forked from opensearch-project/security
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve serialization speeds (opensearch-project#2802)
Use custom serialization in security plugin. - Resolves opensearch-project#2780 Signed-off-by: Paras Jain <[email protected]> Signed-off-by: Peter Nied <[email protected]> Co-authored-by: Paras Jain <[email protected]> Co-authored-by: Peter Nied <[email protected]> Signed-off-by: Paras Jain <[email protected]>
- Loading branch information
Showing
29 changed files
with
1,830 additions
and
447 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,180 +0,0 @@ | ||
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| */ | ||
| package org.opensearch.security.bwc; | ||
|
|
||
| import java.io.IOException; | ||
| import java.util.List; | ||
| import java.util.Map; | ||
| import java.util.Optional; | ||
| import java.util.Set; | ||
| import java.util.stream.Collectors; | ||
|
|
||
| import org.apache.http.Header; | ||
| import org.apache.http.HttpHost; | ||
| import org.apache.http.auth.AuthScope; | ||
| import org.apache.http.auth.UsernamePasswordCredentials; | ||
| import org.apache.http.client.CredentialsProvider; | ||
| import org.apache.http.conn.ssl.NoopHostnameVerifier; | ||
| import org.apache.http.impl.client.BasicCredentialsProvider; | ||
| import org.apache.http.message.BasicHeader; | ||
| import org.apache.http.ssl.SSLContextBuilder; | ||
| import org.junit.Assume; | ||
| import org.junit.Before; | ||
| import org.opensearch.common.settings.Settings; | ||
| import org.opensearch.common.util.concurrent.ThreadContext; | ||
| import org.opensearch.test.rest.OpenSearchRestTestCase; | ||
|
|
||
| import org.opensearch.Version; | ||
|
|
||
| import static org.hamcrest.MatcherAssert.assertThat; | ||
| import static org.hamcrest.Matchers.hasItem; | ||
|
|
||
| import org.opensearch.client.RestClient; | ||
| import org.opensearch.client.RestClientBuilder; | ||
|
|
||
| import org.junit.Assert; | ||
|
|
||
| public class SecurityBackwardsCompatibilityIT extends OpenSearchRestTestCase { | ||
|
|
||
| private ClusterType CLUSTER_TYPE; | ||
| private String CLUSTER_NAME; | ||
|
|
||
| @Before | ||
| private void testSetup() { | ||
| final String bwcsuiteString = System.getProperty("tests.rest.bwcsuite"); | ||
| Assume.assumeTrue("Test cannot be run outside the BWC gradle task 'bwcTestSuite' or its dependent tasks", bwcsuiteString != null); | ||
| CLUSTER_TYPE = ClusterType.parse(bwcsuiteString); | ||
| CLUSTER_NAME = System.getProperty("tests.clustername"); | ||
| } | ||
|
|
||
| @Override | ||
| protected final boolean preserveClusterUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected final boolean preserveIndicesUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected final boolean preserveReposUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected boolean preserveTemplatesUponCompletion() { | ||
| return true; | ||
| } | ||
|
|
||
| @Override | ||
| protected String getProtocol() { | ||
| return "https"; | ||
| } | ||
|
|
||
| @Override | ||
| protected final Settings restClientSettings() { | ||
| return Settings.builder() | ||
| .put(super.restClientSettings()) | ||
| // increase the timeout here to 90 seconds to handle long waits for a green | ||
| // cluster health. the waits for green need to be longer than a minute to | ||
| // account for delayed shards | ||
| .put(OpenSearchRestTestCase.CLIENT_SOCKET_TIMEOUT, "90s") | ||
| .build(); | ||
| } | ||
|
|
||
| @Override | ||
| protected RestClient buildClient(Settings settings, HttpHost[] hosts) throws IOException { | ||
| RestClientBuilder builder = RestClient.builder(hosts); | ||
| configureHttpsClient(builder, settings); | ||
| boolean strictDeprecationMode = settings.getAsBoolean("strictDeprecationMode", true); | ||
| builder.setStrictDeprecationMode(strictDeprecationMode); | ||
| return builder.build(); | ||
| } | ||
|
|
||
| protected static void configureHttpsClient(RestClientBuilder builder, Settings settings) throws IOException { | ||
| Map<String, String> headers = ThreadContext.buildDefaultHeaders(settings); | ||
