Merge branch 'BENTO-1550' into Develop

pom.xml

@@ -4,7 +4,7 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
-	<groupId>gov.nih.nci.bento</groupId>
+    <groupId>gov.nih.nci.bento</groupId>
 	<artifactId>Bento</artifactId>
 	<version>0.0.1</version>
 	<packaging>war</packaging>
@@ -193,20 +193,24 @@
 			<version>13.0</version>
 		</dependency>
 
-        <!-- Elasticsearch Java High level REST API -->
+        <!-- OpenSearch Java High level REST API -->
+        <!-- https://mvnrepository.com/artifact/org.opensearch.client/opensearch-rest-client -->
         <dependency>
-            <groupId>org.elasticsearch.client</groupId>
-            <artifactId>elasticsearch-rest-client</artifactId>
-            <version>7.10.2</version>
+            <groupId>org.opensearch.client</groupId>
+            <artifactId>opensearch-rest-client</artifactId>
+            <version>1.2.4</version>
         </dependency>
 
+        <!-- https://mvnrepository.com/artifact/com.amazonaws.auth/aws-java-sdk -->
         <dependency>
-            <groupId>org.elasticsearch</groupId>
-            <artifactId>elasticsearch</artifactId>
-            <version>7.10.2</version>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-core</artifactId>
+            <version>1.12.147</version>
+            <scope>compile</scope>
         </dependency>
 
-	</dependencies>
+
+    </dependencies>
 
 	<build>
 		<plugins>

src/main/java/com/amazonaws/http/AWSRequestSigningApacheInterceptor.java

@@ -0,0 +1,184 @@
+/*
+ * Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
+ * the License. A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+ * and limitations under the License.
+ */
+package com.amazonaws.http;
+
+import com.amazonaws.DefaultRequest;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.Signer;
+import org.apache.http.Header;
+import org.apache.http.HttpEntityEnclosingRequest;
+import org.apache.http.HttpException;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.BasicHttpEntity;
+import org.apache.http.message.BasicHeader;
+import org.apache.http.protocol.HttpContext;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import static org.apache.http.protocol.HttpCoreContext.HTTP_TARGET_HOST;
+
+/**
+ * An {@link HttpRequestInterceptor} that signs requests using any AWS {@link Signer}
+ * and {@link AWSCredentialsProvider}.
+ */
+public class AWSRequestSigningApacheInterceptor implements HttpRequestInterceptor {
+    /**
+     * The service that we're connecting to. Technically not necessary.
+     * Could be used by a future Signer, though.
+     */
+    private final String service;
+
+    /**
+     * The particular signer implementation.
+     */
+    private final Signer signer;
+
+    /**
+     * The source of AWS credentials for signing.
+     */
+    private final AWSCredentialsProvider awsCredentialsProvider;
+
+    /**
+     *
+     * @param service service that we're connecting to
+     * @param signer particular signer implementation
+     * @param awsCredentialsProvider source of AWS credentials for signing
+     */
+    public AWSRequestSigningApacheInterceptor(final String service,
+                                final Signer signer,
+                                final AWSCredentialsProvider awsCredentialsProvider) {
+        this.service = service;
+        this.signer = signer;
+        this.awsCredentialsProvider = awsCredentialsProvider;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void process(final HttpRequest request, final HttpContext context)
+            throws HttpException, IOException {
+        URIBuilder uriBuilder;
+        try {
+            uriBuilder = new URIBuilder(request.getRequestLine().getUri());
+        } catch (URISyntaxException e) {
+            throw new IOException("Invalid URI" , e);
+        }
+
+        // Copy Apache HttpRequest to AWS DefaultRequest
+        DefaultRequest<?> signableRequest = new DefaultRequest<>(service);
+
+        HttpHost host = (HttpHost) context.getAttribute(HTTP_TARGET_HOST);
+        if (host != null) {
+            signableRequest.setEndpoint(URI.create(host.toURI()));
+        }
+        final HttpMethodName httpMethod =
+                HttpMethodName.fromValue(request.getRequestLine().getMethod());
+        signableRequest.setHttpMethod(httpMethod);
+        try {
+            signableRequest.setResourcePath(uriBuilder.build().getRawPath());
+        } catch (URISyntaxException e) {
+            throw new IOException("Invalid URI" , e);
+        }
+
+        if (request instanceof HttpEntityEnclosingRequest) {
+            HttpEntityEnclosingRequest httpEntityEnclosingRequest =
+                    (HttpEntityEnclosingRequest) request;
+            if (httpEntityEnclosingRequest.getEntity() == null) {
+                signableRequest.setContent(new ByteArrayInputStream(new byte[0]));
+            } else {
+                signableRequest.setContent(httpEntityEnclosingRequest.getEntity().getContent());
+            }
+        }
+        signableRequest.setParameters(nvpToMapParams(uriBuilder.getQueryParams()));
+        signableRequest.setHeaders(headerArrayToMap(request.getAllHeaders()));
+
+        // Sign it
+        signer.sign(signableRequest, awsCredentialsProvider.getCredentials());
+
+        // Now copy everything back
+        request.setHeaders(mapToHeaderArray(signableRequest.getHeaders()));
+        if (request instanceof HttpEntityEnclosingRequest) {
+            HttpEntityEnclosingRequest httpEntityEnclosingRequest =
+                    (HttpEntityEnclosingRequest) request;
+            if (httpEntityEnclosingRequest.getEntity() != null) {
+                BasicHttpEntity basicHttpEntity = new BasicHttpEntity();
+                basicHttpEntity.setContent(signableRequest.getContent());
+                httpEntityEnclosingRequest.setEntity(basicHttpEntity);
+            }
+        }
+    }
+
+    /**
+     *
+     * @param params list of HTTP query params as NameValuePairs
+     * @return a multimap of HTTP query params
+     */
+    private static Map<String, List<String>> nvpToMapParams(final List<NameValuePair> params) {
+        Map<String, List<String>> parameterMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+        for (NameValuePair nvp : params) {
+            List<String> argsList =
+                    parameterMap.computeIfAbsent(nvp.getName(), k -> new ArrayList<>());
+            argsList.add(nvp.getValue());
+        }
+        return parameterMap;
+    }
+
+    /**
+     * @param headers modeled Header objects
+     * @return a Map of header entries
+     */
+    private static Map<String, String> headerArrayToMap(final Header[] headers) {
+        Map<String, String> headersMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+        for (Header header : headers) {
+            if (!skipHeader(header)) {
+                headersMap.put(header.getName(), header.getValue());
+            }
+        }
+        return headersMap;
+    }
+
+    /**
+     * @param header header line to check
+     * @return true if the given header should be excluded when signing
+     */
+    private static boolean skipHeader(final Header header) {
+        return ("content-length".equalsIgnoreCase(header.getName())
+                && "0".equals(header.getValue())) // Strip Content-Length: 0
+                || "host".equalsIgnoreCase(header.getName()); // Host comes from endpoint
+    }
+
+    /**
+     * @param mapHeaders Map of header entries
+     * @return modeled Header objects
+     */
+    private static Header[] mapToHeaderArray(final Map<String, String> mapHeaders) {
+        Header[] headers = new Header[mapHeaders.size()];
+        int i = 0;
+        for (Map.Entry<String, String> headerEntry : mapHeaders.entrySet()) {
+            headers[i++] = new BasicHeader(headerEntry.getKey(), headerEntry.getValue());
+        }
+        return headers;
+    }
+}

