From cca77bec5350d59d4c8570c4dee9834ff9b3c33c Mon Sep 17 00:00:00 2001 From: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Date: Mon, 31 Jul 2023 14:32:50 -0400 Subject: [PATCH] Remove static local-node reference (#3066) ### Description Remove static reference/initialization of localNode variable inside security plugin, to fix `No user found..` errors caused due to mismatching localNode values in test. Signed-off-by: Peter Nied Co-authored-by: Peter Nied --- .../security/OpenSearchSecurityPlugin.java | 14 +++----------- .../security/transport/SecurityInterceptor.java | 6 +++--- .../transport/SecurityInterceptorTests.java | 7 ++----- 3 files changed, 8 insertions(+), 19 deletions(-) diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 1dbc787b74..e46a04f81f 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -212,7 +212,7 @@ public final class OpenSearchSecurityPlugin extends OpenSearchSecuritySSLPlugin private volatile ConfigurationRepository cr; private volatile AdminDNs adminDns; private volatile ClusterService cs; - private static volatile DiscoveryNode localNode; + private volatile AtomicReference localNode = new AtomicReference<>(); private volatile AuditLog auditLog; private volatile BackendRegistry backendRegistry; private volatile SslExceptionHandler sslExceptionHandler; @@ -776,7 +776,7 @@ public void sendRequest( TransportRequestOptions options, TransportResponseHandler handler ) { - si.sendRequestDecorate(sender, connection, action, request, options, handler); + si.sendRequestDecorate(sender, connection, action, request, options, handler, localNode.get()); } }; } @@ -1806,7 +1806,7 @@ public void onNodeStarted(DiscoveryNode localNode) { if (!SSLConfig.isSslOnlyMode() && !client && !disabled) { cr.initOnNodeStart(); } - this.localNode = localNode; + this.localNode.set(localNode); final Set securityModules = ReflectionHelper.getModulesLoaded(); log.info("{} OpenSearch Security modules loaded so far: {}", securityModules.size(), securityModules); } @@ -1886,14 +1886,6 @@ private static String handleKeyword(final String field) { return field; } - public static DiscoveryNode getLocalNode() { - return localNode; - } - - public static void setLocalNode(DiscoveryNode node) { - localNode = node; - } - public static class GuiceHolder implements LifecycleComponent { private static RepositoriesService repositoriesService; diff --git a/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java b/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java index 015704e087..5bb4b1d1e3 100644 --- a/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java +++ b/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java @@ -130,7 +130,8 @@ public void sendRequestDecorate( String action, TransportRequest request, TransportRequestOptions options, - TransportResponseHandler handler + TransportResponseHandler handler, + DiscoveryNode localNode ) { final Map origHeaders0 = getThreadContext().getHeaders(); final User user0 = getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER); @@ -146,8 +147,7 @@ public void sendRequestDecorate( final String origCCSTransientMf = getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_MASKED_FIELD_CCS); final boolean isDebugEnabled = log.isDebugEnabled(); - final DiscoveryNode localNode = OpenSearchSecurityPlugin.getLocalNode(); - boolean isSameNodeRequest = localNode != null && localNode.equals(connection.getNode()); + final boolean isSameNodeRequest = localNode != null && localNode.equals(connection.getNode()); try (ThreadContext.StoredContext stashedContext = getThreadContext().stashContext()) { final TransportResponseHandler restoringHandler = new RestoringTransportResponseHandler(handler, stashedContext); diff --git a/src/test/java/org/opensearch/security/transport/SecurityInterceptorTests.java b/src/test/java/org/opensearch/security/transport/SecurityInterceptorTests.java index 7291050d6e..6c16e0cdbd 100644 --- a/src/test/java/org/opensearch/security/transport/SecurityInterceptorTests.java +++ b/src/test/java/org/opensearch/security/transport/SecurityInterceptorTests.java @@ -147,11 +147,8 @@ public void testSendRequestDecorate() { DiscoveryNode otherNode = new DiscoveryNode("local-node", OpenSearchTestCase.buildNewFakeTransportAddress(), Version.CURRENT); Connection connection2 = transportService.getConnection(otherNode); - // setting localNode value explicitly - OpenSearchSecurityPlugin.setLocalNode(localNode); - // isSameNodeRequest = true - securityInterceptor.sendRequestDecorate(sender, connection1, action, request, options, handler); + securityInterceptor.sendRequestDecorate(sender, connection1, action, request, options, handler, localNode); // from thread context inside sendRequestDecorate doAnswer(i -> { User transientUser = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER); @@ -165,7 +162,7 @@ public void testSendRequestDecorate() { assertEquals(threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER), null); // isSameNodeRequest = false - securityInterceptor.sendRequestDecorate(sender, connection2, action, request, options, handler); + securityInterceptor.sendRequestDecorate(sender, connection2, action, request, options, handler, otherNode); // checking thread context inside sendRequestDecorate doAnswer(i -> { String serializedUserHeader = threadPool.getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_USER_HEADER);