Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add isDualModeEnabled to SecureTransportSettingsProvider interface #211

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add isDualModeEnabled to SecureTransportSettingsProvider interface #211

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
aa48614
Add isDualModeEnabled to SecureTransportSettingsProvider interface
cwperks Oct 18, 2024
d390bd9
Add default impl
cwperks Oct 18, 2024
a0844e9
Respond to comments, update usages and update docstring
cwperks Oct 18, 2024
1792a31
Address feedback
cwperks Oct 18, 2024
937578c
Add ExperimentalApi and add to CHANGELOG
cwperks Oct 18, 2024
174344b
Move DefaultSecureTransportParameters to separate file and add javadoc
cwperks Oct 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Add _list/shards API as paginated alternate to _cat/shards ([#14641](https://github.com/opensearch-project/OpenSearch/pull/14641))
- Latency and Memory allocation improvements to Multi Term Aggregation queries ([#14993](https://github.com/opensearch-project/OpenSearch/pull/14993))
- Flat object field use IndexOrDocValuesQuery to optimize query ([#14383](https://github.com/opensearch-project/OpenSearch/issues/14383))
- Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface ([#16387](https://github.com/opensearch-project/OpenSearch/pull/16387)

### Dependencies
- Bump `com.azure:azure-identity` from 1.13.0 to 1.13.2 ([#15578](https://github.com/opensearch-project/OpenSearch/pull/15578))
Expand Down
9 changes: 6 additions & 3 deletions ...sport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,10 @@ public SSLServerChannelInitializer(String name) {
protected void initChannel(Channel ch) throws Exception {
super.initChannel(ch);

final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
.map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
.orElse(false);
if (dualModeEnabled) {
logger.info("SSL Dual mode enabled, using port unification handler");
final ChannelHandler portUnificationHandler = new DualModeSslHandler(
settings,
secureTransportSettingsProvider,
Expand Down Expand Up @@ -258,7 +259,9 @@ protected class SSLClientChannelInitializer extends Netty4Transport.ClientChanne
public SSLClientChannelInitializer(DiscoveryNode node) {
this.node = node;

final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
.map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
.orElse(false);
hostnameVerificationEnabled = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION.get(settings);
hostnameVerificationResolveHostName = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME.get(settings);

Expand Down
28 changes: 28 additions & 0 deletions server/src/main/java/org/opensearch/plugins/DefaultSecureTransportParameters.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.plugins;

import org.opensearch.common.network.NetworkModule;
import org.opensearch.common.settings.Settings;

/**
* Default implementation of {@link SecureTransportSettingsProvider.SecureTransportParameters}.
*/
class DefaultSecureTransportParameters implements SecureTransportSettingsProvider.SecureTransportParameters {
private final Settings settings;

DefaultSecureTransportParameters(Settings settings) {
this.settings = settings;
}

@Override
public boolean dualModeEnabled() {
return NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
}
}
18 changes: 18 additions & 0 deletions server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,24 @@ default Collection<TransportAdapterProvider<Transport>> getTransportAdapterProvi
return Collections.emptyList();
}

/**
* Returns parameters that can be dynamically provided by a plugin providing a {@link SecureTransportSettingsProvider}
* implementation
* @param settings settings
* @return an instance of {@link SecureTransportParameters}
*/
default Optional<SecureTransportParameters> parameters(Settings settings) {
return Optional.of(new DefaultSecureTransportParameters(settings));
}

/**
* Dynamic parameters that can be provided by the {@link SecureTransportSettingsProvider}
*/
@ExperimentalApi
interface SecureTransportParameters {
boolean dualModeEnabled();
}

/**
* If supported, builds the {@link TransportExceptionHandler} instance for {@link Transport} instance
* @param settings settings
Expand Down
Loading