opensearch-project · ylwu-amzn · Jul 12, 2023 · Jul 11, 2023 · Jul 11, 2023 · Jul 11, 2023
@@ -24,6 +24,9 @@ public class CommonValue {
     public static final String UNDEPLOYED = "undeployed";
     public static final String NOT_FOUND = "not_found";
 
+    public static final String MASTER_KEY = "master_key";
+    public static final String CREATE_TIME_FIELD = "create_time";
+
     public static final String BOX_TYPE_KEY = "box_type";
     //hot node
     public static String HOT_BOX_TYPE = "hot";
@@ -37,6 +40,8 @@ public class CommonValue {
     public static final String ML_CONNECTOR_INDEX = ".plugins-ml-connector";
     public static final Integer ML_TASK_INDEX_SCHEMA_VERSION = 1;
     public static final Integer ML_CONNECTOR_SCHEMA_VERSION = 1;
+    public static final String ML_CONFIG_INDEX = ".plugins-ml-config";
+    public static final Integer ML_CONFIG_INDEX_SCHEMA_VERSION = 1;
     public static final String USER_FIELD_MAPPING = "      \""
             + CommonValue.USER
             + "\": {\n"
@@ -301,4 +306,19 @@ public class CommonValue {
             + "\": {\"type\": \"date\", \"format\": \"strict_date_time||epoch_millis\"}\n"
             + "    }\n"
             + "}";
+
+
+    public static final String ML_CONFIG_INDEX_MAPPING = "{\n"
+            + "    \"_meta\": {\"schema_version\": "
+            + ML_CONFIG_INDEX_SCHEMA_VERSION
+            + "},\n"
+            + "    \"properties\": {\n"
+            + "      \""
+            + MASTER_KEY
+            + "\": {\"type\": \"keyword\"},\n"
+            + "      \""
+            + CREATE_TIME_FIELD
+            + "\": {\"type\": \"date\", \"format\": \"strict_date_time||epoch_millis\"}\n"
+            + "    }\n"
+            + "}";
 }
@@ -6,6 +6,7 @@
 package org.opensearch.ml.engine;
 
 import lombok.Getter;
+import lombok.extern.log4j.Log4j2;
 import org.opensearch.ml.common.FunctionName;
 import org.opensearch.ml.common.MLModel;
 import org.opensearch.ml.common.dataframe.DataFrame;
@@ -18,29 +19,35 @@
 import org.opensearch.ml.common.output.MLOutput;
 import org.opensearch.ml.common.output.Output;
 import org.opensearch.ml.engine.encryptor.Encryptor;
-
 import java.nio.file.Path;
 import java.util.Locale;
 import java.util.Map;
 
 /**
  * This is the interface to all ml algorithms.
  */
+@Log4j2
 public class MLEngine {
 
     public static final String REGISTER_MODEL_FOLDER = "register";
     public static final String DEPLOY_MODEL_FOLDER = "deploy";
     private final String MODEL_REPO = "https://artifacts.opensearch.org/models/ml-models";
 
+    private final Path mlUserConfigPath;
+    @Getter
+    private final Path mlConfigPath;
+
     @Getter
     private final Path mlCachePath;
     private final Path mlModelsCachePath;
 
-    private final Encryptor encryptor;
+    private Encryptor encryptor;
 
-    public MLEngine(Path opensearchDataFolder, Encryptor encryptor) {
-        mlCachePath = opensearchDataFolder.resolve("ml_cache");
-        mlModelsCachePath = mlCachePath.resolve("models_cache");
+    public MLEngine(Path opensearchDataFolder, Path opensearchConfigFolder, Encryptor encryptor) {
+        this.mlCachePath = opensearchDataFolder.resolve("ml_cache");
+        this.mlModelsCachePath = mlCachePath.resolve("models_cache");
+        this.mlUserConfigPath = opensearchConfigFolder.resolve("opensearch-ml");
+        this.mlConfigPath = mlCachePath.resolve("config");
         this.encryptor = encryptor;
     }
 
@@ -195,7 +202,4 @@ public String encrypt(String credential) {
         return encryptor.encrypt(credential);
     }
 
-    public void setMasterKey(String masterKey) {
-        encryptor.setMasterKey(masterKey);
-    }
 }
@@ -95,11 +95,6 @@ public static RemoteInferenceInputDataSet processInput(MLInput mlInput, Connecto
         } else {
             throw new IllegalArgumentException("Wrong input type");
         }
-        Map<String, String> escapedParameters = new HashMap<>();
-        inputData.getParameters().entrySet().forEach(entry -> {
-            escapedParameters.put(entry.getKey(), escapeJava(entry.getValue()));
-        });
-        inputData.setParameters(escapedParameters);
         return inputData;
     }
 

@@ -5,6 +5,9 @@
 
 package org.opensearch.ml.engine.encryptor;
 
+import java.security.SecureRandom;
+import java.util.Base64;
+
 public interface Encryptor {
 
     /**
@@ -29,4 +32,7 @@ public interface Encryptor {
      * @param masterKey masterKey to be set.
      */
     void setMasterKey(String masterKey);
+
+    String generateMasterKey();
+
 }
@@ -13,14 +13,15 @@
 
 import javax.crypto.spec.SecretKeySpec;
 import java.nio.charset.StandardCharsets;
+import java.security.SecureRandom;
 import java.util.Base64;
 
 public class EncryptorImpl implements Encryptor {
 
     private volatile String masterKey;
 
-    public EncryptorImpl(String masterKey) {
-        this.masterKey = masterKey;
+    public EncryptorImpl() {
+        this.masterKey = null;
     }
 
     @Override
@@ -60,14 +61,17 @@ public String decrypt(String encryptedText) {
         return new String(decryptedResult.getResult());
     }
 
+    @Override
+    public String generateMasterKey() {
+        byte[] keyBytes = new byte[16];
+        new SecureRandom().nextBytes(keyBytes);
+        String base64Key = Base64.getEncoder().encodeToString(keyBytes);
+        return base64Key;
+    }
+
     private void checkMasterKey() {
-        if (masterKey == "0000000000000000" || masterKey == null) {
-            throw new MetaDataException("Please provide a masterKey for credential encryption! Example: PUT /_cluster/settings\n" +
-                    "{\n" +
-                    "  \"persistent\" : {\n" +
-                    "    \"plugins.ml_commons.encryption.master_key\" : \"1234567x\"  \n" +
-                    "  }\n" +
-                    "}");
+        if (masterKey == null) {
+            throw new MetaDataException("Encryption key not created yet.");
         }
     }
 }
diff --git a/ml-algorithms/src/test/java/org/opensearch/ml/engine/MLEngineTest.java b/ml-algorithms/src/test/java/org/opensearch/ml/engine/MLEngineTest.java
@@ -53,8 +53,9 @@ public class MLEngineTest {
 
     @Before
     public void setUp() {
-        Encryptor encryptor = new EncryptorImpl("0000000000000000");
-        mlEngine = new MLEngine(Path.of("/tmp/test" + UUID.randomUUID()), encryptor);
+        Encryptor encryptor = new EncryptorImpl();
+        encryptor.setMasterKey("0000000000000000");
+        mlEngine = new MLEngine(Path.of("/tmp/test" + UUID.randomUUID()), Path.of("/tmp/test" + UUID.randomUUID()), encryptor);
     }
 
     @Test

@@ -58,6 +58,7 @@
 import org.opensearch.ml.engine.MLEngine;
 import org.opensearch.ml.engine.ModelHelper;
 import org.opensearch.ml.engine.encryptor.Encryptor;
+import org.opensearch.ml.engine.encryptor.EncryptorImpl;
 import org.opensearch.search.SearchHit;
 import org.opensearch.search.SearchHits;
 import org.opensearch.search.aggregations.InternalAggregations;
@@ -128,7 +129,8 @@ public class MetricsCorrelationTest {
     ActionListener<MLDeployModelResponse> mlDeployModelResponseActionListener;
     private MetricsCorrelation metricsCorrelation;
     private MetricsCorrelationInput input, extendedInput;
-    private Path djlCachePath;
+    private Path mlCachePath;
+    private Path mlConfigPath;
     private MLModel model;
 
     private MetricsCorrelationModelConfig modelConfig;
@@ -144,7 +146,6 @@ public class MetricsCorrelationTest {
 
