-
Notifications
You must be signed in to change notification settings - Fork 923
/
Copy pathconfigure_legacy_client.ts
208 lines (190 loc) · 6.89 KB
/
configure_legacy_client.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
import { Client } from '@opensearch-project/opensearch';
import { Client as LegacyClient, ConfigOptions } from 'elasticsearch';
import { Credentials } from 'aws-sdk';
import { get } from 'lodash';
import HttpAmazonESConnector from 'http-aws-es';
import { Config } from 'aws-sdk';
import {
Headers,
LegacyAPICaller,
LegacyCallAPIOptions,
LegacyOpenSearchErrorHelpers,
Logger,
} from '../../../../../src/core/server';
import {
AuthType,
DataSourceAttributes,
SigV4Content,
UsernamePasswordTypedContent,
} from '../../common/data_sources';
import { DataSourcePluginConfigType } from '../../config';
import { CryptographyServiceSetup } from '../cryptography_service';
import { DataSourceClientParams, LegacyClientCallAPIParams } from '../types';
import { OpenSearchClientPoolSetup } from '../client';
import { parseClientOptions } from './client_config';
import { createDataSourceError, DataSourceError } from '../lib/error';
import {
getRootClient,
getAWSCredential,
getCredential,
getDataSource,
generateCacheKey,
} from '../client/configure_client_utils';
export const configureLegacyClient = async (
{ dataSourceId, savedObjects, cryptography }: DataSourceClientParams,
callApiParams: LegacyClientCallAPIParams,
openSearchClientPoolSetup: OpenSearchClientPoolSetup,
config: DataSourcePluginConfigType,
logger: Logger
) => {
try {
const dataSourceAttr = await getDataSource(dataSourceId!, savedObjects);
const rootClient = getRootClient(
dataSourceAttr,
openSearchClientPoolSetup.getClientFromPool,
dataSourceId
) as LegacyClient;
return await getQueryClient(
dataSourceAttr,
cryptography,
callApiParams,
openSearchClientPoolSetup.addClientToPool,
config,
rootClient,
dataSourceId
);
} catch (error: any) {
logger.error(
`Failed to get data source client for dataSourceId: [${dataSourceId}]. ${error}: ${error.stack}`
);
// Re-throw as DataSourceError
throw createDataSourceError(error);
}
};
/**
* With given auth info, wrap the rootClient and return
*
* @param rootClient root client for the connection with given data source endpoint.
* @param dataSourceAttr data source saved object attributes
* @param cryptography cryptography service for password encryption / decryption
* @param config data source config
* @param addClientToPool function to add client to client pool
* @param dataSourceId id of data source saved Object
* @returns child client.
*/
const getQueryClient = async (
dataSourceAttr: DataSourceAttributes,
cryptography: CryptographyServiceSetup,
{ endpoint, clientParams, options }: LegacyClientCallAPIParams,
addClientToPool: (endpoint: string, authType: AuthType, client: Client | LegacyClient) => void,
config: DataSourcePluginConfigType,
rootClient?: LegacyClient,
dataSourceId?: string
) => {
const {
auth: { type },
endpoint: nodeUrl,
} = dataSourceAttr;
const clientOptions = parseClientOptions(config, nodeUrl);
const cacheKey = generateCacheKey(dataSourceAttr, dataSourceId);
switch (type) {
case AuthType.NoAuth:
if (!rootClient) rootClient = new LegacyClient(clientOptions);
addClientToPool(cacheKey, type, rootClient);
return await (callAPI.bind(null, rootClient) as LegacyAPICaller)(
endpoint,
clientParams,
options
);
case AuthType.UsernamePasswordType:
const credential = await getCredential(dataSourceAttr, cryptography);
if (!rootClient) rootClient = new LegacyClient(clientOptions);
addClientToPool(cacheKey, type, rootClient);
return getBasicAuthClient(rootClient, { endpoint, clientParams, options }, credential);
case AuthType.SigV4:
const awsCredential = await getAWSCredential(dataSourceAttr, cryptography);
const awsClient = rootClient ? rootClient : getAWSClient(awsCredential, clientOptions);
addClientToPool(cacheKey, type, awsClient);
return await (callAPI.bind(null, awsClient) as LegacyAPICaller)(
endpoint,
clientParams,
options
);
default:
throw Error(`${type} is not a supported auth type for data source`);
}
};
/**
* Calls the OpenSearch API endpoint with the specified parameters.
* @param client Raw legacy JS client instance to use.
* @param endpoint Name of the API endpoint to call.
* @param clientParams Parameters that will be directly passed to the
* legacy JS client.
* @param options Options that affect the way we call the API and process the result.
* make wrap401Errors default to false, because we don't want login pop-up from browser
*/
const callAPI = async (
client: LegacyClient,
endpoint: string,
clientParams: Record<string, any> = {},
options: LegacyCallAPIOptions = { wrap401Errors: false }
) => {
const clientPath = endpoint.split('.');
const api: any = get(client, clientPath);
if (!api) {
throw new Error(`called with an invalid endpoint: ${endpoint}`);
}
const apiContext = clientPath.length === 1 ? client : get(client, clientPath.slice(0, -1));
try {
return await new Promise((resolve, reject) => {
const request = api.call(apiContext, clientParams);
if (options.signal) {
options.signal.addEventListener('abort', () => {
request.abort();
reject(new Error('Request was aborted'));
});
}
return request.then(resolve, reject);
});
} catch (err) {
if (!options.wrap401Errors || err.statusCode !== 401) {
throw err;
}
throw LegacyOpenSearchErrorHelpers.decorateNotAuthorizedError(err);
}
};
/**
* Get a legacy client that configured with basic auth
*
* @param rootClient Raw legacy client instance to use.
* @param endpoint - String descriptor of the endpoint e.g. `cluster.getSettings` or `ping`.
* @param clientParams - A dictionary of parameters that will be passed directly to the legacy JS client.
* @param options - Options that affect the way we call the API and process the result.
*/
const getBasicAuthClient = async (
rootClient: LegacyClient,
{ endpoint, clientParams = {}, options }: LegacyClientCallAPIParams,
{ username, password }: UsernamePasswordTypedContent
) => {
const headers: Headers = {
authorization: 'Basic ' + Buffer.from(`${username}:${password}`).toString('base64'),
};
clientParams.headers = Object.assign({}, clientParams.headers, headers);
return await (callAPI.bind(null, rootClient) as LegacyAPICaller)(endpoint, clientParams, options);
};
const getAWSClient = (credential: SigV4Content, clientOptions: ConfigOptions): LegacyClient => {
const { accessKey, secretKey, region } = credential;
const client = new LegacyClient({
connectionClass: HttpAmazonESConnector,
awsConfig: new Config({
region,
credentials: new Credentials({ accessKeyId: accessKey, secretAccessKey: secretKey }),
}),
...clientOptions,
});
return client;
};