Adding connection to AWS Elastic search

Author: glenrobson

.gitignore

@@ -6,3 +6,4 @@ src/main/webapp/demo.html
 cache
 index-2.6.1.html
 src/main/webapp/stats
+.aws-credentials

pom.xml

@@ -165,12 +165,17 @@
         <dependency>
             <groupId>org.elasticsearch</groupId>
             <artifactId>elasticsearch</artifactId>
-            <version>7.8.1</version>
+            <version>7.7.1</version>
         </dependency>
         <dependency>
             <groupId>org.elasticsearch.client</groupId>
             <artifactId>elasticsearch-rest-high-level-client</artifactId>
-            <version>7.8.1</version>
+            <version>7.7.1</version>
+        </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-core</artifactId>
+            <version>1.11.839</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>

src/main/java/uk/org/llgc/annotation/store/StoreConfig.java

@@ -35,7 +35,7 @@
 public class StoreConfig extends HttpServlet {
 	protected static Logger _logger = LogManager.getLogger(StoreConfig.class.getName());
 	protected Map<String,String> _props = null;
-    public final String[] ALLOWED_PROPS = {"baseURI","encoder","store","data_dir","store","repo_url","solr_connection","solr_collection"};
+    public final String[] ALLOWED_PROPS = {"baseURI","encoder","store","data_dir","store","repo_url","solr_connection","elastic_connection"};
     protected AnnotationUtils _annotationUtils = null;
 
 	public StoreConfig() {
@@ -173,8 +173,10 @@ public StoreAdapter getStore() {
             try {
                 tAdapter = new ElasticStore(_props.get("elastic_connection"));
             } catch (URISyntaxException tExcpt) {
+                tExcpt.printStackTrace();
                 throw new IllegalArgumentException("Failed to create Elastic connection due a problem with the conection URL");
             } catch (IOException tExcpt) {
+                tExcpt.printStackTrace();
                 throw new IllegalArgumentException("Failed to create Elastic connection due a problem with the conection URL");
             }
 		} else {

src/main/java/uk/org/llgc/annotation/store/adapters/elastic/AWSRequestSigningApacheInterceptor.java

@@ -0,0 +1,188 @@
+/*
+ * Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
+ * the License. A copy of the License is located at
+ *
+ * http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
+ * and limitations under the License.
+ */
+package uk.org.llgc.annotation.store.adapters.elastic;
+
+import com.amazonaws.DefaultRequest;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.Signer;
+import com.amazonaws.http.HttpMethodName;
+import org.apache.http.Header;
+import org.apache.http.HttpEntityEnclosingRequest;
+import org.apache.http.HttpException;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.BasicHttpEntity;
+import org.apache.http.message.BasicHeader;
+import org.apache.http.protocol.HttpContext;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import static org.apache.http.protocol.HttpCoreContext.HTTP_TARGET_HOST;
+
+/**
+ * THIS IS A HORRIBLE WAY OF USING THIS CLASS BUT:
+ * this is recomended by the AWS docs here: https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-request-signing.html#es-request-signing-java
+ * but the code isn't in maven: https://github.com/awslabs/aws-request-signing-apache-interceptor/issues/2
+ * so this is the only real option...
+ * An {@link HttpRequestInterceptor} that signs requests using any AWS {@link Signer}
+ * and {@link AWSCredentialsProvider}.
+ */
+public class AWSRequestSigningApacheInterceptor implements HttpRequestInterceptor {
+    /**
+     * The service that we're connecting to. Technically not necessary.
+     * Could be used by a future Signer, though.
+     */
+    private final String service;
+
+    /**
+     * The particular signer implementation.
+     */
+    private final Signer signer;
+
+    /**
+     * The source of AWS credentials for signing.
+     */
+    private final AWSCredentialsProvider awsCredentialsProvider;
+
+    /**
+     *
+     * @param service service that we're connecting to
+     * @param signer particular signer implementation
+     * @param awsCredentialsProvider source of AWS credentials for signing
+     */
+    public AWSRequestSigningApacheInterceptor(final String service,
+                                final Signer signer,
+                                final AWSCredentialsProvider awsCredentialsProvider) {
+        this.service = service;
+        this.signer = signer;
+        this.awsCredentialsProvider = awsCredentialsProvider;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void process(final HttpRequest request, final HttpContext context) throws HttpException, IOException {
+        URIBuilder uriBuilder;
+        try {
+            uriBuilder = new URIBuilder(request.getRequestLine().getUri());
+        } catch (URISyntaxException e) {
+            throw new IOException("Invalid URI" , e);
+        }
+
+        // Copy Apache HttpRequest to AWS DefaultRequest
+        DefaultRequest<?> signableRequest = new DefaultRequest<>(service);
+
+        HttpHost host = (HttpHost) context.getAttribute(HTTP_TARGET_HOST);
+        if (host != null) {
+            signableRequest.setEndpoint(URI.create(host.toURI()));
+        }
+        final HttpMethodName httpMethod = HttpMethodName.fromValue(request.getRequestLine().getMethod());
+        signableRequest.setHttpMethod(httpMethod);
+        try {
+            signableRequest.setResourcePath(uriBuilder.build().getRawPath());
+        } catch (URISyntaxException e) {
+            throw new IOException("Invalid URI" , e);
+        }
+
+        String tContent = "";
+        if (request instanceof HttpEntityEnclosingRequest) {
+            HttpEntityEnclosingRequest httpEntityEnclosingRequest =
+                    (HttpEntityEnclosingRequest) request;
+            if (httpEntityEnclosingRequest.getEntity() == null) {
+                signableRequest.setContent(new ByteArrayInputStream(new byte[0]));
+            } else {
+                signableRequest.setContent(httpEntityEnclosingRequest.getEntity().getContent());
+            }
+        }
+        signableRequest.setParameters(nvpToMapParams(uriBuilder.getQueryParams()));
+        signableRequest.setHeaders(headerArrayToMap(request.getAllHeaders()));
+
+        // Sign it
+        signer.sign(signableRequest, awsCredentialsProvider.getCredentials());
+
+        // Now copy everything back
+        request.setHeaders(mapToHeaderArray(signableRequest.getHeaders()));
+        if (request instanceof HttpEntityEnclosingRequest) {
+            HttpEntityEnclosingRequest httpEntityEnclosingRequest = (HttpEntityEnclosingRequest) request;
+            if (httpEntityEnclosingRequest.getEntity() != null) {
+                BasicHttpEntity basicHttpEntity = new BasicHttpEntity();
+                basicHttpEntity.setContent(signableRequest.getContent());
+                httpEntityEnclosingRequest.setEntity(basicHttpEntity);
+            }
+        }
+    }
+
+    /**
+     *
+     * @param params list of HTTP query params as NameValuePairs
+     * @return a multimap of HTTP query params
+     */
+    private static Map<String, List<String>> nvpToMapParams(final List<NameValuePair> params) {
+        Map<String, List<String>> parameterMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+        for (NameValuePair nvp : params) {
+            List<String> argsList =
+                    parameterMap.computeIfAbsent(nvp.getName(), k -> new ArrayList<>());
+            argsList.add(nvp.getValue());
+        }
+        return parameterMap;
+    }
+
+    /**
+     * @param headers modeled Header objects
+     * @return a Map of header entries
+     */
+    private static Map<String, String> headerArrayToMap(final Header[] headers) {
+        Map<String, String> headersMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+        for (Header header : headers) {
+            if (!skipHeader(header)) {
+                headersMap.put(header.getName(), header.getValue());
+            }
+        }
+        return headersMap;
+    }
+
+    /**
+     * @param header header line to check
+     * @return true if the given header should be excluded when signing
+     */
+    private static boolean skipHeader(final Header header) {
+        return ("content-length".equalsIgnoreCase(header.getName())
+                && "0".equals(header.getValue())) // Strip Content-Length: 0
+                || "host".equalsIgnoreCase(header.getName()); // Host comes from endpoint
+    }
+
+    /**
+     * @param mapHeaders Map of header entries
+     * @return modeled Header objects
+     */
+    private static Header[] mapToHeaderArray(final Map<String, String> mapHeaders) {
+        Header[] headers = new Header[mapHeaders.size()];
+        int i = 0;
+        for (Map.Entry<String, String> headerEntry : mapHeaders.entrySet()) {
+            headers[i++] = new BasicHeader(headerEntry.getKey(), headerEntry.getValue());
+        }
+        return headers;
+    }
+}
+

src/main/java/uk/org/llgc/annotation/store/adapters/elastic/ElasticStore.java

@@ -61,6 +61,11 @@
 import org.elasticsearch.search.SearchHit;
 import org.elasticsearch.search.SearchHits;
 
+import com.amazonaws.auth.AWS4Signer;
+import com.amazonaws.auth.AWSCredentialsProvider;
+import com.amazonaws.auth.EnvironmentVariableCredentialsProvider;
+import org.apache.http.HttpRequestInterceptor;
+
 import java.text.ParseException;
 
 import java.util.Map;
@@ -106,10 +111,21 @@ public RefreshPolicy getRefreshPolicy() {
     // Used in unit test to manage test
     public static RestHighLevelClient buildClient(final URI pConnectionURL) {
         //final CredentialsProvider credentialsProvider =new BasicCredentialsProvider();credentialsProvider.setCredentials(AuthScope.ANY,new UsernamePasswordCredentials("username", "password"));
-        RestClientBuilder builder = RestClient.builder(new HttpHost(pConnectionURL.getHost(), pConnectionURL.getPort(), pConnectionURL.getScheme()));
-        RestHighLevelClient tClient = new RestHighLevelClient(builder);
+        if (System.getenv("AWS_REGION") != null && System.getenv("AWS_ACCESS_KEY_ID") != null && System.getenv("AWS_SECRET_ACCESS_KEY") != null) {
+            String tServiceName = "es";
+            AWSCredentialsProvider credentialsProvider = new EnvironmentVariableCredentialsProvider();
+            AWS4Signer signer = new AWS4Signer();
+            signer.setServiceName(tServiceName);
+            signer.setRegionName(System.getenv("AWS_REGION")); // ENV
+            HttpRequestInterceptor interceptor = new AWSRequestSigningApacheInterceptor(tServiceName, signer, credentialsProvider);
+            return new RestHighLevelClient(RestClient.builder(new HttpHost(pConnectionURL.getHost(), pConnectionURL.getPort(), pConnectionURL.getScheme())).setHttpClientConfigCallback(hacb -> hacb.addInterceptorLast(interceptor)));
+        } else {
+            RestClientBuilder builder = RestClient.builder(new HttpHost(pConnectionURL.getHost(), pConnectionURL.getPort(), pConnectionURL.getScheme()));
+         
+            RestHighLevelClient tClient = new RestHighLevelClient(builder);
 
-        return tClient ;
+            return tClient ;
+        }
     }
 
     protected void createIndex() throws IOException {

src/test/resources/aws-elastic.properties

@@ -0,0 +1,44 @@
+# Generic properties
+# ==================
+
+# Uncomment this if you are behind a proxy or want a public URI
+#baseURI=http://dev.llgc.org.uk/annotation/
+
+# Uncomment this if you would like to use an encoder which will work on
+# the annotation before its stored in the triplestore
+# encoder=uk.org.llgc.annotation.store.encoders.BookOfPeaceEncode
+
+# if you are using Mirador versions greater than 2.1.4 then you need to uncomment the following
+# as the annotation structure changed between versions
+#encoder=uk.org.llgc.annotation.store.encoders.Mirador214
+
+# Store configuration
+# ==================
+
+# Uncomment this if you would like to use Jena as a backend
+#store=jena
+#data_dir=/annotation-data
+
+# Uncomment the following if you want to use Sesame
+# store=sesame
+# repo_url=http://localhost:8080/openrdf-sesame/repositories/test-anno
+
+# Uncomment the following if you want to use SOLR cores
+#store=solr
+#solr_connection=http://localhost:8983/solr/testannotations
+
+# Uncomment the following if you want to use SOLR collections (Cloud)
+#store=solr-cloud
+#solr_connection=http://solr:8983/solr,http://solr:7574/solr
+#solr_collection=annotations
+
+# Uncoment the following if you want to use ElasticSearch as a backend:
+store=elastic
+elastic_connection=https://search-elastic-sas-nfskj6q5cw7664b3cszjo6gwmi.eu-west-2.es.amazonaws.com/testannotations
+
+# Note the following enviroment variables also need to be present to test AWS elastic search:
+# AWS_REGION="eu-west-2"
+# AWS_ACCESS_KEY_ID
+# AWS_SECRET_ACCESS_KEY
+# SAS_store="elastic"
+# SAS_elastic_connection