src/main/java/gov/nih/nci/bento/model/ESFilterDataFetcher.java

@@ -5,7 +5,7 @@
 import graphql.schema.idl.RuntimeWiring;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.elasticsearch.client.Request;
+import org.opensearch.client.Request;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 

src/main/java/gov/nih/nci/bento/service/ESService.java

@@ -3,10 +3,15 @@
 import com.google.gson.*;
 import gov.nih.nci.bento.model.ConfigurationDAO;
 import org.apache.http.HttpHost;
+import org.apache.http.HttpRequestInterceptor;
 import org.apache.http.util.EntityUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.elasticsearch.client.*;
+import org.opensearch.client.*;
+import com.amazonaws.auth.AWS4Signer;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
+import com.amazonaws.http.AWSRequestSigningApacheInterceptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -22,6 +27,8 @@ public class ESService {
     public static final String AGGS = "aggs";
     public static final int MAX_ES_SIZE = 10000;
 
+    static final AWSCredentialsProvider credentialsProvider = new DefaultAWSCredentialsProviderChain();
+
     private static final Logger logger = LogManager.getLogger(RedisService.class);
 
     @Autowired
@@ -31,11 +38,27 @@ public class ESService {
 
     private Gson gson = new GsonBuilder().serializeNulls().create();
 
+    // Base on host name to use signed request (AWS) or not (local)
+    public RestClient searchClient(String serviceName, String region) {
+        String host = config.getEsHost().trim();
+        String scheme = config.getEsScheme();
+        int port = config.getEsPort();
+        if (host.contains("amazonaws.com")) {
+            AWS4Signer signer = new AWS4Signer();
+            signer.setServiceName(serviceName);
+            signer.setRegionName(region);
+            HttpRequestInterceptor interceptor = new AWSRequestSigningApacheInterceptor(serviceName, signer, credentialsProvider);
+            return RestClient.builder(new HttpHost(host, port, scheme)).setHttpClientConfigCallback(hacb -> hacb.addInterceptorLast(interceptor)).build();
+        } else {
+            var lowLevelBuilder = RestClient.builder(new HttpHost(host, port, scheme));
+            return lowLevelBuilder.build();
+        }
+    }
+
     @PostConstruct
     public void init() {
         logger.info("Initializing Elasticsearch client");
-        var lowLevelBuilder = RestClient.builder(new HttpHost(config.getEsHost(), config.getEsPort(), config.getEsScheme()));
-        client = lowLevelBuilder.build();
+        client = searchClient("es", "us-east-1");
     }
 
     @PreDestroy