AwsSdk2Transport implementation

[mtimmerm]

This PR adds a transport implementation that can connect to AWS OpenSearch service using IAM authentication. Http clients and request signers from the AWS SDK v2 are used directly.

In order to test with the integration tests, you should set system property tests.awsSdk2support.domainHost to the FQDN of an OpenSearch service domain, and tests.awsSdk2support.domainRegion to its region if it's not us-east-1. It must accept IAM authentication using your configured default credentials. You can set the AWS_PROFILE environment variable if necessary.

The AwsSdk2Transport supports both synchronous and asynchronous requests with either synchronous or asynchronous AWS HTTP clients, as well as automatic request and response compression and bulk requests.

This PR also adds a builder for TransportOptions, which has always been missing since RestClientTransport was the only transport.

An optional dependency on the required AWS SDK packages has been added.

[dblock]

First, thank you! Amazing.

I did a quick review to get started and left some relatively small comments. I'll take a more thorough look as we go.

How does this interact with wanting compressed/chunked requests?

@reta you might be interested in looking at this too

[reta]

@mtimmerm @dblock I think we should not bundle anything vendor-specific (like AWS fe) into java-client, with that being said, it may not be worth creating separate repository but new java-client-aws or java-client-transport-aws module would make sense, wdyt?

[VachaShah]

Thank you very much @mtimmerm!

[mtimmerm]

@reta About the idea of publishing a separate package out of the same repo:

I don't really have a strong opinion on that, but I think that is something the code owners would do after this is merged. I would certainly not be offended.

My not-so-strong opinion, though, is that this library could really use a few transport implementations (this one, a java.net.http one, and maybe an apache client one), and it already includes a transport that is dependent on the RestClient. As long as the rest client one is in here, it's consistent to have the others here. Moving the RestClient transport out will require a major version bump.

Also, it is harmless, since the dependencies are optional, and the gradle "feature variant" functionality was designed to accomplish exactly this sort of thing: https://blog.gradle.org/optional-dependencies

[mtimmerm]

Switched to [DRAFT] for a bit. I'm going to add a specific transport options class with compression params.

[dblock]

@mtimmerm @dblock I think we should not bundle anything vendor-specific (like AWS fe) into java-client, with that being said, it may not be worth creating separate repository but new java-client-aws or java-client-transport-aws module would make sense, wdyt?

Is the only difference of making a module or creating separate projects with using optional dependencies (gradle features) that we tell users to include software.amazon.awssdk .auth in their dependencies themselves vs. a hypothetical java-client-aws which includes it as its own dependency? If so, feels like making RestClient an optional dependency as well, along with apache client and AWS SDK v2, is a good option. It also solves the fact that opensearch-java is dependent on including a specific version of OpenSearch REST client, we might want to boot that altogether in favor of the apache transport client as @mtimmerm was suggesting to restore JDK8 support.

I do agree that it feels fishy when we bundle something vendor specific. Do you feel the same way about having code like AWS Sigv4 support, that's vendor specific, in the same library @reta?

[reta]

Thanks @mtimmerm

I don't really have a strong opinion on that, but I think that is something the code owners would do after this is merged. I would certainly not be offended.

Acceptable, sure

Also, it is harmless, since the dependencies are optional, and the gradle "feature variant" functionality was designed to accomplish exactly this sort of thing: https://blog.gradle.org/optional-dependencies

This is not only about the dependencies but more about separation of core from extensions: the code vast majority of the users do not need should not be bundled. Plus we could manage release / bugfixes separately, without asking everyone to update to the new Java client releases (I could also elaborate more on specifics, please let me know, but I think it makes sense). Also, this opens up the path to easily add other transports (GCP? Azure? ...)

Thanks @dblock

Is the only difference of making a module or creating separate projects with using optional dependencies (gradle features) that we tell users to include software.amazon.awssdk .auth in their dependencies themselves vs. a hypothetical java-client-aws which includes it as its own dependency?

With respect to dependencies - yes, it also make the intent very explicit: the user needs AWS client extension.

I do agree that it feels fishy when we bundle something vendor specific. Do you feel the same way about having code like AWS Sigv4 support, that's vendor specific, in the same library @reta?

