Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE] STS authentication is not cached #173

Open
arturkasperek opened this issue Jan 15, 2024 · 4 comments
Open

[FEATURE] STS authentication is not cached #173

arturkasperek opened this issue Jan 15, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@arturkasperek
Copy link

Is your feature request related to a problem?

I noticed that each time when I make a request to OpenSearch with this client, it makes an additional request to sts for each OS request. Due to that behavior, each request is little bit slower

What solution would you like?

It should be possible to provide some caching store like a local filesystem - opensearch client should use that to store result of STS call. I think aws SDK PHP should support that already

What alternatives have you considered?

Don't know any alternative

@arturkasperek arturkasperek added enhancement New feature or request untriaged labels Jan 15, 2024
@shyim
Copy link
Collaborator

shyim commented Jan 15, 2024

I would like to implement that in OpenSearch, as I would like to make it more independent of aws-php SDK.
We can require https://packagist.org/packages/psr/cache and allow as an optional parameter a caching

@arturkasperek
Copy link
Author

At that moment workaround was to use custom credentialsProvider with caching enabled

@dblock
Copy link
Member

dblock commented Jan 17, 2024

@arturkasperek do you have code that shows how to do that? it would be helpful to add an auth guide like https://github.com/opensearch-project/opensearch-py/blob/main/guides/auth.md that includes it.

@arturkasperek
Copy link
Author

@dblock:

            $provider = CredentialProvider::cache(CredentialProvider::defaultProvider(), $cache);

            $clientCreator = (new \OpenSearch\ClientBuilder())
                ->setHosts([$parsedUrl['scheme'] . '://' . $parsedUrl['host']])
                ->setSigV4Region(getenv('AWS_REGION') != false ? getenv('AWS_REGION') : 'us-east-1')
                ->setSigV4Service('es')
                ->setSigV4CredentialProvider($provider);

@dblock dblock removed the untriaged label Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants