Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace opensearch class names with opendistro class names during serialization and restore them back during deserialization #1278

Merged
merged 2 commits into from
Jun 21, 2021

Conversation

vrozov
Copy link
Contributor

@vrozov vrozov commented Jun 18, 2021

opensearch-security pull request intake form

Please provide as much details as possible to get feedback/acceptance on your PR quickly

  1. Category: (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
    bug fix

  2. Github Issue # or road-map entry, if available: [BUG] [class_not_found_exception] during rolling upgrade on security enabled cluster #1259

  3. Description of changes: To be backward compatible it is necessary to preserve wire protocol between nodes. Changing package names caused wire protocol incompatibility. To restore compatibility, we can replace package names during serialization and restore them back during deserialization.

  4. Why these changes are required? to support mixed cluster during rolling upgrade

  5. What is the old behavior before changes and new behavior after changes? (Please add any example/logs/screen-shot if available)

  6. Testing done: (Please provide details of testing done: Unit testing, integration testing and manual testing)

  7. TO-DOs, if any: (Please describe pending items and provide Github issues# for each of them)

  8. Is it backport from main branch? (If yes, please add backport PR # and commits #)

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or

(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or

(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.

(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

…ialization and restore them back during deserialization
@codecov-commenter
Copy link

codecov-commenter commented Jun 18, 2021

Codecov Report

Merging #1278 (b478722) into main (80c1208) will increase coverage by 0.01%.
The diff coverage is 73.33%.

Impacted file tree graph

@@             Coverage Diff              @@
##               main    #1278      +/-   ##
============================================
+ Coverage     64.71%   64.73%   +0.01%     
+ Complexity     3195     3193       -2     
============================================
  Files           247      247              
  Lines         17191    17230      +39     
  Branches       3042     3045       +3     
============================================
+ Hits          11126    11154      +28     
- Misses         4517     4526       +9     
- Partials       1548     1550       +2     
Impacted Files Coverage Δ
...c/main/java/org/opensearch/security/user/User.java 52.63% <33.33%> (ø)
.../org/opensearch/security/support/Base64Helper.java 72.63% <79.48%> (+4.77%) ⬆️
.../dlic/auth/ldap2/LDAPConnectionFactoryFactory.java 57.25% <0.00%> (-0.77%) ⬇️
...a/org/opensearch/security/tools/SecurityAdmin.java 47.26% <0.00%> (-0.27%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 80c1208...b478722. Read the comment docs.

@andy840314
Copy link
Contributor

I tested a mixed cluster with 1 Opensearch master node and 2 Elasticsearch data nodes.

node1: Opensearch (localhost:9200)
node2: Elasticsearch (localhost:9201)
node3: Elasticsearch (localhost:9202)

curl -XGET https://localhost:9201/_cat/nodes\?pretty -u 'admin:admin' -k
gives this error

{
  "error" : {
    "root_cause" : [
      {
        "type" : "class_cast_exception",
        "reason" : "class_cast_exception: cannot assign instance of java.util.HashSet to field org.opensearch.security.user.User.requestedTenant of type java.lang.String in instance of org.opensearch.security.user.User"
      }
    ],
    "type" : "exception",
    "reason" : "java.lang.ClassCastException: cannot assign instance of java.util.HashSet to field org.opensearch.security.user.User.requestedTenant of type java.lang.String in instance of org.opensearch.security.user.User",
    "caused_by" : {
      "type" : "class_cast_exception",
      "reason" : "class_cast_exception: cannot assign instance of java.util.HashSet to field org.opensearch.security.user.User.requestedTenant of type java.lang.String in instance of org.opensearch.security.user.User"
    }
  },
  "status" : 500
}

Execute privileged actions using AccessController
Refactored code to simplify and generalize name replacement in serialization descriptor
@vrozov vrozov marked this pull request as ready for review June 19, 2021 06:30
@andy840314 andy840314 requested a review from a team June 21, 2021 17:03
@vrozov vrozov removed the request for review from a team June 21, 2021 17:20
@vrozov vrozov merged commit 4abbafc into opensearch-project:main Jun 21, 2021
@cliu123 cliu123 added the bug Something isn't working label Jun 29, 2021
lbreinig pushed a commit to lbreinig/security that referenced this pull request Dec 23, 2021
cliu123 added a commit to cliu123/security that referenced this pull request Mar 21, 2022
…ring serialization and restore them back during deserialization (opensearch-project#1278)"

This reverts commit 4abbafc.

Signed-off-by: cliu123 <[email protected]>
cliu123 added a commit that referenced this pull request Mar 22, 2022
…ring serialization and restore them back during deserialization (#1278)" (#1691)

This reverts commit 4abbafc.

Signed-off-by: cliu123 <[email protected]>
wuychn pushed a commit to ochprince/security that referenced this pull request Mar 16, 2023
wuychn pushed a commit to ochprince/security that referenced this pull request Mar 16, 2023
…ring serialization and restore them back during deserialization (opensearch-project#1278)" (opensearch-project#1691)

This reverts commit 4abbafc.

Signed-off-by: cliu123 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants