Skip to content

Commit

Permalink
Adds release notes for 2.1.0 and revert opensearch-project#1890 (open…
Browse files Browse the repository at this point in the history
…search-project#1901)

* Adds release notes for 2.1.0

Signed-off-by: Darshit Chanpura <[email protected]>

* Revert "Bump version to 3.0.0.0 (opensearch-project#1890)"

This reverts commit 00e2a5d.

Signed-off-by: Darshit Chanpura <[email protected]>
  • Loading branch information
DarshitChanpura authored Jun 27, 2022
1 parent d507ebb commit 15f1fbd
Show file tree
Hide file tree
Showing 12 changed files with 56 additions and 22 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@ jobs:
cp -r build/ ./bwc-test/
mkdir ./bwc-test/src/test/resources/security_plugin_version_no_snapshot
cp build/distributions/opensearch-security-${security_plugin_version_no_snapshot}.zip ./bwc-test/src/test/resources/${security_plugin_version_no_snapshot}
mkdir bwc-test/src/test/resources/2.1.0.0
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip
mv opensearch-security-2.1.0.0.zip bwc-test/src/test/resources/2.1.0.0/
mkdir bwc-test/src/test/resources/2.0.0.0
wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.0.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.0.0.0.zip
mv opensearch-security-2.0.0.0.zip bwc-test/src/test/resources/2.0.0.0/
cd bwc-test/
./gradlew bwcTestSuite -Dtests.security.manager=false
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

buildscript {
ext {
opensearch_version = System.getProperty("opensearch.version", "3.0.0-SNAPSHOT")
opensearch_version = System.getProperty("opensearch.version", "2.1.0-SNAPSHOT")
isSnapshot = "true" == System.getProperty("build.snapshot", "true")
buildVersionQualifier = System.getProperty("build.version_qualifier", "")

Expand Down
8 changes: 4 additions & 4 deletions bwc-test/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ ext {

buildscript {
ext {
opensearch_version = System.getProperty("opensearch.version", "3.0.0-SNAPSHOT")
opensearch_version = System.getProperty("opensearch.version", "2.1.0-SNAPSHOT")
opensearch_group = "org.opensearch"
}
repositories {
Expand All @@ -73,16 +73,16 @@ dependencies {
testImplementation "org.opensearch.test:framework:${opensearch_version}"
}

String bwcVersion = "2.1.0.0";
String bwcVersion = "2.0.0.0";
String baseName = "securityBwcCluster"
String bwcFilePath = "src/test/resources/"
String projectVersion = "3.0.0.0"
String projectVersion = "2.1.0.0"

2.times {i ->
testClusters {
"${baseName}$i" {
testDistribution = "ARCHIVE"
versions = ["2.1.0","3.0.0"]
versions = ["2.0.0","2.1.0"]
numberOfNodes = 3
plugin(provider(new Callable<RegularFile>() {
@Override
Expand Down
34 changes: 34 additions & 0 deletions release-notes/opensearch-security.release-notes-2.1.0.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
## 2022-06-30 Version 2.1.0.0

Compatible with OpenSearch 2.1.0

### Enhancements
* Delegate to NettyAllocator.getAllocator() for ByteBufAllocator instead of hard-coding PooledByteBufAllocator. ([#1396](https://github.com/opensearch-project/security/pull/1396))
* Tenant Permissions : added the possibility to specify tenants via parameter ([#1813](https://github.com/opensearch-project/security/pull/1813))
* JWT: validate issuer and audience ([#1780](https://github.com/opensearch-project/security/pull/1780), [#1781](https://github.com/opensearch-project/security/pull/1781)) ([#1785](https://github.com/opensearch-project/security/pull/1785))

### Refactoring
* Remove master keywords ([#1886](https://github.com/opensearch-project/security/pull/1886))

### Bug Fix
* Cluster permissions evaluation logic will now include `index_template` type action ([#1885](https://github.com/opensearch-project/security/pull/1885))
* Add missing settings to plugin allowed list ([#1814](https://github.com/opensearch-project/security/pull/1814))
* Updates license headers ([#1829](https://github.com/opensearch-project/security/pull/1829))
* Prevent recursive action groups ([#1868](https://github.com/opensearch-project/security/pull/1868))
* Update `org.springframework:spring-core` to `5.3.20` ([#1850](https://github.com/opensearch-project/security/pull/1850))

### Test Fix
* Bump version to 2.1.0.0 ([#1883](https://github.com/opensearch-project/security/pull/1883))
* ComplianceAuditlogTest to use signal/wait ([#1914](https://github.com/opensearch-project/security/pull/1914))

### Maintenance
* Revert "Bump version to 2.1.0.0 (#1865)" ([#1882](https://github.com/opensearch-project/security/pull/1882))
* Bump version to 2.1.0.0 ([#1865](https://github.com/opensearch-project/security/pull/1865))
* Revert "Bump version to 2.1.0.0 (#1855)" ([#1864](https://github.com/opensearch-project/security/pull/1864))
* Bump version to 2.1.0.0 ([#1855](https://github.com/opensearch-project/security/pull/1855))
* Add suppression for all removal warnings ([#1828](https://github.com/opensearch-project/security/pull/1828))
* Update support link ([#1851](https://github.com/opensearch-project/security/pull/1851))
* Create 2.0.0 release notes ([#1854](https://github.com/opensearch-project/security/pull/1854))
* Switch to standard OpenSearch gradle build ([#1888](https://github.com/opensearch-project/security/pull/1888))
* Fix build break from cluster manager changes ([#1911](https://github.com/opensearch-project/security/pull/1911))
* Update org.apache.zookeeper:zookeeper to 3.7.1 ([#1912](https://github.com/opensearch-project/security/pull/1912))
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public class HTTPSpnegoAuthenticator implements HTTPAuthenticator {
public HTTPSpnegoAuthenticator(final Settings settings, final Path configPath) {
super();
try {
final Path configDir = new Environment(settings, configPath).configDir();
final Path configDir = new Environment(settings, configPath).configFile();
final String krb5PathSetting = settings.get("plugins.security.kerberos.krb5_filepath");

final SecurityManager sm = System.getSecurityManager();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,6 @@ public byte[] run() throws ResolverException {

private static File getMetadataFile(String filePath, Settings settings, Path configPath) {
Environment env = new Environment(settings, configPath);
return env.configDir().resolve(filePath).toAbsolutePath().toFile();
return env.configFile().resolve(filePath).toAbsolutePath().toFile();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ public Object run() {
final List<Path> filesWithWrongPermissions = AccessController.doPrivileged(new PrivilegedAction<List<Path>>() {
@Override
public List<Path> run() {
final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath();
final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath();
if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) {
try (Stream<Path> s = Files.walk(confPath)) {
return s.distinct().filter(p -> checkFilePermissions(p)).collect(Collectors.toList());
Expand Down Expand Up @@ -356,7 +356,7 @@ public List<Path> run() {
final List<String> files = AccessController.doPrivileged(new PrivilegedAction<List<String>>() {
@Override
public List<String> run() {
final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath();
final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath();
if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) {
try (Stream<Path> s = Files.walk(confPath)) {
return s.distinct().map(p -> sha256(p)).collect(Collectors.toList());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -560,7 +560,7 @@ public Map run() {
(key.contains("filepath") || key.contains("file_path"))) {
String value = settings.get(key);
if(value != null && !value.isEmpty()) {
Path path = value.startsWith("/")?Paths.get(value):environment.configDir().resolve(value);
Path path = value.startsWith("/")?Paths.get(value):environment.configFile().resolve(value);
paths.put(key, path);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ public void run() {

try {
String lookupDir = System.getProperty("security.default_init.dir");
final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configDir().toAbsolutePath().toString()+"/opensearch-security/";
final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configFile().toAbsolutePath().toString()+"/opensearch-security/";
File confFile = new File(cd+"config.yml");
if(confFile.exists()) {
final ThreadContext threadContext = threadPool.getThreadContext();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -226,8 +226,8 @@ private String resolve(String propName, boolean mustBeValid) {
log.debug("Value for {} is {}", propName, originalPath);

if (env != null && originalPath != null && originalPath.length() > 0) {
path = env.configDir().resolve(originalPath).toAbsolutePath().toString();
log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString());
path = env.configFile().resolve(originalPath).toAbsolutePath().toString();
log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString());
}

if (mustBeValid) {
Expand All @@ -247,7 +247,7 @@ private void initSSLConfig() {
log.info("No config directory, key- and truststore files are resolved absolutely");
} else {
log.info("Config directory is {}/, from there the key- and truststore files are resolved relatively",
env.configDir().toAbsolutePath());
env.configFile().toAbsolutePath());
}


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett
final String crlFile = settings.get(SSLConfigConstants.SSECURITY_SSL_HTTP_CRL_FILE);

if(crlFile != null) {
final File crl = env.configDir().resolve(crlFile).toAbsolutePath().toFile();
final File crl = env.configFile().resolve(crlFile).toAbsolutePath().toFile();
try(FileInputStream crlin = new FileInputStream(crl)) {
crls = CertificateFactory.getInstance("X.509").generateCRLs(crlin);
}
Expand All @@ -222,12 +222,12 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett
//final String truststoreAlias = settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_ALIAS, null);

final KeyStore ts = KeyStore.getInstance(truststoreType);
try(FileInputStream fin = new FileInputStream(new File(env.configDir().resolve(truststore).toAbsolutePath().toString()))) {
try(FileInputStream fin = new FileInputStream(new File(env.configFile().resolve(truststore).toAbsolutePath().toString()))) {
ts.load(fin, (truststorePassword == null || truststorePassword.length() == 0) ?null:truststorePassword.toCharArray());
}
validator = new CertificateValidator(ts, crls);
} else {
final File trustedCas = env.configDir().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile();
final File trustedCas = env.configFile().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile();
try(FileInputStream trin = new FileInputStream(trustedCas)) {
Collection<? extends Certificate> cert = (Collection<? extends Certificate>) CertificateFactory.getInstance("X.509").generateCertificates(trin);
validator = new CertificateValidator(cert.toArray(new X509Certificate[0]), crls);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -325,8 +325,8 @@ public static String resolve(String originalPath, String propName, Settings sett
final Environment env = new Environment(settings, configPath);

if(env != null && originalPath != null && originalPath.length() > 0) {
path = env.configDir().resolve(originalPath).toAbsolutePath().toString();
log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString());
path = env.configFile().resolve(originalPath).toAbsolutePath().toString();
log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString());
}

if(mustBeValid) {
Expand Down

0 comments on commit 15f1fbd

Please sign in to comment.