Merge branch '2.x' into backport/backport-4494-to-2.x

opensearch-project · Sep 22, 2022 · 43a51ff · 43a51ff
2 parents d93da07 + 3909012
commit 43a51ff
Show file tree

Hide file tree

Showing 47 changed files with 61 additions and 31 deletions.
diff --git a/.ci/bwcVersions b/.ci/bwcVersions
@@ -52,3 +52,4 @@ BWC_VERSION:
   - "2.2.1"
   - "2.2.2"
   - "2.3.0"
+  - "2.3.1"
diff --git a/.github/workflows/changelog_verifier.yml b/.github/workflows/changelog_verifier.yml
@@ -14,3 +14,5 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - uses: dangoslen/changelog-enforcer@v3
+        with:
+          skipLabels: "autocut"
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
@@ -5,7 +5,7 @@ on:
     tags:
       - '*.*.*'
 
-jobs:  
+jobs:
   build:
     runs-on: ubuntu-latest
     steps:
@@ -60,6 +60,8 @@ jobs:
           branch: 'create-pull-request/patch-${{ env.BASE }}'
           commit-message: Incremented version to ${{ env.NEXT_VERSION }}
           delete-branch: true
+          labels: |
+            autocut
           title: '[AUTO] Incremented version to ${{ env.NEXT_VERSION }}.'
           body: |
             I've noticed that a new tag ${{ env.TAG }} was pushed, and incremented the version from ${{ env.CURRENT_VERSION }} to ${{ env.NEXT_VERSION }}.
@@ -84,6 +86,8 @@ jobs:
           branch: 'create-pull-request/patch-${{ env.BASE_X }}'
           commit-message: Added bwc version ${{ env.NEXT_VERSION }}
           delete-branch: true
+          labels: |
+            autocut
           title: '[AUTO] [${{ env.BASE_X }}] Added bwc version ${{ env.NEXT_VERSION }}.'
           body: |
             I've noticed that a new tag ${{ env.TAG }} was pushed, and added a bwc version ${{ env.NEXT_VERSION }}.
@@ -108,6 +112,8 @@ jobs:
           branch: 'create-pull-request/patch-main'
           commit-message: Added bwc version ${{ env.NEXT_VERSION }}
           delete-branch: true
+          labels: |
+            autocut
           title: '[AUTO] [main] Added bwc version ${{ env.NEXT_VERSION }}.'
           body: |
             I've noticed that a new tag ${{ env.TAG }} was pushed, and added a bwc version ${{ env.NEXT_VERSION }}.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,16 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Github workflow for changelog verification ([#4085](https://github.com/opensearch-project/OpenSearch/pull/4085))
 - Add failover support with Segment Replication enabled. ([#4325](https://github.com/opensearch-project/OpenSearch/pull/4325)
 - Added @dreamer-89 as an Opensearch maintainer ([#4342](https://github.com/opensearch-project/OpenSearch/pull/4342))
+- Added release notes for 1.3.5 ([#4343](https://github.com/opensearch-project/OpenSearch/pull/4343))
+- Added release notes for 2.2.1 ([#4344](https://github.com/opensearch-project/OpenSearch/pull/4344))
+- Label configuration for dependabot PRs ([#4348](https://github.com/opensearch-project/OpenSearch/pull/4348))
+- Support for HTTP/2 (server-side) ([#3847](https://github.com/opensearch-project/OpenSearch/pull/3847))
+- BWC version 2.2.2 ([#4383](https://github.com/opensearch-project/OpenSearch/pull/4383))
+- Support for labels on version bump PRs, skip label support for changelog verifier ([#4391](https://github.com/opensearch-project/OpenSearch/pull/4391))
+
+### Dependencies
+- Bumps `com.diffplug.spotless` from 6.9.1 to 6.10.0
+- Bumps `xmlbeans` from 5.1.0 to 5.1.1
 
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))
@@ -29,6 +39,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bugs for dependabot changelog verifier workflow ([#4364](https://github.com/opensearch-project/OpenSearch/pull/4364))
 - [Bug]: gradle check failing with java heap OutOfMemoryError (([#4328](https://github.com/opensearch-project/OpenSearch/
 - `opensearch.bat` fails to execute when install path includes spaces ([#4362](https://github.com/opensearch-project/OpenSearch/pull/4362))
+- Getting security exception due to access denied 'java.lang.RuntimePermission' 'accessDeclaredMembers' when trying to get snapshot with S3 IRSA ([#4469](https://github.com/opensearch-project/OpenSearch/pull/4469))
 - Fixed flaky test `ResourceAwareTasksTests.testTaskIdPersistsInThreadContext` ([#4484](https://github.com/opensearch-project/OpenSearch/pull/4484))
 - Fixed the ignore_malformed setting to also ignore objects ([#4494](https://github.com/opensearch-project/OpenSearch/pull/4494))
 
