Allow overwriting the Authorization header. (#488)

Signed-off-by: dblock <[email protected]>

package.json

@@ -34,6 +34,7 @@
     "@types/titlecase": "^1.1.2",
     "@types/tmp": "^0.2.6",
     "@typescript-eslint/eslint-plugin": "^6.21.0",
+    "axios-mock-adapter": "^2.0.0",
     "ajv": "^8.13.0",
     "ajv-errors": "^3.0.0",
     "ajv-formats": "^3.0.1",

tools/src/OpenSearchHttpClient.ts

@@ -133,18 +133,23 @@ export class OpenSearchHttpClient {
     this._opts = opts
     this._logger = opts?.logger ?? new Logger()
 
-    let auth = undefined
-    let sigv4_interceptor = undefined
+    let auth_middleware = undefined
 
     if (opts?.basic_auth !== undefined) {
       this._logger.info(`Authenticating with ${opts.basic_auth.username} ...`)
-      auth = opts.basic_auth
+      auth_middleware = ((request: any): any => {
+        if (request.headers.Authorization === undefined) {
+          const base64 = Buffer.from(`${opts.basic_auth?.username}:${opts.basic_auth?.password}`, 'utf8').toString('base64');
+          request.headers.Authorization = `Basic ${base64}`
+        }
+        return request
+      })
     } else if (opts?.aws_auth !== undefined) {
       this._logger.info(`Authenticating using SigV4 with ${opts.aws_auth.aws_access_key_id} (${opts.aws_auth.aws_region}) ...`)
-      sigv4_interceptor = aws4Interceptor({
+      auth_middleware = aws4Interceptor({
         options: {
           region: opts.aws_auth.aws_region,
-          service: 'es'
+          service: opts.aws_auth.aws_service
         },
         credentials: {
           accessKeyId: opts.aws_auth.aws_access_key_id,
@@ -158,13 +163,12 @@ export class OpenSearchHttpClient {
 
     this._axios = axios.create({
       baseURL: opts?.url ?? DEFAULT_URL,
-      auth,
       httpsAgent: new https.Agent({ rejectUnauthorized: !(opts?.insecure ?? DEFAULT_INSECURE) }),
       responseType: opts?.responseType,
     })
 
-    if (sigv4_interceptor !== undefined) {
-      this._axios.interceptors.request.use(sigv4_interceptor)
+    if (auth_middleware !== undefined) {
+      this._axios.interceptors.request.use(auth_middleware)
     }
   }
 

tools/tests/tester/OpenSearchHttpClient.test.ts

@@ -9,58 +9,68 @@
 
 import axios from "axios";
 import { OpenSearchHttpClient } from "OpenSearchHttpClient"
-
-jest.mock('axios')
+import AxiosMockAdapter from "axios-mock-adapter";
 
 describe('OpenSearchHttpClient', () => {
-  let mocked_axios: jest.Mocked<typeof axios> = axios as jest.Mocked<typeof axios>
+  var mock = new AxiosMockAdapter(axios)
 
-  beforeEach(() => {
-    mocked_axios.create.mockReturnThis()
-    mocked_axios.interceptors.request.use = jest.fn().mockReturnValue({ headers: {} })
+  afterEach(() => {
+    mock.reset()
   })
 
-  afterEach(() => {
-    jest.clearAllMocks()
+  it('adds a Basic auth header', async () => {
+    let client = new OpenSearchHttpClient({
+      url: 'https://localhost:9200',
+      basic_auth: {
+        username: 'u',
+        password: 'p'
+      }
+    })
+
+    mock.onAny().reply((config) => {
+      expect(config.headers?.Authorization).toMatch(/^Basic /)
+      return [200, { called: true }]
+    })
+
+    expect((await client.get('/')).data).toEqual({ called: true })
   })
 
-  it('uses password authentication', () => {
-    new OpenSearchHttpClient({
+  it('allows to overwrite Authorization', async () => {
+    let client = new OpenSearchHttpClient({
       url: 'https://localhost:9200',
       basic_auth: {
-        username: 'admin',
-        password: 'password'
+        username: 'u',
+        password: 'p'
       }
     })
 
-    expect(mocked_axios.create.mock.calls[0][0]).toMatchObject({
-      auth: {
-        username: 'admin',
-        password: 'password'
-      },
-      baseURL: 'https://localhost:9200'
+    mock.onAny().reply((config) => {
+      expect(config.headers?.Authorization).toEqual('custom')
+      return [200, { called: true }]
     })
 
-    expect(mocked_axios.interceptors.request.use).not.toHaveBeenCalled()
+    expect((await client.get('/', { headers: { Authorization: 'custom' } })).data).toEqual({ called: true })
   })
 
-  it('assigns a request interceptor with SigV4 authentication', () => {
-    new OpenSearchHttpClient({
+  it('adds a Sigv4 header', async () => {
+    let client = new OpenSearchHttpClient({
       url: 'https://localhost:9200',
       aws_auth: {
         aws_access_key_id: 'key id',
         aws_access_secret_key: 'secret key',
         aws_access_session_token: 'session token',
-        aws_region: 'us-west-2',
+        aws_region: 'us-west-42',
         aws_service: 'aoss'
       }
     })
 
-    expect(mocked_axios.create.mock.calls[0][0]).toMatchObject({
-      auth: undefined,
-      baseURL: 'https://localhost:9200'
+    mock.onAny().reply((config) => {
+      expect(config.headers?.Authorization).toMatch(
+        /^AWS4-HMAC-SHA256 Credential=key id\/\d*\/us-west-42\/aoss\/aws4_request/
+      )
+      return [200, { called: true }]
     })
 
-    expect(mocked_axios.interceptors.request.use).toHaveBeenCalled()
+    expect((await client.get('/')).data).toEqual({ called: true })
   })
 })