Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.x] XContent Refactor #2598

Merged

Conversation

RyanL1997
Copy link
Collaborator

@RyanL1997 RyanL1997 commented Mar 29, 2023

Description

Reacts to refactoring done on xcontent classes from core. Many imports from org.opensearch.common.xcontent were switched to org.opensearch.core.xcontent.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Build fix

Issues Resolved

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
@RyanL1997
Copy link
Collaborator Author

I will look into the test failure introduced by opensslTest tmr.

@RyanL1997
Copy link
Collaborator Author

I'm updating my findings here:
Based on the log, it seems like we couldn't setup the openSSL connection correctly. For this error:

[ERROR][org.opensearch.security.ssl.http.netty.SecuritySSLNettyHttpServerTransport] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f5f6f70656e64697374726f2f5f73656375726974792f73736c696e666f3f70726574747920485454502f312e310d0a486f73743a203132372e302e302e313a31303237340d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d48747470436c69656e742f342e352e313320284a6176612f31312e302e3138290d0a4163636570742d456e636f64696e673a20677a69702c6465666c6174650d0a0d0a

It shows like there is a communication mismatch. I decoded the record, and it gives a http request:

GET /_opendistro/_security/sslinfo?pretty HTTP/1.1
Host: 127.0.0.1:8628
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.13 (Java/11.0.18)
Accept-Encoding: gzip,deflate

I think by enabling the openSSL, we need a https request instead. I was checking thru the code base, and I couldn't find the relate changes about this error. I will keep looking for it tmr.

Signed-off-by: Ryan Liang <jiallian@amazon.com>
@RyanL1997 RyanL1997 force-pushed the backport-xcontent-refactoring branch from a7d7a8e to 6575a27 Compare March 30, 2023 21:52
@peternied
Copy link
Member

I've backported the ClusterManager changes into my fork. Assuming the test pass https://github.com/peternied/security/actions/runs/4569414539/jobs/8065642541 I think we should merge that into this branch to move forward.

See original source PR

What do you think @RyanL1997?
FYI: @cwperks @scrawfor99 ?

@RyanL1997
Copy link
Collaborator Author

RyanL1997 commented Mar 30, 2023

Hi, @peternied, I tried to fixed this in the same way as you did, but it didn't work(Actually what I tried for cherry pick was this PR: #2051). According to this PR: opensearch-project/OpenSearch#6853, I think they have modified some of the logics on legacy settings. And I'm look into it to see the root cause.

RyanL1997 and others added 3 commits March 30, 2023 15:23
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
* Cluster manager inclusive checks on codebase

Enforce usage of ClusterManager terminology in the codebase
Include mechanism to disable checkstyle rule

Cross cluster needs to have an additional role in the `node.roles` list,
which I am guessing was backwards compatiable if the legacy versions of
the role assignments were used.  With this change cross cluster tests
properly include this value during setup and the settings for these
values are merged instead of being overridden.

Signed-off-by: Peter Nied <petern@amazon.com>
@codecov-commenter
Copy link

codecov-commenter commented Mar 31, 2023

Codecov Report

Merging #2598 (9c59856) into 2.x (ed85d06) will decrease coverage by 0.11%.
The diff coverage is 100.00%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@             Coverage Diff              @@
##                2.x    #2598      +/-   ##
============================================
- Coverage     61.30%   61.19%   -0.11%     
+ Complexity     3314     3305       -9     
============================================
  Files           258      258              
  Lines         18272    18272              
  Branches       3251     3251              
============================================
- Hits          11201    11182      -19     
- Misses         5496     5508      +12     
- Partials       1575     1582       +7     
Impacted Files Coverage Δ
...ic/auth/http/kerberos/HTTPSpnegoAuthenticator.java 0.00% <ø> (ø)
.../opensearch/security/OpenSearchSecurityPlugin.java 79.87% <ø> (ø)
.../action/configupdate/ConfigUpdateNodeResponse.java 77.27% <ø> (ø)
...rity/action/configupdate/ConfigUpdateResponse.java 64.28% <ø> (ø)
...nsearch/security/action/whoami/WhoAmIResponse.java 0.00% <ø> (ø)
...earch/security/auditlog/impl/AbstractAuditLog.java 73.75% <ø> (ø)
...search/security/auditlog/impl/RequestResolver.java 67.61% <ø> (ø)
...ty/configuration/ConfigurationLoaderSecurity7.java 66.39% <ø> (ø)
...security/configuration/DlsFlsFilterLeafReader.java 62.31% <ø> (ø)
...rch/security/configuration/DlsFlsRequestValve.java 0.00% <ø> (ø)
... and 29 more

... and 7 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@RyanL1997 RyanL1997 merged commit 77bc5b8 into opensearch-project:2.x Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants