Skip to content

Commit

Permalink
Provide auth.type and auth.role_arn paramters to end user (opensearch…
Browse files Browse the repository at this point in the history
…-project#2276) (opensearch-project#2281)

(cherry picked from commit 9f17c4e)

Signed-off-by: Vamsi Manohar <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
1 parent 145b163 commit ab02486
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@
public class DataSourceServiceImpl implements DataSourceService {

private static String DATASOURCE_NAME_REGEX = "[@*A-Za-z]+?[*a-zA-Z_\\-0-9]*";
public static final Set<String> CONFIDENTIAL_AUTH_KEYS =
Set.of("auth.username", "auth.password", "auth.access_key", "auth.secret_key");

private final DataSourceLoaderCache dataSourceLoaderCache;

Expand Down Expand Up @@ -159,7 +161,12 @@ private void removeAuthInfo(Set<DataSourceMetadata> dataSourceMetadataSet) {

private void removeAuthInfo(DataSourceMetadata dataSourceMetadata) {
HashMap<String, String> safeProperties = new HashMap<>(dataSourceMetadata.getProperties());
safeProperties.entrySet().removeIf(entry -> entry.getKey().contains("auth"));
safeProperties
.entrySet()
.removeIf(
entry ->
CONFIDENTIAL_AUTH_KEYS.stream()
.anyMatch(confidentialKey -> entry.getKey().endsWith(confidentialKey)));
dataSourceMetadata.setProperties(safeProperties);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ void testGetDataSourceMetadataSet() {
assertEquals(1, dataSourceMetadataSet.size());
DataSourceMetadata dataSourceMetadata = dataSourceMetadataSet.iterator().next();
assertTrue(dataSourceMetadata.getProperties().containsKey("prometheus.uri"));
assertFalse(dataSourceMetadata.getProperties().containsKey("prometheus.auth.type"));
assertTrue(dataSourceMetadata.getProperties().containsKey("prometheus.auth.type"));
assertFalse(dataSourceMetadata.getProperties().containsKey("prometheus.auth.username"));
assertFalse(dataSourceMetadata.getProperties().containsKey("prometheus.auth.password"));
assertFalse(
Expand Down Expand Up @@ -352,11 +352,72 @@ void testRemovalOfAuthorizationInfo() {
DataSourceMetadata dataSourceMetadata1 = dataSourceService.getDataSourceMetadata("testDS");
assertEquals("testDS", dataSourceMetadata1.getName());
assertEquals(DataSourceType.PROMETHEUS, dataSourceMetadata1.getConnector());
assertFalse(dataSourceMetadata1.getProperties().containsKey("prometheus.auth.type"));
assertTrue(dataSourceMetadata1.getProperties().containsKey("prometheus.auth.type"));
assertFalse(dataSourceMetadata1.getProperties().containsKey("prometheus.auth.username"));
assertFalse(dataSourceMetadata1.getProperties().containsKey("prometheus.auth.password"));
}

@Test
void testRemovalOfAuthorizationInfoForAccessKeyAndSecretKye() {
HashMap<String, String> properties = new HashMap<>();
properties.put("prometheus.uri", "https://localhost:9090");
properties.put("prometheus.auth.type", "awssigv4");
properties.put("prometheus.auth.access_key", "access_key");
properties.put("prometheus.auth.secret_key", "secret_key");
DataSourceMetadata dataSourceMetadata =
new DataSourceMetadata(
"testDS",
DataSourceType.PROMETHEUS,
Collections.singletonList("prometheus_access"),
properties,
null);
when(dataSourceMetadataStorage.getDataSourceMetadata("testDS"))
.thenReturn(Optional.of(dataSourceMetadata));

DataSourceMetadata dataSourceMetadata1 = dataSourceService.getDataSourceMetadata("testDS");
assertEquals("testDS", dataSourceMetadata1.getName());
assertEquals(DataSourceType.PROMETHEUS, dataSourceMetadata1.getConnector());
assertTrue(dataSourceMetadata1.getProperties().containsKey("prometheus.auth.type"));
assertFalse(dataSourceMetadata1.getProperties().containsKey("prometheus.auth.access_key"));
assertFalse(dataSourceMetadata1.getProperties().containsKey("prometheus.auth.secret_key"));
}

@Test
void testRemovalOfAuthorizationInfoForGlueWithRoleARN() {
HashMap<String, String> properties = new HashMap<>();
properties.put("glue.auth.type", "iam_role");
properties.put("glue.auth.role_arn", "role_arn");
properties.put("glue.indexstore.opensearch.uri", "http://localhost:9200");
properties.put("glue.indexstore.opensearch.auth", "basicauth");
properties.put("glue.indexstore.opensearch.auth.username", "username");
properties.put("glue.indexstore.opensearch.auth.password", "password");
DataSourceMetadata dataSourceMetadata =
new DataSourceMetadata(
"testGlue",
DataSourceType.S3GLUE,
Collections.singletonList("glue_access"),
properties,
null);
when(dataSourceMetadataStorage.getDataSourceMetadata("testGlue"))
.thenReturn(Optional.of(dataSourceMetadata));

DataSourceMetadata dataSourceMetadata1 = dataSourceService.getDataSourceMetadata("testGlue");
assertEquals("testGlue", dataSourceMetadata1.getName());
assertEquals(DataSourceType.S3GLUE, dataSourceMetadata1.getConnector());
assertTrue(dataSourceMetadata1.getProperties().containsKey("glue.auth.type"));
assertTrue(dataSourceMetadata1.getProperties().containsKey("glue.auth.role_arn"));
assertTrue(dataSourceMetadata1.getProperties().containsKey("glue.indexstore.opensearch.uri"));
assertTrue(dataSourceMetadata1.getProperties().containsKey("glue.indexstore.opensearch.auth"));
assertFalse(
dataSourceMetadata1
.getProperties()
.containsKey("glue.indexstore.opensearch.auth.username"));
assertFalse(
dataSourceMetadata1
.getProperties()
.containsKey("glue.indexstore.opensearch.auth.password"));
}

@Test
void testGetDataSourceMetadataForNonExistingDataSource() {
when(dataSourceMetadataStorage.getDataSourceMetadata("testDS")).thenReturn(Optional.empty());
Expand All @@ -381,7 +442,7 @@ void testGetDataSourceMetadataForSpecificDataSourceName() {
"testDS", DataSourceType.PROMETHEUS, Collections.emptyList(), properties)));
DataSourceMetadata dataSourceMetadata = this.dataSourceService.getDataSourceMetadata("testDS");
assertTrue(dataSourceMetadata.getProperties().containsKey("prometheus.uri"));
assertFalse(dataSourceMetadata.getProperties().containsKey("prometheus.auth.type"));
assertTrue(dataSourceMetadata.getProperties().containsKey("prometheus.auth.type"));
assertFalse(dataSourceMetadata.getProperties().containsKey("prometheus.auth.username"));
assertFalse(dataSourceMetadata.getProperties().containsKey("prometheus.auth.password"));
verify(dataSourceMetadataStorage, times(1)).getDataSourceMetadata("testDS");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,10 @@ public void createDataSourceAPITest() {
new Gson().fromJson(getResponseString, DataSourceMetadata.class);
Assert.assertEquals(
"https://localhost:9090", dataSourceMetadata.getProperties().get("prometheus.uri"));
Assert.assertEquals(
"basicauth", dataSourceMetadata.getProperties().get("prometheus.auth.type"));
Assert.assertNull(dataSourceMetadata.getProperties().get("prometheus.auth.username"));
Assert.assertNull(dataSourceMetadata.getProperties().get("prometheus.auth.password"));
Assert.assertEquals("Prometheus Creation for Integ test", dataSourceMetadata.getDescription());
}

Expand Down Expand Up @@ -239,6 +243,10 @@ public void issue2196() {
new Gson().fromJson(getResponseString, DataSourceMetadata.class);
Assert.assertEquals(
"https://localhost:9090", dataSourceMetadata.getProperties().get("prometheus.uri"));
Assert.assertEquals(
"basicauth", dataSourceMetadata.getProperties().get("prometheus.auth.type"));
Assert.assertNull(dataSourceMetadata.getProperties().get("prometheus.auth.username"));
Assert.assertNull(dataSourceMetadata.getProperties().get("prometheus.auth.password"));
Assert.assertEquals("Prometheus Creation for Integ test", dataSourceMetadata.getDescription());
}
}

0 comments on commit ab02486

Please sign in to comment.