[BUG] Querying Data Streams Stats with AWS Auth without a name returns a signing error

Question

[BUG] Querying Data Streams Stats with AWS Auth without a name returns a signing error

DewaldV opened this issue 2 years ago · 0 comments

What is the bug?

When querying the Data Stream Stats API with AWS Authentication and without setting an index name the AWS Signature is invalid.

Error:

The request signature we calculated does not match the signature you provided. 
Check your AWS Secret Access Key and signing method.

How can one reproduce the bug?

Setup an AWS Signer and OpenSearch Client and make a request for /_data_streams/_stats without setting an index name.

awsCfg, err := config.LoadDefaultConfig(context.Background())
if err != nil {
    return err
}

awsSigner, err := awsv2.NewSigner(awsCfg)
if err != nil {
    return err
}

url := "https://my-opensearch-cluster"
osCfg := opensearch.Config{
    Addresses: []string{url},
    Signer:    awsSigner,
}

client, err := opensearch.NewClient(osCfg)
if err != nil {
    return err
}

resp, err := client.Indices.GetDataStreamStats()
if err != nil {
    return err
}

What is the expected behavior?

The list of data streams and their stats is returned. The OpenSearch API supports making this request with no name and should return all of the data streams instead.

What is your host/environment?

Linux 6.2.6
Go 1.20.5

Do you have any screenshots?

No

Do you have any additional context?

It looks like the GetDataStreams function always adds the name and thus ends up adding an additional / to the path. This / is dropped on the server side but does get factored into the signature calculation on the client side causing the mismatch.