diff --git a/.gitignore b/.gitignore index 3e9c92f1..11df5a61 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ vendor glide.lock dist .idea +aws-es-proxy diff --git a/README.md b/README.md index 8e09bf53..336424d0 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,8 @@ brew install aws-es-proxy ### Build from Source #### Dependencies: -* go1.14+ + +- go1.14+ ```sh #requires go1.14 @@ -82,8 +83,6 @@ export AWS_SECRET_ACCESS_KEY=MY-SECRET-KEY } ``` - - ## Usage example: You can use either argument `-endpoint` OR environment variable `ENDPOINT` to specify AWS ElasticSearch endpoint. @@ -100,14 +99,14 @@ export ENDPOINT=https://test-es-somerandomvalue.eu-west-1.es.amazonaws.com Listening on 10.0.0.1:9200 ``` -*aws-es-proxy* listens on 127.0.0.1:9200 if no additional argument is provided. You can change the IP and Port passing the argument `-listen` +_aws-es-proxy_ listens on 127.0.0.1:9200 if no additional argument is provided. You can change the IP and Port passing the argument `-listen` ```sh ./aws-es-proxy -listen :8080 -endpoint ... ./aws-es-proxy -listen 10.0.0.1:9200 -endpoint ... ``` -By default, *aws-es-proxy* will not display any message in the console. However, it has the ability to print requests being sent to Amazon Elasticsearch, and the duration it takes to receive the request back. This can be enabled using the option `-verbose` +By default, _aws-es-proxy_ will not display any message in the console. However, it has the ability to print requests being sent to Amazon Elasticsearch, and the duration it takes to receive the request back. This can be enabled using the option `-verbose` ```sh ./aws-es-proxy -verbose ... @@ -152,11 +151,16 @@ Usage of ./aws-es-proxy: Print user requests -version Print aws-es-proxy version + -assume + Optionally specify role to assume + -region + AWS Region, optional (ex. us-west-2) + -insecure + Will not verify SSL (default false) ``` - ## Using HTTP Clients -After you run *aws-es-proxy*, you can now open your Web browser on [http://localhost:9200](http://localhost:9200). Everything should be working as you have your own instance of ElasticSearch running on port 9200. +After you run _aws-es-proxy_, you can now open your Web browser on [http://localhost:9200](http://localhost:9200). Everything should be working as you have your own instance of ElasticSearch running on port 9200. -To access Kibana, use [http://localhost:9200/_plugin/kibana/app/kibana](http://localhost:9200/_plugin/kibana/app/kibana) +To access Kibana, use [http://localhost:9200/\_plugin/kibana/app/kibana](http://localhost:9200/_plugin/kibana/app/kibana) diff --git a/aws-es-proxy.go b/aws-es-proxy.go index ae5651cc..4ab4ea2a 100644 --- a/aws-es-proxy.go +++ b/aws-es-proxy.go @@ -3,6 +3,7 @@ package main import ( "bytes" "crypto/subtle" + "crypto/tls" "encoding/json" "flag" "fmt" @@ -32,7 +33,6 @@ import ( ) func logger(debug bool) { - formatFilePath := func(path string) string { arr := strings.Split(path, "/") return arr[len(arr)-1] @@ -93,7 +93,6 @@ type proxy struct { } func newProxy(args ...interface{}) *proxy { - noRedirect := func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse } @@ -122,6 +121,8 @@ func newProxy(args ...interface{}) *proxy { realm: args[9].(string), remoteTerminate: args[10].(bool), assumeRole: args[11].(string), + region: args[12].(string), + service: "es", } } @@ -158,9 +159,8 @@ func (p *proxy) parseEndpoint() error { p.scheme = link.Scheme p.host = link.Host - // AWS SignV4 enabled, extract required parts for signing process - if !p.nosignreq { - + // AWS SignV4 enabled, extract required parts for signing process (if region flag is not supplied) + if !p.nosignreq && p.region == "" { split := strings.SplitAfterN(link.Hostname(), ".", 2) if len(split) < 2 { @@ -382,7 +382,6 @@ func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { } if p.logtofile { - requestID := primitive.NewObjectID().Hex() reqStruct := &requestStruct{ @@ -460,7 +459,6 @@ func copyHeaders(dst, src http.Header) { dst.Add(k, v) } } - } } @@ -485,6 +483,8 @@ func main() { timeout int remoteTerminate bool assumeRole string + region string + insecure bool ) flag.StringVar(&endpoint, "endpoint", "", "Amazon ElasticSearch Endpoint (e.g: https://dummy-host.eu-west-1.es.amazonaws.com)") @@ -502,6 +502,8 @@ func main() { flag.StringVar(&realm, "realm", "", "Authentication Required") flag.BoolVar(&remoteTerminate, "remote-terminate", false, "Allow HTTP remote termination") flag.StringVar(&assumeRole, "assume", "", "Optionally specify role to assume") + flag.StringVar(®ion, "region", "", "AWS Region, optional (ex. us-west-2)") + flag.BoolVar(&insecure, "insecure", false, "Verify SSL") flag.Parse() if endpoint == "" { @@ -549,15 +551,21 @@ func main() { realm, remoteTerminate, assumeRole, + region, ) + if insecure == true { + p.httpClient.Transport = &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + } + if err = p.parseEndpoint(); err != nil { logrus.Fatalln(err) os.Exit(1) } if p.logtofile { - requestFname := fmt.Sprintf("request-%s.log", primitive.NewObjectID().Hex()) if fileRequest, err = os.Create(requestFname); err != nil { log.Fatalln(err.Error()) @@ -572,7 +580,6 @@ func main() { p.fileRequest = fileRequest p.fileResponse = fileResponse - } logrus.Infof("Listening on %s...\n", listenAddress)