From 00e2a5d146a3e25b36e7c98069ae7f749b13b82f Mon Sep 17 00:00:00 2001 From: Chang Liu Date: Mon, 27 Jun 2022 09:54:03 -0700 Subject: [PATCH] Bump version to 3.0.0.0 (#1890) * Bump version to 3.0.0.0 * Fix for the breaking changes in OpenSearch 3.0 Signed-off-by: cliu123 --- .github/workflows/ci.yml | 6 +++--- build.gradle | 2 +- bwc-test/build.gradle | 8 ++++---- .../dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java | 2 +- .../auth/http/saml/SamlFilesystemMetadataResolver.java | 2 +- .../org/opensearch/security/OpenSearchSecurityPlugin.java | 4 ++-- .../security/auditlog/impl/AbstractAuditLog.java | 2 +- .../security/configuration/ConfigurationRepository.java | 2 +- .../opensearch/security/ssl/DefaultSecurityKeyStore.java | 6 +++--- .../opensearch/security/ssl/util/SSLRequestHelper.java | 6 +++--- .../org/opensearch/security/support/PemKeyReader.java | 4 ++-- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d8972ac82b..3bb24077cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,9 +72,9 @@ jobs: cp -r build/ ./bwc-test/ mkdir ./bwc-test/src/test/resources/security_plugin_version_no_snapshot cp build/distributions/opensearch-security-${security_plugin_version_no_snapshot}.zip ./bwc-test/src/test/resources/${security_plugin_version_no_snapshot} - mkdir bwc-test/src/test/resources/2.0.0.0 - wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.0.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.0.0.0.zip - mv opensearch-security-2.0.0.0.zip bwc-test/src/test/resources/2.0.0.0/ + mkdir bwc-test/src/test/resources/2.1.0.0 + wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip + mv opensearch-security-2.1.0.0.zip bwc-test/src/test/resources/2.1.0.0/ cd bwc-test/ ./gradlew bwcTestSuite -Dtests.security.manager=false diff --git a/build.gradle b/build.gradle index 6c3d584350..aa68041b5d 100644 --- a/build.gradle +++ b/build.gradle @@ -11,7 +11,7 @@ buildscript { ext { - opensearch_version = System.getProperty("opensearch.version", "2.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.0.0-SNAPSHOT") isSnapshot = "true" == System.getProperty("build.snapshot", "true") buildVersionQualifier = System.getProperty("build.version_qualifier", "") diff --git a/bwc-test/build.gradle b/bwc-test/build.gradle index 8ad987b1a7..60270bf7f5 100644 --- a/bwc-test/build.gradle +++ b/bwc-test/build.gradle @@ -47,7 +47,7 @@ ext { buildscript { ext { - opensearch_version = System.getProperty("opensearch.version", "2.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.0.0-SNAPSHOT") opensearch_group = "org.opensearch" } repositories { @@ -73,16 +73,16 @@ dependencies { testImplementation "org.opensearch.test:framework:${opensearch_version}" } -String bwcVersion = "2.0.0.0"; +String bwcVersion = "2.1.0.0"; String baseName = "securityBwcCluster" String bwcFilePath = "src/test/resources/" -String projectVersion = "2.1.0.0" +String projectVersion = "3.0.0.0" 2.times {i -> testClusters { "${baseName}$i" { testDistribution = "ARCHIVE" - versions = ["2.0.0","2.1.0"] + versions = ["2.1.0","3.0.0"] numberOfNodes = 3 plugin(provider(new Callable() { @Override diff --git a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java index 812ca4f82f..3603aeb94e 100644 --- a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java @@ -70,7 +70,7 @@ public class HTTPSpnegoAuthenticator implements HTTPAuthenticator { public HTTPSpnegoAuthenticator(final Settings settings, final Path configPath) { super(); try { - final Path configDir = new Environment(settings, configPath).configFile(); + final Path configDir = new Environment(settings, configPath).configDir(); final String krb5PathSetting = settings.get("plugins.security.kerberos.krb5_filepath"); final SecurityManager sm = System.getSecurityManager(); diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java b/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java index 80f272b43b..302b1f41ea 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java @@ -51,6 +51,6 @@ public byte[] run() throws ResolverException { private static File getMetadataFile(String filePath, Settings settings, Path configPath) { Environment env = new Environment(settings, configPath); - return env.configFile().resolve(filePath).toAbsolutePath().toFile(); + return env.configDir().resolve(filePath).toAbsolutePath().toFile(); } } diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 66530cfaed..69dce00d41 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -326,7 +326,7 @@ public Object run() { final List filesWithWrongPermissions = AccessController.doPrivileged(new PrivilegedAction>() { @Override public List run() { - final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath(); + final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath(); if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) { try (Stream s = Files.walk(confPath)) { return s.distinct().filter(p -> checkFilePermissions(p)).collect(Collectors.toList()); @@ -356,7 +356,7 @@ public List run() { final List files = AccessController.doPrivileged(new PrivilegedAction>() { @Override public List