Better support wrapping of TransportChannel #3769
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
cwperks
requested review from
cliu123,
DarshitChanpura,
davidlago,
peternied,
RyanL1997,
stephen-crawford,
reta and
willyborankin
as code owners
src/main/java/org/opensearch/security/ssl/transport/SecuritySSLRequestHandler.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Craig Perkins <cwperx@amazon.com>
willyborankin
approved these changes
Nov 27, 2023
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #3769 +/- ##
==========================================
+ Coverage 65.24% 65.28% +0.03%
==========================================
Files 297 297
Lines 21129 21133 +4
Branches 3451 3452 +1
==========================================
+ Hits 13786 13796 +10
+ Misses 5643 5640 -3
+ Partials 1700 1697 -3
|
|
See steps to reproduce here: #3771 (comment) I have confirmed that this fix will ensure that When PA instantiates a PATransportChannel it does not copy the version from the original TransportChannel. Since it doesn't copy the version from the original, it will go with the default from TransportChannel which is the value of |
peternied
reviewed
Nov 29, 2023
src/main/java/org/opensearch/security/ssl/transport/SecuritySSLRequestHandler.java
Show resolved
Hide resolved
|
LGTM |
krishna-ggk
approved these changes
Nov 30, 2023
src/main/java/org/opensearch/security/ssl/transport/SecuritySSLRequestHandler.java
Show resolved
Hide resolved
src/main/java/org/opensearch/security/ssl/transport/SecuritySSLRequestHandler.java
Show resolved
Hide resolved
peternied
approved these changes
Nov 30, 2023
peternied
changed the title
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Nov 30, 2023
…InnerChannel to account for PA interceptor (#3769) ### Description Ensure that channel.getVersion() is called after extraction of inner channel. Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 481b373) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
willyborankin
pushed a commit
that referenced
this pull request
Nov 30, 2023
Backport 481b373 from #3769. --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Craig Perkins <cwperx@amazon.com>
prabhask5
pushed a commit
to prabhask5/opensearch-security
that referenced
this pull request
Jan 11, 2024
…InnerChannel to account for PA interceptor (opensearch-project#3769) ### Description Ensure that channel.getVersion() is called after extraction of inner channel. Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: Prabhas Kurapati <prabhask@berkeley.edu>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Performance Analyzer (PA) sets up a transport interceptor that wraps a TransportChannel. The security plugin has logic to extract the inner channel so that the rest of SecuritySSLRequestHandler uses the original channel. There is logic before the inner channel extraction to determine whether to use JDK Serialization if the incoming message was received from a node running OS <= 2.10. That code relies on
channel.getVersion()to get the version of the node that transmitted the transport request, but when the channel is wrapped its not delegating to the original channel in PA. This PR moves the logic after the extraction of the inner channel to ensure thatchannel.getVersion()correctly returns the version from the transmitting node.Bug fix
Issues Resolved
Testing
Will update with testing steps
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.