-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Moved auth interceptors to common module #1703
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1703 +/- ##
============================================
+ Coverage 97.27% 97.30% +0.02%
+ Complexity 4330 4326 -4
============================================
Files 388 385 -3
Lines 10807 10807
Branches 761 762 +1
============================================
+ Hits 10513 10516 +3
+ Misses 287 284 -3
Partials 7 7
Flags with carried forward coverage won't be shown. Click here to find out more.
|
365d54d
to
a9a6589
Compare
@@ -136,6 +136,17 @@ Master Key config for encrypting credential information | |||
# Print the master key | |||
print("Generated master key:", master_key) | |||
|
|||
Datasource Allow Hosts Config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
additional layer of security?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to give customer a config to disallow any kind of ssrf attacks.
@@ -123,6 +146,10 @@ public OpenSearchSettings(ClusterSettings clusterSettings) { | |||
METRICS_ROLLING_WINDOW_SETTING, new Updater(Key.METRICS_ROLLING_WINDOW)); | |||
register(settingBuilder, clusterSettings, Key.METRICS_ROLLING_INTERVAL, | |||
METRICS_ROLLING_INTERVAL_SETTING, new Updater(Key.METRICS_ROLLING_INTERVAL)); | |||
register(settingBuilder, clusterSettings, Key.DATASOURCES_URI_ALLOWHOSTS, | |||
DATASOURCE_URI_ALLOW_HOSTS, new Updater(Key.DATASOURCES_URI_ALLOWHOSTS)); | |||
settingBuilder.put(Key.CLUSTER_NAME, ClusterName.CLUSTER_NAME_SETTING); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why SQL plugin handle cluster_name setting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SQL Plugin requires this in StorageEngineFactory class in datasource connector modules.
@@ -98,6 +102,25 @@ public class OpenSearchSettings extends Settings { | |||
Setting.Property.NodeScope, | |||
Setting.Property.Dynamic); | |||
|
|||
// we are keeping this to not break upgrades if the config is already present. | |||
// This will be completely removed in 3.0. | |||
public static final Setting<InputStream> DATASOURCE_CONFIG = SecureSetting.secureFile( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why move to opensearch module? would it be better in datasource module?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wanted to make OpenSearchSettings class a single interface for all settings.
- This class is an extension for Setting class in commons module and available for all modules.
- This class has also got the implementation of consuming latest updates.
7a862e1
to
13fa97b
Compare
Signed-off-by: Vamsi Manohar <[email protected]>
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-1703-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 bd9b1802a7379d013780885369c65c2caa22c254
# Push it to GitHub
git push --set-upstream origin backport/backport-1703-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x Then, create a pull request where the |
(cherry picked from commit bd9b180)
Signed-off-by: Mitchell Gale <[email protected]>
Description
plugins.query.datasources.uri.allowhosts
for blocking URIs with unwanted hosts. This can protect from ssrf attacks.plugins.query.datasources.encryption.masterkey
as final and can only be set in yml and can't be changed viaAPI.
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.