Switch to ClusterManager terminology #2062
Conversation
Enforce usage of ClusterManager terminology in the codebase Include mechanism to disable checkstyle rule Signed-off-by: Peter Nied <petern@amazon.com>
|
@RyanL1997 This change is similar to a recent PR #2056 that you made, mind taking a look? |
src/test/java/org/opensearch/security/test/AbstractSecurityUnitTest.java
Outdated
Show resolved
Hide resolved
|
Jumping on here, it looks like |
Signed-off-by: Peter Nied <petern@amazon.com>
peternied
dismissed stale reviews from DarshitChanpura and cwperks
via
9871424
Cross cluster needs to have an additional role in the `node.roles` list, which I am guessing was backwards compatiable if the legacy versions of the role assignments were used. With this change cross cluster tests properly include this value during setup and the settings for these values are merged instead of being overridden. Signed-off-by: Peter Nied <petern@amazon.com>
peternied
force-pushed
the
inclusive-main
branch
from
91fef1c to
f1e8044
Compare
Codecov Report
@@ Coverage Diff @@
## main #2062 +/- ##
============================================
- Coverage 61.09% 60.94% -0.15%
+ Complexity 3232 3225 -7
============================================
Files 256 256
Lines 18074 18074
Branches 3224 3225 +1
============================================
- Hits 11042 11016 -26
- Misses 5462 5479 +17
- Partials 1570 1579 +9
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
@cwperks @DarshitChanpura @RyanL1997 Mind taking another look?
| super(clusterSettings, transportSettings); | ||
| super(Settings.builder() | ||
| .put(clusterSettings) | ||
| .putList("node.roles", "remote_cluster_client").build(), transportSettings); |
There was a problem hiding this comment.
This is required for cross-cluster to be enabled https://opensearch.org/docs/latest/replication-plugin/get-started/#prerequisites
Note; I did not investigate why this wasn't required before.
| return mergeNodeRolesAndSettings(settingsBuilder, nodeRoleSettings); | ||
| } | ||
|
|
||
| public static Settings.Builder mergeNodeRolesAndSettings(final Settings.Builder settingsBuilder, final Settings otherSettings) { |
There was a problem hiding this comment.
Why add this method?
Settings.Builder.put(Settings) [code] takes the map representation of the incoming settings and stomps over top all intersecting keys.
Depending when .put(settings) was used this would stomp the {"node.roles": ["cluster_manager"]} -> {"node.roles":["remote_cluster_client"]} - this would stop the cluster from starting because it couldn't find any cluster_manager eligable nodes OR the inverse would happen and remote_cluster_client role would not be available on the cluster.
^ I started that sentence with depending, and yes that is because sometimes the test configuration is providing the default values before the cluster helper does its thing, and sometimes it's provided through a NodeSettingsSupplier which is applied afterward, but before the cluster starts up.
This method is available to handle the bi-directional merges of these settings and ensure the node.roles are merged instead of replaced.
That was difficult and complex, why go through that trouble for only node.roles?
Why not just support something like .merge(Settings)? - IMO this is a better solution except of course if our cluster configuration is taking advantage of this functionality - its a feature not a bug!
I avoided tackling this problem because the data flow around these settings is non-trivial and debugging and troubleshooting hundreds of integration unit tests compared to fixing the smaller subset of cross cluster tests that are broken seemed like the better short-term path.
As we build on the new test framework, being rigorous around the data flow can help avoid this class of problems
There was a problem hiding this comment.
Thanks for the explanation for this method.
Would making this more generic and having the method take in a key be useful?
i.e. public static Settings.Builder mergeListSettingByKey(final Settings.Builder settingsBuilder, final Settings otherSettings, String settingKey)
settingKey here being NODE_ROLE_KEY
There was a problem hiding this comment.
^ Next time we need to do this I think it would be worthwhile.
There was a problem hiding this comment.
@peternied Thanks for the comments making review much easier!
Would making this more generic and having the method take in a key be useful?
@cwperks very interesting idea! I might miss something. Are there any other use cases where settingKey can be something else other than NODE_ROLE_KEY? If so, making the method more generic would be necessary to serve those use cases.
There was a problem hiding this comment.
Interesting..thank you for the explanation. I like the idea of making it generic if there are other values as List objects that would "stomp" each other
There was a problem hiding this comment.
There was a problem hiding this comment.
If there are not other use cases, then I am good with moving forward as-is. @cwperks What do you think?
There was a problem hiding this comment.
@cliu123 I believe anywhere where you see putList in the code would be eligible: https://github.com/opensearch-project/security/search?q=putList
| PluginAwareNode node = new PluginAwareNode(setting.clusterManagerNode, | ||
| getMinimumNonSecurityNodeSettingsBuilder(nodeNum, setting.clusterManagerNode, setting.dataNode, internalNodeSettings.size(), tcpClusterManagerPortsOnly, tcpPortsAllIt.next(), httpPortsIt.next()) | ||
| .put(nodeSettingsSupplier == null ? Settings.Builder.EMPTY_SETTINGS : nodeSettingsSupplier.get(nodeNum)).build(), setting.getPlugins()); | ||
| final Settings.Builder nodeSettingsBuilder = getMinimumNonSecurityNodeSettingsBuilder(nodeNum, setting.clusterManagerNode, setting.dataNode, internalNodeSettings.size(), tcpClusterManagerPortsOnly, tcpPortsAllIt.next(), httpPortsIt.next()); |
There was a problem hiding this comment.
This is kind of painful - see AbstractSecurityUnitTest.mergeNodeRolesAndSettings where more background is provided.
Also, why not make this a function? This code uses a lot of locals to pass information around and the method signature would be untenable. Rather than refactor ClusterHelper for this case, I'm continuing the rich tradition of copy-pasting the update.
If we have strong feelings this could be an issue, but I doubt it would survive triage with the new test framework incoming
There was a problem hiding this comment.
If this a one-place-only kind of usage. I'm not against this approach.
Signed-off-by: Peter Nied <petern@amazon.com>
We can use constants for the rolenames when setting up the node, switching to them. Signed-off-by: Peter Nied <petern@amazon.com>
* Cluster manager inclusive checks on codebase Enforce usage of ClusterManager terminology in the codebase Include mechanism to disable checkstyle rule Cross cluster needs to have an additional role in the `node.roles` list, which I am guessing was backwards compatiable if the legacy versions of the role assignments were used. With this change cross cluster tests properly include this value during setup and the settings for these values are merged instead of being overridden. Signed-off-by: Peter Nied <petern@amazon.com>
* Cluster manager inclusive checks on codebase Enforce usage of ClusterManager terminology in the codebase Include mechanism to disable checkstyle rule Cross cluster needs to have an additional role in the `node.roles` list, which I am guessing was backwards compatiable if the legacy versions of the role assignments were used. With this change cross cluster tests properly include this value during setup and the settings for these values are merged instead of being overridden. Signed-off-by: Peter Nied <petern@amazon.com> Signed-off-by: Stephen Crawford <steecraw@amazon.com>
* Cluster manager inclusive checks on codebase Enforce usage of ClusterManager terminology in the codebase Include mechanism to disable checkstyle rule Cross cluster needs to have an additional role in the `node.roles` list, which I am guessing was backwards compatiable if the legacy versions of the role assignments were used. With this change cross cluster tests properly include this value during setup and the settings for these values are merged instead of being overridden. Signed-off-by: Peter Nied <petern@amazon.com>
* Cluster manager inclusive checks on codebase Enforce usage of ClusterManager terminology in the codebase Include mechanism to disable checkstyle rule Cross cluster needs to have an additional role in the `node.roles` list, which I am guessing was backwards compatiable if the legacy versions of the role assignments were used. With this change cross cluster tests properly include this value during setup and the settings for these values are merged instead of being overridden. Signed-off-by: Peter Nied <petern@amazon.com>
Description
Enforce usage of ClusterManager terminology in the codebase
Include mechanism to disable checkstyle rule
Signed-off-by: Peter Nied petern@amazon.com
Issues Resolved
Testing
Added Checkstyle mechanism to prevent usage of non-inclusive terminology
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.