% include copy.html %}
@ -150,6 +150,55 @@ public class OpenSearchClientExample {
``` ```
{% include copy.html %} {% include copy.html %}
## Connecting to Amazon OpenSearch Service
The following example illustrates connecting to Amazon OpenSearch Service:
```java
SdkHttpClient httpClient = ApacheHttpClient.builder().build();
OpenSearchClient client = new OpenSearchClient(
new AwsSdk2Transport(
httpClient,
"search-...us-west-2.es.amazonaws.com", // OpenSearch endpoint, without https://
"es"
Region.US_WEST_2, // signing service region
AwsSdk2TransportOptions.builder().build()
)
);
InfoResponse info = client.info();
System.out.println(info.version().distribution() + ": " + info.version().number());
httpClient.close();
```
{% include copy.html %}
## Connecting to Amazon OpenSearch Serverless
The following example illustrates connecting to Amazon OpenSearch Serverless Service:
```java
SdkHttpClient httpClient = ApacheHttpClient.builder().build();
OpenSearchClient client = new OpenSearchClient(
new AwsSdk2Transport(
httpClient,
"search-...us-west-2.aoss.amazonaws.com", // OpenSearch endpoint, without https://
"aoss"
Region.US_WEST_2, // signing service region
AwsSdk2TransportOptions.builder().build()
)
);
InfoResponse info = client.info();
System.out.println(info.version().distribution() + ": " + info.version().number());
httpClient.close();
```
{% include copy.html %}
## Creating an index ## Creating an index
You can create an index with non-default settings using the following code: You can create an index with non-default settings using the following code:

View File

@ -67,6 +67,137 @@ var client = new Client({
``` ```
{% include copy.html %} {% include copy.html %}
## Authenticating with Amazon OpenSearch Service AWS Sigv4
Use the following code to authenticate with AWS V2 SDK:
```javascript
const AWS = require('aws-sdk'); // V2 SDK.
const { Client } = require('@opensearch-project/opensearch');
const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
const client = new Client({
...AwsSigv4Signer({
region: 'us-west-2',
service: 'es',
// Must return a Promise that resolve to an AWS.Credentials object.
// This function is used to acquire the credentials when the client start and
// when the credentials are expired.
// The Client will refresh the Credentials only when they are expired.
// With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
// Example with AWS SDK V2:
getCredentials: () =>
new Promise((resolve, reject) => {
// Any other method to acquire a new Credentials object can be used.
AWS.config.getCredentials((err, credentials) => {
if (err) {
reject(err);
} else {
resolve(credentials);
}
});
}),
}),
node: 'https://search-xxx.region.es.amazonaws.com', // OpenSearch domain URL
});
```
{% include copy.html %}
AWS V2 SDK for Amazon OpenSearch Serverless
```javascript
const AWS = require('aws-sdk'); // V2 SDK.
const { Client } = require('@opensearch-project/opensearch');
const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
const client = new Client({
...AwsSigv4Signer({
region: 'us-west-2',
service: 'aoss',
// Must return a Promise that resolve to an AWS.Credentials object.
// This function is used to acquire the credentials when the client start and
// when the credentials are expired.
// The Client will refresh the Credentials only when they are expired.
// With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
// Example with AWS SDK V2:
getCredentials: () =>
new Promise((resolve, reject) => {
// Any other method to acquire a new Credentials object can be used.
AWS.config.getCredentials((err, credentials) => {
if (err) {
reject(err);
} else {
resolve(credentials);
}
});
}),
}),
node: "https://xxx.region.aoss.amazonaws.com" // OpenSearch domain URL
});
```
{% include copy.html %}
Use the following code to authenticate with AWS V3 SDK:
```javascript
const { defaultProvider } = require('@aws-sdk/credential-provider-node'); // V3 SDK.
const { Client } = require('@opensearch-project/opensearch');
const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
const client = new Client({
...AwsSigv4Signer({
region: 'us-east-1',
service: 'es', // 'aoss' for OpenSearch Serverless
// Must return a Promise that resolve to an AWS.Credentials object.
