From 0efd3354c5b3883c79453a41e40858725411f3a0 Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Wed, 25 Jul 2018 13:01:35 -0600 Subject: [PATCH 1/4] add a new package for aws v4 signing --- aws/signV4.go | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 aws/signV4.go diff --git a/aws/signV4.go b/aws/signV4.go new file mode 100644 index 000000000..483bb5670 --- /dev/null +++ b/aws/signV4.go @@ -0,0 +1,32 @@ +package aws + +import ( + "net/http" + + "github.com/smartystreets/go-aws-auth" +) + +// NewV4SigningClient returns an *http.Client that will sign all requests with AWS V4 Signing. +func NewV4SigningClient(credentials awsauth.Credentials) *http.Client { + return &http.Client{ + Transport: V4Transport{ + HTTPClient: http.DefaultClient, + Credentials: credentials, + }, + } +} + +// V4Transport is a RoundTripper that will sign requests with AWS V4 Signing +type V4Transport struct { + HTTPClient *http.Client + Credentials awsauth.Credentials +} + +// RoundTrip uses the underlying RoundTripper transport, but signs request first with AWS V4 Signing +func (st V4Transport) RoundTrip(req *http.Request) (*http.Response, error) { + // Instead of directly modifying the request then calling http.DefaultTransport, + // instead restart the request with the HTTPClient.Do function, + // because the HTTPClient includes safeguards around not forwarding the + // signed Authorization header to untrusted domains. + return st.HTTPClient.Do(awsauth.Sign4(req, st.Credentials)) +} From a18409844772f1c7bcdd983553c8595fb9deb38a Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Wed, 25 Jul 2018 13:05:18 -0600 Subject: [PATCH 2/4] update aws example --- recipes/aws-connect/main.go | 28 ++++++---------------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/recipes/aws-connect/main.go b/recipes/aws-connect/main.go index 746611ea7..b7c37a3d8 100644 --- a/recipes/aws-connect/main.go +++ b/recipes/aws-connect/main.go @@ -14,24 +14,12 @@ import ( "flag" "fmt" "log" - "net/http" - - "github.com/olivere/env" - "github.com/smartystreets/go-aws-auth" + "github.com/olivere/aws" "github.com/olivere/elastic" + "github.com/olivere/env" ) -type AWSSigningTransport struct { - HTTPClient *http.Client - Credentials awsauth.Credentials -} - -// RoundTrip implementation -func (a AWSSigningTransport) RoundTrip(req *http.Request) (*http.Response, error) { - return a.HTTPClient.Do(awsauth.Sign4(req, a.Credentials)) -} - func main() { var ( accessKey = flag.String("access-key", env.String("", "AWS_ACCESS_KEY"), "Access Key ID") @@ -52,14 +40,10 @@ func main() { log.Fatal("missing -secret-key or AWS_SECRET_KEY environment variable") } - signingTransport := AWSSigningTransport{ - Credentials: awsauth.Credentials{ - AccessKeyID: *accessKey, - SecretAccessKey: *secretKey, - }, - HTTPClient: http.DefaultClient, - } - signingClient := &http.Client{Transport: http.RoundTripper(signingTransport)} + signingClient := aws.NewV4SigningClient(awsauth.Credentials{ + AccessKeyID: *accessKey, + SecretAccessKey: *secretKey, + }) // Create an Elasticsearch client client, err := elastic.NewClient( From 815a0494588f0480753cb21ac29f90bdf512465b Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Wed, 25 Jul 2018 23:46:32 -0600 Subject: [PATCH 3/4] woops --- recipes/aws-connect/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes/aws-connect/main.go b/recipes/aws-connect/main.go index b7c37a3d8..6620bb767 100644 --- a/recipes/aws-connect/main.go +++ b/recipes/aws-connect/main.go @@ -15,7 +15,7 @@ import ( "fmt" "log" - "github.com/olivere/aws" + "github.com/olivere/elastic/aws" "github.com/olivere/elastic" "github.com/olivere/env" ) From f3b221f3a07abddfcfaa04bcbc0e8b976b7cfca5 Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Thu, 26 Jul 2018 00:05:51 -0600 Subject: [PATCH 4/4] and one more --- recipes/aws-connect/main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/recipes/aws-connect/main.go b/recipes/aws-connect/main.go index 6620bb767..7478d1fb7 100644 --- a/recipes/aws-connect/main.go +++ b/recipes/aws-connect/main.go @@ -15,9 +15,10 @@ import ( "fmt" "log" - "github.com/olivere/elastic/aws" "github.com/olivere/elastic" + "github.com/olivere/elastic/aws" "github.com/olivere/env" + "github.com/smartystreets/go-aws-auth" ) func main() {