Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates the folder structure for build artifacts #1749

Conversation

DarshitChanpura
Copy link
Member

@DarshitChanpura DarshitChanpura commented Apr 7, 2022

Description

Updates the folder structure created during build to follow the suggested structure.

  • Category - Maintenance
  1. "Before"
OpenSearch
│
└─── plugins
│     │
      └─── opensearch-security
│          │   
           └─── securityconfig
|               │   
                └─── *.yml
  1. After:
OpenSearch
│
└─── config
│     │
      └─── opensearch-security
│          │   
           └─── *.yml

Issues Resolved

Check List

  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@DarshitChanpura DarshitChanpura requested a review from a team April 7, 2022 15:39
@DarshitChanpura DarshitChanpura marked this pull request as draft April 7, 2022 15:41
@peternied
Copy link
Member

Looks like the classpath isn't resolving correctly:

fatal error in thread [main], exiting
java.lang.NoClassDefFoundError: io/netty/util/internal/PlatformDependent
	at org.opensearch.security.ssl.OpenSearchSecuritySSLPlugin.<clinit>(OpenSearchSecuritySSLPlugin.java:94)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:[49](https://github.com/opensearch-project/security/runs/5871493875?check_suite_focus=true#step:11:49)9)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
	at org.opensearch.plugins.PluginsService.loadPlugin(PluginsService.java:776)
	at org.opensearch.plugins.PluginsService.loadBundle(PluginsService.java:725)
	at org.opensearch.plugins.PluginsService.loadBundles(PluginsService.java:[52](https://github.com/opensearch-project/security/runs/5871493875?check_suite_focus=true#step:11:52)7)
	at org.opensearch.plugins.PluginsService.<init>(PluginsService.java:190)
	at org.opensearch.node.Node.<init>(Node.java:406)
	at org.opensearch.node.Node.<init>(Node.java:329)
	at org.opensearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:242)
	at org.opensearch.bootstrap.Bootstrap.setup(Bootstrap.java:242)
	at org.opensearch.bootstrap.Bootstrap.init(Bootstrap.java:412)
	at org.opensearch.bootstrap.OpenSearch.init(OpenSearch.java:178)
	at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:169)
	at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:100)
	at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
	at org.opensearch.cli.Command.main(Command.java:101)
	at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:135)
	at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:101)
Caused by: java.lang.ClassNotFoundException: io.netty.util.internal.PlatformDependent
	at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:[58](https://github.com/opensearch-project/security/runs/5871493875?check_suite_focus=true#step:11:58)7)
	at java.base/java.net.FactoryURLClassLoader.loadClass(URLClassLoader.java:8[72](https://github.com/opensearch-project/security/runs/5871493875?check_suite_focus=true#step:11:72))
	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
	... 22 more

@peternied
Copy link
Member

peternied commented Apr 8, 2022

@DarshitChanpura Lets close this pull request, it looks like the build is broken and the tools/bin issue is going to be a problem

[Edit 4/13] I change my mind! We should do this, but don't make the changes to the tools folder.

@DarshitChanpura DarshitChanpura marked this pull request as ready for review April 14, 2022 02:33
@codecov-commenter
Copy link

codecov-commenter commented Apr 14, 2022

Codecov Report

Merging #1749 (2b789f8) into main (e213e9c) will increase coverage by 0.02%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##               main    #1749      +/-   ##
============================================
+ Coverage     60.79%   60.82%   +0.02%     
  Complexity     3186     3186              
============================================
  Files           253      253              
  Lines         17931    17931              
  Branches       3204     3204              
============================================
+ Hits          10902    10906       +4     
+ Misses         5453     5451       -2     
+ Partials       1576     1574       -2     
Impacted Files Coverage Δ
...ecurity/configuration/ConfigurationRepository.java 71.97% <0.00%> (ø)
...opensearch/security/tools/AuditConfigMigrater.java 0.00% <0.00%> (ø)
...security/auditlog/sink/ExternalOpenSearchSink.java 59.25% <0.00%> (-2.47%) ⬇️
...earch/security/ssl/util/SSLConnectionTestUtil.java 95.45% <0.00%> (+2.27%) ⬆️
...urity/ssl/transport/SecuritySSLNettyTransport.java 66.66% <0.00%> (+4.30%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e213e9c...2b789f8. Read the comment docs.

@davidlago
Copy link

is it intentional that the log4j change is part of this PR?

