diff --git a/CHANGELOG.md b/CHANGELOG.md index ca581115e507..c18a0f81d40f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -92,6 +92,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [BUG][Multiple Datasource] Fix data source filter bug and add tests ([#6152](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6152)) - [BUG][Multiple Datasource] Fix obsolete snapshots for test within data source management plugin ([#6185](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6185)) - [Workspace] Add base path when parse url in http service ([#6233](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6233)) +- [Multiple Datasource] Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset ([#6282](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6282)) ### 🚞 Infrastructure diff --git a/src/plugins/data_source/server/client/client_config.test.ts b/src/plugins/data_source/server/client/client_config.test.ts index e6aef818f7de..838b8bc882b4 100644 --- a/src/plugins/data_source/server/client/client_config.test.ts +++ b/src/plugins/data_source/server/client/client_config.test.ts @@ -46,7 +46,7 @@ describe('parseClientOptions', () => { ssl: { requestCert: true, rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -109,4 +109,31 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + node: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + requestCert: true, + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/client/client_config.ts b/src/plugins/data_source/server/client/client_config.ts index f77986810f1b..0de0ebcf37fa 100644 --- a/src/plugins/data_source/server/client/client_config.ts +++ b/src/plugins/data_source/server/client/client_config.ts @@ -56,7 +56,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const clientOptions: ClientOptions = { diff --git a/src/plugins/data_source/server/legacy/client_config.test.ts b/src/plugins/data_source/server/legacy/client_config.test.ts index 67445a686f90..b8a6b1664abd 100644 --- a/src/plugins/data_source/server/legacy/client_config.test.ts +++ b/src/plugins/data_source/server/legacy/client_config.test.ts @@ -44,7 +44,7 @@ describe('parseClientOptions', () => { host: TEST_DATA_SOURCE_ENDPOINT, ssl: { rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -105,4 +105,30 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + host: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/legacy/client_config.ts b/src/plugins/data_source/server/legacy/client_config.ts index a3704d3ec099..a2dc81d6dc11 100644 --- a/src/plugins/data_source/server/legacy/client_config.ts +++ b/src/plugins/data_source/server/legacy/client_config.ts @@ -55,7 +55,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const configOptions: ConfigOptions = { diff --git a/src/plugins/data_source/server/util/tls_settings_provider.test.ts b/src/plugins/data_source/server/util/tls_settings_provider.test.ts index 3458ea8e6ccf..6852bb959310 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.test.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.test.ts @@ -40,7 +40,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); @@ -52,7 +52,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); }); diff --git a/src/plugins/data_source/server/util/tls_settings_provider.ts b/src/plugins/data_source/server/util/tls_settings_provider.ts index 0924041a756d..1b86c91c3b6b 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.ts @@ -8,7 +8,7 @@ import { readFileSync } from 'fs'; export const readCertificateAuthorities = ( listOfCertificateAuthorities: string | string[] | undefined ) => { - let certificateAuthorities: string[] | undefined = []; + let certificateAuthorities: string[] | undefined; const addCertificateAuthorities = (ca: string[]) => { if (ca && ca.length) {