Skip to content

Commit

Permalink
Fix sslConfig for multiple datasource to handle when certificateAutho…
Browse files Browse the repository at this point in the history
…rities is unset (opensearch-project#6282)

* Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset

Signed-off-by: Craig Perkins <[email protected]>

* Add to CHANGELOG

Signed-off-by: Craig Perkins <[email protected]>

* Adjust test in tls_settings_provider.test.ts

Signed-off-by: Craig Perkins <[email protected]>

---------

Signed-off-by: Craig Perkins <[email protected]>
  • Loading branch information
cwperks authored Mar 28, 2024
1 parent 91a0530 commit 40da92c
Show file tree
Hide file tree
Showing 7 changed files with 61 additions and 7 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- [BUG][Multiple Datasource] Fix data source filter bug and add tests ([#6152](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6152))
- [BUG][Multiple Datasource] Fix obsolete snapshots for test within data source management plugin ([#6185](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6185))
- [Workspace] Add base path when parse url in http service ([#6233](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6233))
- [Multiple Datasource] Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset ([#6282](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6282))

### 🚞 Infrastructure

Expand Down
29 changes: 28 additions & 1 deletion src/plugins/data_source/server/client/client_config.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ describe('parseClientOptions', () => {
ssl: {
requestCert: true,
rejectUnauthorized: false,
ca: [],
ca: undefined,
},
})
);
Expand Down Expand Up @@ -109,4 +109,31 @@ describe('parseClientOptions', () => {
})
);
});

test('test ssl config with verification mode set to full with no ca list', () => {
const config = {
enabled: true,
ssl: {
verificationMode: 'full',
},
clientPool: {
size: 5,
},
} as DataSourcePluginConfigType;
mockReadFileSync.mockReset();
mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`);
const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT);
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(parsedConfig).toEqual(
expect.objectContaining({
node: TEST_DATA_SOURCE_ENDPOINT,
ssl: {
requestCert: true,
rejectUnauthorized: true,
ca: undefined,
},
})
);
});
});
2 changes: 1 addition & 1 deletion src/plugins/data_source/server/client/client_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ export function parseClientOptions(
config.ssl?.certificateAuthorities
);

sslConfig.ca = certificateAuthorities || [];
sslConfig.ca = certificateAuthorities;
}

const clientOptions: ClientOptions = {
Expand Down
28 changes: 27 additions & 1 deletion src/plugins/data_source/server/legacy/client_config.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ describe('parseClientOptions', () => {
host: TEST_DATA_SOURCE_ENDPOINT,
ssl: {
rejectUnauthorized: false,
ca: [],
ca: undefined,
},
})
);
Expand Down Expand Up @@ -105,4 +105,30 @@ describe('parseClientOptions', () => {
})
);
});

test('test ssl config with verification mode set to full with no ca list', () => {
const config = {
enabled: true,
ssl: {
verificationMode: 'full',
},
clientPool: {
size: 5,
},
} as DataSourcePluginConfigType;
mockReadFileSync.mockReset();
mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`);
const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT);
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(parsedConfig).toEqual(
expect.objectContaining({
host: TEST_DATA_SOURCE_ENDPOINT,
ssl: {
rejectUnauthorized: true,
ca: undefined,
},
})
);
});
});
2 changes: 1 addition & 1 deletion src/plugins/data_source/server/legacy/client_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ export function parseClientOptions(
config.ssl?.certificateAuthorities
);

sslConfig.ca = certificateAuthorities || [];
sslConfig.ca = certificateAuthorities;
}

const configOptions: ConfigOptions = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ describe('readCertificateAuthorities', () => {
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(certificateAuthorities).toEqual({
certificateAuthorities: [],
certificateAuthorities: undefined,
});
});

Expand All @@ -52,7 +52,7 @@ describe('readCertificateAuthorities', () => {
expect(mockReadFileSync).toHaveBeenCalledTimes(0);
mockReadFileSync.mockClear();
expect(certificateAuthorities).toEqual({
certificateAuthorities: [],
certificateAuthorities: undefined,
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import { readFileSync } from 'fs';
export const readCertificateAuthorities = (
listOfCertificateAuthorities: string | string[] | undefined
) => {
let certificateAuthorities: string[] | undefined = [];
let certificateAuthorities: string[] | undefined;

const addCertificateAuthorities = (ca: string[]) => {
if (ca && ca.length) {
Expand Down

0 comments on commit 40da92c

Please sign in to comment.