Skip to content

Commit

Permalink
Merge branch '2.x' of github.com:opensearch-project/security into bac…
Browse files Browse the repository at this point in the history 
…kport/backport-3236-to-2.x

Signed-off-by: Derek Ho <dxho@amazon.com>
  • Loading branch information
@derek-ho
derek-ho committed Aug 29, 2023
2 parents 7faf072 + 8c3c9c5 commit 5e06b96
Show file tree
Hide file tree
Showing 120 changed files with 1,781 additions and 2,365 deletions.
18 changes: 18 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
version: 2
updates:
- package-ecosystem: "gradle"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: "[2.x] dependabot:"
ignore:
# For all packages, ignore all major versions to minimize breaking issues
- dependency-name: "*"
update-types: ["version-update:semver-major"]
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: "[2.x] dependabot:"
11 changes: 8 additions & 3 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,15 @@ jobs:
-x test
- name: Coverage
uses: codecov/codecov-action@v1
uses: Wandalen/wretry.action@v1.3.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./build/reports/jacoco/test/jacocoTestReport.xml
attempt_limit: 3
attempt_delay: 2000
action: codecov/codecov-action@v3
with: |
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
files: ./build/reports/jacoco/test/jacocoTestReport.xml
- uses: actions/upload-artifact@v3
if: always()
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/code-hygiene.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
uses: actions/checkout@v2

- name: Linelint
uses: fernandrone/linelint@0.0.4
uses: fernandrone/linelint@0.0.6

spotless:
runs-on: ubuntu-latest
Expand Down
12 changes: 6 additions & 6 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ plugins {
id 'com.netflix.nebula.ospackage' version "11.3.0"
id "org.gradle.test-retry" version "1.5.4"
id 'eclipse'
id "com.github.spotbugs" version "5.0.14"
id "com.github.spotbugs" version "5.1.3"
id "com.google.osdetector" version "1.7.3"
}

Expand Down Expand Up @@ -106,8 +106,7 @@ forbiddenApisTest.enabled = false
filepermissions.enabled = false
forbiddenPatterns.enabled = false
testingConventions.enabled = false
// Conflicts between runtime kafka-clients:x.y.z & testRuntime kafka-clients:x.y.z:test
jarHell.enabled = false
jarHell.enabled = true
tasks.whenTaskAdded {task ->
if(task.name.contains("forbiddenApisIntegrationTest")) {
task.enabled = false
Expand Down Expand Up @@ -324,6 +323,7 @@ jacocoTestReport {

checkstyle {
configFile file("checkstyle/sun_checks.xml")
configFile file("checkstyle/println_checks.xml")
}

opensearchplugin {
Expand Down Expand Up @@ -419,7 +419,7 @@ configurations {
all {
resolutionStrategy {
force 'commons-codec:commons-codec:1.16.0'
force 'org.slf4j:slf4j-api:1.7.30'
force 'org.slf4j:slf4j-api:1.7.36'
force 'org.scala-lang:scala-library:2.13.11'
force "com.fasterxml.jackson:jackson-bom:${versions.jackson}"
force "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
Expand Down Expand Up @@ -564,14 +564,14 @@ dependencies {
runtimeOnly 'com.google.code.findbugs:jsr305:3.0.2'
runtimeOnly 'org.lz4:lz4-java:1.8.0'
runtimeOnly 'io.dropwizard.metrics:metrics-core:4.2.19'
runtimeOnly 'org.slf4j:slf4j-api:1.7.30'
runtimeOnly 'org.slf4j:slf4j-api:1.7.36'
runtimeOnly "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"
runtimeOnly 'org.xerial.snappy:snappy-java:1.1.10.3'
runtimeOnly 'org.codehaus.woodstox:stax2-api:4.2.1'
runtimeOnly "org.glassfish.jaxb:txw2:${jaxb_version}"
runtimeOnly 'com.fasterxml.woodstox:woodstox-core:6.5.1'
runtimeOnly 'org.apache.ws.xmlschema:xmlschema-core:2.2.5'
runtimeOnly 'org.apache.santuario:xmlsec:2.2.3'
runtimeOnly 'org.apache.santuario:xmlsec:2.3.3'
runtimeOnly "com.github.luben:zstd-jni:${versions.zstd}"
runtimeOnly 'org.checkerframework:checker-qual:3.36.0'
runtimeOnly "org.bouncycastle:bcpkix-jdk15to18:${versions.bouncycastle}"
Expand Down
21 changes: 21 additions & 0 deletions checkstyle/println_checks.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
<?xml version="1.0"?>
<!DOCTYPE module PUBLIC
"-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
"https://checkstyle.org/dtds/configuration_1_3.dtd">

