[Backport 1.x] Setup extension TLS #718

cwperks · 2023-05-01T19:01:34Z

Backport of #619 to 1.x

* WIP on Handler naming and SSL Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add concept of extension shortname via settings Signed-off-by: Craig Perkins <cwperx@amazon.com> * WIP on extension ssl Signed-off-by: Craig Perkins <cwperx@amazon.com> * Get registry from runner Signed-off-by: Craig Perkins <cwperx@amazon.com> * Read settings from extension config file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Update license headers Signed-off-by: Craig Perkins <cwperx@amazon.com> * Run spotlessApply Signed-off-by: Craig Perkins <cwperx@amazon.com> * Remove authz changes and only keep TLS Signed-off-by: Craig Perkins <cwperx@amazon.com> * Remove authz changes and only keep TLS Signed-off-by: Craig Perkins <cwperx@amazon.com> * Remove authz changes and only keep TLS Signed-off-by: Craig Perkins <cwperx@amazon.com> * Remove authz changes and only keep TLS Signed-off-by: Craig Perkins <cwperx@amazon.com> * Remove authz changes and only keep TLS Signed-off-by: Craig Perkins <cwperx@amazon.com> * Update cert generation documents Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add ssl.transport.enabled in ExtensionsRunner Signed-off-by: Craig Perkins <cwperx@amazon.com> * Merge main into branch Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add instructions for running in SSL only mode Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add all SSL settings to extension settings Signed-off-by: Craig Perkins <cwperx@amazon.com> * Set default enforce_hostname_verification Signed-off-by: Craig Perkins <cwperx@amazon.com> * Run spotlessApply Signed-off-by: Craig Perkins <cwperx@amazon.com> * Respond to code review feedback Signed-off-by: Craig Perkins <cwperx@amazon.com> * Fix typos in debug messages Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add docstrings Signed-off-by: Craig Perkins <cwperx@amazon.com> * Address code review feedback Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit b13f257)

Signed-off-by: Craig Perkins <cwperx@amazon.com>

cwperks · 2023-05-01T19:18:11Z

@saratvemulapalli Can you backport opensearch-project/OpenSearch#6866 to 2.x?

owaiskazi19 · 2023-05-01T19:49:04Z

@saratvemulapalli Can you backport opensearch-project/OpenSearch#6866 to 2.x?

@cwperks I added the backport label but it failed. Looks like you have to raise a manual backport PR on core as well.

cwperks · 2023-05-01T20:50:04Z

Thank you @owaiskazi19 , here's the backport in core: opensearch-project/OpenSearch#7346

codecov-commenter · 2023-05-02T17:44:56Z

Codecov Report

Merging #718 (04ed323) into 1.x (fd74041) will decrease coverage by 23.40%.
The diff coverage is 2.91%.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@              Coverage Diff              @@
##                1.x     #718       +/-   ##
=============================================
- Coverage     66.04%   42.65%   -23.40%     
- Complexity      301      306        +5     
=============================================
  Files            55       69       +14     
  Lines          1237     1953      +716     
  Branches         41      137       +96     
=============================================
+ Hits            817      833       +16     
- Misses          408     1104      +696     
- Partials         12       16        +4

Impacted Files	Coverage Δ
...ava/org/opensearch/sdk/ssl/DefaultSslKeyStore.java	`0.00% <0.00%> (ø)`
...ava/org/opensearch/sdk/ssl/SSLConfigConstants.java	`0.00% <0.00%> (ø)`
...rg/opensearch/sdk/ssl/SSLConnectionTestResult.java	`0.00% <0.00%> (ø)`
...java/org/opensearch/sdk/ssl/SSLNettyTransport.java	`0.00% <0.00%> (ø)`
...java/org/opensearch/sdk/ssl/SecureSSLSettings.java	`0.00% <0.00%> (ø)`
...ava/org/opensearch/sdk/ssl/util/CertFileProps.java	`0.00% <0.00%> (ø)`
...java/org/opensearch/sdk/ssl/util/CertFromFile.java	`0.00% <0.00%> (ø)`
.../org/opensearch/sdk/ssl/util/CertFromKeystore.java	`0.00% <0.00%> (ø)`
...rg/opensearch/sdk/ssl/util/CertFromTruststore.java	`0.00% <0.00%> (ø)`
...va/org/opensearch/sdk/ssl/util/ExceptionUtils.java	`0.00% <0.00%> (ø)`
... and 8 more

cwperks requested review from joshpalis, owaiskazi19, ryanbogan, saratvemulapalli and dbwiddis as code owners May 1, 2023 19:01

github-actions bot added the first-time-contributor label May 1, 2023

cwperks mentioned this pull request May 1, 2023

Setup extension TLS #619

Merged

Switch configDir to configFile

6b9a5e7

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Merge branch '1.x' into backport/backport-619-to-1.x

04ed323

owaiskazi19 approved these changes May 2, 2023

View reviewed changes

saratvemulapalli approved these changes May 2, 2023

View reviewed changes

saratvemulapalli merged commit 516f495 into opensearch-project:1.x May 2, 2023
6 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backport 1.x] Setup extension TLS #718

[Backport 1.x] Setup extension TLS #718

cwperks commented May 1, 2023

cwperks commented May 1, 2023

owaiskazi19 commented May 1, 2023

cwperks commented May 1, 2023

codecov-commenter commented May 2, 2023

[Backport 1.x] Setup extension TLS #718

[Backport 1.x] Setup extension TLS #718

Conversation

cwperks commented May 1, 2023

cwperks commented May 1, 2023

owaiskazi19 commented May 1, 2023

cwperks commented May 1, 2023

codecov-commenter commented May 2, 2023

Codecov Report