// This function is used to acquire the credentials when the client start and
// when the credentials are expired.
// The Client will refresh the Credentials only when they are expired.
// With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
// Example with AWS SDK V3:
getCredentials: () => {
// Any other method to acquire a new Credentials object can be used.
const credentialsProvider = defaultProvider();
return credentialsProvider();
},
}),
node: 'https://search-xxx.region.es.amazonaws.com', // OpenSearch domain URL
// node: "https://xxx.region.aoss.amazonaws.com" for OpenSearch Serverless
});
```
{% include copy.html %}
AWS V3 SDK for Amazon OpenSearch Serverless
```javascript
const { defaultProvider } = require('@aws-sdk/credential-provider-node'); // V3 SDK.
const { Client } = require('@opensearch-project/opensearch');
const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
const client = new Client({
...AwsSigv4Signer({
region: 'us-east-1',
service: 'aoss',
// Must return a Promise that resolve to an AWS.Credentials object.
// This function is used to acquire the credentials when the client start and
// when the credentials are expired.
// The Client will refresh the Credentials only when they are expired.
// With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
// Example with AWS SDK V3:
getCredentials: () => {
// Any other method to acquire a new Credentials object can be used.
const credentialsProvider = defaultProvider();
return credentialsProvider();
},
}),
node: "https://xxx.region.aoss.amazonaws.com" // OpenSearch domain URL
});
```
{% include copy.html %}
## Creating an index ## Creating an index
To create an OpenSearch index, use the `indices.create()` method. You can use the following code to construct a JSON object with custom settings: To create an OpenSearch index, use the `indices.create()` method. You can use the following code to construct a JSON object with custom settings:
@ -270,71 +401,6 @@ async function search() {
search().catch(console.log); search().catch(console.log);
``` ```
{% include copy.html %} {% include copy.html %}
## Authenticating with Amazon OpenSearch Service AWS Sigv4
Use the following code to authenticate with AWS V2 SDK:
```javascript
const AWS = require('aws-sdk'); // V2 SDK.
const { Client } = require('@opensearch-project/opensearch');
const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
const client = new Client({
...AwsSigv4Signer({
region: 'us-east-1',
// Must return a Promise that resolve to an AWS.Credentials object.
// This function is used to acquire the credentials when the client start and
// when the credentials are expired.
// The Client will refresh the Credentials only when they are expired.
// With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
// Example with AWS SDK V2:
getCredentials: () =>
new Promise((resolve, reject) => {
// Any other method to acquire a new Credentials object can be used.
AWS.config.getCredentials((err, credentials) => {
if (err) {
reject(err);
} else {
resolve(credentials);
}
});
}),
}),
node: "https://search-xxx.region.es.amazonaws.com", // OpenSearch domain URL
});
```
{% include copy.html %}
Use the following code to authenticate with AWS V3 SDK:
```javascript
const { defaultProvider } = require("@aws-sdk/credential-provider-node"); // V3 SDK.
const { Client } = require('@opensearch-project/opensearch');
const { AwsSigv4Signer } = require('@opensearch-project/opensearch/aws');
const client = new Client({
...AwsSigv4Signer({
region: 'us-east-1',
// Must return a Promise that resolve to an AWS.Credentials object.
// This function is used to acquire the credentials when the client start and
// when the credentials are expired.
// The Client will refresh the Credentials only when they are expired.
// With AWS SDK V2, Credentials.refreshPromise is used when available to refresh the credentials.
// Example with AWS SDK V3:
getCredentials: () => {
// Any other method to acquire a new Credentials object can be used.
const credentialsProvider = defaultProvider();
return credentialsProvider();
},
}),
node: "https://search-xxx.region.es.amazonaws.com", // OpenSearch domain URL
});
```
{% include copy.html %}
## Circuit breaker ## Circuit breaker
The `memoryCircuitBreaker` option can be used to prevent errors caused by a response payload being too large to fit into the heap memory available to the client. The `memoryCircuitBreaker` option can be used to prevent errors caused by a response payload being too large to fit into the heap memory available to the client.

