Create OpenSearch source client with auth and lookup version to detect search strategy #2806
Conversation
…t search strategy Signed-off-by: Taylor Gray <[email protected]>
graytaylor0
requested review from
chenqi0805,
engechas,
dinujoh,
kkondaka,
cmanning09,
asifsmohammed,
dlvenable and
oeyh
as code owners
| * An {@link HttpRequestInterceptor} that signs requests using any AWS {@link Signer} | ||
| * and {@link AwsCredentialsProvider}. This is a copy from the opensearch sink | ||
| */ | ||
| final class AwsRequestSigningApacheInterceptor implements HttpRequestInterceptor { |
There was a problem hiding this comment.
This entire class is a direct copy from the opensearch sink (https://github.com/opensearch-project/data-prepper/blob/main/data-prepper-plugins/opensearch/src/main/java/org/opensearch/dataprepper/plugins/sink/opensearch/AwsRequestSigningApacheInterceptor.java). There don't appear to be any unit tests for it...
There was a problem hiding this comment.
Can you create an issue to eliminate the code duplication between these two plugins and add unit tests
There was a problem hiding this comment.
Will do. I started with trying to use the Extension Points for this class but it wasn't working and started taking up a lot of time. Will create the issue
| import java.security.cert.CertificateException; | ||
| import java.security.cert.X509Certificate; | ||
|
|
||
| public class X509TrustAllManager implements X509TrustManager { |
There was a problem hiding this comment.
This is a direct copy from the opensearch sink (https://github.com/opensearch-project/data-prepper/blob/main/data-prepper-plugins/opensearch/src/main/java/org/opensearch/dataprepper/plugins/sink/opensearch/X509TrustAllManager.java)
| return new OpenSearchAccessor(openSearchClient, searchContextType); | ||
| } | ||
|
|
||
| private RestClient createOpenSearchRestClient() { |
There was a problem hiding this comment.
The majority of these private methods were taken/based off of the opensearch sink (https://github.com/opensearch-project/data-prepper/blob/main/data-prepper-plugins/opensearch/src/main/java/org/opensearch/dataprepper/plugins/sink/opensearch/ConnectionConfiguration.java)
| switch(searchAccessor.getSearchContextType()) { | ||
| case POINT_IN_TIME: | ||
| searchWorkerThread = new Thread(new PitWorker(searchAccessor, openSearchSourceConfiguration, sourceCoordinator, buffer)); | ||
| break; | ||
| case SCROLL: | ||
| searchWorkerThread = new Thread(new ScrollWorker(searchAccessor, openSearchSourceConfiguration, sourceCoordinator, buffer)); | ||
| break; | ||
| } |
There was a problem hiding this comment.
For a future CR, let's pull this logic into a strategy class that is deleted in this PR and do something like this here. It will be easier to test this control logic separate from thread creation:
final SearchWorker worker = SearchWorkerStrategy.get(searchAccessor, ...);
searchWorkerThread = new Thread(worker);
searchWorkerThread.start()
| } | ||
|
|
||
| return awsCredentialsProvider; | ||
| public Map<String, String> getAwsStsHeaderOverrides() { |
There was a problem hiding this comment.
Nice, thanks for pulling this work in too.
| throw new IllegalArgumentException("sts_role_arn must be an IAM Role"); | ||
| } | ||
| } | ||
|
|
||
| private Arn getArn() { |
There was a problem hiding this comment.
You can delete this too. I don't see it used anywhere now.
| //todo: to implement | ||
|
|
There was a problem hiding this comment.
Haha it doesn't look done?
|
|
||
| package org.opensearch.dataprepper.plugins.source.opensearch.worker; | ||
|
|
||
| public interface SearchWorker extends Runnable { |
There was a problem hiding this comment.
I like this change. Thanks for making this more extendable.
| * An {@link HttpRequestInterceptor} that signs requests using any AWS {@link Signer} | ||
| * and {@link AwsCredentialsProvider}. This is a copy from the opensearch sink | ||
| */ | ||
| final class AwsRequestSigningApacheInterceptor implements HttpRequestInterceptor { |
There was a problem hiding this comment.
Can you create an issue to eliminate the code duplication between these two plugins and add unit tests
| @@ -13,14 +59,242 @@ | |||
| */ | |||
| public class SearchAccessorStrategy { | |||
|
|
|||
| private static final Logger LOG = LoggerFactory.getLogger(SearchAccessorStrategy.class); | |||
|
|
|||
| private static final String AOS_SERVICE_NAME = "es"; | |||
There was a problem hiding this comment.
For a future PR. We should support AOSS as well.
| public void start() { | ||
| // todo: to implement | ||
| // Leverages a runnable (SearchWorker) to perform the querying on the source cluster | ||
| switch(searchAccessor.getSearchContextType()) { |
There was a problem hiding this comment.
NONE is a supported type. We should throw an exception if NONE is returned or we will encounter an NPE on line 52.
There was a problem hiding this comment.
Will do until we end up adding a search worker for this case
| @Test | ||
| void getAwsRegion_returns_Region_of() throws NoSuchFieldException, IllegalAccessException { | ||
| final String regionString = UUID.randomUUID().toString(); | ||
| final Region expectedRegionObject = mock(Region.class); | ||
| reflectivelySetField(awsAuthenticationOptions, "awsRegion", regionString); | ||
| final Region actualRegion; | ||
| try(final MockedStatic<Region> regionMockedStatic = mockStatic(Region.class)) { | ||
| regionMockedStatic.when(() -> Region.of(regionString)).thenReturn(expectedRegionObject); | ||
| actualRegion = awsAuthenticationOptions.getAwsRegion(); | ||
| } | ||
| assertThat(actualRegion, equalTo(expectedRegionObject)); | ||
| } | ||
|
|
||
| @Test | ||
| void getAwsRegion_returns_null_when_region_is_null() throws NoSuchFieldException, IllegalAccessException { | ||
| reflectivelySetField(awsAuthenticationOptions, "awsRegion", null); | ||
| assertThat(awsAuthenticationOptions.getAwsRegion(), nullValue()); | ||
| } |
There was a problem hiding this comment.
We should keep these tests around and add tests for the getter methods in future CRs.
There was a problem hiding this comment.
Yeah will add these basic getters back
Signed-off-by: Taylor Gray <[email protected]>
| @@ -94,7 +94,7 @@ void testConditionalExpressionEvaluator(final String expression, final Event eve | |||
| void testGenericExpressionEvaluatorWithMultipleThreads(final String expression, final Event event, final Boolean expected) { | |||
| final GenericExpressionEvaluator evaluator = applicationContext.getBean(GenericExpressionEvaluator.class); | |||
|
|
|||
| final int numberOfThreads = 50; | |||
| final int numberOfThreads = 10; | |||
There was a problem hiding this comment.
Why is this file being changed here? Why are the number of threads reduced?
There was a problem hiding this comment.
That test runs over 50 times, and it was spawning 50 threads for each test. My build failed every time due to that with an error about being out of threads. It didn’t fail after I lowered it. Is this test really necessary for every conditional expression?
Description
This change mainly focused on implementing the OpenSearch client with auth and detecting the search strategy through a version lookup in
SearchAccessorStrategy. The starting implementation here will only allowopensearchdistributions for now.Much of the code for the client construction and ssl was taken from the OpenSearch sink.
Tested with both a self managed cluster and Amazon OpenSearch domain successfully. I have not manually tested the
certandinsecure: falseIssues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.