Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invoke on cloudsearchdomain service gets SignatureDoesNotMatch error #52

Closed
justjohn2001 opened this issue Jan 30, 2019 · 10 comments
Closed

Invoke on cloudsearchdomain service gets SignatureDoesNotMatch error #52

justjohn2001 opened this issue Jan 30, 2019 · 10 comments
Labels
bug Something isn't working

Comments

@justjohn2001
Copy link

Steps to reproduce:

(def cs (aws/client {:api :cloudsearch}))
(def domain-name "<insert domain here>")
(def domain (-> cs
                         (aws/invoke {:op :DescribeDomains :request {:DomainNames [domain-name]}})
                         :DomainStatusList
                         first))
(def search-endpoint (-> domain :SearchService :Endpoint))
(def search-client (aws/client {:api :cloudsearchdomain :endpoint-override search-endpoint}))

> (aws/invoke search-client {:op :Search :request {:query "*:*" :queryParser "lucene" :size 1}})
{"__type" "#SignatureDoesNotMatch",
 "error"
 {"message"
  "[*Deprecated*: Use the outer message field] The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."},
 "message"
 "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.",
 :cognitect.anomalies/category :cognitect.anomalies/forbidden}

Per suggestion from @Ghadi on Slack, I added explicit :region values to the client calls with no effect.
@dchelimsky dchelimsky added the bug Something isn't working label Jan 30, 2019
@dchelimsky
Copy link
Contributor

Thanks for the report. Interestingly, if you leave off :queryParser and :size it works:

> (aws/invoke csd {:op :UploadDocuments
                  :request {:contentType "application/json"
                            :documents
                            (.getBytes (json/json-str
                                        [{:type   "add"
                                          :id     1
                                          :fields {:title "Red Herrings"}}]))}})
 {:status "success", :adds 1, :deletes 0}
 > (aws/invoke csd {:op :Search :request {:query "Red"}})
 {:status {:timems 13, :rid "+fji4YktEwoeang="},
  :hits
  {:found 1,
   :start 0,
   :hit   [{:id "1", :fields {:title ["Red Herrings"]}}]}}
 > (aws/invoke csd {:op :Search :request {:query "Red" :queryParser "lucene" :size 1}})
 {"__type"                      "#SignatureDoesNotMatch",
  "error"
  {"message"
   "[*Deprecated*: Use the outer message field] The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."},
  "message"
  "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.",
  :cognitect.anomalies/category :cognitect.anomalies/forbidden}

So while we'd get an error if the regions weren't aligned, this particular issue is separate.

@justjohn2001
Copy link
Author

Including :size 1 works too. Adding :queryParser "simple" breaks it.

@justjohn2001
Copy link
Author

Specifying the parameter as :QueryParser instead of :queryParser fixes the issue. aws/doc specifies the latter, so this may be documentation issue.

@dchelimsky
Copy link
Contributor

Nice find! Will look into it tonight. Thanks!

@dchelimsky
Copy link
Contributor

Oh - actually, that's because it gets ignored. Back to drawing board :)

@justjohn2001
Copy link
Author

On second thought, that may actually just make the library ignore it. I have been testing the other parameters, and most of them are okay. But :queryOptions (which is similarly capitalized) also causes it. [:size :return :start :sort] are all okay.

@dchelimsky
Copy link
Contributor

dchelimsky commented Jan 30, 2019
edited
Loading

Just an FYI - :queryParser and :queryOptions geta added to the query string as "q.parser" and "q.options", respectively. They're the only ones with a dot in them, so I think that's a good candidate for the problem - something about signing query string keys with dots.

@justjohn2001
Copy link
Author

That sounds promising. :filterQuery is okay, so it is not the capitalization. :expr is okay too.

@dchelimsky
Copy link
Contributor

Found it. Can't fix it right now, but will definitely this week (by Friday). The issue is that AWS requires the query param keys be sorted and we're sorting the key and the value together:

 (sort ["q" "q.parser"])
 ;; => ("q" "q.parser")
 (sort ["q=Red" "q.parser=lucene"])
 ;; => ("q.parser=lucene" "q=Red")

Thanks again for helping to hunt it down!

@dchelimsky
Copy link
Contributor

Fixed on master. Will release on Friday, if not sooner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dchelimsky @justjohn2001