Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] SigV4 signature by signer may be broken on retry #202

Open
sugymt opened this issue Jan 2, 2023 · 6 comments
Open

[BUG] SigV4 signature by signer may be broken on retry #202

sugymt opened this issue Jan 2, 2023 · 6 comments
Labels
bug Something isn't working good first issue Good for newcomers

Comments

@sugymt
Copy link

sugymt commented Jan 2, 2023

What is the bug?

SigV4 signature by signer may be broken on retry.
A retry request may fail with the following error log:

The request signature we calculated does not match the signature you
provided. Check your AWS Secret Access Key and signing method. Consult
the service documentation for details.

The Canonical String for this request should have been
...

How can one reproduce the bug?

Create a client that retries even when status 200.

// create signer in advance

client, _ := opensearch.NewClient(opensearch.Config{
	Address:       []string{"Opensearch domain URL"},
	RetryOnStatus: []int{200},
	RetryBackoff:  func(i int) time.Duration { return time.Duration(i) * 500 * time.Millisecond },
	MaxRetries:    5,
	Signer:        signer,
})

Create and run BulkIndexer on this client.

What is the expected behavior?

Retry requests successfully signed.

What is your host/environment?

go 1.19.3
opensearch-go v2.1.0
AWS ECS (Amazon Linux 2 / arm64 / ami-08011916b613f6c22)

Do you have any screenshots?

none

Do you have any additional context?

none
@sugymt sugymt added the bug Something isn't working label Jan 2, 2023
@dblock
Copy link
Member

dblock commented Jan 2, 2023

@sugymt Want to try and write a unit test for this? Are we dropping headers?

@wbeckler wbeckler added the good first issue Good for newcomers label Jan 18, 2023
@sugymt
Copy link
Author

sugymt commented Feb 27, 2023

@dblock
I hope this issue will be fixed by some repository maintainer. I'm sorry but I can't solve it.

@dblock
Copy link
Member

dblock commented Feb 28, 2023

Maybe @VijayanB who wrote the original implementation can take a look?

@zethuman
Copy link
Contributor

zethuman commented Apr 4, 2023

Hey there! @sugymt I can help to solve this issue, but I want more details to clarify what is going on.

  • Do you have this trouble right after inserting data or after some time? (maybe token will be inactive by lifetime)
  • Can you share with us how your generate payload and what is receiving, including headers? (I mean is this allowed by NDA)
  • Which type of authentication do you use? IAM Auth or regular client to communicate with server?
  • Maybe you want to send chunked request?

There is many cases what would be a reason of such trouble, to clarify and solve we need more details.

@tannerjones4075
Copy link
Contributor

Is this issue still relevant? I would be interesting in helping.

@dblock
Copy link
Member

dblock commented Dec 5, 2023

@tannerjones4075 Likely yes!

@aouji aouji mentioned this issue Sep 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dblock @wbeckler @sugymt @zethuman @tannerjones4075