@@ -43,6 +54,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - BWC version 1.3.6 ([#4452](https://github.com/opensearch-project/OpenSearch/pull/4452))
 - Bump current version to 2.4.0 on 2.x branch ([#4454](https://github.com/opensearch-project/OpenSearch/pull/4454))
 - 2.3.0 release notes ([#4457](https://github.com/opensearch-project/OpenSearch/pull/4457))
+- Add BWC version 2.3.1 ([#4512](https://github.com/opensearch-project/OpenSearch/pull/4512))
+- Updated jackson to 2.13.4 and snakeyml to 1.32 ([#4563](https://github.com/opensearch-project/OpenSearch/pull/4563))
 
 ### Changed
 

diff --git a/buildSrc/version.properties b/buildSrc/version.properties
@@ -9,9 +9,9 @@ bundled_jdk = 17.0.4+8
 # optional dependencies
 spatial4j         = 0.7
 jts               = 1.15.0
-jackson           = 2.13.3
-jackson_databind  = 2.13.3
-snakeyaml         = 1.31
+jackson           = 2.13.4
+jackson_databind  = 2.13.4
+snakeyaml         = 1.32
 icu4j             = 70.1
 supercsv          = 2.4.0
 log4j             = 2.17.1

diff --git a/client/sniffer/licenses/jackson-core-2.13.3.jar.sha1 b/client/sniffer/licenses/jackson-core-2.13.3.jar.sha1
diff --git a/client/sniffer/licenses/jackson-core-2.13.4.jar.sha1 b/client/sniffer/licenses/jackson-core-2.13.4.jar.sha1
@@ -0,0 +1 @@
+0cf934c681294b97ef6d80082faeefbe1edadf56
diff --git a/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.3.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.3.jar.sha1
diff --git a/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.4.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.4.jar.sha1
@@ -0,0 +1 @@
+858c6cc78e1f08a885b1613e1d817c829df70a6e
diff --git a/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.3.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.3.jar.sha1
diff --git a/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.jar.sha1
@@ -0,0 +1 @@
+98b0edfa8e4084078f10b7b356c300ded4a71491
diff --git a/libs/x-content/licenses/jackson-core-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-core-2.13.3.jar.sha1
diff --git a/libs/x-content/licenses/jackson-core-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-core-2.13.4.jar.sha1
@@ -0,0 +1 @@
+0cf934c681294b97ef6d80082faeefbe1edadf56
diff --git a/libs/x-content/licenses/jackson-dataformat-cbor-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-cbor-2.13.3.jar.sha1
diff --git a/libs/x-content/licenses/jackson-dataformat-cbor-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-cbor-2.13.4.jar.sha1
@@ -0,0 +1 @@
+ccaf21e6a02a20cae6591a12d20bf310544cf3ee
diff --git a/libs/x-content/licenses/jackson-dataformat-smile-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-smile-2.13.3.jar.sha1
diff --git a/libs/x-content/licenses/jackson-dataformat-smile-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-smile-2.13.4.jar.sha1
@@ -0,0 +1 @@
+4161a7c3914a12e7b7940ea53eb3c53e17aea91b
diff --git a/libs/x-content/licenses/jackson-dataformat-yaml-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-yaml-2.13.3.jar.sha1
diff --git a/libs/x-content/licenses/jackson-dataformat-yaml-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-yaml-2.13.4.jar.sha1
@@ -0,0 +1 @@
+3142ec201e878372d1561e64bd1a947d9e88a03d
diff --git a/libs/x-content/licenses/snakeyaml-1.31.jar.sha1 b/libs/x-content/licenses/snakeyaml-1.31.jar.sha1
diff --git a/libs/x-content/licenses/snakeyaml-1.32.jar.sha1 b/libs/x-content/licenses/snakeyaml-1.32.jar.sha1
@@ -0,0 +1 @@
+e80612549feb5c9191c498de628c1aa80693cf0b
diff --git a/modules/ingest-geoip/licenses/jackson-annotations-2.13.3.jar.sha1 b/modules/ingest-geoip/licenses/jackson-annotations-2.13.3.jar.sha1
diff --git a/modules/ingest-geoip/licenses/jackson-annotations-2.13.4.jar.sha1 b/modules/ingest-geoip/licenses/jackson-annotations-2.13.4.jar.sha1
@@ -0,0 +1 @@
+858c6cc78e1f08a885b1613e1d817c829df70a6e
diff --git a/modules/ingest-geoip/licenses/jackson-databind-2.13.3.jar.sha1 b/modules/ingest-geoip/licenses/jackson-databind-2.13.3.jar.sha1
diff --git a/modules/ingest-geoip/licenses/jackson-databind-2.13.4.jar.sha1 b/modules/ingest-geoip/licenses/jackson-databind-2.13.4.jar.sha1
@@ -0,0 +1 @@
+98b0edfa8e4084078f10b7b356c300ded4a71491
diff --git a/plugins/discovery-ec2/licenses/jackson-annotations-2.13.3.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-annotations-2.13.3.jar.sha1
diff --git a/plugins/discovery-ec2/licenses/jackson-annotations-2.13.4.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-annotations-2.13.4.jar.sha1
@@ -0,0 +1 @@
+858c6cc78e1f08a885b1613e1d817c829df70a6e
diff --git a/plugins/discovery-ec2/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-databind-2.13.3.jar.sha1
diff --git a/plugins/discovery-ec2/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-databind-2.13.4.jar.sha1
@@ -0,0 +1 @@
+98b0edfa8e4084078f10b7b356c300ded4a71491
diff --git a/plugins/repository-azure/licenses/jackson-annotations-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-annotations-2.13.3.jar.sha1
diff --git a/plugins/repository-azure/licenses/jackson-annotations-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-annotations-2.13.4.jar.sha1
@@ -0,0 +1 @@
+858c6cc78e1f08a885b1613e1d817c829df70a6e
diff --git a/plugins/repository-azure/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-databind-2.13.3.jar.sha1
diff --git a/plugins/repository-azure/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-databind-2.13.4.jar.sha1
@@ -0,0 +1 @@
+98b0edfa8e4084078f10b7b356c300ded4a71491
diff --git a/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.3.jar.sha1
diff --git a/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.4.jar.sha1
@@ -0,0 +1 @@
+b739978806ffc80967ba0efe43b1296c29c4cfe8
diff --git a/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.3.jar.sha1
diff --git a/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.4.jar.sha1
@@ -0,0 +1 @@
+0e6d820112871f33cd94a1dcc54eef58874753b5
diff --git a/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.3.jar.sha1
diff --git a/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.4.jar.sha1
@@ -0,0 +1 @@
+da90f334c1e752342f2dedb59880d5d46b29fe03
diff --git a/plugins/repository-hdfs/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/repository-hdfs/licenses/jackson-databind-2.13.3.jar.sha1
diff --git a/plugins/repository-hdfs/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/repository-hdfs/licenses/jackson-databind-2.13.4.jar.sha1
@@ -0,0 +1 @@
+98b0edfa8e4084078f10b7b356c300ded4a71491
diff --git a/plugins/repository-s3/licenses/jackson-annotations-2.13.3.jar.sha1 b/plugins/repository-s3/licenses/jackson-annotations-2.13.3.jar.sha1
diff --git a/plugins/repository-s3/licenses/jackson-annotations-2.13.4.jar.sha1 b/plugins/repository-s3/licenses/jackson-annotations-2.13.4.jar.sha1
@@ -0,0 +1 @@
+858c6cc78e1f08a885b1613e1d817c829df70a6e
diff --git a/plugins/repository-s3/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/repository-s3/licenses/jackson-databind-2.13.3.jar.sha1
diff --git a/plugins/repository-s3/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/repository-s3/licenses/jackson-databind-2.13.4.jar.sha1
@@ -0,0 +1 @@
+98b0edfa8e4084078f10b7b356c300ded4a71491
diff --git a/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java b/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java
@@ -305,21 +305,28 @@ static AWSCredentialsProvider buildCredentials(Logger logger, S3ClientSettings c
             }
 
