Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface #16387
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
cwperks
requested review from
peternied,
anasalkouz,
andrross,
ashking94,
Bukhtawar,
CEHENKLE,
dblock,
dbwiddis,
gbbafna,
jainankitk,
kotwanikunal,
linuxpi,
mch2,
msfroh,
nknize,
owaiskazi19,
reta,
Rishikesh1159,
sachinpkale,
saratvemulapalli,
shwetathareja,
sohami and
VachaShah
as code owners
5 tasks
reta
reviewed
Oct 18, 2024
server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Craig Perkins <[email protected]>
reta
reviewed
Oct 18, 2024
...ransport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java
Outdated
Show resolved
Hide resolved
reta
reviewed
Oct 18, 2024
server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java
Show resolved
Hide resolved
Signed-off-by: Craig Perkins <[email protected]>
reta
reviewed
Oct 18, 2024
server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java
Outdated
Show resolved
Hide resolved
cwperks
changed the title
Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
reta
approved these changes
Oct 18, 2024
reta
added
backport 2.x
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #16387 +/- ##
============================================
- Coverage 72.07% 71.93% -0.14%
+ Complexity 64819 64756 -63
============================================
Files 5307 5308 +1
Lines 302718 302730 +12
Branches 43734 43735 +1
============================================
- Hits 218178 217765 -413
- Misses 66638 67034 +396
- Partials 17902 17931 +29 ☔ View full report in Codecov by Sentry. |
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Oct 18, 2024
…nsportSettingsProvider interface (#16387) * Add isDualModeEnabled to SecureTransportSettingsProvider interface Signed-off-by: Craig Perkins <[email protected]> * Add default impl Signed-off-by: Craig Perkins <[email protected]> * Respond to comments, update usages and update docstring Signed-off-by: Craig Perkins <[email protected]> * Address feedback Signed-off-by: Craig Perkins <[email protected]> * Add ExperimentalApi and add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Move DefaultSecureTransportParameters to separate file and add javadoc Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]> (cherry picked from commit f346788) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
reta
pushed a commit
that referenced
this pull request
Oct 19, 2024
…nsportSettingsProvider interface (#16387) (#16388) * Add isDualModeEnabled to SecureTransportSettingsProvider interface * Add default impl * Respond to comments, update usages and update docstring * Address feedback * Add ExperimentalApi and add to CHANGELOG * Move DefaultSecureTransportParameters to separate file and add javadoc --------- (cherry picked from commit f346788) Signed-off-by: Craig Perkins <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
dk2k
pushed a commit
to dk2k/OpenSearch
that referenced
this pull request
Oct 21, 2024
…nsportSettingsProvider interface (opensearch-project#16387) * Add isDualModeEnabled to SecureTransportSettingsProvider interface Signed-off-by: Craig Perkins <[email protected]> * Add default impl Signed-off-by: Craig Perkins <[email protected]> * Respond to comments, update usages and update docstring Signed-off-by: Craig Perkins <[email protected]> * Address feedback Signed-off-by: Craig Perkins <[email protected]> * Add ExperimentalApi and add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Move DefaultSecureTransportParameters to separate file and add javadoc Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
3 tasks
akolarkunnu
pushed a commit
to akolarkunnu/OpenSearch
that referenced
this pull request
Jan 21, 2025
…nsportSettingsProvider interface (opensearch-project#16387) * Add isDualModeEnabled to SecureTransportSettingsProvider interface Signed-off-by: Craig Perkins <[email protected]> * Add default impl Signed-off-by: Craig Perkins <[email protected]> * Respond to comments, update usages and update docstring Signed-off-by: Craig Perkins <[email protected]> * Address feedback Signed-off-by: Craig Perkins <[email protected]> * Add ExperimentalApi and add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Move DefaultSecureTransportParameters to separate file and add javadoc Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Companion PR in the Security plugin: opensearch-project/security#4820
Fixes an issue with SSL Dual mode where the settings provider relies on the static node settings without taking dynamic cluster settings into account. This PR and companion Security PR fixes a regression introduced in opensearch-project/security#4119
Before 2.14, this setting was coming from the Security plugins SSLConfig class which originally gets the value from the node settings, but also registers a cluster settings listener to listen for dynamic updates to this setting.
For instance an operator can run:
To update this setting, but since 2.14 the dynamic value is not getting propagated.
This PR adds a new method to the SecureTransportSettingsProvider interface to allow a plugin that implements the provider to feed this value to core instead of relying on the static node settings.
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.