<module name="Checker">
<module name="BeforeExecutionExclusionFileFilter">
<property name="fileNamePattern" value="src/main/java/org/opensearch/security/tools/*"/>
</module>
<module name="BeforeExecutionExclusionFileFilter">
<property name="fileNamePattern" value="src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java"/>
</module>
<module name="TreeWalker">
<module name="RegexpSinglelineJava">
<property name="format" value="System.out.println"/>
<property name="ignoreCase" value="true"/>
<property name="message" value="Do not use System.out.println" />
<property name="severity" value="error"/>
</module>
</module>
</module>
1 change: 1 addition & 0 deletions checkstyle/sun_checks.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,4 +215,5 @@
<property name="checkFormat" value="$1"/>
</module>

<module name="PrintlnModule"/>
</module>
45 changes: 45 additions & 0 deletions codecov.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
coverage:
status:
project:
# Exclusions to prevent false positives triggered
# Tracking with https://github.com/opensearch-project/security/issues/3137
default: false
plugin:
paths:
- "!src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/SelfRefreshingKeySet.java"
- "!src/main/java/com/amazon/dlic/auth/ldap2/LDAPConnectionFactoryFactory.java"
- "!src/main/java/org/opensearch/security/transport/SecurityInterceptor.java"
- "!src/main/java/org/opensearch/security/auditlog/AuditLogSslExceptionHandler.java"
- "!src/main/java/org/opensearch/security/compliance/ComplianceIndexingOperationListenerImpl.java"
- "!src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java"
- "!src/main/java/org/opensearch/security/configuration/StaticResourceException.java"
- "!src/main/java/org/opensearch/security/dlic/rest/api/AuditApiAction.java"
- "!src/main/java/org/opensearch/security/ssl/transport/SecuritySSLNettyTransport.java"
- "!src/main/java/org/opensearch/security/ssl/util/SSLConnectionTestUtil.java"
- "src/main"
target: auto
threshold: 0%
inconsistent-coverage-files:
paths:
- "src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/SelfRefreshingKeySet.java"
- "src/main/java/com/amazon/dlic/auth/ldap2/LDAPConnectionFactoryFactory.java"
- "src/main/java/org/opensearch/security/transport/SecurityInterceptor.java"
- "src/main/java/org/opensearch/security/auditlog/AuditLogSslExceptionHandler.java"
- "src/main/java/org/opensearch/security/compliance/ComplianceIndexingOperationListenerImpl.java"
- "src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java"
- "src/main/java/org/opensearch/security/configuration/StaticResourceException.java"
- "src/main/java/org/opensearch/security/dlic/rest/api/AuditApiAction.java"
- "src/main/java/org/opensearch/security/ssl/transport/SecuritySSLNettyTransport.java"
- "src/main/java/org/opensearch/security/ssl/util/SSLConnectionTestUtil.java"
target: auto
threshold: 50%
tests:
paths:
- "src/integrationTest"
- "src/test"
target: 100%

comment:
layout: "reach, diff, flags, files"
behavior: default
require_changes: true
1 change: 0 additions & 1 deletion src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@
package org.opensearch.security.api;

import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
import org.apache.hc.core5.http.HttpStatus;
import org.junit.ClassRule;
import org.junit.Test;
import org.junit.runner.RunWith;
Expand Down
3 changes: 1 addition & 2 deletions src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,7 @@ public Void run() {
}
} catch (Throwable e) {
log.error("Unable to enable krb_debug due to ", e);
System.err.println("Unable to enable krb_debug due to " + ExceptionsHelper.stackTrace(e));
System.out.println("Unable to enable krb_debug due to " + ExceptionsHelper.stackTrace(e));
log.debug("Unable to enable krb_debug due to " + ExceptionsHelper.stackTrace(e));
}

System.setProperty(KrbConstants.USE_SUBJECT_CREDS_ONLY_PROP, "false");
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/org/opensearch/security/auditlog/sink/DebugSink.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,15 @@

package org.opensearch.security.auditlog.sink;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.common.settings.Settings;
import org.opensearch.security.auditlog.impl.AuditMessage;

public final class DebugSink extends AuditLogSink {

final Logger log = LogManager.getLogger(DebugSink.class);

public DebugSink(String name, Settings settings, AuditLogSink fallbackSink) {
super(name, settings, null, fallbackSink);
}
Expand All @@ -27,7 +31,7 @@ public boolean isHandlingBackpressure() {

@Override
public boolean doStore(final AuditMessage msg) {
System.out.println("AUDIT_LOG: " + msg.toPrettyString());
log.info("AUDIT_LOG: " + msg.toPrettyString());
return true;
}

Expand Down
Loading

0 comments on commit 5e06b96

Please sign in to comment.