| Header[] defaultHeaders = new Header[headers.size()]; | ||
| int i = 0; | ||
| for (Map.Entry<String, String> entry : headers.entrySet()) { | ||
| defaultHeaders[i++] = new BasicHeader(entry.getKey(), entry.getValue()); | ||
| } | ||
| builder.setDefaultHeaders(defaultHeaders); | ||
| builder.setHttpClientConfigCallback(httpClientBuilder -> { | ||
| String userName = Optional.ofNullable(System.getProperty("tests.opensearch.username")) | ||
| .orElseThrow(() -> new RuntimeException("user name is missing")); | ||
| String password = Optional.ofNullable(System.getProperty("tests.opensearch.password")) | ||
| .orElseThrow(() -> new RuntimeException("password is missing")); | ||
| CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); | ||
| credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(userName, password)); | ||
| try { | ||
| return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider) | ||
| // disable the certificate since our testing cluster just uses the default security configuration | ||
| .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) | ||
| .setSSLContext(SSLContextBuilder.create().loadTrustMaterial(null, (chains, authType) -> true).build()); | ||
| } catch (Exception e) { | ||
| throw new RuntimeException(e); | ||
| } | ||
| }); | ||
| } | ||
|
|
||
| public void testBasicBackwardsCompatibility() throws Exception { | ||
| String round = System.getProperty("tests.rest.bwcsuite_round"); | ||
|
|
||
| if (round.equals("first") || round.equals("old")) { | ||
| assertPluginUpgrade("_nodes/" + CLUSTER_NAME + "-0/plugins"); | ||
| } else if (round.equals("second")) { | ||
| assertPluginUpgrade("_nodes/" + CLUSTER_NAME + "-1/plugins"); | ||
| } else if (round.equals("third")) { | ||
| assertPluginUpgrade("_nodes/" + CLUSTER_NAME + "-2/plugins"); | ||
| } | ||
| } | ||
|
|
||
| @SuppressWarnings("unchecked") | ||
| public void testWhoAmI() throws Exception { | ||
| Map<String, Object> responseMap = (Map<String, Object>) getAsMap("_plugins/_security/whoami"); | ||
| Assert.assertTrue(responseMap.containsKey("dn")); | ||
| } | ||
|
|
||
| private enum ClusterType { | ||
| OLD, | ||
| MIXED, | ||
| UPGRADED; | ||
|
|
||
| public static ClusterType parse(String value) { | ||
| switch (value) { | ||
| case "old_cluster": | ||
| return OLD; | ||
| case "mixed_cluster": | ||
| return MIXED; | ||
| case "upgraded_cluster": | ||
| return UPGRADED; | ||
| default: | ||
| throw new AssertionError("unknown cluster type: " + value); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| @SuppressWarnings("unchecked") | ||
| private void assertPluginUpgrade(String uri) throws Exception { | ||
| Map<String, Map<String, Object>> responseMap = (Map<String, Map<String, Object>>) getAsMap(uri).get("nodes"); | ||
| for (Map<String, Object> response : responseMap.values()) { | ||
| List<Map<String, Object>> plugins = (List<Map<String, Object>>) response.get("plugins"); | ||
| Set<String> pluginNames = plugins.stream().map(map -> (String) map.get("name")).collect(Collectors.toSet()); | ||
|
|
||
| final Version minNodeVersion = this.minimumNodeVersion(); | ||
|
|
||
| if (minNodeVersion.major <= 1) { | ||
| assertThat(pluginNames, hasItem("opensearch_security")); | ||
| } else { | ||
| assertThat(pluginNames, hasItem("opensearch-security")); | ||
| } | ||
|
|
||
| } | ||
| } | ||
| } | ||
28 changes: 28 additions & 0 deletions
28
bwc-test/src/test/java/org/opensearch/security/bwc/ClusterType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| */ | ||
|
|
||
| package org.opensearch.security.bwc; | ||
|
|
||
| public enum ClusterType { | ||
| OLD, | ||
| MIXED, | ||
| UPGRADED; | ||
|
|
||
| public static ClusterType parse(String value) { | ||
| switch (value) { | ||
| case "old_cluster": | ||
| return OLD; | ||
| case "mixed_cluster": | ||
| return MIXED; | ||
| case "upgraded_cluster": | ||
| return UPGRADED; | ||
| default: | ||
| throw new AssertionError("unknown cluster type: " + value); | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.