Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface #16387

Merged
merged 6 commits into from
Oct 18, 2024
Merged

Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface #16387

merged 6 commits into from
Oct 18, 2024
+53 −3

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Oct 18, 2024
edited
Loading

Description

Companion PR in the Security plugin: opensearch-project/security#4820

Fixes an issue with SSL Dual mode where the settings provider relies on the static node settings without taking dynamic cluster settings into account. This PR and companion Security PR fixes a regression introduced in opensearch-project/security#4119

Before 2.14, this setting was coming from the Security plugins SSLConfig class which originally gets the value from the node settings, but also registers a cluster settings listener to listen for dynamic updates to this setting.

For instance an operator can run:

curl -XPUT https://localhost:9200/_cluster/settings -k -H "Content-Type: application/json" -d '{"persistent": {"plugins.security_config.ssl_dual_mode_enabled": false}}'

To update this setting, but since 2.14 the dynamic value is not getting propagated.

This PR adds a new method to the SecureTransportSettingsProvider interface to allow a plugin that implements the provider to feed this value to core instead of relying on the static node settings.

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks
Add isDualModeEnabled to SecureTransportSettingsProvider interface
aa48614 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Add default impl
d390bd9 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks mentioned this pull request Oct 18, 2024
Merged
5 tasks
@cwperks
Respond to comments, update usages and update docstring
a0844e9 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Address feedback
1792a31 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks changed the title Add isDualModeEnabled to SecureTransportSettingsProvider interface Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface Oct 18, 2024
@cwperks
Add ExperimentalApi and add to CHANGELOG
937578c 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Move DefaultSecureTransportParameters to separate file and add javadoc
174344b 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@reta reta added backport 2.x Backport to 2.x branch v3.0.0 Issues and PRs related to version 3.0.0 v2.18.0 Issues and PRs related to version 2.18.0 labels Oct 18, 2024
@github-actions GitHub Actions
Copy link
Contributor

✅ Gradle check result for 174344b: SUCCESS

@reta reta merged commit f346788 into opensearch-project:main Oct 18, 2024
46 of 49 checks passed
@codecov Codecov
Copy link

codecov bot commented Oct 18, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.93%. Comparing base (0bded88) to head (174344b).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main   #16387      +/-   ##
============================================
- Coverage     72.07%   71.93%   -0.14%     
+ Complexity    64819    64756      -63     
============================================
  Files          5307     5308       +1     
  Lines        302718   302730      +12     
  Branches      43734    43735       +1     
============================================
- Hits         218178   217765     -413     
- Misses        66638    67034     +396     
- Partials      17902    17931      +29

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 18, 2024
@github-actions
Add method to return dynamic SecureTransportParameters from SecureTra…
42a88c1 
…nsportSettingsProvider interface (#16387)

* Add isDualModeEnabled to SecureTransportSettingsProvider interface

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add default impl

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Respond to comments, update usages and update docstring

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address feedback

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add ExperimentalApi and add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Move DefaultSecureTransportParameters to separate file and add javadoc

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
(cherry picked from commit f346788)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 18, 2024
Merged
@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Oct 19, 2024
Open
reta pushed a commit that referenced this pull request Oct 19, 2024
@opensearch-trigger-bot @github-actions
Add method to return dynamic SecureTransportParameters from SecureTra…
3ef3455 
…nsportSettingsProvider interface (#16387) (#16388)

* Add isDualModeEnabled to SecureTransportSettingsProvider interface



* Add default impl



* Respond to comments, update usages and update docstring



* Address feedback



* Add ExperimentalApi and add to CHANGELOG



* Move DefaultSecureTransportParameters to separate file and add javadoc



---------


(cherry picked from commit f346788)

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
dk2k pushed a commit to dk2k/OpenSearch that referenced this pull request Oct 21, 2024
@cwperks @dk2k
Add method to return dynamic SecureTransportParameters from SecureTra…
bb1e52b 
…nsportSettingsProvider interface (opensearch-project#16387)

* Add isDualModeEnabled to SecureTransportSettingsProvider interface

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add default impl

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Respond to comments, update usages and update docstring

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address feedback

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add ExperimentalApi and add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Move DefaultSecureTransportParameters to separate file and add javadoc

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks mentioned this pull request Oct 22, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@ashking94 ashking94 Awaiting requested review from ashking94 ashking94 is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@jainankitk jainankitk Awaiting requested review from jainankitk jainankitk is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@linuxpi linuxpi Awaiting requested review from linuxpi linuxpi is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
backport 2.x Backport to 2.x branch v2.18.0 Issues and PRs related to version 2.18.0 v3.0.0 Issues and PRs related to version 3.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cwperks @reta