View File

@ -44,7 +44,54 @@ $client = (new \OpenSearch\ClientBuilder())
->setSSLVerification(false) // For testing only. Use certificate for validation ->setSSLVerification(false) // For testing only. Use certificate for validation
->build(); ->build();
``` ```
{% include copy.html %} {% include copy.html %}
## Connecting to Amazon OpenSearch Service
The following example illustrates connecting to Amazon OpenSearch Service:
```php
$client = (new \OpenSearch\ClientBuilder())
->setSigV4Region('us-east-2')
->setSigV4Service('es')
// Default credential provider.
->setSigV4CredentialProvider(true)
// Using a custom access key and secret
->setSigV4CredentialProvider([
'key' => 'awskeyid',
'secret' => 'awssecretkey',
])
->build();
```
{% include copy.html %}
## Connecting to Amazon OpenSearch Serverless
The following example illustrates connecting to Amazon OpenSearch Serverless Service:
```php
$client = (new \OpenSearch\ClientBuilder())
->setSigV4Region('us-east-2')
->setSigV4Service('aoss')
// Default credential provider.
->setSigV4CredentialProvider(true)
// Using a custom access key and secret
->setSigV4CredentialProvider([
'key' => 'awskeyid',
'secret' => 'awssecretkey',
])
->build();
```
{% include copy.html %}
## Creating an index ## Creating an index

View File

@ -96,6 +96,57 @@ client = OpenSearch(
``` ```
{% include copy.html %} {% include copy.html %}
## Connecting to Amazon OpenSearch Service
The following example illustrates connecting to Amazon OpenSearch Service:
```python
from opensearchpy import OpenSearch, RequestsHttpConnection, AWSV4SignerAuth
import boto3
host = '' # cluster endpoint, for example: my-test-domain.us-east-1.es.amazonaws.com
region = 'us-west-2'
service = 'es'
credentials = boto3.Session().get_credentials()
auth = AWSV4SignerAuth(credentials, region, service)
client = OpenSearch(
hosts = [{'host': host, 'port': 443}],
http_auth = auth,
use_ssl = True,
verify_certs = True,
connection_class = RequestsHttpConnection,
pool_maxsize = 20
)
```
{% include copy.html %}
## Connecting to Amazon OpenSearch Serverless
The following example illustrates connecting to Amazon OpenSearch Serverless Service:
```python
from opensearchpy import OpenSearch, RequestsHttpConnection, AWSV4SignerAuth
import boto3
host = '' # cluster endpoint, for example: my-test-domain.us-east-1.aoss.amazonaws.com
region = 'us-west-2'
service = 'aoss'
credentials = boto3.Session().get_credentials()
auth = AWSV4SignerAuth(credentials, region, service)
client = OpenSearch(
hosts = [{'host': host, 'port': 443}],
http_auth = auth,
use_ssl = True,
verify_certs = True,
connection_class = RequestsHttpConnection,
pool_maxsize = 20
)
```
{% include copy.html %}
## Creating an index ## Creating an index
To create an OpenSearch index, use the `client.indices.create()` method. You can use the following code to construct a JSON object with custom settings: To create an OpenSearch index, use the `client.indices.create()` method. You can use the following code to construct a JSON object with custom settings:

View File

@ -76,6 +76,87 @@ The output is as follows:
2022-08-25 14:24:52 -0400: < {"cluster_name":"docker-cluster","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":10,"active_shards":10,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":8,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":55.55555555555556} 2022-08-25 14:24:52 -0400: < {"cluster_name":"docker-cluster","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":10,"active_shards":10,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":8,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":55.55555555555556}
``` ```
## Connecting to Amazon OpenSearch Service
To connect to Amazon OpenSearch Service, first install the `opensearch-aws-sigv4` gem:
```bash
gem install opensearch-aws-sigv4
```
```ruby
require 'opensearch-aws-sigv4'
require 'aws-sigv4'
signer = Aws::Sigv4::Signer.new(service: 'es',
region: 'us-west-2', # signing service region
access_key_id: 'key_id',
secret_access_key: 'secret')
