Skip to content

Commit

Permalink
Fix sslConfig for multiple datasource to handle when certificateAutho…
Browse files Browse the repository at this point in the history
…rities is unset (opensearch-project#6282)

* Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Adjust test in tls_settings_provider.test.ts

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
(cherry picked from commit 40da92c)
  • Loading branch information
cwperks committed Mar 29, 2024
1 parent 43440c3 commit ada8d39
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 7 deletions.
29 changes: 28 additions & 1 deletion src/plugins/data_source/server/client/client_config.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ describe('parseClientOptions', () => {
ssl: {
requestCert: true,
rejectUnauthorized: false,
ca: [],
ca: undefined,
},
})
);
Expand Down Expand Up @@ -109,4 +109,31 @@ describe('parseClientOptions', () => {
})
);
});

test('test ssl config with verification mode set to full with no ca list', () => {
const config = {
enabled: true,
ssl: {
verificationMode: 'full',
},
clientPool: {
size: 5,
},
} as DataSourcePluginConfigType;
mockReadFileSync.mockReset();
mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`);
const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT);
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(parsedConfig).toEqual(
expect.objectContaining({
node: TEST_DATA_SOURCE_ENDPOINT,
ssl: {
requestCert: true,
rejectUnauthorized: true,
ca: undefined,
},
})
);
});
});
2 changes: 1 addition & 1 deletion src/plugins/data_source/server/client/client_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ export function parseClientOptions(
config.ssl?.certificateAuthorities
);

sslConfig.ca = certificateAuthorities || [];
sslConfig.ca = certificateAuthorities;
}

const clientOptions: ClientOptions = {
Expand Down
28 changes: 27 additions & 1 deletion src/plugins/data_source/server/legacy/client_config.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ describe('parseClientOptions', () => {
host: TEST_DATA_SOURCE_ENDPOINT,
ssl: {
rejectUnauthorized: false,
ca: [],
ca: undefined,
},
})
);
Expand Down Expand Up @@ -105,4 +105,30 @@ describe('parseClientOptions', () => {
})
);
});

test('test ssl config with verification mode set to full with no ca list', () => {
const config = {
enabled: true,
ssl: {
verificationMode: 'full',
},
clientPool: {
size: 5,
},
} as DataSourcePluginConfigType;
mockReadFileSync.mockReset();
mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`);
const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT);
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(parsedConfig).toEqual(
expect.objectContaining({
host: TEST_DATA_SOURCE_ENDPOINT,
ssl: {
rejectUnauthorized: true,
ca: undefined,
},
})
);
});
});
2 changes: 1 addition & 1 deletion src/plugins/data_source/server/legacy/client_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ export function parseClientOptions(
config.ssl?.certificateAuthorities
);

sslConfig.ca = certificateAuthorities || [];
sslConfig.ca = certificateAuthorities;
}

const configOptions: ConfigOptions = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ describe('readCertificateAuthorities', () => {
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(certificateAuthorities).toEqual({
certificateAuthorities: [],
certificateAuthorities: undefined,
});
});

Expand All @@ -52,7 +52,7 @@ describe('readCertificateAuthorities', () => {
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(certificateAuthorities).toEqual({
certificateAuthorities: [],
certificateAuthorities: undefined,
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import { readFileSync } from 'fs';
export const readCertificateAuthorities = (
listOfCertificateAuthorities: string | string[] | undefined
) => {
let certificateAuthorities: string[] | undefined = [];
let certificateAuthorities: string[] | undefined;

const addCertificateAuthorities = (ca: string[]) => {
if (ca && ca.length) {
Expand Down

0 comments on commit ada8d39

Please sign in to comment.