     Map<String, Object> params = new HashMap<>();
 
-    @Mock
     private Encryptor encryptor;
 
     public MetricsCorrelationTest() {
@@ -155,8 +156,11 @@ public void setUp() throws IOException, URISyntaxException {
 
         System.setProperty("testMode", "true");
 
-        djlCachePath = Path.of("/tmp/djl_cache_" + UUID.randomUUID());
-        mlEngine = new MLEngine(djlCachePath, encryptor);
+        mlCachePath = Path.of("/tmp/djl_cache_" + UUID.randomUUID());
+        mlConfigPath = Path.of("/tmp/djl_cache_" + UUID.randomUUID());
+        encryptor = new EncryptorImpl();
+        encryptor.setMasterKey("0000000000000001");
+        mlEngine = new MLEngine(mlCachePath, mlConfigPath, encryptor);
         modelConfig = MetricsCorrelationModelConfig.builder()
                 .modelType(MetricsCorrelation.MODEL_TYPE)
                 .allConfig(null)

diff --git a/...ms/src/test/java/org/opensearch/ml/engine/algorithms/remote/AwsConnectorExecutorTest.java b/...ms/src/test/java/org/opensearch/ml/engine/algorithms/remote/AwsConnectorExecutorTest.java
@@ -67,7 +67,8 @@ public class AwsConnectorExecutorTest {
     @Before
     public void setUp() {
         MockitoAnnotations.openMocks(this);
-        encryptor = new EncryptorImpl("0000000000000001");
+        encryptor = new EncryptorImpl();
+        encryptor.setMasterKey("0000000000000001");
     }
 
     @Test

@@ -84,7 +84,7 @@ public void processInput_TextDocsInputDataSet_PreprocessFunction_MultiTextDoc()
         processInput_TextDocsInputDataSet_PreprocessFunction(
                 "{\"input\": ${parameters.input}}",
                 "{\"parameters\": { \"input\": [\"test_value1\", \"test_value2\"] } }",
-                "[\\\"test_value1\\\",\\\"test_value2\\\"]");
+                "[\"test_value1\",\"test_value2\"]");
     }
 
     @Test

diff --git a/ml-algorithms/src/test/java/org/opensearch/ml/engine/algorithms/remote/RemoteModelTest.java b/ml-algorithms/src/test/java/org/opensearch/ml/engine/algorithms/remote/RemoteModelTest.java
@@ -48,7 +48,8 @@ public class RemoteModelTest {
     public void setUp() {
         MockitoAnnotations.openMocks(this);
         remoteModel = new RemoteModel();
-        encryptor = spy(new EncryptorImpl("0000000000000001"));
+        encryptor = spy(new EncryptorImpl());
+        encryptor.setMasterKey("0000000000000001");
     }
 
     @Test

@@ -19,6 +19,8 @@
 import org.opensearch.ml.common.transport.register.MLRegisterModelInput;
 import org.opensearch.ml.engine.MLEngine;
 import org.opensearch.ml.engine.ModelHelper;
+import org.opensearch.ml.engine.encryptor.Encryptor;
+import org.opensearch.ml.engine.encryptor.EncryptorImpl;
 
 import java.io.IOException;
 import java.net.URISyntaxException;
@@ -50,12 +52,16 @@ public class ModelHelperTest {
     @Mock
     ActionListener<MLRegisterModelInput> registerModelListener;
 
+    Encryptor encryptor;
+
     @Before
     public void setup() throws URISyntaxException {
         MockitoAnnotations.openMocks(this);
         modelFormat = MLModelFormat.TORCH_SCRIPT;
         modelId = "model_id";
-        mlEngine = new MLEngine(Path.of("/tmp/test" + modelId), null);
+        encryptor = new EncryptorImpl();
+        encryptor.setMasterKey("0000000000000001");
+        mlEngine = new MLEngine(Path.of("/tmp/test" + modelId), Path.of("/tmp/test_config"), encryptor);
         modelHelper = new ModelHelper(mlEngine);
     }
 

@@ -27,6 +27,7 @@
 import org.opensearch.ml.engine.MLEngine;
 import org.opensearch.ml.engine.ModelHelper;
 import org.opensearch.ml.engine.encryptor.Encryptor;
+import org.opensearch.ml.engine.encryptor.EncryptorImpl;
 import org.opensearch.ml.engine.utils.FileUtils;
 
 import java.io.File;
@@ -62,16 +63,20 @@ public class TextEmbeddingModelTest {
     private ModelHelper modelHelper;
     private Map<String, Object> params;
     private TextEmbeddingModel textEmbeddingModel;
-    private Path djlCachePath;
+    private Path mlCachePath;
+    private Path mlConfigPath;
     private TextDocsInputDataSet inputDataSet;
     private int dimension = 384;
     private MLEngine mlEngine;
     private Encryptor encryptor;
 
     @Before
     public void setUp() throws URISyntaxException {
-        djlCachePath = Path.of("/tmp/djl_cache_" + UUID.randomUUID());
-        mlEngine = new MLEngine(djlCachePath, encryptor);
+        mlCachePath = Path.of("/tmp/ml_cache" + UUID.randomUUID());
+        mlConfigPath = Path.of("/tmp/ml_config" + UUID.randomUUID());
+        encryptor = new EncryptorImpl();
+        encryptor.setMasterKey("0000000000000001");
+        mlEngine = new MLEngine(mlCachePath, mlConfigPath, encryptor);
         modelId = "test_model_id";
         modelName = "test_model_name";
         functionName = FunctionName.TEXT_EMBEDDING;
@@ -329,7 +334,7 @@ public void predict_BeforeInitingModel() {
 
     @After
     public void tearDown() {
-        FileUtils.deleteFileQuietly(djlCachePath);
+        FileUtils.deleteFileQuietly(mlCachePath);
     }
 
     private int findSentenceEmbeddingPosition(ModelTensors modelTensors) {

@@ -14,6 +14,7 @@
 import org.opensearch.common.component.LifecycleListener;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.common.unit.TimeValue;
+import org.opensearch.ml.engine.encryptor.Encryptor;
 import org.opensearch.ml.indices.MLIndicesHandler;
 import org.opensearch.threadpool.Scheduler;
 import org.opensearch.threadpool.ThreadPool;
@@ -30,6 +31,7 @@ public class MLCommonsClusterManagerEventListener implements LocalNodeClusterMan
     private Scheduler.Cancellable syncModelRoutingCron;
     private DiscoveryNodeHelper nodeHelper;
     private final MLIndicesHandler mlIndicesHandler;
+    private final Encryptor encryptor;
 
     private volatile Integer jobInterval;
 
@@ -39,14 +41,16 @@ public MLCommonsClusterManagerEventListener(
         Settings settings,
         ThreadPool threadPool,
         DiscoveryNodeHelper nodeHelper,
-        MLIndicesHandler mlIndicesHandler
+        MLIndicesHandler mlIndicesHandler,
+        Encryptor encryptor
     ) {
         this.clusterService = clusterService;
         this.client = client;
         this.threadPool = threadPool;
         this.clusterService.addListener(this);
         this.nodeHelper = nodeHelper;
         this.mlIndicesHandler = mlIndicesHandler;
+        this.encryptor = encryptor;
 
         this.jobInterval = ML_COMMONS_SYNC_UP_JOB_INTERVAL_IN_SECONDS.get(settings);
         clusterService.getClusterSettings().addSettingsUpdateConsumer(ML_COMMONS_SYNC_UP_JOB_INTERVAL_IN_SECONDS, it -> {
@@ -67,7 +71,7 @@ private void startSyncModelRoutingCron() {
         if (jobInterval > 0) {
             syncModelRoutingCron = threadPool
                 .scheduleWithFixedDelay(
-                    new MLSyncUpCron(client, clusterService, nodeHelper, mlIndicesHandler),
+                    new MLSyncUpCron(client, clusterService, nodeHelper, mlIndicesHandler, encryptor),
                     TimeValue.timeValueSeconds(jobInterval),
                     GENERAL_THREAD_POOL
                 );