Comments (11)
Are you sure that your credentials provider is actually providing the creds? That error indicates that the request was signed properly but that the token was bogus (or missing).
This issue seems similar.
from elasticsearch-client.
Thanks for the quick reply. Yep, I printed out the access key ID and secret key from awsCredentials
, they were both populated with the expected values. I'm going to try and dump complete HTTP requests from both the python and scala code, and see if there are any obvious differences.
from elasticsearch-client.
I should have mentioned I'm running this code inside AWS Lambda. Not sure if related, but it seems the issue is to do with another HTTP header, x-amz-security-token
. The python code is populating that header from an environment variable, AWS_SECURITY_TOKEN
. If I remove the header from the python code I get a similar 403 error.
I'm going to look into attaching this header to the HTTP request in elasticsearch-client
and see if that fixes the problem.
from elasticsearch-client.
Ah cool -- you're almost certainly the first person to try to use this from
Lambda. We're using the Authorization
header currently. You could try
adding the x-amz-security-token
header to the list at
https://github.com/SumoLogic/elasticsearch-client/blob/master/elasticsearch-aws/src/main/scala/com/sumologic/elasticsearch/util/AwsRequestSigner.scala#L49
to
see if that does the trick.
On Wed, Apr 20, 2016 at 5:25 PM Ben Barnes [email protected] wrote:
I should have mentioned I'm running this code inside AWS Lambda. Not sure
if related, but it seems the issue is to do with another HTTP header,
x-amz-security-token. The python code is populating that header from an
environment variable, AWS_SECURITY_TOKEN. If I remove the header from the
python code I get a similar 403 error.I'm going to look into attaching this header to the HTTP request in
elasticsearch-client and see if that fixes the problem.—
You are receiving this because you commented.Reply to this email directly or view it on GitHub
#19 (comment)
from elasticsearch-client.
It worked! I added the following function to AwsRequestSigner
:
val xAmzSecurityToken = "X-Amz-Security-Token"
private def addAmzToken(httpRequest: HttpRequest): HttpRequest = {
val amzToken = sys.env.get("AWS_SESSION_TOKEN")
amzToken map (token => {
httpRequest.withHeaders(RawHeader(xAmzSecurityToken, token) :: httpRequest.headers)
}) getOrElse httpRequest
}
Then, in AwsRequestSigner::withAuthHeader
I call it on withDateAndHost
:
val withAmzToken = addAmzToken(withDateAndHost)
This works in my case, but I don't know how useful it would be in general. Would you be interested in a pull request? It's also a little hard to unit test as-is, since the function requires environment variables to be set.
from elasticsearch-client.
Hmm. For a PR we'd need to remove the environment variable dep. I'll think
about it -- I'd like it to work out of the box for your use case.
On Thu, Apr 21, 2016, 4:46 PM Ben Barnes [email protected] wrote:
It worked! I added the following function to AwsRequestSigner:
val xAmzSecurityToken = "X-Amz-Security-Token"
private def addAmzToken(httpRequest: HttpRequest): HttpRequest = {
val amzToken = sys.env.get("AWS_SESSION_TOKEN")
amzToken map (token => {
httpRequest.withHeaders(RawHeader(xAmzSecurityToken, token) :: httpRequest.headers)
}) getOrElse httpRequest
}Then, in AwsRequestSigner::withAuthHeader I call it on withDateAndHost:
val withAmzToken = addAmzToken(withDateAndHost)This works in my case, but I don't know how useful it would be in general.
Would you be interested in a pull request? It's also a little hard to unit
test as-is, since the function requires environment variables to be set.—
You are receiving this because you commented.Reply to this email directly or view it on GitHub
#19 (comment)
from elasticsearch-client.
Alright, no worries. I'll close this issue then.
from elasticsearch-client.
Did a bit of research --
I think the best way to do this would be to pass in an AWSSessionCredentials
(subclass of AWSCredentials) into the constructor.
In the request signer, match on the credentials object to see if it is actually AWSSessionCredentials, and if so send the session token.
I believe the credentials you're sending are already AWSSessionCredentials so the only change would need to be library side.
We'd certainly accept a PR for this if you'd like to code it 👍
from elasticsearch-client.
Ah, neat! Thanks for looking into that. I'll give it a go, though I may not be able to spend much time on it for the next few days.
from elasticsearch-client.
Hey guys, im actually getting the same issue as @chronon-io, difference being I'm running the application from a normal EC2 instance.
Ive a code setup as follows:
val credentialsProviderChain = new DefaultAWSCredentialsProviderChain()
val region = Option(Regions.getCurrentRegion).getOrElse(Region.getRegion(Regions.EU_WEST_1))
val signer = Some(new ExperimentalAwsRequestSigner(credentialsProviderChain.getCredentials, region.getName, "es"))
new RestlasticSearchClient(new StaticEndpoint(Endpoint(host, port)), signer)
The response im getting back is as follows:
[debug] c.s.e.r.RestlasticSearchClient$ - Got Es response: 403 Forbidden
[warn] c.s.e.r.RestlasticSearchClient$ - Failure response: {"message":"The security token included in the request is invalid."}
[warn] c.s.e.r.RestlasticSearchClient$ - Failing request: {"query":{"term":{"_id":"a1195665-53b6-4e97-bde6-e7b918e92525"}}}
from elasticsearch-client.
What is the ExperimentalAwsRequestSigner
? By the way, #55 reported that he upgraded to 1.0.24 and it worked.
from elasticsearch-client.
Related Issues (20)
- QueryDsl QueryRoot.toJson incorrect for sort HOT 2
- Add supported ES version to readme HOT 1
- runRawEsRequest DELETE on a document throws an org.json4s.MappingException HOT 3
- Please create an OperationType for Delete to support bulk deletes HOT 5
- _timestamp is deprecated HOT 1
- Create BreakingChanges.md HOT 2
- Make the client better support multiple different versions HOT 4
- Swap out spray for Akka http HOT 4
- Readme says "targeted at ES 1.x" HOT 2
- deleteDocument API can fail with obscure error
- deleteDocument API doesn't delete all the matching items HOT 1
- Refactor BulkOperation
- Upgrade the elastic search client to support the latest version 6.0 (current) HOT 2
- RestlasticSearchClient disconnect method HOT 2
- Batch size is too large, size must be less than or equal to: [10000] HOT 6
- ES5/ES6 support release tentative date? Any chances of releasing it this month? HOT 4
- Move support of NestedMapping and MultiFieldsMapping from 2.0.8.1 brach to latest master.
- Readme says "6.0.0" but this has not been published to Maven
- support Exists query HOT 1
- Any plans to support scala 2.13?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elasticsearch-client.