client = OpenSearch::Aws::Sigv4Client.new({
host: 'https://your.amz-managed-opensearch.domain',
log: true
}, signer)
# create an index and document
index = 'prime'
client.indices.create(index: index)
client.index(index: index, id: '1', body: { name: 'Amazon Echo',
msrp: '5999',
year: 2011 })
# search for the document
client.search(body: { query: { match: { name: 'Echo' } } })
# delete the document
client.delete(index: index, id: '1')
# delete the index
client.indices.delete(index: index)
```
{% include copy.html %}
## Connecting to Amazon OpenSearch Serverless
To connect to Amazon OpenSearch Serverless Service, first install the `opensearch-aws-sigv4` gem:
```bash
gem install opensearch-aws-sigv4
```
```ruby
require 'opensearch-aws-sigv4'
require 'aws-sigv4'
signer = Aws::Sigv4::Signer.new(service: 'aoss',
region: 'us-west-2', # signing service region
access_key_id: 'key_id',
secret_access_key: 'secret')
client = OpenSearch::Aws::Sigv4Client.new({
host: 'https://your.amz-managed-opensearch.domain', # serverless endpoint for OpenSearch Serverless
log: true
}, signer)
# create an index and document
index = 'prime'
client.indices.create(index: index)
client.index(index: index, id: '1', body: { name: 'Amazon Echo',
msrp: '5999',
year: 2011 })
# search for the document
client.search(body: { query: { match: { name: 'Echo' } } })
# delete the document
client.delete(index: index, id: '1')
# delete the index
client.indices.delete(index: index)
```
{% include copy.html %}
## Creating an index ## Creating an index
You don't need to create an index explicitly in OpenSearch. Once you upload a document into an index that does not exist, OpenSearch creates the index automatically. Alternatively, you can create an index explicitly to specify settings like the number of primary and replica shards. To create an index with non-default settings, create an index body hash with those settings: You don't need to create an index explicitly in OpenSearch. Once you upload a document into an index that does not exist, OpenSearch creates the index automatically. Alternatively, you can create an index explicitly to specify settings like the number of primary and replica shards. To create an index with non-default settings, create an index body hash with those settings:

View File

@ -71,6 +71,43 @@ let client = OpenSearch::new(transport);
``` ```
{% include copy.html %} {% include copy.html %}
## Connecting to Amazon OpenSearch Service
The following example illustrates connecting to Amazon OpenSearch Service:
```rust
let url = Url::parse("https://...");
let service_name = "es";
let conn_pool = SingleNodeConnectionPool::new(url?);
let region_provider = RegionProviderChain::default_provider().or_else("us-east-1");
let aws_config = aws_config::from_env().region(region_provider).load().await.clone();
let transport = TransportBuilder::new(conn_pool)
.auth(aws_config.clone().try_into()?)
.service_name(service_name)
.build()?;
let client = OpenSearch::new(transport);
```
{% include copy.html %}
## Connecting to Amazon OpenSearch Serverless
The following example illustrates connecting to Amazon OpenSearch Serverless Service:
```rust
let url = Url::parse("https://...");
let service_name = "aoss";
let conn_pool = SingleNodeConnectionPool::new(url?);
let region_provider = RegionProviderChain::default_provider().or_else("us-east-1");
let aws_config = aws_config::from_env().region(region_provider).load().await.clone();
let transport = TransportBuilder::new(conn_pool)
.auth(aws_config.clone().try_into()?)
.service_name(service_name)
.build()?;
let client = OpenSearch::new(transport);
```
{% include copy.html %}
## Creating an index ## Creating an index
To create an OpenSearch index, use the `create` function of the `opensearch::indices::Indices` struct. You can use the following code to construct a JSON object with custom mappings: To create an OpenSearch index, use the `create` function of the `opensearch::indices::Indices` struct. You can use the following code to construct a JSON object with custom mappings: