AWS Organisation - Request from denodo

Hi, I meet a problem to create a correct data source to access AWS organization services. Certainly, that is due to the authentication header signature or the content type that I don’t know to correctly configure with denoto A good Web Request for my problem looks like that (come from my postman installed apps) *POST / HTTP/1.1 Host: Accept-Encoding: identity X-Amz-Target: AWSOrganizationsV20161128.ListRoots User-Agent: aws-cli/1.11.143 Python/3.6.1 Linux/3.2.45-0.6.wd.865.49.315.metal1.x8664 botocore/1.7.1 Content-Type: application/x-amz-json-1.1 Content-Length: 2 Host: X-Amz-Date: 20190321T075535Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIXXXXXXXXXXXXX/20190321/us-east-1/organizations/aws4request, SignedHeaders=accept-encoding;cache-control;content-length;content-type;host;postman-token;user-agent;x-amz-date;x-amz-target, Signature=badffd1f5b0fe412ae719ddb34eec1e86012fafe6d81756df2ae64ce56bc5ea4 cache-control: no-cache Postman-Token: 843a0b1b-6de1-4e65-89a7-0b7f19afd56e {}------WebKitFormBoundary7MA4YWxkTrZu0gW--* Each time I forward a request from my postman, I obtain a good response. The fact is that postman can generate dynamically the authentication signature and manage application/x-amz-json-1.1 content-type. For the signature, It do it from the value that I field into the menu Authorization/AWS Signature. The responses that I obtain are corrects: { "Roots": [ { "Arn": "YYYYYYYYY", "Id": "YYYYY", "Name": "YYYY", "PolicyTypes": [YYYYY] } ] } In denodo, we don’t have AWS Signature version 4 authentication configuration menu. The way to pass through is to use the headers. The following procedure permits to reproduce the current blocking point: 1)Create JSON data source. 2)Configuration the JSON data source: HTTP method: POST URL: Post body: \{\} 3) Setup HTTP headers • AWS4-HMAC-SHA256 Credential=AKIAI*XXXXXXXXXX*/20190321/us-east-1/organizations/aws4request, SignedHeaders=accept-encoding;cache-control;content-length;content-type;host;postman-token;user-agent;x-amz-date;x-amz-target, Signature=*badffd1f5b0fe412ae719ddb34eec1e86012fafe6d81756df2ae64ce56bc5ea4* I don’t know the way that tenodo is signing but afterward a “test connection”, we obtain a success message. • X-Amz-Date: 20190321T075535Z • Content-Type: application/x-amz-json-1.1 • Accept-Encoding: identity • X-Amz-Target: AWSOrganizationsV20161128.ListRoots • Content-Length: 2 4) press test connection: that is a success. But when we create the base view, the view schema seems not appropriate. A base view execute action confirms this point. It must be due to the denodo don't use of application/x-amz-json-1.1 rather application/json preseted into the http configuration menu of the data source I have two questions: Is It possible to use in denodo, application/x-amz-json-1.1 rather application/json? If yes, what is the way to do it. Why the signature like that I have describe previously seems working on denodo. logicaly it should be not the case. *the same test in postman raise the following error: <IncompleteSignatureException> <Message>Authorization header requires 'Credential' parameter. Authorization=AKIAIXXXXXX/20190321/us-east-1/organizations/aws4request, SignedHeaders=accept-encoding;content-length;content-type;host;user-agent;x-amz-date;x-amz-target, Signature=53748d60b22b8d5adbe8d4fac60f6d865a04cfaddbea31217cef512a13c85d65</Message> </IncompleteSignatureException>* Thanks for your help. regards jerome beyou
21-03-2019 09:01:41 -0400

1 Answer

Hi, I would use the [HTTP Headers]( option available under Configuration section of the JSON Data Source and include the header as “Content-type=application/x-amz-json-1.1” and I would validate the Post Body of the JSON Data Source to get the appropriate View Schema. For the Postman error, I would suggest you to validate all the parameters used in the Postman. Hope this helps!
Denodo Team
22-03-2019 09:13:09 -0400
You must sign in to add an answer. If you do not have an account, you can register here