-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Refactor] Remove json-path from deps and use JsonPointer instead #3262
[Refactor] Remove json-path from deps and use JsonPointer instead #3262
Conversation
Codecov Report
@@ Coverage Diff @@
## main #3262 +/- ##
============================================
+ Coverage 63.15% 63.23% +0.07%
- Complexity 3448 3451 +3
============================================
Files 263 263
Lines 20024 20026 +2
Branches 3341 3339 -2
============================================
+ Hits 12647 12664 +17
+ Misses 5748 5737 -11
+ Partials 1629 1625 -4
|
@@ -137,7 +136,7 @@ public class AuditApiAction extends AbstractApiAction { | |||
private final List<String> readonlyFields; | |||
|
|||
public static class AuditRequestContentValidator extends RequestContentValidator { | |||
private static final Set<AuditCategory> DISABLED_REST_CATEGORIES = ImmutableSet.of( | |||
public static final Set<AuditCategory> DISABLED_REST_CATEGORIES = Set.of( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why switch these from ImmutableSet?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good question. List.of, Map.of, Set.of
were introduced in JDK 9 and I think guava sooner or later will replace ImmutableSet
and ImmutableList
with JDK implementation how it was done for generics it is just matter of time. It does not mean that we need to change everything immediately, but if it is possible I'm for vanilla implementation of immutable objects.
try { | ||
new MaskedField(mf, SALT).isValid(); | ||
new MaskedField(maskedFieldNode.asText(), SALT).isValid(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which of these methods throws an exception? It seems odd that this calls a function called isValid()
and expects it to throw an error if its invalid.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
asText
does not throw any exception. Docs:
Method that will return a valid String representation of the container value, if the node is a value node (method isValueNode returns true), otherwise empty String.
MaskedFieild
throws exception in case the value is null. This validation triggers after we check on null values in array so I do not think that null
will appear in this case. If you think that we need an addition check here something like:
maskedFieldNode.isValueNode()
I will add no problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for checking. I'm not as familiar with the MaskedField
class and can't find any good tests around it.
This looks fine to me, but it took me a second to understand the change with returning a Pair or null vs prior to this change it returned true or false.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahhh sorry for that, but the previous solution checks masked fields only ones and after that you need to repeat an attempt. So in case you have more than one invalid masked fields you have to submit PUT/PATCH multiple times. Which is not nice since in other places we try to validate (e.g. validateDataType
) all values in the request body.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since there is a behavior change here it might be more obvious with a unit test that confirms
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops looks like when I applied a patch I missed tests which I added. I was sure that tests are part of PR :-D. Which I mentioned in the description.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@peternied added missed tests
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cwperks I forgot to add tests when I applied the patch. I think now it should be better to understand MaskedField behave.
After RFC 6901 was introduced and the implementation was added to Jackson, there is no need to keep the com.jayway.jsonpath:json-path library in our source code, so we can replace current validation with Jackson's JsonPointer class. Signed-off-by: Andrey Pleskach <ples@aiven.io>
c5c6733
to
385061f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! Thanks @willyborankin
The backport to
To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-3262-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 14574dd108cefbd634ab5af8e5f13dba00a5681f
# Push it to GitHub
git push --set-upstream origin backport/backport-3262-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x Then, create a pull request where the |
…ensearch-project#3262) ### Description After RFC 6901 was introduced and the implementation was added to Jackson, there is no need to keep the `com.jayway.jsonpath:json-path` library in our source code, so we can replace current validation with Jackson's `JsonPointer` class. Besides added missing tests for: - `RoleRequestContentValidator` - `AuditRequestContentValidator` ### Issues Resolved opensearch-project#3245 ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). Signed-off-by: Andrey Pleskach <ples@aiven.io> (cherry picked from commit 14574dd)
### Description Selective manual backport of #3262. The original PR cannot be backported as is because of the changes to how the AbstractAPI is written between the 2.x and 1.x line. This PR resolves the build error seen on #3979. ### Check List - [ ] New functionality includes testing - [ ] New functionality has been documented - [ ] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>
Description
After RFC 6901 was introduced
and the implementation was added to Jackson,
there is no need to keep the
com.jayway.jsonpath:json-path
library in our source code,so we can replace current validation with Jackson's
JsonPointer
class.Besides added missing tests for:
RoleRequestContentValidator
AuditRequestContentValidator
Issues Resolved
#3245
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.