run() { - final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath(); + final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath(); if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) { try (Stream s = Files.walk(confPath)) { return s.distinct().map(p -> sha256(p)).collect(Collectors.toList()); diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java index bc5e240c77..d6f59028fa 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java @@ -560,7 +560,7 @@ public Map run() { (key.contains("filepath") || key.contains("file_path"))) { String value = settings.get(key); if(value != null && !value.isEmpty()) { - Path path = value.startsWith("/")?Paths.get(value):environment.configFile().resolve(value); + Path path = value.startsWith("/")?Paths.get(value):environment.configDir().resolve(value); paths.put(key, path); } } diff --git a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java index 84d3059942..4b2fa7af8b 100644 --- a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java +++ b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java @@ -120,7 +120,7 @@ public void run() { try { String lookupDir = System.getProperty("security.default_init.dir"); - final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configFile().toAbsolutePath().toString()+"/opensearch-security/"; + final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configDir().toAbsolutePath().toString()+"/opensearch-security/"; File confFile = new File(cd+"config.yml"); if(confFile.exists()) { final ThreadContext threadContext = threadPool.getThreadContext(); diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java index 72d18fc0c9..026165f95e 100644 --- a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java +++ b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java @@ -226,8 +226,8 @@ private String resolve(String propName, boolean mustBeValid) { log.debug("Value for {} is {}", propName, originalPath); if (env != null && originalPath != null && originalPath.length() > 0) { - path = env.configFile().resolve(originalPath).toAbsolutePath().toString(); - log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString()); + path = env.configDir().resolve(originalPath).toAbsolutePath().toString(); + log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString()); } if (mustBeValid) { @@ -247,7 +247,7 @@ private void initSSLConfig() { log.info("No config directory, key- and truststore files are resolved absolutely"); } else { log.info("Config directory is {}/, from there the key- and truststore files are resolved relatively", - env.configFile().toAbsolutePath()); + env.configDir().toAbsolutePath()); } diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java index 5bd72fba5d..893fb04fac 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java @@ -199,7 +199,7 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett final String crlFile = settings.get(SSLConfigConstants.SSECURITY_SSL_HTTP_CRL_FILE); if(crlFile != null) { - final File crl = env.configFile().resolve(crlFile).toAbsolutePath().toFile(); + final File crl = env.configDir().resolve(crlFile).toAbsolutePath().toFile(); try(FileInputStream crlin = new FileInputStream(crl)) { crls = CertificateFactory.getInstance("X.509").generateCRLs(crlin); } @@ -222,12 +222,12 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett //final String truststoreAlias = settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_ALIAS, null); final KeyStore ts = KeyStore.getInstance(truststoreType); - try(FileInputStream fin = new FileInputStream(new File(env.configFile().resolve(truststore).toAbsolutePath().toString()))) { + try(FileInputStream fin = new FileInputStream(new File(env.configDir().resolve(truststore).toAbsolutePath().toString()))) { ts.load(fin, (truststorePassword == null || truststorePassword.length() == 0) ?null:truststorePassword.toCharArray()); } validator = new CertificateValidator(ts, crls); } else { - final File trustedCas = env.configFile().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile(); + final File trustedCas = env.configDir().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile(); try(FileInputStream trin = new FileInputStream(trustedCas)) { Collection cert = (Collection) CertificateFactory.getInstance("X.509").generateCertificates(trin); validator = new CertificateValidator(cert.toArray(new X509Certificate[0]), crls); diff --git a/src/main/java/org/opensearch/security/support/PemKeyReader.java b/src/main/java/org/opensearch/security/support/PemKeyReader.java index 53eeb21736..97aea87c13 100644 --- a/src/main/java/org/opensearch/security/support/PemKeyReader.java +++ b/src/main/java/org/opensearch/security/support/PemKeyReader.java @@ -325,8 +325,8 @@ public static String resolve(String originalPath, String propName, Settings sett final Environment env = new Environment(settings, configPath); if(env != null && originalPath != null && originalPath.length() > 0) { - path = env.configFile().resolve(originalPath).toAbsolutePath().toString(); - log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString()); + path = env.configDir().resolve(originalPath).toAbsolutePath().toString(); + log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString()); } if(mustBeValid) {