Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "[Manual Backport 2.x][MD] Support SigV4 as a new auth type of datasource" #3464

Merged
merged 1 commit into from
Feb 20, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
- [CVE-2022-24999] Resolve qs from 6.5.3 to 6.11.0 ([#3450](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3450))

### 📈 Features/Enhancements
- [Multiple DataSource] Add support for SigV4 authentication ([#3058](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/3058))

### 🐛 Bug Fixes

Expand Down
4 changes: 1 addition & 3 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@
"@hapi/podium": "^4.1.3",
"@hapi/vision": "^6.1.0",
"@hapi/wreck": "^17.1.0",
"@opensearch-project/opensearch": "^2.1.0",
"@opensearch-project/opensearch": "^1.1.0",
"@osd/ace": "1.0.0",
"@osd/analytics": "1.0.0",
"@osd/apm-config-loader": "1.0.0",
Expand Down Expand Up @@ -166,7 +166,6 @@
"dns-sync": "^0.2.1",
"elastic-apm-node": "^3.7.0",
"elasticsearch": "^16.7.0",
"http-aws-es": "6.0.0",
"execa": "^4.0.2",
"expiry-js": "0.1.7",
"fast-deep-equal": "^3.1.1",
Expand Down Expand Up @@ -335,7 +334,6 @@
"@types/zen-observable": "^0.8.0",
"@typescript-eslint/eslint-plugin": "^3.10.0",
"@typescript-eslint/parser": "^3.10.0",
"@types/http-aws-es": "6.0.2",
"angular-aria": "^1.8.0",
"angular-mocks": "^1.8.2",
"angular-recursion": "^1.0.5",
Expand Down
2 changes: 1 addition & 1 deletion packages/osd-opensearch/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"osd:watch": "node scripts/build --watch"
},
"dependencies": {
"@opensearch-project/opensearch": "^2.1.0",
"@opensearch-project/opensearch": "^1.1.0",
"@osd/dev-utils": "1.0.0",
"abort-controller": "^3.0.0",
"chalk": "^4.1.0",
Expand Down
2 changes: 0 additions & 2 deletions src/dev/jest/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,6 @@ export default {
moduleNameMapper: {
'@elastic/eui$': '<rootDir>/node_modules/@elastic/eui/test-env',
'@elastic/eui/lib/(.*)?': '<rootDir>/node_modules/@elastic/eui/test-env/$1',
'@opensearch-project/opensearch/aws':
'<rootDir>/node_modules/@opensearch-project/opensearch/lib/aws',
'^src/plugins/(.*)': '<rootDir>/src/plugins/$1',
'^test_utils/(.*)': '<rootDir>/src/test_utils/public/$1',
'^fixtures/(.*)': '<rootDir>/src/fixtures/$1',
Expand Down
15 changes: 1 addition & 14 deletions src/plugins/data_source/common/data_sources/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,8 @@ export interface DataSourceAttributes extends SavedObjectAttributes {
endpoint: string;
auth: {
type: AuthType;
credentials: UsernamePasswordTypedContent | SigV4Content | undefined;
credentials: UsernamePasswordTypedContent | undefined;
};
lastUpdatedTime?: string;
}

/**
* Multiple datasource supports authenticating as IAM user, it doesn't support IAM role.
* Because IAM role session requires temporary security credentials through assuming role,
* which makes no sense to store the credentials.
*/
export interface SigV4Content extends SavedObjectAttributes {
accessKey: string;
secretKey: string;
region: string;
}

export interface UsernamePasswordTypedContent extends SavedObjectAttributes {
Expand All @@ -35,5 +23,4 @@ export interface UsernamePasswordTypedContent extends SavedObjectAttributes {
export enum AuthType {
NoAuth = 'no_auth',
UsernamePasswordType = 'username_password',
SigV4 = 'sigv4',
}
64 changes: 14 additions & 50 deletions src/plugins/data_source/server/client/client_pool.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,11 @@ import { Client } from '@opensearch-project/opensearch';
import { Client as LegacyClient } from 'elasticsearch';
import LRUCache from 'lru-cache';
import { Logger } from 'src/core/server';
import { AuthType } from '../../common/data_sources';
import { DataSourcePluginConfigType } from '../../config';

export interface OpenSearchClientPoolSetup {
getClientFromPool: (endpoint: string, authType: AuthType) => Client | LegacyClient | undefined;
addClientToPool: (endpoint: string, authType: AuthType, client: Client | LegacyClient) => void;
getClientFromPool: (id: string) => Client | LegacyClient | undefined;
addClientToPool: (endpoint: string, client: Client | LegacyClient) => void;
}

