403 response from AWS is translated to 200 response

Question

403 response from AWS is translated to 200 response

Closed this issue 4 years ago · 4 comments

Hi there!

Thanks for aws-es-proxy, it's proven to be very useful to me :-)

While using it, I noticed some incoherent results (e.g. missing documents) in AWS ElasticSearch and a lot of Generated fresh AWS Credentials object log messages.

This message is emitted in lines 159-164:

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		// ...
	}
	if !p.nosignreq {
		// AWS credentials expired, need to generate fresh ones
		if resp.StatusCode == 403 {
			p.credentials = nil
			return
		}
	}
	defer resp.Body.Close()

Based on some experiments, I noticed that this will return an HTTP 200 response to the caller (see https://play.golang.org/p/pNKInme_sHz). I would either expect a retry or forwarding the 403 response back to the caller.

I guess we might want to remove the return statement on this line?

Answer 1 · 2018-05-30T02:47:43.000Z

I saw the same issue when I provided aws-es-proxy an incorrect AWS credential.

Let me add 👍 to forward 403 response back to the caller!

Answer 2 · 2018-12-19T03:26:22.000Z

I saw the same issue when I provided aws-es-proxy an incorrect AWS credential.

Me too.
Like @AndreLouisCaron says, #40 fixes this issue, I suppose?

Answer 3 · 2019-01-24T16:58:41.000Z

I just ran into this problem myself, and found that rebuilding aws-es-proxy with the change in #40 allowed me to see the 403 error that was occurring. Would love to see #40 merged 🙂

Answer 4 · 2019-01-29T23:00:45.000Z

I just ran into this problem myself, and found that rebuilding aws-es-proxy with the change in #40 allowed me to see the 403 error that was occurring. Would love to see #40 merged

I started to work a rewrite to allow control through arguments. I will release a new version by end of next week.