[MD]Support md global configuration and cm plugin level configuration…

… on osd.yml (#18)

1. Move generate_crypto_materials to /script
2. Add cm configs to osd.yml
3. Add multipleDataSource global configuration support to osd.yml
4. Create default crypto material during plugin setup
5. Fix merge issues from #19

config/opensearch_dashboards.yml

@@ -183,3 +183,15 @@
 # Set the value of this setting to false to suppress search usage telemetry
 # for reducing the load of OpenSearch cluster.
 # data.search.usageTelemetry.enabled: false
+
+# Set the value of this setting to true to enable all multipleDataSource
+# related features including:
+# 1. credential management for managing the credential of each OpenSearch cluster.
+# 2. data source management for managing the connection endpoint of each OpenSearch cluster.
+# opensearchDashboards.multipleDataSource.enabled: false
+
+# Set the value of this setting to custermize crypto materials config to 
+# use encryption / decryption within credential management plugin
+# credential_management.keyName: "keyName"
+# credential_management.keyNamespace: "keyNamespace" 
+# credential_management.materialPath: "path/to/your/crypto_material"

package.json

@@ -68,7 +68,8 @@
     "docs:acceptApiChanges": "node --max-old-space-size=6144 scripts/check_published_api_changes.js --accept",
     "osd:bootstrap": "node scripts/build_ts_refs && node scripts/register_git_hook",
     "spec_to_console": "node scripts/spec_to_console",
-    "pkg-version": "./dev-tools/get-version.sh"
+    "pkg-version": "./dev-tools/get-version.sh",
+    "generate-crypto-materials": "node scripts/crypto_materials_generator"
   },
   "repository": {
     "type": "git",

scripts/crypto_materials_generator.js

@@ -0,0 +1,17 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Any modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+require('../src/setup_node_env');
+
+var args = require('yargs').argv;
+var generateCryptoMaterials = require('../src/plugins/credential_management/server/crypto/crypto_cli');
+
+generateCryptoMaterials(args.path, args.keyName, args.keyNamespace);

src/core/server/mocks.ts

@@ -76,6 +76,9 @@ export function pluginInitializerContextConfigMock<T>(config: T) {
       index: '.opensearch_dashboards_tests',
       autocompleteTerminateAfter: duration(100000),
       autocompleteTimeout: duration(1000),
+      multipleDataSource: {
+        enabled: false,
+      },
     },
     opensearch: {
       shardTimeout: duration('30s'),

src/core/server/opensearch_dashboards_config.ts

@@ -82,6 +82,9 @@ export const config = {
         defaultValue: '',
       }),
     }),
+    multipleDataSource: schema.object({
+      enabled: schema.boolean({ defaultValue: false }),
+    }),
   }),
   deprecations,
 };

src/core/server/opensearch_data/client/data_source_client.ts

@@ -11,7 +11,7 @@ import { Logger } from '../../logging';
 import { OpenSearchClient, OpenSearchClientConfig } from '../../opensearch/client';
 import { SavedObjectsClientContract } from '../../saved_objects/types';
 // @ts-ignore
-import { CryptoCli } from '../../../../../src/plugins/credential_management/server/crypto/cli/crypto_cli';
+import { CryptographySingleton } from '../../../../../src/plugins/credential_management/server/crypto/singleton/cryptography_singleton';
 
 /**
  * TODO: update doc
@@ -125,7 +125,7 @@ export class DataSourceClient implements ICustomDataSourceClient {
     const credentialObj = credential!.attributes as any;
     const { user_name: username, password: encryptedPassword } = credentialObj.credential_material;
 
-    const password = await CryptoCli.getInstance().decrypt(
+    const password = await CryptographySingleton.getInstance().decrypt(
       Buffer.from(encryptedPassword, 'base64')
     );
     return { username, password };

src/core/server/plugins/types.ts

@@ -272,7 +272,12 @@ export interface Plugin<
 
 export const SharedGlobalConfigKeys = {
   // We can add more if really needed
-  opensearchDashboards: ['index', 'autocompleteTerminateAfter', 'autocompleteTimeout'] as const,
+  opensearchDashboards: [
+    'index',
+    'autocompleteTerminateAfter',
+    'autocompleteTimeout',
+    'multipleDataSource',
+  ] as const,
   opensearch: ['shardTimeout', 'requestTimeout', 'pingTimeout'] as const,
   path: ['data'] as const,
   savedObjects: ['maxImportPayloadBytes'] as const,

src/legacy/server/config/schema.js

@@ -246,6 +246,9 @@ export default () =>
         faviconUrl: Joi.any().default('/'),
         applicationTitle: Joi.any().default(''),
       }),
+      multipleDataSource: Joi.object({
+        enabled: Joi.boolean().default(false),
+      }),
     }).default(),
 
     savedObjects: HANDLED_IN_NEW_PLATFORM,

src/plugins/credential_management/README.md

@@ -10,16 +10,34 @@ See the [OpenSearch Dashboards contributing
 guide](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/master/CONTRIBUTING.md) for instructions
 setting up your development environment.
 
+## Configuration
 
-## Build and Run crypto_materials_generator
+1. To enable this feature, override config/opensearch_dashboards.yml
 
 ```
-npm install @types/yargs
-npm install -g ts-node typescript '@types/node'
+opensearchDashboards.multipleDataSource.enabled: true
 ```
 
+2. To setup path for crypto material, override config/opensearch_dashboards.yml
+
+```
+credential_management.materialPath: "path/to/your/crypto_material"
+```
+
+## Generate your own crypto material via crypto_materials_generator script
+
 ```
-cd <root dir> 
+yarn generate-crypto-materials --path='path/to/your/crypto_material' --keyName='aes-name' --keyNamespace='aes-namespace'    
+
+// Expected Output
+
+% yarn generate-crypto-materials --path='data/crypto_material' --keyName='aes-name' --keyNamespace='aes-namespace'
+
+yarn run v1.22.19
+$ node scripts/crypto_materials_generator --path=data/crypto_material --keyName=aes-name --keyNamespace=aes-namespace
+Crypto materials generated!
+✨  Done in 2.06s.
 
-ts-node src/plugins/credential_management/server/crypto/crypto_materials_generator.ts --keyName='aes-name' --keyNamespace='aes-namespace'
 ```
+
+

src/plugins/credential_management/config.ts

@@ -0,0 +1,26 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Any modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+import { schema, TypeOf } from '@osd/config-schema';
+
+export const configSchema = schema.object({
+  keyName: schema.string({
+    defaultValue: 'keyName',
+  }),
+  keyNamespace: schema.string({
+    defaultValue: 'keyNamespace',
+  }),
+  materialPath: schema.string({
+    defaultValue: 'data/crypto_material',
+  }),
+});
+
+export type ConfigSchema = TypeOf<typeof configSchema>;

src/plugins/credential_management/opensearch_dashboards.json

@@ -2,6 +2,7 @@
   "id": "credentialManagement",
   "version": "1.0.0",
   "opensearchDashboardsVersion": "opensearchDashboards",
+  "configPath": ["credential_management"],
   "server": true,
   "ui": true,
   "requiredPlugins": ["management", "data", "navigation", "urlForwarding"],

src/plugins/credential_management/public/service/credential_management_service.ts

@@ -12,6 +12,7 @@
 import { HttpSetup } from '../../../../core/public';
 import { CredentialCreationConfig, CredentialCreationManager } from './creation';
 
+
 interface SetupDependencies {
   httpClient: HttpSetup;
 }

src/plugins/credential_management/server/credential/credential_manager.ts → src/plugins/credential_management/server/credential_manager/credential_manager.ts

@@ -8,7 +8,7 @@
  * Any modifications Copyright OpenSearch Contributors. See
  * GitHub history for details.
  */
-import { CryptoCli } from '../crypto';
+import { CryptographySingleton } from '../crypto';
 import { Credential } from '../../common';
 
 const USERNAME_PASSWORD_TYPE: Credential.USERNAME_PASSWORD_TYPE = 'username_password_credential';
@@ -20,7 +20,7 @@ export async function encryptionHandler(
   usernamePasswordCredentialMaterials: Record<string, string> | undefined,
   awsIamCredentialMaterials: Record<string, string> | undefined
 ) {
-  const cryptoCli = CryptoCli.getInstance();
+  const cryptoCli = CryptographySingleton.getInstance();
   if (credentialType === USERNAME_PASSWORD_TYPE && usernamePasswordCredentialMaterials) {
     const { user_name, password } = usernamePasswordCredentialMaterials;
     return {

src/plugins/credential_management/server/crypto/crypto_materials_generator.ts → src/plugins/credential_management/server/crypto/crypto_cli.ts

@@ -9,8 +9,4 @@
  * GitHub history for details.
  */
 
-import { CryptoCli } from './cli';
-
-const args = require('yargs').argv;
-
-CryptoCli.generateCryptoMaterials(args.keyName, args.keyNamespace);
+export { generateCryptoMaterials } from './singleton';

src/plugins/credential_management/server/crypto/index.ts

@@ -9,4 +9,5 @@
  * GitHub history for details.
  */
 
-export { CryptoCli } from './cli/index';
+export { CryptographySingleton } from './singleton/cryptography_singleton';
+export { generateCryptoMaterials } from './crypto_cli';