Skip to content

Easing debugging for security not initialized error #5370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 10, 2025
Merged

Easing debugging for security not initialized error #5370

merged 5 commits into from
Jun 10, 2025

Conversation

@nagarajg17
Copy link
Contributor

@nagarajg17 nagarajg17 commented Jun 1, 2025
edited
Loading

Description

If security index is not created during node bootup and if any API call is made we receive generic error OpenSearch Security is not initialized. Security index may not be created for various number of reasons but commonly seen due to master not initialized. To ease the debugging and fixing the issue, adding more details to error statement and possible cause will help. This PR starts with one of the possible cause, it can be extended in future appropriately

Future adding few debug lines to ease debugging during issues

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Maintenance

Issues Resolved

Easing debugging and fixing error

Testing

To minic the scenario added this setting in opensearch.yml node.roles: [data, ingest] to have no master node. Then made API calls to reproduce the error

curl -X GET "https://localhost:9200/my-index-000001/_search?pretty"  -H 'Content-Type: application/json' -u '<>:<>' --insecure

OpenSearch Security is not initialized. Cluster manager not present

Earlier

curl -X GET "https://localhost:9200/my-index-000001/_search?pretty"  -H 'Content-Type: application/json' -u '<>:<>' --insecure

OpenSearch Security is not initialized

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@nagarajg17 nagarajg17 force-pushed the main branch 2 times, most recently from 54b4ad4 to 050b862 Compare June 1, 2025 19:18
@codecov
Copy link

codecov bot commented Jun 1, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 85.18519% with 4 lines in your changes missing coverage. Please review.

Project coverage is 72.20%. Comparing base (28cb2c8) to head (54a8cfc).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
.../org/opensearch/security/auth/BackendRegistry.java 66.66% 1 Missing and 1 partial ⚠️
...org/opensearch/security/filter/SecurityFilter.java 71.42% 1 Missing and 1 partial ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #5370      +/-   ##
==========================================
+ Coverage   72.19%   72.20%   +0.01%     
==========================================
  Files         382      382              
  Lines       23697    23716      +19     
  Branches     3644     3649       +5     
==========================================
+ Hits        17107    17124      +17     
+ Misses       4794     4793       -1     
- Partials     1796     1799       +3
Files with missing lines Coverage Δ
.../opensearch/security/OpenSearchSecurityPlugin.java 84.68% <100.00%> (ø)
...arch/security/configuration/ClusterInfoHolder.java 79.31% <100.00%> (+21.61%) ⬆️
...earch/security/privileges/PrivilegesEvaluator.java 75.07% <100.00%> (+1.03%) ⬆️
...ch/security/securityconf/DynamicConfigFactory.java 62.58% <100.00%> (+0.25%) ⬆️
.../org/opensearch/security/auth/BackendRegistry.java 77.19% <66.66%> (-0.33%) ⬇️
...org/opensearch/security/filter/SecurityFilter.java 66.82% <71.42%> (-0.17%) ⬇️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@nagarajg17 nagarajg17 force-pushed the main branch 2 times, most recently from de54115 to e6bf0e2 Compare June 2, 2025 19:51
@nagarajg17 nagarajg17 marked this pull request as ready for review June 2, 2025 19:54
@nagarajg17 nagarajg17 force-pushed the main branch 3 times, most recently from 48cb5aa to 5c40137 Compare June 4, 2025 12:56
@nagarajg17 nagarajg17 requested a review from cwperks June 4, 2025 16:12
Easing debugging for security not initialized error
256ed3f 
Signed-off-by: Nagaraj G <narajg@amazon.com>
cwperks
cwperks previously approved these changes Jun 9, 2025
View reviewed changes
@cwperks
Copy link
Member

cwperks commented Jun 9, 2025

@nagarajg17 can we also add a CHANGELOG entry for this? I think its a significant enough change to have an entry in the CHANGELOG.

DarshitChanpura
DarshitChanpura previously approved these changes Jun 9, 2025
View reviewed changes
@DarshitChanpura
Copy link
Member

@nagarajg17 can we also add a CHANGELOG entry for this? I think its a significant enough change to have an entry in the CHANGELOG.

+1

@DarshitChanpura
Copy link
Member

@nagarajg17 Would you mind checking the test failures?

@DarshitChanpura
Update changelog entry
35afcbb 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Fixes unit tests
bbb5182 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura DarshitChanpura dismissed stale reviews from cwperks and themself via bbb5182 June 10, 2025 16:49
@cwperks cwperks added the v3.1.0 Issues targeting release v3.1.0 label Jun 10, 2025
@cwperks cwperks merged commit 4f9669e into opensearch-project:main Jun 10, 2025
71 of 72 checks passed
@nagarajg17
Copy link
Contributor Author

I see PR is merged. I didn't get a chance to check test failures yesterday, will check it and create another PR for CHANGELOG

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cwperks cwperks cwperks approved these changes

@DarshitChanpura DarshitChanpura DarshitChanpura approved these changes

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix is a code owner

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@reta reta Awaiting requested review from reta reta is a code owner

@shikharj05 shikharj05 Awaiting requested review from shikharj05 shikharj05 is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

Assignees

No one assigned

Labels

v3.1.0 Issues targeting release v3.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nagarajg17 @cwperks @DarshitChanpura