Skip to content

Commit

Permalink
Add method to return dynamic SecureTransportParameters from SecureTra…
Browse files Browse the repository at this point in the history
…nsportSettingsProvider interface (opensearch-project#16387)

* Add isDualModeEnabled to SecureTransportSettingsProvider interface

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add default impl

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Respond to comments, update usages and update docstring

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address feedback

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add ExperimentalApi and add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Move DefaultSecureTransportParameters to separate file and add javadoc

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
  • Loading branch information
cwperks authored Oct 18, 2024
1 parent f1c98a4 commit f346788
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Add _list/shards API as paginated alternate to _cat/shards ([#14641](https://github.com/opensearch-project/OpenSearch/pull/14641))
- Latency and Memory allocation improvements to Multi Term Aggregation queries ([#14993](https://github.com/opensearch-project/OpenSearch/pull/14993))
- Flat object field use IndexOrDocValuesQuery to optimize query ([#14383](https://github.com/opensearch-project/OpenSearch/issues/14383))
- Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface ([#16387](https://github.com/opensearch-project/OpenSearch/pull/16387)

### Dependencies
- Bump `com.azure:azure-identity` from 1.13.0 to 1.13.2 ([#15578](https://github.com/opensearch-project/OpenSearch/pull/15578))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,10 @@ public SSLServerChannelInitializer(String name) {
protected void initChannel(Channel ch) throws Exception {
super.initChannel(ch);

final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
.map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
.orElse(false);
if (dualModeEnabled) {
logger.info("SSL Dual mode enabled, using port unification handler");
final ChannelHandler portUnificationHandler = new DualModeSslHandler(
settings,
secureTransportSettingsProvider,
Expand Down Expand Up @@ -258,7 +259,9 @@ protected class SSLClientChannelInitializer extends Netty4Transport.ClientChanne
public SSLClientChannelInitializer(DiscoveryNode node) {
this.node = node;

final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
.map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
.orElse(false);
hostnameVerificationEnabled = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION.get(settings);
hostnameVerificationResolveHostName = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME.get(settings);

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.plugins;

import org.opensearch.common.network.NetworkModule;
import org.opensearch.common.settings.Settings;

/**
* Default implementation of {@link SecureTransportSettingsProvider.SecureTransportParameters}.
*/
class DefaultSecureTransportParameters implements SecureTransportSettingsProvider.SecureTransportParameters {
private final Settings settings;

DefaultSecureTransportParameters(Settings settings) {
this.settings = settings;
}

@Override
public boolean dualModeEnabled() {
return NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,24 @@ default Collection<TransportAdapterProvider<Transport>> getTransportAdapterProvi
return Collections.emptyList();
}

/**
* Returns parameters that can be dynamically provided by a plugin providing a {@link SecureTransportSettingsProvider}
* implementation
* @param settings settings
* @return an instance of {@link SecureTransportParameters}
*/
default Optional<SecureTransportParameters> parameters(Settings settings) {
return Optional.of(new DefaultSecureTransportParameters(settings));
}

/**
* Dynamic parameters that can be provided by the {@link SecureTransportSettingsProvider}
*/
@ExperimentalApi
interface SecureTransportParameters {
boolean dualModeEnabled();
}

/**
* If supported, builds the {@link TransportExceptionHandler} instance for {@link Transport} instance
* @param settings settings
Expand Down

0 comments on commit f346788

Please sign in to comment.