@DarshitChanpura DarshitChanpura force-pushed the standardize-file-locations branch from 707eb1a to cc3b8c3 Compare April 14, 2022 16:41
@DarshitChanpura
Copy link
Member Author

is it intentional that the log4j change is part of this PR?

Nope...I have fixed that change now

@DarshitChanpura
Copy link
Member Author

White-source check failed with this check: https://github.com/opensearch-project/security/pull/1749/checks?check_run_id=6027602013
should we fix it in this branch?

@davidlago
Copy link

I'd bump it in a separate one (did whitesource auto-create a PR for this?) and then rebase this one

Copy link
Member

@peternied peternied left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DarshitChanpura do you have a before/after layout for the plugin so we can confirm its the expected layout?

There are many more places that need adjustment, from a search in this codebase (which is hard to parse), I see some of the following:

echo $SUDO_CMD \""$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/securityadmin.sh"\" -cd \""$OPENSEARCH_PLUGINS_DIR/opensearch-security/securityconfig"\" -icl -key \""$OPENSEARCH_CONF_DIR/kirk-key.pem"\" -cert \""$OPENSEARCH_CONF_DIR/kirk.pem"\" -cacert \""$OPENSEARCH_CONF_DIR/root-ca.pem"\" -nhnv | $SUDO_CMD tee -a securityadmin_demo.sh > /dev/null

System.setProperty("security.default_init.dir", new File("./securityconfig").getAbsolutePath());

Also, please create an issue in the documentation website to update all the callouts as well, search on that codebase https://github.com/opensearch-project/documentation-website/search?q=securityconfig

@DarshitChanpura
Copy link
Member Author

DarshitChanpura commented Apr 14, 2022

@DarshitChanpura do you have a before/after layout for the plugin so we can confirm its the expected layout?

There are many more places that need adjustment, from a search in this codebase (which is hard to parse), I see some of the following:

echo $SUDO_CMD \""$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/securityadmin.sh"\" -cd \""$OPENSEARCH_PLUGINS_DIR/opensearch-security/securityconfig"\" -icl -key \""$OPENSEARCH_CONF_DIR/kirk-key.pem"\" -cert \""$OPENSEARCH_CONF_DIR/kirk.pem"\" -cacert \""$OPENSEARCH_CONF_DIR/root-ca.pem"\" -nhnv | $SUDO_CMD tee -a securityadmin_demo.sh > /dev/null

System.setProperty("security.default_init.dir", new File("./securityconfig").getAbsolutePath());

We have a folder structure mismatch when following different installation formats:

  1. When we install using ./opensearch-plugin install: (The "After")
OpenSearch
│
└─── config
│     │
      └─── opensearch-security
│          │   
           └─── *.yml
  1. When we install using Dev guide: (The "Before")
OpenSearch
│
└─── plugins
│     │
      └─── opensearch-security
│          │   
           └─── config (folder renamed from `securityconfig`)
|               │   
                └─── *.yml

As you can see in the "after", all the config files moved to a new location under core's config/opensearch-security folder.

I'll update the changes according to scenario 1 and push again.

@DarshitChanpura
Copy link
Member Author

DarshitChanpura commented Apr 14, 2022

The CVE was introduced with this PR (#1735), alongwith two other CVEs.
And whitesource didn't catch it because whitesource check didn't run: https://github.com/opensearch-project/security/runs/5959469645

We should create a PR to fix all 3

@peternied
Copy link
Member

peternied commented Apr 14, 2022

The CVE was introduced with this PR( #1735), alongwith two other CVEs. And whitesource didn't catch it because whitesource check didn't run: https://github.com/opensearch-project/security/runs/5959469645

We should create a PR to fix all 3

We can do that out of band of this PR, since this PR did not add any new dependencies. We don't need to block this change if we are following up separately.

If this PR did add the items that were flagged by whitesource then it would be a case to prevent the PR from merging until it was resolved.

@DarshitChanpura DarshitChanpura force-pushed the standardize-file-locations branch from cc3b8c3 to 7b7c6e5 Compare April 15, 2022 01:42
@DarshitChanpura DarshitChanpura force-pushed the standardize-file-locations branch from 7b7c6e5 to 2b789f8 Compare April 15, 2022 02:11
@davidlago
Copy link

I agree with @peternied, let's go ahead and merge... I just saw the auto-opened issue by whitesource #1765

@DarshitChanpura
Copy link
Member Author

@cliu123 can I get a second review on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Standardize file locations for supporting files
5 participants