Skip to content

Commit

Permalink
Add method to return dynamic SecureTransportParameters from SecureTra…
Browse files Browse the repository at this point in the history
…nsportSettingsProvider interface (opensearch-project#16387) (opensearch-project#16388)

* Add isDualModeEnabled to SecureTransportSettingsProvider interface



* Add default impl



* Respond to comments, update usages and update docstring



* Address feedback



* Add ExperimentalApi and add to CHANGELOG



* Move DefaultSecureTransportParameters to separate file and add javadoc



---------


(cherry picked from commit f346788)

Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
1 parent 6db8124 commit 3ef3455
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Add _list/indices API as paginated alternate to _cat/indices ([#14718](https://github.com/opensearch-project/OpenSearch/pull/14718))
- Add changes to block calls in cat shards, indices and segments based on dynamic limit settings ([#15986](https://github.com/opensearch-project/OpenSearch/pull/15986))
- Flat object field use IndexOrDocValuesQuery to optimize query ([#14383](https://github.com/opensearch-project/OpenSearch/issues/14383))
- Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface ([#16387](https://github.com/opensearch-project/OpenSearch/pull/16387)

### Dependencies
- Bump `org.apache.logging.log4j:log4j-core` from 2.23.1 to 2.24.0 ([#15858](https://github.com/opensearch-project/OpenSearch/pull/15858))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -142,9 +142,10 @@ public SSLServerChannelInitializer(String name) {
protected void initChannel(Channel ch) throws Exception {
super.initChannel(ch);

final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
.map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
.orElse(false);
if (dualModeEnabled) {
logger.info("SSL Dual mode enabled, using port unification handler");
final ChannelHandler portUnificationHandler = new DualModeSslHandler(
settings,
secureTransportSettingsProvider,
Expand Down Expand Up @@ -258,7 +259,9 @@ protected class SSLClientChannelInitializer extends Netty4Transport.ClientChanne
public SSLClientChannelInitializer(DiscoveryNode node) {
this.node = node;

final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
.map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
.orElse(false);
hostnameVerificationEnabled = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION.get(settings);
hostnameVerificationResolveHostName = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME.get(settings);

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.plugins;

import org.opensearch.common.network.NetworkModule;
import org.opensearch.common.settings.Settings;

/**
* Default implementation of {@link SecureTransportSettingsProvider.SecureTransportParameters}.
*/
class DefaultSecureTransportParameters implements SecureTransportSettingsProvider.SecureTransportParameters {
private final Settings settings;

DefaultSecureTransportParameters(Settings settings) {
this.settings = settings;
}

@Override
public boolean dualModeEnabled() {
return NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,24 @@ default Collection<TransportAdapterProvider<Transport>> getTransportAdapterProvi
return Collections.emptyList();
}

/**
* Returns parameters that can be dynamically provided by a plugin providing a {@link SecureTransportSettingsProvider}
* implementation
* @param settings settings
* @return an instance of {@link SecureTransportParameters}
*/
default Optional<SecureTransportParameters> parameters(Settings settings) {
return Optional.of(new DefaultSecureTransportParameters(settings));
}

/**
* Dynamic parameters that can be provided by the {@link SecureTransportSettingsProvider}
*/
@ExperimentalApi
interface SecureTransportParameters {
boolean dualModeEnabled();
}

/**
* If supported, builds the {@link TransportExceptionHandler} instance for {@link Transport} instance
* @param settings settings
Expand Down

0 comments on commit 3ef3455

Please sign in to comment.