Yes, I do, the vendor specific extensions should be out of core but available on demand.

[dblock]

Thanks for chiming in @reta!

@mtimmerm I would take almost anything that doesn't break the current code/project and implements Sigv4 since it's a huge user pain. Let me know how I can help get this over the hill (including doing module work @reta is suggesting after we merge something).

[mtimmerm]

@dblock this is ready to go as far as I'm concerned. Request/response compression is working and integration tested, and I think everything is in final form.

You have an outstanding change request that I think I've taken care of, and a pending review request to @madhusudhankonda.

Y'all can merge it at your leisure, and then it's yours.

[dblock]

Sorry I missed the update @mtimmerm.

There are a bunch of files with more than just SPDX headers still, like java-client/src/main/java/org/opensearch/client/util/OpenSearchRequestBodyBuffer.java. I just want to confirm that these are copied from other files that have that license header? If they are brand new, please remove all but the SPDX header.

I'm good with this code! I'd want @reta to give another pair of eyes for any must have's.

How does one use this? I think our README should really have some basic examples, maybe it's worth starting with this? I'll try to write some, so not an ask for this PR unless you feel super motivated.

[dblock]

This is new code too, remove everything except SPDX.

[dblock]

Same as above.

[mtimmerm]

Most of these files are new, but you have checkstyle configured to ensure that all 3 headers are present. I don't mind having them all the headers in this code, but if you want just the SPDX one then I can configure your checkstyle to skip the directories I put stuff in (your integration test directory is similarly skipped already). Please advise.

The integration test demonstrates how to use it: https://github.com/mtimmerm/opensearch-java/blob/7ba29d1069e1f0daaf8219e8c57d0ed34d92ba9c/java-client/src/test/java/org/opensearch/client/opensearch/integTest/aws/AwsSdk2TransportTestCase.java#L90

[dblock]

Most of these files are new, but you have checkstyle configured to ensure that all 3 headers are present. I don't mind having them all the headers in this code, but if you want just the SPDX one then I can configure your checkstyle to skip the directories I put stuff in (your integration test directory is similarly skipped already). Please advise.

The integration test demonstrates how to use it: https://github.com/mtimmerm/opensearch-java/blob/7ba29d1069e1f0daaf8219e8c57d0ed34d92ba9c/java-client/src/test/java/org/opensearch/client/opensearch/integTest/aws/AwsSdk2TransportTestCase.java#L90

The rule is that we only add SPDX headers for all new code, and that we don't remove any existing copyright. I think checkstyle should just have SPDX rather than exclude directories? We can enforce non-removal in PRs I think.

Let me just take that separately, #178.

[mtimmerm]

OK, I'll update the license headers when #178 is merged.

[dblock]

Thanks for hanging in with me here @mtimmerm. I talked to the right people and confirmed #178, which is now merged. Care to update?

[dblock]

I'll merge this and we can cleanup comments and other minor stuff as we go. I'll take on experimenting with this and writing some samples/docs.

[dblock]

typo: parameter

[VachaShah]

LGTM, thank you @mtimmerm!

[VachaShah]

I'll merge this and we can cleanup comments and other minor stuff as we go. I'll take on experimenting with this and writing some samples/docs.

Merging this according to the comment.

[mtimmerm]

Thanks @dblock and @VachaShah . Feel free to contact me if you need anything related to this.

[dblock]

I have a working demo in https://github.com/dblock/opensearch-java-client-demo/tree/opensearch-java-2.1.0. Super easy! If you see anything that can be improved in that demo, please speak up, since I'm going to start incorporating some of this into opensearch/aws docs.

[mtimmerm]

That looks good to me. Maybe add a commented out config for a credential provider. Most of my use cases require that.

[dblock]

That looks good to me. Maybe add a commented out config for a credential provider. Most of my use cases require that.

What does it look like in your usage? Feel free to just PR into my repo, too.

[dblock]

Btw, this was released in 2.1.0 🥳

[mtimmerm]

@dblock That's awesome! Thanks for the note. I will be so happy to remove the bespoke version from my product.