Filter datasource encryption master key from cluster settings GET API by vamsimanohar · Pull Request #1825 · opensearch-project/sql · GitHub
Skip to content

Filter datasource encryption master key from cluster settings GET API#1825

Merged
vamsimanohar merged 1 commit into
opensearch-project:mainfrom
vamsimanohar:restrict-master-key-in-cluster-settings-api
Jul 11, 2023
Merged

Filter datasource encryption master key from cluster settings GET API#1825
vamsimanohar merged 1 commit into
opensearch-project:mainfrom
vamsimanohar:restrict-master-key-in-cluster-settings-api

Conversation

@vamsimanohar

@vamsimanohar vamsimanohar commented Jul 10, 2023

Copy link
Copy Markdown
Member

Description

This PR is to disable master key reading from cluster settings API.

Before the change
GET localhost:9200/_cluster/settings?include_defaults=true

"plugins": {
            "ppl": {
                "enabled": "true"
            },
            "query": {
                "memory_limit": "85%",
                "metrics": {
                    "rolling_interval": "60",
                    "rolling_window": "3600"
                },
                "datasources": {
                    "encryption": {
                        "masterkey": "0000000000000000"
                    },
                    "uri": {
                        "allowhosts": ".*"
                    }
                },
                "size_limit": "200"
            },

After the change
GET localhost:9200/_cluster/settings?include_defaults=true

"plugins": {
            "ppl": {
                "enabled": "true"
            },
            "query": {
                "memory_limit": "85%",
                "metrics": {
                    "rolling_interval": "60",
                    "rolling_window": "3600"
                },
                "datasources": {
                    "uri": {
                        "allowhosts": ".*"
                    }
                },
                "size_limit": "200"
            }

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass, including unit test, integration test and doctest
  • New functionality has been documented.
    • New functionality has javadoc added
    • New functionality has user manual doc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@vamsimanohar vamsimanohar changed the title Restrict master key reading from cluster settings API Filter datasource encryption master key from cluster settings GET API Jul 10, 2023
@vamsimanohar vamsimanohar marked this pull request as ready for review July 10, 2023 21:22
@vamsimanohar vamsimanohar added bug Something isn't working backport 2.x labels Jul 10, 2023
joshuali925
joshuali925 previously approved these changes Jul 10, 2023
Yury-Fridlyand
Yury-Fridlyand previously approved these changes Jul 10, 2023

@Yury-Fridlyand Yury-Fridlyand left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add an IT? Thanks

@codecov

codecov Bot commented Jul 10, 2023

Copy link
Copy Markdown

rupal-bq
rupal-bq previously approved these changes Jul 10, 2023
@vamsimanohar vamsimanohar force-pushed the restrict-master-key-in-cluster-settings-api branch from 2a112c5 to c3cfd1a Compare July 10, 2023 23:03
Yury-Fridlyand
Yury-Fridlyand previously approved these changes Jul 10, 2023
Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
@vamsimanohar vamsimanohar force-pushed the restrict-master-key-in-cluster-settings-api branch from c3cfd1a to 418b5e9 Compare July 10, 2023 23:58
@vamsimanohar vamsimanohar merged commit a8ecd2f into opensearch-project:main Jul 11, 2023
opensearch-trigger-bot Bot pushed a commit that referenced this pull request Jul 11, 2023
Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)
vamsimanohar added a commit that referenced this pull request Jul 11, 2023
…ettings GET API (#1828)

* Restrict master key reading from cluster settings API (#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)

* Fxied DatasourceClusterSettingsIT for 2.x

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>

---------

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Co-authored-by: Vamsi Manohar <reddyvam@amazon.com>
vamsimanohar added a commit that referenced this pull request Jul 11, 2023
…ettings GET API (#1828)

* Restrict master key reading from cluster settings API (#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)

* Fxied DatasourceClusterSettingsIT for 2.x

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>

---------

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Co-authored-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit 98ca9f8)
vamsimanohar added a commit that referenced this pull request Jul 11, 2023
…ettings GET API (#1828) (#1844)

* Restrict master key reading from cluster settings API (#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit a8ecd2f)

* Fxied DatasourceClusterSettingsIT for 2.x

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>

---------

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Co-authored-by: Vamsi Manohar <reddyvam@amazon.com>
(cherry picked from commit 98ca9f8)

Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
MitchellGale pushed a commit to Bit-Quill/opensearch-project-sql that referenced this pull request Jul 11, 2023
…ject#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Signed-off-by: Mitchell Gale <Mitchell.Gale@improving.com>
MitchellGale pushed a commit to Bit-Quill/opensearch-project-sql that referenced this pull request Jul 11, 2023
…ject#1825)

Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
Signed-off-by: Mitchell Gale <Mitchell.Gale@improving.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport 2.x bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants