From ee66199dead52754caff9fe7793b2362aa3a26d3 Mon Sep 17 00:00:00 2001 From: David Osorno <48450162+davidosorno@users.noreply.github.com> Date: Tue, 14 Nov 2023 07:21:21 -0800 Subject: [PATCH] Allow adding URL to the cluster (#3574) ### Description Allow adding URLs to the OpenSearch cluster with support for both http:// and https:// for external logs. --------- Signed-off-by: David Osorno --- .../security/httpclient/HttpClient.java | 32 +++++++++++++------ .../security/httpclient/HttpClientTest.java | 7 +++- .../endpoints/routing/configuration_valid.yml | 18 ++++++++++- 3 files changed, 46 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/opensearch/security/httpclient/HttpClient.java b/src/main/java/org/opensearch/security/httpclient/HttpClient.java index 466dac2a82..8c31a5f9c9 100644 --- a/src/main/java/org/opensearch/security/httpclient/HttpClient.java +++ b/src/main/java/org/opensearch/security/httpclient/HttpClient.java @@ -13,6 +13,8 @@ import java.io.Closeable; import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; import java.nio.charset.StandardCharsets; import java.security.KeyManagementException; import java.security.KeyStore; @@ -31,7 +33,6 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; -import com.google.common.collect.Lists; import org.apache.hc.client5.http.config.RequestConfig; import org.apache.hc.client5.http.impl.async.HttpAsyncClientBuilder; import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder; @@ -51,7 +52,6 @@ import org.apache.hc.core5.ssl.SSLContexts; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; - import org.opensearch.action.index.IndexRequest; import org.opensearch.action.index.IndexResponse; import org.opensearch.action.support.WriteRequest.RefreshPolicy; @@ -62,6 +62,8 @@ import org.opensearch.client.RestHighLevelClient; import org.opensearch.common.xcontent.XContentType; +import com.google.common.collect.Lists; + public class HttpClient implements Closeable { public static class HttpClientBuilder { @@ -176,14 +178,8 @@ private HttpClient( this.supportedCipherSuites = supportedCipherSuites; this.keystoreAlias = keystoreAlias; - HttpHost[] hosts = Arrays.stream(servers) - .map(s -> s.split(":")) - .map(s -> new HttpHost(ssl ? "https" : "http", s[0], Integer.parseInt(s[1]))) - .collect(Collectors.toList()) - .toArray(new HttpHost[0]); - + HttpHost[] hosts = createHosts(servers); RestClientBuilder builder = RestClient.builder(hosts); - // builder.setMaxRetryTimeoutMillis(10000); builder.setFailureListener(new RestClient.FailureListener() { @Override @@ -208,6 +204,24 @@ public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpCli rclient = new RestHighLevelClient(builder); } + private HttpHost[] createHosts(String[] servers) { + return Arrays.stream(servers).map(server -> { + try { + server = addSchemeBasedOnSSL(server); + URI uri = new URI(server); + return new HttpHost(uri.getScheme(), uri.getHost(), uri.getPort()); + } catch (URISyntaxException e) { + return null; + } + }).filter(Objects::nonNull).collect(Collectors.toList()).toArray(HttpHost[]::new); + } + + private String addSchemeBasedOnSSL(String server) { + server = server.replaceAll("https://|http://", ""); + String protocol = ssl ? "https://" : "http://"; + return protocol.concat(server); + } + public boolean index(final String content, final String index, final String type, final boolean refresh) { try { diff --git a/src/test/java/org/opensearch/security/httpclient/HttpClientTest.java b/src/test/java/org/opensearch/security/httpclient/HttpClientTest.java index 3da6ad3d7f..6a8db35d14 100644 --- a/src/test/java/org/opensearch/security/httpclient/HttpClientTest.java +++ b/src/test/java/org/opensearch/security/httpclient/HttpClientTest.java @@ -30,7 +30,10 @@ protected String getResourceFolder() { @Test public void testPlainConnection() throws Exception { - final Settings settings = Settings.builder().put("plugins.security.ssl.http.enabled", false).build(); + final Settings settings = Settings.builder() + .put("plugins.security.ssl.http.enabled", false) + .loadFromPath(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/endpoints/routing/configuration_valid.yml")) + .build(); setup(Settings.EMPTY, new DynamicSecurityConfig(), settings); @@ -84,6 +87,7 @@ public void testSslConnection() throws Exception { .put(SSLConfigConstants.SECURITY_SSL_HTTP_KEYSTORE_ALIAS, "node-0") .put("plugins.security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/node-0-keystore.jks")) .put("plugins.security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/truststore.jks")) + .loadFromPath(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/endpoints/routing/configuration_valid.yml")) .build(); setup(Settings.EMPTY, new DynamicSecurityConfig(), settings); @@ -123,6 +127,7 @@ public void testSslConnectionPKIAuth() throws Exception { .put(SSLConfigConstants.SECURITY_SSL_HTTP_KEYSTORE_ALIAS, "node-0") .put("plugins.security.ssl.http.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/node-0-keystore.jks")) .put("plugins.security.ssl.http.truststore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("auditlog/truststore.jks")) + .loadFromPath(FileHelper.getAbsoluteFilePathFromClassPath("auditlog/endpoints/routing/configuration_valid.yml")) .build(); setup(Settings.EMPTY, new DynamicSecurityConfig(), settings); diff --git a/src/test/resources/auditlog/endpoints/routing/configuration_valid.yml b/src/test/resources/auditlog/endpoints/routing/configuration_valid.yml index 046e4d6ee5..027ee6869e 100644 --- a/src/test/resources/auditlog/endpoints/routing/configuration_valid.yml +++ b/src/test/resources/auditlog/endpoints/routing/configuration_valid.yml @@ -15,7 +15,23 @@ plugins.security: endpoint2: type: external_opensearch config: - http_endpoints: ['localhost:9200','localhost:9201','localhost:9202'] + http_endpoints: [ + 'localhost', + 'localhost:9200', + 'localhost:9201', + 'localhost:9202', + 'localhost:9202/opensearch', + '127.0.0.1', + '127.0.0.1:9200', + '127.0.0.1:9200/opensearch', + 'my-opensearch-cluster.company.com:9200', + 'my-opensearch-cluster.company.com:9200/opensearch', + 'http://my-opensearch-cluster.company.com', + 'https://my-opensearch-cluster.company.com:9200', + 'https://my-opensearch-cluster.company.com:9200/opensearch', + '[::1]:9200', + '[::1]:9200/opensearch', + ] index: auditlog username: auditloguser password: auditlogpassword