From ac59140f1922545bb455bd4ec2691409faed94bb Mon Sep 17 00:00:00 2001 From: cliu123 Date: Thu, 16 Jun 2022 13:28:08 -0700 Subject: [PATCH 1/5] Bump version to 3.0.0.0 Signed-off-by: cliu123 --- .github/workflows/ci.yml | 6 +++--- bwc-test/build.gradle | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d8972ac82b..234c63ca2c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -72,9 +72,9 @@ jobs: cp -r build/ ./bwc-test/ mkdir ./bwc-test/src/test/resources/security_plugin_version_no_snapshot cp build/distributions/opensearch-security-${security_plugin_version_no_snapshot}.zip ./bwc-test/src/test/resources/${security_plugin_version_no_snapshot} - mkdir bwc-test/src/test/resources/2.0.0.0 - wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.0.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.0.0.0.zip - mv opensearch-security-2.0.0.0.zip bwc-test/src/test/resources/2.0.0.0/ + mkdir bwc-test/src/test/resources/2.1.0.0 + wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.0.1/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip + mv opensearch-security-2.1.0.0.zip bwc-test/src/test/resources/2.1.0.0/ cd bwc-test/ ./gradlew bwcTestSuite -Dtests.security.manager=false diff --git a/bwc-test/build.gradle b/bwc-test/build.gradle index 8ad987b1a7..60270bf7f5 100644 --- a/bwc-test/build.gradle +++ b/bwc-test/build.gradle @@ -47,7 +47,7 @@ ext { buildscript { ext { - opensearch_version = System.getProperty("opensearch.version", "2.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.0.0-SNAPSHOT") opensearch_group = "org.opensearch" } repositories { @@ -73,16 +73,16 @@ dependencies { testImplementation "org.opensearch.test:framework:${opensearch_version}" } -String bwcVersion = "2.0.0.0"; +String bwcVersion = "2.1.0.0"; String baseName = "securityBwcCluster" String bwcFilePath = "src/test/resources/" -String projectVersion = "2.1.0.0" +String projectVersion = "3.0.0.0" 2.times {i -> testClusters { "${baseName}$i" { testDistribution = "ARCHIVE" - versions = ["2.0.0","2.1.0"] + versions = ["2.1.0","3.0.0"] numberOfNodes = 3 plugin(provider(new Callable() { @Override From d99ea8abd5cda1d17d7e584c9d583d18121c8e4f Mon Sep 17 00:00:00 2001 From: cliu123 Date: Thu, 16 Jun 2022 15:04:04 -0700 Subject: [PATCH 2/5] Fix for the breaking changes in OpenSearch 3.0 Signed-off-by: cliu123 --- .../dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java | 2 +- .../dlic/auth/http/saml/SamlFilesystemMetadataResolver.java | 2 +- .../org/opensearch/security/OpenSearchSecurityPlugin.java | 4 ++-- .../opensearch/security/auditlog/impl/AbstractAuditLog.java | 2 +- .../security/configuration/ConfigurationRepository.java | 2 +- .../opensearch/security/dlic/rest/api/MigrateApiAction.java | 2 +- .../opensearch/security/ssl/DefaultSecurityKeyStore.java | 6 +++--- .../org/opensearch/security/ssl/util/SSLRequestHelper.java | 6 +++--- .../java/org/opensearch/security/support/PemKeyReader.java | 4 ++-- .../java/org/opensearch/security/tools/SecurityAdmin.java | 2 +- .../security/test/helper/cluster/ClusterHelper.java | 2 +- 11 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java index 812ca4f82f..3603aeb94e 100644 --- a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java @@ -70,7 +70,7 @@ public class HTTPSpnegoAuthenticator implements HTTPAuthenticator { public HTTPSpnegoAuthenticator(final Settings settings, final Path configPath) { super(); try { - final Path configDir = new Environment(settings, configPath).configFile(); + final Path configDir = new Environment(settings, configPath).configDir(); final String krb5PathSetting = settings.get("plugins.security.kerberos.krb5_filepath"); final SecurityManager sm = System.getSecurityManager(); diff --git a/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java b/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java index 80f272b43b..302b1f41ea 100644 --- a/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java +++ b/src/main/java/com/amazon/dlic/auth/http/saml/SamlFilesystemMetadataResolver.java @@ -51,6 +51,6 @@ public byte[] run() throws ResolverException { private static File getMetadataFile(String filePath, Settings settings, Path configPath) { Environment env = new Environment(settings, configPath); - return env.configFile().resolve(filePath).toAbsolutePath().toFile(); + return env.configDir().resolve(filePath).toAbsolutePath().toFile(); } } diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 66530cfaed..69dce00d41 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -326,7 +326,7 @@ public Object run() { final List filesWithWrongPermissions = AccessController.doPrivileged(new PrivilegedAction>() { @Override public List run() { - final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath(); + final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath(); if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) { try (Stream s = Files.walk(confPath)) { return s.distinct().filter(p -> checkFilePermissions(p)).collect(Collectors.toList()); @@ -356,7 +356,7 @@ public List run() { final List files = AccessController.doPrivileged(new PrivilegedAction>() { @Override public List run() { - final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath(); + final Path confPath = new Environment(settings, configPath).configDir().toAbsolutePath(); if(Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) { try (Stream s = Files.walk(confPath)) { return s.distinct().map(p -> sha256(p)).collect(Collectors.toList()); diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java index bc5e240c77..d6f59028fa 100644 --- a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java +++ b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java @@ -560,7 +560,7 @@ public Map run() { (key.contains("filepath") || key.contains("file_path"))) { String value = settings.get(key); if(value != null && !value.isEmpty()) { - Path path = value.startsWith("/")?Paths.get(value):environment.configFile().resolve(value); + Path path = value.startsWith("/")?Paths.get(value):environment.configDir().resolve(value); paths.put(key, path); } } diff --git a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java index 84d3059942..4b2fa7af8b 100644 --- a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java +++ b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java @@ -120,7 +120,7 @@ public void run() { try { String lookupDir = System.getProperty("security.default_init.dir"); - final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configFile().toAbsolutePath().toString()+"/opensearch-security/"; + final String cd = lookupDir != null? (lookupDir+"/") : new Environment(settings, configPath).configDir().toAbsolutePath().toString()+"/opensearch-security/"; File confFile = new File(cd+"config.yml"); if(confFile.exists()) { final ThreadContext threadContext = threadPool.getThreadContext(); diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java index 7ea87cba09..6c973f3557 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java @@ -27,7 +27,7 @@ import org.opensearch.action.bulk.BulkResponse; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.action.support.master.AcknowledgedResponse; +import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexMetadata; import org.opensearch.cluster.service.ClusterService; diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java index 72d18fc0c9..026165f95e 100644 --- a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java +++ b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java @@ -226,8 +226,8 @@ private String resolve(String propName, boolean mustBeValid) { log.debug("Value for {} is {}", propName, originalPath); if (env != null && originalPath != null && originalPath.length() > 0) { - path = env.configFile().resolve(originalPath).toAbsolutePath().toString(); - log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString()); + path = env.configDir().resolve(originalPath).toAbsolutePath().toString(); + log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString()); } if (mustBeValid) { @@ -247,7 +247,7 @@ private void initSSLConfig() { log.info("No config directory, key- and truststore files are resolved absolutely"); } else { log.info("Config directory is {}/, from there the key- and truststore files are resolved relatively", - env.configFile().toAbsolutePath()); + env.configDir().toAbsolutePath()); } diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java index 5bd72fba5d..893fb04fac 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java @@ -199,7 +199,7 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett final String crlFile = settings.get(SSLConfigConstants.SSECURITY_SSL_HTTP_CRL_FILE); if(crlFile != null) { - final File crl = env.configFile().resolve(crlFile).toAbsolutePath().toFile(); + final File crl = env.configDir().resolve(crlFile).toAbsolutePath().toFile(); try(FileInputStream crlin = new FileInputStream(crl)) { crls = CertificateFactory.getInstance("X.509").generateCRLs(crlin); } @@ -222,12 +222,12 @@ private static boolean validate(X509Certificate[] x509Certs, final Settings sett //final String truststoreAlias = settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_TRUSTSTORE_ALIAS, null); final KeyStore ts = KeyStore.getInstance(truststoreType); - try(FileInputStream fin = new FileInputStream(new File(env.configFile().resolve(truststore).toAbsolutePath().toString()))) { + try(FileInputStream fin = new FileInputStream(new File(env.configDir().resolve(truststore).toAbsolutePath().toString()))) { ts.load(fin, (truststorePassword == null || truststorePassword.length() == 0) ?null:truststorePassword.toCharArray()); } validator = new CertificateValidator(ts, crls); } else { - final File trustedCas = env.configFile().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile(); + final File trustedCas = env.configDir().resolve(settings.get(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, "")).toAbsolutePath().toFile(); try(FileInputStream trin = new FileInputStream(trustedCas)) { Collection cert = (Collection) CertificateFactory.getInstance("X.509").generateCertificates(trin); validator = new CertificateValidator(cert.toArray(new X509Certificate[0]), crls); diff --git a/src/main/java/org/opensearch/security/support/PemKeyReader.java b/src/main/java/org/opensearch/security/support/PemKeyReader.java index 53eeb21736..97aea87c13 100644 --- a/src/main/java/org/opensearch/security/support/PemKeyReader.java +++ b/src/main/java/org/opensearch/security/support/PemKeyReader.java @@ -325,8 +325,8 @@ public static String resolve(String originalPath, String propName, Settings sett final Environment env = new Environment(settings, configPath); if(env != null && originalPath != null && originalPath.length() > 0) { - path = env.configFile().resolve(originalPath).toAbsolutePath().toString(); - log.debug("Resolved {} to {} against {}", originalPath, path, env.configFile().toAbsolutePath().toString()); + path = env.configDir().resolve(originalPath).toAbsolutePath().toString(); + log.debug("Resolved {} to {} against {}", originalPath, path, env.configDir().toAbsolutePath().toString()); } if(mustBeValid) { diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index 6360f508b3..4839524552 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -89,7 +89,7 @@ import org.opensearch.action.get.GetResponse; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.action.support.master.AcknowledgedResponse; +import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.client.Request; import org.opensearch.client.RequestOptions; import org.opensearch.client.Response; diff --git a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java index fdbef60d70..ab6bc9d236 100644 --- a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java @@ -49,7 +49,7 @@ import org.opensearch.action.admin.cluster.node.info.NodesInfoRequest; import org.opensearch.action.admin.cluster.node.info.NodesInfoResponse; import org.opensearch.action.admin.indices.template.put.PutIndexTemplateRequest; -import org.opensearch.action.support.master.AcknowledgedResponse; +import org.opensearch.action.support.clustermanager.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.cluster.health.ClusterHealthStatus; import org.opensearch.cluster.node.DiscoveryNodeRole; From b79c894b99ad53202e2a18d03eedf82bbefd8bfb Mon Sep 17 00:00:00 2001 From: cliu123 Date: Fri, 24 Jun 2022 12:46:09 -0700 Subject: [PATCH 3/5] Restore the removed changes Signed-off-by: cliu123 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 6c3d584350..aa68041b5d 100644 --- a/build.gradle +++ b/build.gradle @@ -11,7 +11,7 @@ buildscript { ext { - opensearch_version = System.getProperty("opensearch.version", "2.1.0-SNAPSHOT") + opensearch_version = System.getProperty("opensearch.version", "3.0.0-SNAPSHOT") isSnapshot = "true" == System.getProperty("build.snapshot", "true") buildVersionQualifier = System.getProperty("build.version_qualifier", "") From f86e6bfb921f1c447158ced43832e921a5f250f0 Mon Sep 17 00:00:00 2001 From: cliu123 Date: Fri, 24 Jun 2022 13:58:40 -0700 Subject: [PATCH 4/5] Resovle compilation erros Signed-off-by: cliu123 --- .../org/opensearch/security/dlic/rest/api/MigrateApiAction.java | 2 +- src/main/java/org/opensearch/security/tools/SecurityAdmin.java | 2 +- .../opensearch/security/test/helper/cluster/ClusterHelper.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java index 6c973f3557..7ea87cba09 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/MigrateApiAction.java @@ -27,7 +27,7 @@ import org.opensearch.action.bulk.BulkResponse; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.action.support.clustermanager.AcknowledgedResponse; +import org.opensearch.action.support.master.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.cluster.metadata.IndexMetadata; import org.opensearch.cluster.service.ClusterService; diff --git a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java index 4839524552..6360f508b3 100644 --- a/src/main/java/org/opensearch/security/tools/SecurityAdmin.java +++ b/src/main/java/org/opensearch/security/tools/SecurityAdmin.java @@ -89,7 +89,7 @@ import org.opensearch.action.get.GetResponse; import org.opensearch.action.index.IndexRequest; import org.opensearch.action.support.WriteRequest.RefreshPolicy; -import org.opensearch.action.support.clustermanager.AcknowledgedResponse; +import org.opensearch.action.support.master.AcknowledgedResponse; import org.opensearch.client.Request; import org.opensearch.client.RequestOptions; import org.opensearch.client.Response; diff --git a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java index ab6bc9d236..fdbef60d70 100644 --- a/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/cluster/ClusterHelper.java @@ -49,7 +49,7 @@ import org.opensearch.action.admin.cluster.node.info.NodesInfoRequest; import org.opensearch.action.admin.cluster.node.info.NodesInfoResponse; import org.opensearch.action.admin.indices.template.put.PutIndexTemplateRequest; -import org.opensearch.action.support.clustermanager.AcknowledgedResponse; +import org.opensearch.action.support.master.AcknowledgedResponse; import org.opensearch.client.Client; import org.opensearch.cluster.health.ClusterHealthStatus; import org.opensearch.cluster.node.DiscoveryNodeRole; From 9685ded34ac7f4adc35e4cec8ad1eb9f7c076316 Mon Sep 17 00:00:00 2001 From: cliu123 Date: Fri, 24 Jun 2022 14:14:52 -0700 Subject: [PATCH 5/5] Fix the wrong URL Signed-off-by: cliu123 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 234c63ca2c..3bb24077cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -73,7 +73,7 @@ jobs: mkdir ./bwc-test/src/test/resources/security_plugin_version_no_snapshot cp build/distributions/opensearch-security-${security_plugin_version_no_snapshot}.zip ./bwc-test/src/test/resources/${security_plugin_version_no_snapshot} mkdir bwc-test/src/test/resources/2.1.0.0 - wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.0.1/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip + wget https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/2.1.0/latest/linux/x64/tar/builds/opensearch/plugins/opensearch-security-2.1.0.0.zip mv opensearch-security-2.1.0.0.zip bwc-test/src/test/resources/2.1.0.0/ cd bwc-test/ ./gradlew bwcTestSuite -Dtests.security.manager=false