我有一个启用了 IAM 的 AWS Neptune 实例,我能够在没有身份验证的情况下执行 crud 操作,但是当我启用身份验证时,它会抛出 Bad Handshake 错误日志。
注意:Lambda 函数具有完整的 Neptune 权限
package main
import (
"fmt"
"log"
"net/http"
"os"
"time"
"github.com/aws/aws-lambda-go/events"
"github.com/aws/aws-lambda-go/lambda"
gremlingo "github.com/apache/tinkerpop/gremlin-go/v3/driver"
"github.com/aws/aws-sdk-go/aws/session"
v4 "github.com/aws/aws-sdk-go/aws/signer/v4"
)
func main() {
lambda.Start(lambdaHandler)
}
func lambdaHandler(ctx context.Context, request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
driverConn, g = connect()
result, err = g.AddV("User").Property("userId", "Check").Next()
if err != nil {
fmt.Println(err)
}
}
func connect() {
awsSess, err := session.NewSesionWithOptions(session.Options{
SharedCondfigState: session.SharedConfigEnable,
}),
if err != nil {
log.Fatalf("Failed to creating session: %s", err)
}
db_endpoint := os.Genenv("DB_ENDPOINT")
connString := "wss://" +db_endpoint+":8182/gremlin"
// Signing Request
req, _ := http.NewRequest(http.MethodGet, connString, nil)
signer := v4.NewSigner(awsSess.Config.Credentials)
headerToUse, err := signer.Sign(req, nil, "neptune", *awsSess.Config.Region, time.Now())
driverRemoteConnection, err := gremlingo.NewDriverRemoteConnection(connString,
func(settings *gremlingo.driverRemoteConnectionSettings) {
settings.TraversalSource = "g"
settings.AuthInfo.Header = headerToUse
})
return driverRemoteConnection, traversalSource(driverRemoteConnection)
}
func traversalSource(driverConn *gremlingo.DriverRemoteConnection) *gremlingo.GraphTraversalSource {
return gremlingo.Traversal_().WithRemote(driverConn)
}
错误日志: 无法实例化新连接;将连接状态设置为关闭。 为连接池创建新连接时出错:websocket:握手错误 'E0104:无法建立成功的连接:websocket:握手错误'
注意:如果 IAM 身份验证被禁用,我可以执行查询。请帮助。
已尝试签名请求但无法验证失败。
如果授予了所有必要的权限,代码中有几处需要修复的地方应该可以与 Neptune IAM 一起使用。
neptune-db
而不是 neptune
.*gremlingo.driverRemoteConnectionSettings
应该是*gremlingo.DriverRemoteConnectionSettings
.settings.AuthInfo.Header
使用的header其实不是signer返回的header,而是原始请求的header,所以应该是settings.AuthInfo.Header = req.Header
.放在一起,
//Signing Request
下的代码块看起来像这样:
// Signing Request
req, _ := http.NewRequest(http.MethodGet, connString, nil)
signer := v4.NewSigner(awsSess.Config.Credentials)
_, err := signer.Sign(req, nil, "neptune-db", *awsSess.Config.Region, time.Now())
driverRemoteConnection, err := gremlingo.NewDriverRemoteConnection(connString,
func(settings *gremlingo.DriverRemoteConnectionSettings) {
settings.TraversalSource = "g"
settings.AuthInfo.Header = req.Header
})
需要注意的一件事是 gremlin-go 目前没有办法允许自动刷新授权令牌,这意味着必须在到期后建立新连接。
希望这有帮助。