             if (irsaCredentials.getIdentityTokenFile() == null) {
-                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
-                    securityTokenService,
+                final STSAssumeRoleSessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
                     new STSAssumeRoleSessionCredentialsProvider.Builder(irsaCredentials.getRoleArn(), irsaCredentials.getRoleSessionName())
-                        .withStsClient(securityTokenService)
-                        .build()
+                        .withStsClient(securityTokenService);
+
+                final STSAssumeRoleSessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
+                    stsCredentialsProviderBuilder::build
                 );
+
+                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
             } else {
-                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
-                    securityTokenService,
+                final STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
                     new STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder(
                         irsaCredentials.getRoleArn(),
                         irsaCredentials.getRoleSessionName(),
                         irsaCredentials.getIdentityTokenFile()
-                    ).withStsClient(securityTokenService).build()
+                    ).withStsClient(securityTokenService);
+
+                final STSAssumeRoleWithWebIdentitySessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
+                    stsCredentialsProviderBuilder::build
                 );
+
+                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
             }
         } else if (basicCredentials != null) {
             logger.debug("Using basic key/secret credentials");

diff --git a/server/src/main/java/org/opensearch/Version.java b/server/src/main/java/org/opensearch/Version.java
@@ -99,6 +99,7 @@ public class Version implements Comparable<Version>, ToXContentFragment {
     public static final Version V_2_2_1 = new Version(2020199, org.apache.lucene.util.Version.LUCENE_9_3_0);
     public static final Version V_2_2_2 = new Version(2020299, org.apache.lucene.util.Version.LUCENE_9_3_0);
     public static final Version V_2_3_0 = new Version(2030099, org.apache.lucene.util.Version.LUCENE_9_3_0);
+    public static final Version V_2_3_1 = new Version(2030199, org.apache.lucene.util.Version.LUCENE_9_3_0);
     public static final Version V_2_4_0 = new Version(2040099, org.apache.lucene.util.Version.LUCENE_9_3_0);
     public static final Version CURRENT = V_2_4_0;
-Original file line number
+Diff line change
@@ Expand Up / @@ -52,3 +52,4 @@ BWC_VERSION: @@
       - "2.2.1"
       - "2.2.2"
       - "2.3.0"
+      - "2.3.1"