From 1ad34e128218b5754775e6532d6fcd602a279485 Mon Sep 17 00:00:00 2001 From: cliu123 Date: Thu, 16 Jun 2022 15:04:04 -0700 Subject: [PATCH] Fix for the breaking changes in OpenSearch 3.0 Signed-off-by: cliu123 --- .../dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java | 2 +- .../dlic/auth/http/saml/SamlFilesystemMetadataResolver.java | 2 +- .../org/opensearch/security/OpenSearchSecurityPlugin.java | 4 ++-- .../opensearch/security/auditlog/impl/AbstractAuditLog.java | 2 +- .../security/configuration/ConfigurationRepository.java | 2 +- .../opensearch/security/dlic/rest/api/MigrateApiAction.java | 2 +- .../opensearch/security/ssl/DefaultSecurityKeyStore.java | 6 +++--- .../org/opensearch/security/ssl/util/SSLRequestHelper.java | 6 +++--- .../java/org/opensearch/security/support/PemKeyReader.java | 4 ++-- .../java/org/opensearch/security/tools/SecurityAdmin.java | 2 +- .../security/test/helper/cluster/ClusterHelper.java | 2 +- 11 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java index 812ca4f82f..3603aeb94e 100644 --- a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java @@ -70,7 +70,7 @@ public class HTTPSpnegoAuthenticator implements HTTPAuthenticator { public HTTPSpnegoAuthenticator(final Settings settings, final Path configPath) { super(); try { - final Path configDir = new Environment(settings, configPath).configFile(); + final Path configDir = new Environment(settings, configPath).configDir(); final String krb5PathSetting = settings.get("plugins.security.kerberos.krb5_filepath"); final SecurityManager sm = System.getSecurityManager(); diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java b/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java index 80f272b43b..302b1f41ea 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java @@ -51,6 +51,6 @@ public byte[] run() throws ResolverException { private static File getMetadataFile(String filePath, Settings settings, Path configPath) { Environment env = new Environment(settings, configPath); - return env.configFile().resolve(filePath).toAbsolutePath().toFile(); + return env.configDir().resolve(filePath).toAbsolutePath().toFile(); } } diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 66530cfaed..69dce00d41 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -326,7 +326,7 @@ public Object run() { final List filesWithWrongPermissions = AccessController.doPrivileged(new PrivilegedAction>() { @Override public List run() { - final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath(); + final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath(); if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) { try (Stream s = Files.walk(confPath)) { return s.distinct().filter(p -> checkFilePermissions(p)).collect(Collectors.toList()); @@ -356,7 +356,7 @@ public List run() { final List files = AccessController.doPrivileged(new PrivilegedAction>() { @Override public List run() { - final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath(); + final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath(); if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) { try (Stream s = Files.walk(confPath)) { return s.distinct().map(p -> sha256(p)).collect(Collectors.toList()); diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java index bc5e240c77..d6f59028fa 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java @@ -560,7 +560,7 @@ public Map run() { (key.contains("filepath") || key.contains("file_path"))) { String value = settings.get(key); if(value != null && !value.isEmpty()) { - Path path = value.startsWith("/")?Paths.get(value):environment.configFile().resolve(value); + Path path = value.startsWith("/")?Paths.get(value):environment.configDir().resolve(value); paths.put(key, path); } } diff --git a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java index 84d3059942..4b2fa7af8b 100644 --- a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java +++ b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java @@ -120,7 +120,7 @@ public void run() { try { String lookupDir = System.getProperty("security.default_init.dir"); - final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configFile().toAbsolutePath().toString()+"/opensearch-security/"; + final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configDir().toAbsolutePath().toString()+"/opensearch-security/"; File confFile = new File(cd+"config.yml"); if(confFile.exists()) { final ThreadContext threadContext = threadPool.getThreadContext(); diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java index 7ea87cba09..6c973f3557 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java @@ -27,7 +27,7 @@ import org.opensearch.action.bulk.BulkResponse; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.action.support.master.AcknowledgedResponse; +import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexMetadata; import org.opensearch.cluster.service.ClusterService; diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java index 72d18fc0c9..026165f95e 100644 --- a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java +++ b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java @@ -226,8 +226,8 @@ private String resolve(String propName, boolean mustBeValid) { log.debug("Value for {} is {}", propName, originalPath); if (env != null && originalPath != null && originalPath.length() > 0) { - path = env.configFile().resolve(originalPath).toAbsolutePath().toString(); - log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString()); + path = env.configDir().resolve(originalPath).toAbsolutePath().toString(); + log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString()); } if (mustBeValid) { @@ -247,7 +247,7 @@ private void initSSLConfig() { log.info("No config directory, key- and truststore files are resolved absolutely"); } else { log.info("Config directory is {}/, from there the key- and truststore files are resolved relatively", - env.configFile().toAbsolutePath()); + env.configDir().toAbsolutePath()); } diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java index 5bd72fba5d..893fb04fac 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java @@ -199,7 +199,7 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett final String crlFile = settings.get(SSLConfigConstants.SSECURITY_SSL_HTTP_CRL_FILE); if(crlFile != null) { - final File crl = env.configFile().resolve(crlFile).toAbsolutePath().toFile(); + final File crl = env.configDir().resolve(crlFile).toAbsolutePath().toFile(); try(FileInputStream crlin = new FileInputStream(crl)) { crls = CertificateFactory.getInstance("X.509").generateCRLs(crlin); } @@ -222,12 +222,12 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett //final String truststoreAlias = settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_ALIAS, null); final KeyStore ts = KeyStore.getInstance(truststoreType); - try(FileInputStream fin = new FileInputStream(new File(env.configFile().resolve(truststore).toAbsolutePath().toString()))) { + try(FileInputStream fin = new FileInputStream(new File(env.configDir().resolve(truststore).toAbsolutePath().toString()))) { ts.load(fin, (truststorePassword == null || truststorePassword.length() == 0) ?null:truststorePassword.toCharArray()); } validator = new CertificateValidator(ts, crls); } else { - final File trustedCas = env.configFile().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile(); + final File trustedCas = env.configDir().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile(); try(FileInputStream trin = new FileInputStream(trustedCas)) { Collection cert = (Collection) CertificateFactory.getInstance("X.509").generateCertificates(trin); validator = new CertificateValidator(cert.toArray(new X509Certificate[0]), crls); diff --git a/src/main/java/org/opensearch/security/support/PemKeyReader.java b/src/main/java/org/opensearch/security/support/PemKeyReader.java index 53eeb21736..97aea87c13 100644 --- a/src/main/java/org/opensearch/security/support/PemKeyReader.java +++ b/src/main/java/org/opensearch/security/support/PemKeyReader.java @@ -325,8 +325,8 @@ public static String resolve(String originalPath, String propName, Settings sett final Environment env = new Environment(settings, configPath); if(env != null && originalPath != null && originalPath.length() > 0) { - path = env.configFile().resolve(originalPath).toAbsolutePath().toString(); - log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString()); + path = env.configDir().resolve(originalPath).toAbsolutePath().toString(); + log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString()); } if(mustBeValid) { diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index 6360f508b3..4839524552 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -89,7 +89,7 @@ import org.opensearch.action.get.GetResponse; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.action.support.master.AcknowledgedResponse; +import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.client.Request; import org.opensearch.client.RequestOptions; import org.opensearch.client.Response; diff --git a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java index 72360a5712..bf94bdd5ca 100644 --- a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java @@ -49,7 +49,7 @@ import org.opensearch.action.admin.cluster.node.info.NodesInfoRequest; import org.opensearch.action.admin.cluster.node.info.NodesInfoResponse; import org.opensearch.action.admin.indices.template.put.PutIndexTemplateRequest; -import org.opensearch.action.support.master.AcknowledgedResponse; +import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.cluster.health.ClusterHealthStatus; import org.opensearch.cluster.node.DiscoveryNodeRole;