Changes same node evaluation logic to use TransportService instead of…

… ClusterState Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
opensearch-project · May 24, 2023 · de26a79 · de26a79
1 parent 098f6bd
commit de26a79
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 13 deletions.
diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -73,6 +73,7 @@
 import org.opensearch.action.support.ActionFilter;
 import org.opensearch.client.Client;
 import org.opensearch.cluster.metadata.IndexNameExpressionResolver;
+import org.opensearch.cluster.node.DiscoveryNode;
 import org.opensearch.cluster.node.DiscoveryNodes;
 import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.component.Lifecycle.State;
@@ -1193,6 +1194,7 @@ public static class GuiceHolder implements LifecycleComponent {
         private static RemoteClusterService remoteClusterService;
         private static IndicesService indicesService;
         private static PitService pitService;
+        private static DiscoveryNode localNode;
 
         // CS-SUPPRESS-SINGLE: RegexpSingleline Extensions manager used to allow/disallow TLS connections to extensions
         private static ExtensionsManager extensionsManager;
@@ -1205,6 +1207,7 @@ public GuiceHolder(final RepositoriesService repositoriesService,
             GuiceHolder.indicesService = indicesService;
             GuiceHolder.pitService = pitService;
             GuiceHolder.extensionsManager = extensionsManager;
+            GuiceHolder.localNode = remoteClusterService.getLocalNode();
         }
         // CS-ENFORCE-SINGLE
 
@@ -1226,6 +1229,7 @@ public static IndicesService getIndicesService() {
         public static ExtensionsManager getExtensionsManager() { return extensionsManager; }
         // CS-ENFORCE-SINGLE
 
+        public static DiscoveryNode getLocalNode() { return localNode; }
 
         @Override
         public void close() {

diff --git a/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java b/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java
@@ -43,6 +43,7 @@
 import org.opensearch.action.get.GetRequest;
 import org.opensearch.action.search.SearchAction;
 import org.opensearch.action.search.SearchRequest;
+import org.opensearch.cluster.node.DiscoveryNode;
 import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.io.stream.StreamInput;
 import org.opensearch.common.settings.Settings;
@@ -68,6 +69,7 @@
 import org.opensearch.transport.TransportRequestOptions;
 import org.opensearch.transport.TransportResponse;
 import org.opensearch.transport.TransportResponseHandler;
+import org.opensearch.transport.TransportService;
 
 import static org.opensearch.security.OpenSearchSecurityPlugin.isActionTraceEnabled;
 
@@ -85,14 +87,16 @@ public class SecurityInterceptor {
     private final ClusterInfoHolder clusterInfoHolder;
     private final SSLConfig SSLConfig;
 
+    private final DiscoveryNode localNode;
+
     public SecurityInterceptor(final Settings settings,
-            final ThreadPool threadPool, final BackendRegistry backendRegistry,
-            final AuditLog auditLog, final PrincipalExtractor principalExtractor,
-            final InterClusterRequestEvaluator requestEvalProvider,
-            final ClusterService cs,
-            final SslExceptionHandler sslExceptionHandler,
-            final ClusterInfoHolder clusterInfoHolder,
-            final SSLConfig SSLConfig) {
+                               final ThreadPool threadPool, final BackendRegistry backendRegistry,
+                               final AuditLog auditLog, final PrincipalExtractor principalExtractor,
+                               final InterClusterRequestEvaluator requestEvalProvider,
+                               final ClusterService cs,
+                               final SslExceptionHandler sslExceptionHandler,
+                               final ClusterInfoHolder clusterInfoHolder,
+                               final SSLConfig SSLConfig) {
         this.backendRegistry = backendRegistry;
         this.auditLog = auditLog;
         this.threadPool = threadPool;
@@ -103,6 +107,7 @@ public SecurityInterceptor(final Settings settings,
         this.sslExceptionHandler = sslExceptionHandler;
         this.clusterInfoHolder = clusterInfoHolder;
         this.SSLConfig = SSLConfig;
+        this.localNode = OpenSearchSecurityPlugin.GuiceHolder.getLocalNode();
     }
 
     public <T extends TransportRequest> SecurityRequestHandler<T> getHandler(String action,
@@ -127,12 +132,14 @@ public <T extends TransportResponse> void sendRequestDecorate(AsyncSender sender
         final String origCCSTransientMf = getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_MASKED_FIELD_CCS);
 
         final boolean isDebugEnabled = log.isDebugEnabled();
-        boolean isSameNodeRequest = false;
-        try {
-            isSameNodeRequest = cs.localNode().equals(connection.getNode()); // using DiscoveryNode equals comparison here
-        } catch (AssertionError e) {
-            // do nothing
-        }
+        boolean isSameNodeRequest = localNode != null && localNode.equals(connection.getNode());
+//        try {
+//            isSameNodeRequest = cs.localNode().equals(connection.getNode()); // using DiscoveryNode equals comparison here
+//        } catch (AssertionError e) {
+//            // do nothing
+//            log.info(e);
+//        }
+
 
         try (ThreadContext.StoredContext stashedContext = getThreadContext().stashContext()) {
             final TransportResponseHandler<T> restoringHandler = new RestoringTransportResponseHandler<T>(handler, stashedContext);