Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter datasource encryption master key from cluster settings GET API #1825

Merged
merged 1 commit into from
Jul 11, 2023
Merged

Filter datasource encryption master key from cluster settings GET API #1825

merged 1 commit into from
Jul 11, 2023

Conversation

vamsimanohar
Copy link
Member

@vamsimanohar vamsimanohar commented Jul 10, 2023
edited
Loading

Description

This PR is to disable master key reading from cluster settings API.

Before the change
GET localhost:9200/_cluster/settings?include_defaults=true

"plugins": {
            "ppl": {
                "enabled": "true"
            },
            "query": {
                "memory_limit": "85%",
                "metrics": {
                    "rolling_interval": "60",
                    "rolling_window": "3600"
                },
                "datasources": {
                    "encryption": {
                        "masterkey": "0000000000000000"
                    },
                    "uri": {
                        "allowhosts": ".*"
                    }
                },
                "size_limit": "200"
            },

After the change
GET localhost:9200/_cluster/settings?include_defaults=true

"plugins": {
            "ppl": {
                "enabled": "true"
            },
            "query": {
                "memory_limit": "85%",
                "metrics": {
                    "rolling_interval": "60",
                    "rolling_window": "3600"
                },
                "datasources": {
                    "uri": {
                        "allowhosts": ".*"
                    }
                },
                "size_limit": "200"
            }

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@vamsimanohar vamsimanohar changed the title Restrict master key reading from cluster settings API Filter datasource encryption master key from cluster settings GET API Jul 10, 2023
@vamsimanohar vamsimanohar marked this pull request as ready for review July 10, 2023 21:22
@vamsimanohar vamsimanohar added bug Something isn't working backport 2.x labels Jul 10, 2023
joshuali925
joshuali925 previously approved these changes Jul 10, 2023
View reviewed changes
Yury-Fridlyand
Yury-Fridlyand previously approved these changes Jul 10, 2023
View reviewed changes
Copy link
Collaborator

@Yury-Fridlyand Yury-Fridlyand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add an IT? Thanks

@codecov
Copy link

codecov bot commented Jul 10, 2023
edited
Loading

Codecov Report

Merging #1825 (418b5e9) into main (a816a58) will increase coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff            @@
##               main    #1825   +/-   ##
=========================================
  Coverage     97.33%   97.33%           
  Complexity     4490     4490           
=========================================
  Files           394      394           
  Lines         11118    11119    +1     
  Branches        795      795           
=========================================
+ Hits          10822    10823    +1     
  Misses          289      289           
  Partials          7        7
Flag Coverage Δ
sql-engine 97.33% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...rch/sql/opensearch/setting/OpenSearchSettings.java 100.00% <ø> (ø)

... and 1 file with indirect coverage changes

rupal-bq
rupal-bq previously approved these changes Jul 10, 2023
View reviewed changes
@vamsimanohar vamsimanohar force-pushed the restrict-master-key-in-cluster-settings-api branch from 2a112c5 to c3cfd1a Compare July 10, 2023 23:03
Yury-Fridlyand
Yury-Fridlyand previously approved these changes Jul 10, 2023
View reviewed changes
@vamsimanohar
Restrict master key reading from cluster settings API
418b5e9 
Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
@vamsimanohar vamsimanohar force-pushed the restrict-master-key-in-cluster-settings-api branch from c3cfd1a to 418b5e9 Compare July 10, 2023 23:58
@vamsimanohar vamsimanohar merged commit a8ecd2f into opensearch-project:main Jul 11, 2023
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jul 11, 2023
@vamsimanohar @github-actions
Restrict master key reading from cluster settings API (#1825)
02efaa3 
Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jul 11, 2023
Merged
vamsimanohar added a commit that referenced this pull request Jul 11, 2023
@opensearch-trigger-bot @vamsimanohar
[Backport 2.x] Filter datasource encryption master key from cluster s…
98ca9f8 
…ettings GET API (#1828)

* Restrict master key reading from cluster settings API (#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)

* Fxied DatasourceClusterSettingsIT for 2.x

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>

---------

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Co-authored-by: Vamsi Manohar <reddyvam@amazon.com>
vamsimanohar pushed a commit that referenced this pull request Jul 11, 2023
@opensearch-trigger-bot @vamsimanohar
[Backport 2.x] Filter datasource encryption master key from cluster s…
4e03281 
…ettings GET API (#1828)

* Restrict master key reading from cluster settings API (#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)

* Fxied DatasourceClusterSettingsIT for 2.x

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>

---------

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Co-authored-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit 98ca9f8)
@vamsimanohar vamsimanohar mentioned this pull request Jul 11, 2023
Merged
6 tasks
vamsimanohar added a commit that referenced this pull request Jul 11, 2023
@vamsimanohar @opensearch-trigger-bot
[Backport 2.x] Filter datasource encryption master key from cluster s…
ce9d4ba 
…ettings GET API (#1828) (#1844)

* Restrict master key reading from cluster settings API (#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)

* Fxied DatasourceClusterSettingsIT for 2.x

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>

---------

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Co-authored-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit 98ca9f8)

Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
MitchellGale pushed a commit to Bit-Quill/opensearch-project-sql that referenced this pull request Jul 11, 2023
@vamsimanohar @MitchellGale
Restrict master key reading from cluster settings API (opensearch-pro…
d09818c 
…ject#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Signed-off-by: Mitchell Gale <Mitchell.Gale@improving.com>
MitchellGale pushed a commit to Bit-Quill/opensearch-project-sql that referenced this pull request Jul 11, 2023
@vamsimanohar @MitchellGale
Restrict master key reading from cluster settings API (opensearch-pro…
d015148 
…ject#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Signed-off-by: Mitchell Gale <Mitchell.Gale@improving.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rupal-bq rupal-bq rupal-bq approved these changes

@Yury-Fridlyand Yury-Fridlyand Yury-Fridlyand approved these changes

@joshuali925 joshuali925 joshuali925 left review comments

@pjfitzgibbons pjfitzgibbons Awaiting requested review from pjfitzgibbons

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@dai-chen dai-chen Awaiting requested review from dai-chen dai-chen is a code owner

@YANG-DB YANG-DB Awaiting requested review from YANG-DB YANG-DB is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@Swiddis Swiddis Awaiting requested review from Swiddis Swiddis is a code owner

@penghuo penghuo Awaiting requested review from penghuo penghuo is a code owner

@seankao-az seankao-az Awaiting requested review from seankao-az seankao-az is a code owner

@MaxKsyunz MaxKsyunz Awaiting requested review from MaxKsyunz MaxKsyunz is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@forestmvey forestmvey Awaiting requested review from forestmvey forestmvey is a code owner

@acarbonetto acarbonetto Awaiting requested review from acarbonetto acarbonetto is a code owner

@GumpacG GumpacG Awaiting requested review from GumpacG GumpacG is a code owner

Assignees
No one assigned
Labels
backport 2.x bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vamsimanohar @joshuali925 @rupal-bq @Yury-Fridlyand