From ada8d39c7370c1e0906dce54e718b21ee2856796 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 28 Mar 2024 19:20:03 -0400 Subject: [PATCH 1/2] Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset (#6282) * Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset Signed-off-by: Craig Perkins * Add to CHANGELOG Signed-off-by: Craig Perkins * Adjust test in tls_settings_provider.test.ts Signed-off-by: Craig Perkins --------- Signed-off-by: Craig Perkins (cherry picked from commit 40da92c95ad75487d54899af3d0e9d8dd1807bed) --- .../server/client/client_config.test.ts | 29 ++++++++++++++++++- .../server/client/client_config.ts | 2 +- .../server/legacy/client_config.test.ts | 28 +++++++++++++++++- .../server/legacy/client_config.ts | 2 +- .../server/util/tls_settings_provider.test.ts | 4 +-- .../server/util/tls_settings_provider.ts | 2 +- 6 files changed, 60 insertions(+), 7 deletions(-) diff --git a/src/plugins/data_source/server/client/client_config.test.ts b/src/plugins/data_source/server/client/client_config.test.ts index e6aef818f7de..838b8bc882b4 100644 --- a/src/plugins/data_source/server/client/client_config.test.ts +++ b/src/plugins/data_source/server/client/client_config.test.ts @@ -46,7 +46,7 @@ describe('parseClientOptions', () => { ssl: { requestCert: true, rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -109,4 +109,31 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + node: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + requestCert: true, + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/client/client_config.ts b/src/plugins/data_source/server/client/client_config.ts index 1c08190cc646..5303da6d12dd 100644 --- a/src/plugins/data_source/server/client/client_config.ts +++ b/src/plugins/data_source/server/client/client_config.ts @@ -56,7 +56,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const clientOptions: ClientOptions = { diff --git a/src/plugins/data_source/server/legacy/client_config.test.ts b/src/plugins/data_source/server/legacy/client_config.test.ts index 67445a686f90..b8a6b1664abd 100644 --- a/src/plugins/data_source/server/legacy/client_config.test.ts +++ b/src/plugins/data_source/server/legacy/client_config.test.ts @@ -44,7 +44,7 @@ describe('parseClientOptions', () => { host: TEST_DATA_SOURCE_ENDPOINT, ssl: { rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -105,4 +105,30 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + host: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/legacy/client_config.ts b/src/plugins/data_source/server/legacy/client_config.ts index a3704d3ec099..a2dc81d6dc11 100644 --- a/src/plugins/data_source/server/legacy/client_config.ts +++ b/src/plugins/data_source/server/legacy/client_config.ts @@ -55,7 +55,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const configOptions: ConfigOptions = { diff --git a/src/plugins/data_source/server/util/tls_settings_provider.test.ts b/src/plugins/data_source/server/util/tls_settings_provider.test.ts index 3458ea8e6ccf..6852bb959310 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.test.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.test.ts @@ -40,7 +40,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); @@ -52,7 +52,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); }); diff --git a/src/plugins/data_source/server/util/tls_settings_provider.ts b/src/plugins/data_source/server/util/tls_settings_provider.ts index 0924041a756d..1b86c91c3b6b 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.ts @@ -8,7 +8,7 @@ import { readFileSync } from 'fs'; export const readCertificateAuthorities = ( listOfCertificateAuthorities: string | string[] | undefined ) => { - let certificateAuthorities: string[] | undefined = []; + let certificateAuthorities: string[] | undefined; const addCertificateAuthorities = (ca: string[]) => { if (ca && ca.length) { From db1550af87c5392a0f13466f53306a411ceca849 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Fri, 29 Mar 2024 13:31:38 -0400 Subject: [PATCH 2/2] Add to CHANGELOG Signed-off-by: Craig Perkins --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 539c5aa3de57..c9e9a255b516 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### 🐛 Bug Fixes +- [Multiple Datasource] Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset ([#6282](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6282)) + ### 🚞 Infrastructure ### 📝 Documentation