From e0c36648716c2bbfe50030c7d4ccff9b3252d6e2 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 21:12:00 -0700 Subject: [PATCH] Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset (#6282) (#6296) * Fix sslConfig for multiple datasource to handle when certificateAuthorities is unset Signed-off-by: Craig Perkins * Add to CHANGELOG Signed-off-by: Craig Perkins * Adjust test in tls_settings_provider.test.ts Signed-off-by: Craig Perkins --------- Signed-off-by: Craig Perkins (cherry picked from commit 40da92c95ad75487d54899af3d0e9d8dd1807bed) Signed-off-by: github-actions[bot] # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] --- .../server/client/client_config.test.ts | 29 ++++++++++++++++++- .../server/client/client_config.ts | 2 +- .../server/legacy/client_config.test.ts | 28 +++++++++++++++++- .../server/legacy/client_config.ts | 2 +- .../server/util/tls_settings_provider.test.ts | 4 +-- .../server/util/tls_settings_provider.ts | 2 +- 6 files changed, 60 insertions(+), 7 deletions(-) diff --git a/src/plugins/data_source/server/client/client_config.test.ts b/src/plugins/data_source/server/client/client_config.test.ts index e6aef818f7de..838b8bc882b4 100644 --- a/src/plugins/data_source/server/client/client_config.test.ts +++ b/src/plugins/data_source/server/client/client_config.test.ts @@ -46,7 +46,7 @@ describe('parseClientOptions', () => { ssl: { requestCert: true, rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -109,4 +109,31 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + node: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + requestCert: true, + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/client/client_config.ts b/src/plugins/data_source/server/client/client_config.ts index 1c08190cc646..5303da6d12dd 100644 --- a/src/plugins/data_source/server/client/client_config.ts +++ b/src/plugins/data_source/server/client/client_config.ts @@ -56,7 +56,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const clientOptions: ClientOptions = { diff --git a/src/plugins/data_source/server/legacy/client_config.test.ts b/src/plugins/data_source/server/legacy/client_config.test.ts index 67445a686f90..b8a6b1664abd 100644 --- a/src/plugins/data_source/server/legacy/client_config.test.ts +++ b/src/plugins/data_source/server/legacy/client_config.test.ts @@ -44,7 +44,7 @@ describe('parseClientOptions', () => { host: TEST_DATA_SOURCE_ENDPOINT, ssl: { rejectUnauthorized: false, - ca: [], + ca: undefined, }, }) ); @@ -105,4 +105,30 @@ describe('parseClientOptions', () => { }) ); }); + + test('test ssl config with verification mode set to full with no ca list', () => { + const config = { + enabled: true, + ssl: { + verificationMode: 'full', + }, + clientPool: { + size: 5, + }, + } as DataSourcePluginConfigType; + mockReadFileSync.mockReset(); + mockReadFileSync.mockImplementation((path: string) => `content-of-${path}`); + const parsedConfig = parseClientOptions(config, TEST_DATA_SOURCE_ENDPOINT); + expect(mockReadFileSync).toHaveBeenCalledTimes(0); + mockReadFileSync.mockClear(); + expect(parsedConfig).toEqual( + expect.objectContaining({ + host: TEST_DATA_SOURCE_ENDPOINT, + ssl: { + rejectUnauthorized: true, + ca: undefined, + }, + }) + ); + }); }); diff --git a/src/plugins/data_source/server/legacy/client_config.ts b/src/plugins/data_source/server/legacy/client_config.ts index a3704d3ec099..a2dc81d6dc11 100644 --- a/src/plugins/data_source/server/legacy/client_config.ts +++ b/src/plugins/data_source/server/legacy/client_config.ts @@ -55,7 +55,7 @@ export function parseClientOptions( config.ssl?.certificateAuthorities ); - sslConfig.ca = certificateAuthorities || []; + sslConfig.ca = certificateAuthorities; } const configOptions: ConfigOptions = { diff --git a/src/plugins/data_source/server/util/tls_settings_provider.test.ts b/src/plugins/data_source/server/util/tls_settings_provider.test.ts index 3458ea8e6ccf..6852bb959310 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.test.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.test.ts @@ -40,7 +40,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); @@ -52,7 +52,7 @@ describe('readCertificateAuthorities', () => { expect(mockReadFileSync).toHaveBeenCalledTimes(0); mockReadFileSync.mockClear(); expect(certificateAuthorities).toEqual({ - certificateAuthorities: [], + certificateAuthorities: undefined, }); }); }); diff --git a/src/plugins/data_source/server/util/tls_settings_provider.ts b/src/plugins/data_source/server/util/tls_settings_provider.ts index 0924041a756d..1b86c91c3b6b 100644 --- a/src/plugins/data_source/server/util/tls_settings_provider.ts +++ b/src/plugins/data_source/server/util/tls_settings_provider.ts @@ -8,7 +8,7 @@ import { readFileSync } from 'fs'; export const readCertificateAuthorities = ( listOfCertificateAuthorities: string | string[] | undefined ) => { - let certificateAuthorities: string[] | undefined = []; + let certificateAuthorities: string[] | undefined; const addCertificateAuthorities = (ca: string[]) => { if (ca && ca.length) {