Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Refactor] Remove json-path from deps and use JsonPointer instead #3262

Conversation

willyborankin
Copy link
Collaborator

Description

After RFC 6901 was introduced
and the implementation was added to Jackson,
there is no need to keep the com.jayway.jsonpath:json-path library in our source code,
so we can replace current validation with Jackson's JsonPointer class.

Besides added missing tests for:

  • RoleRequestContentValidator
  • AuditRequestContentValidator

Issues Resolved

#3245

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov
Copy link

codecov bot commented Aug 29, 2023

Codecov Report

Merging #3262 (385061f) into main (0338cdd) will increase coverage by 0.07%.
The diff coverage is 100.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##               main    #3262      +/-   ##
============================================
+ Coverage     63.15%   63.23%   +0.07%     
- Complexity     3448     3451       +3     
============================================
  Files           263      263              
  Lines         20024    20026       +2     
  Branches       3341     3339       -2     
============================================
+ Hits          12647    12664      +17     
+ Misses         5748     5737      -11     
+ Partials       1629     1625       -4     
Files Changed Coverage Δ
...nsearch/security/dlic/rest/api/AuditApiAction.java 91.17% <100.00%> (ø)
...nsearch/security/dlic/rest/api/RolesApiAction.java 95.83% <100.00%> (+15.39%) ⬆️

... and 2 files with indirect coverage changes

@willyborankin willyborankin added the backport 2.x backport to 2.x branch label Aug 29, 2023
@@ -137,7 +136,7 @@ public class AuditApiAction extends AbstractApiAction {
private final List<String> readonlyFields;

public static class AuditRequestContentValidator extends RequestContentValidator {
private static final Set<AuditCategory> DISABLED_REST_CATEGORIES = ImmutableSet.of(
public static final Set<AuditCategory> DISABLED_REST_CATEGORIES = Set.of(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why switch these from ImmutableSet?

Copy link
Collaborator Author

@willyborankin willyborankin Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good question. List.of, Map.of, Set.of were introduced in JDK 9 and I think guava sooner or later will replace ImmutableSet and ImmutableList with JDK implementation how it was done for generics it is just matter of time. It does not mean that we need to change everything immediately, but if it is possible I'm for vanilla implementation of immutable objects.

try {
new MaskedField(mf, SALT).isValid();
new MaskedField(maskedFieldNode.asText(), SALT).isValid();
Copy link
Member

@cwperks cwperks Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which of these methods throws an exception? It seems odd that this calls a function called isValid() and expects it to throw an error if its invalid.

Copy link
Collaborator Author

@willyborankin willyborankin Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

asText does not throw any exception. Docs:
Method that will return a valid String representation of the container value, if the node is a value node (method isValueNode returns true), otherwise empty String.
MaskedFieild throws exception in case the value is null. This validation triggers after we check on null values in array so I do not think that null will appear in this case. If you think that we need an addition check here something like:
maskedFieldNode.isValueNode()
I will add no problem.

Copy link
Member

@cwperks cwperks Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for checking. I'm not as familiar with the MaskedField class and can't find any good tests around it.

This looks fine to me, but it took me a second to understand the change with returning a Pair or null vs prior to this change it returned true or false.

Copy link
Collaborator Author

@willyborankin willyborankin Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahhh sorry for that, but the previous solution checks masked fields only ones and after that you need to repeat an attempt. So in case you have more than one invalid masked fields you have to submit PUT/PATCH multiple times. Which is not nice since in other places we try to validate (e.g. validateDataType) all values in the request body.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since there is a behavior change here it might be more obvious with a unit test that confirms

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops looks like when I applied a patch I missed tests which I added. I was sure that tests are part of PR :-D. Which I mentioned in the description.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@peternied added missed tests

Copy link
Collaborator Author

@willyborankin willyborankin Aug 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cwperks I forgot to add tests when I applied the patch. I think now it should be better to understand MaskedField behave.

After RFC 6901 was introduced
and the implementation was added to Jackson,
there is no need to keep the com.jayway.jsonpath:json-path  library
in our source code,
so we can replace current validation with Jackson's JsonPointer class.

Signed-off-by: Andrey Pleskach <ples@aiven.io>
@willyborankin willyborankin force-pushed the remove-json-path-library branch from c5c6733 to 385061f Compare August 29, 2023 20:36
Copy link
Contributor

@stephen-crawford stephen-crawford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Thanks @willyborankin

@stephen-crawford stephen-crawford merged commit 14574dd into opensearch-project:main Aug 31, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-3262-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 14574dd108cefbd634ab5af8e5f13dba00a5681f
# Push it to GitHub
git push --set-upstream origin backport/backport-3262-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-3262-to-2.x.

@peternied peternied mentioned this pull request Aug 31, 2023
31 tasks
willyborankin added a commit to willyborankin/security that referenced this pull request Sep 1, 2023
…ensearch-project#3262)

### Description
After RFC 6901 was introduced
and the implementation was added to Jackson,
there is no need to keep the `com.jayway.jsonpath:json-path` library in
our source code,
so we can replace current validation with Jackson's `JsonPointer` class.

Besides added missing tests for:
 - `RoleRequestContentValidator`
 - `AuditRequestContentValidator`

### Issues Resolved
opensearch-project#3245

### Check List
- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

Signed-off-by: Andrey Pleskach <ples@aiven.io>
(cherry picked from commit 14574dd)
cwperks pushed a commit that referenced this pull request Sep 1, 2023
stephen-crawford pushed a commit that referenced this pull request Jan 26, 2024
### Description

Selective manual backport of
#3262. The original
PR cannot be backported as is because of the changes to how the
AbstractAPI is written between the 2.x and 1.x line.

This PR resolves the build error seen on
#3979.

### Check List
- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants