Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Breaking Change] Corrects the security config constant name which uses trusted cas #513

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

DarshitChanpura
Copy link
Member

Description

SecureRestClientBuilder currently is using node-certificate constant pemcert_filepath to build trust store. This is incorrect. It should be using pemtrustedcas_filepath to build a trust-store with root CAs

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@DarshitChanpura DarshitChanpura force-pushed the correct-security-constant branch from 99db999 to 7e666e0 Compare August 30, 2023 19:18
@codecov
Copy link

codecov bot commented Aug 30, 2023

Codecov Report

Merging #513 (7e666e0) into main (bae1bee) will decrease coverage by 0.11%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##               main     #513      +/-   ##
============================================
- Coverage     74.60%   74.50%   -0.11%     
+ Complexity      868      866       -2     
============================================
  Files           130      130              
  Lines          5632     5632              
  Branches        689      689              
============================================
- Hits           4202     4196       -6     
- Misses         1124     1129       +5     
- Partials        306      307       +1     
Files Changed Coverage Δ
...n/java/org/opensearch/commons/ConfigConstants.java 87.50% <ø> (ø)
...ensearch/commons/rest/SecureRestClientBuilder.java 44.88% <100.00%> (-4.73%) ⬇️

public static final String OPENSEARCH_SECURITY_SSL_HTTP_PEMCERT_FILEPATH = "plugins.security.ssl.http.pemcert_filepath";
public static final String OPENSEARCH_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH = "plugins.security.ssl.http.pemtrustedcas_filepath";
Copy link
Member

@lezzago lezzago Aug 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we go ahead with this breaking change, there should be issues created to each of the plugins that use this constant about this breaking change.

Affected plugins: https://github.com/search?q=org%3Aopensearch-project%20%22OPENSEARCH_SECURITY_SSL_HTTP_PEMCERT_FILEPATH%22&type=code

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also is it necessary to have a variable name change here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants