From 40da92c95ad75487d54899af3d0e9d8dd1807bed Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 28 Mar 2024 19:20:03 -0400 Subject: [PATCH] Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset (#6282) * Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset Signed-off-by: Craig Perkins * Add to CHANGELOG Signed-off-by: Craig Perkins * Adjust test in tls_settings_provider.test.ts Signed-off-by: Craig Perkins --------- Signed-off-by: Craig Perkins --- CHANGELOG.md | 1 + .../server/client/client_config.test.ts | 29 ++++++++++++++++++- .../server/client/client_config.ts | 2 +- .../server/legacy/client_config.test.ts | 28 +++++++++++++++++- .../server/legacy/client_config.ts | 2 +- .../server/util/tls_settings_provider.test.ts | 4 +-- .../server/util/tls_settings_provider.ts | 2 +- 7 files changed, 61 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca581115e50..c18a0f81d40 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -92,6 +92,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - [BUG][Multiple Datasource] Fix data source filter bug and add tests ([#6152](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6152)) - [BUG][Multiple Datasource] Fix obsolete snapshots for test within data source management plugin ([#6185](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6185)) - [Workspace] Add base path when parse url in http service ([#6233](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6233)) +- [Multiple Datasource] Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset ([#6282](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/6282)) ### 🚞 Infrastructure diff --git a/src/plugins/data_source/server/client/client_config.test.ts b/src/plugins/data_source/server/client/client_config.test.ts index e6aef818f7d..838b8bc882b 100644 --- a/src/plugins/data_source/server/client/client_config.test.ts +++ b/src/plugins/data_source/server/client/client_config.test.ts @@ -46,7 +46,7 @@ describe('parseClientOptions', () => { ssl: { requestCert: true, rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -109,4 +109,31 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + node: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + requestCert: true, + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/client/client_config.ts b/src/plugins/data_source/server/client/client_config.ts index f77986810f1..0de0ebcf37f 100644 --- a/src/plugins/data_source/server/client/client_config.ts +++ b/src/plugins/data_source/server/client/client_config.ts @@ -56,7 +56,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const clientOptions: ClientOptions = { diff --git a/src/plugins/data_source/server/legacy/client_config.test.ts b/src/plugins/data_source/server/legacy/client_config.test.ts index 67445a686f9..b8a6b1664ab 100644 --- a/src/plugins/data_source/server/legacy/client_config.test.ts +++ b/src/plugins/data_source/server/legacy/client_config.test.ts @@ -44,7 +44,7 @@ describe('parseClientOptions', () => { host: TEST_DATA_SOURCE_ENDPOINT, ssl: { rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -105,4 +105,30 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + host: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/legacy/client_config.ts b/src/plugins/data_source/server/legacy/client_config.ts index a3704d3ec09..a2dc81d6dc1 100644 --- a/src/plugins/data_source/server/legacy/client_config.ts +++ b/src/plugins/data_source/server/legacy/client_config.ts @@ -55,7 +55,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const configOptions: ConfigOptions = { diff --git a/src/plugins/data_source/server/util/tls_settings_provider.test.ts b/src/plugins/data_source/server/util/tls_settings_provider.test.ts index 3458ea8e6cc..6852bb95931 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.test.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.test.ts @@ -40,7 +40,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); @@ -52,7 +52,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); }); diff --git a/src/plugins/data_source/server/util/tls_settings_provider.ts b/src/plugins/data_source/server/util/tls_settings_provider.ts index 0924041a756..1b86c91c3b6 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.ts @@ -8,7 +8,7 @@ import { readFileSync } from 'fs'; export const readCertificateAuthorities = ( listOfCertificateAuthorities: string | string[] | undefined ) => { - let certificateAuthorities: string[] | undefined = []; + let certificateAuthorities: string[] | undefined; const addCertificateAuthorities = (ca: string[]) => { if (ca && ca.length) {