/**
Expand All @@ -22,28 +21,23 @@ export interface OpenSearchClientPoolSetup {
* It reuse TPC connections for each OpenSearch endpoint.
*/
export class OpenSearchClientPool {
// LRU cache of client
// LRU cache
// key: data source endpoint
// value: OpenSearch client | Legacy client
private clientCache?: LRUCache<string, Client | LegacyClient>;
// LRU cache of aws clients
// key: endpoint + dataSourceId + lastUpdatedTime together to support update case.
// value: OpenSearch client | Legacy client
private awsClientCache?: LRUCache<string, Client | LegacyClient>;
// value: OpenSearch client object | Legacy client object
private cache?: LRUCache<string, Client | LegacyClient>;
private isClosed = false;

constructor(private logger: Logger) {}

public setup(config: DataSourcePluginConfigType): OpenSearchClientPoolSetup {
const logger = this.logger;
const { size } = config.clientPool;
const MAX_AGE = 15 * 60 * 1000; // by default, TCP connection times out in 15 minutes

this.clientCache = new LRUCache({
this.cache = new LRUCache({
max: size,
maxAge: MAX_AGE,
maxAge: 15 * 60 * 1000, // by default, TCP connection times out in 15 minutes

async dispose(key, client) {
async dispose(endpoint, client) {
try {
await client.close();
} catch (error: any) {
Expand All @@ -56,34 +50,12 @@ export class OpenSearchClientPool {
});
this.logger.info(`Created data source client pool of size ${size}`);

// aws client specific pool
this.awsClientCache = new LRUCache({
max: size,
maxAge: MAX_AGE,

async dispose(key, client) {
try {
await client.close();
} catch (error: any) {
logger.warn(
`Error closing OpenSearch client when removing from aws client pool: ${error.message}`
);
}
},
});
this.logger.info(`Created data source aws client pool of size ${size}`);

const getClientFromPool = (key: string, authType: AuthType) => {
const selectedCache = authType === AuthType.SigV4 ? this.awsClientCache : this.clientCache;

return selectedCache!.get(key);
const getClientFromPool = (endpoint: string) => {
return this.cache!.get(endpoint);
};

const addClientToPool = (key: string, authType: string, client: Client | LegacyClient) => {
const selectedCache = authType === AuthType.SigV4 ? this.awsClientCache : this.clientCache;
if (!selectedCache?.has(key)) {
return selectedCache!.set(key, client);
}
const addClientToPool = (endpoint: string, client: Client | LegacyClient) => {
this.cache!.set(endpoint, client);
};

return {
Expand All @@ -99,15 +71,7 @@ export class OpenSearchClientPool {
if (this.isClosed) {
return;
}

try {
await Promise.all([
...this.clientCache!.values().map((client) => client.close()),
...this.awsClientCache!.values().map((client) => client.close()),
]);
this.isClosed = true;
} catch (error) {
this.logger.error(`Error closing clients in pool. ${error}`);
}
await Promise.all(this.cache!.values().map((client) => client.close()));
this.isClosed = true;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ describe('configureClient', () => {
configureClient(dataSourceClientParams, clientPoolSetup, config, logger)
).rejects.toThrowError();

expect(ClientMock).not.toHaveBeenCalled();
expect(ClientMock).toHaveBeenCalledTimes(1);
expect(savedObjectsMock.get).toHaveBeenCalledTimes(1);
expect(decodeAndDecryptSpy).toHaveBeenCalledTimes(1);
});
Expand All @@ -152,7 +152,7 @@ describe('configureClient', () => {
configureClient(dataSourceClientParams, clientPoolSetup, config, logger)
).rejects.toThrowError();

expect(ClientMock).not.toHaveBeenCalled();
expect(ClientMock).toHaveBeenCalledTimes(1);
expect(savedObjectsMock.get).toHaveBeenCalledTimes(1);
expect(decodeAndDecryptSpy).toHaveBeenCalledTimes(1);
});
Expand Down
Loading