Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set security plugin 3.0.0 baseline JDK version to JDK-21 #4457

Merged
merged 1 commit into from
Jun 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/actions/create-bwc-build/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@ runs:
ref: ${{ inputs.plugin-branch }}
path: ${{ inputs.plugin-branch }}

- uses: actions/setup-java@v4
if: ${{ inputs.plugin-branch == 'current_branch' }}
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 21

- name: Build
uses: gradle/gradle-build-action@v2
with:
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 17
java-version: 21

- name: Checkout security
uses: actions/checkout@v4
Expand All @@ -40,7 +40,7 @@ jobs:
matrix:
gradle_task: ${{ fromJson(needs.generate-test-list.outputs.separateTestsNames) }}
platform: [windows-latest, ubuntu-latest]
jdk: [11, 17, 21]
jdk: [21]
runs-on: ${{ matrix.platform }}

steps:
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
strategy:
fail-fast: false
matrix:
jdk: [11, 17, 21]
jdk: [21]
platform: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.platform }}

Expand Down Expand Up @@ -132,7 +132,7 @@ jobs:
strategy:
fail-fast: false
matrix:
jdk: [17]
jdk: [21]
platform: [ubuntu-latest]
runs-on: ${{ matrix.platform }}

Expand All @@ -159,7 +159,7 @@ jobs:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 17
java-version: 21

- name: Checkout Security Repo
uses: actions/checkout@v4
Expand Down Expand Up @@ -204,7 +204,7 @@ jobs:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11
java-version: 21
- uses: github/codeql-action/init@v3
with:
languages: java
Expand All @@ -219,7 +219,7 @@ jobs:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11
java-version: 21

- run: |
security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}')
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/code-hygiene.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 17
java-version: 21

- uses: gradle/gradle-build-action@v3
with:
Expand All @@ -38,7 +38,7 @@ jobs:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11
java-version: 21

- uses: gradle/gradle-build-action@v3
with:
Expand All @@ -54,7 +54,7 @@ jobs:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11
java-version: 21

- uses: gradle/gradle-build-action@v3
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/integration-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
strategy:
fail-fast: false
matrix:
jdk: [11, 17, 21]
jdk: [21]
test-run: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]

steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/maven-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11
java-version: 21
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/plugin_install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
jdk: [11, 17, 21]
jdk: [21]
runs-on: ${{ matrix.os }}

steps:
Expand Down Expand Up @@ -40,12 +40,13 @@ jobs:
shell: bash

- name: Run Opensearch with A Single Plugin
uses: derek-ho/start-opensearch@v4
uses: derek-ho/start-opensearch@v5
with:
opensearch-version: ${{ env.OPENSEARCH_VERSION }}
plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip"
security-enabled: true
admin-password: ${{ steps.random-password.outputs.generated_name }}
jdk-version: 21

- name: Run sanity tests
uses: gradle/gradle-build-action@v3
Expand Down
4 changes: 2 additions & 2 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,8 @@ spotbugsTest {
enabled = false
}

java.sourceCompatibility = JavaVersion.VERSION_11
java.targetCompatibility = JavaVersion.VERSION_11
java.sourceCompatibility = JavaVersion.VERSION_21
java.targetCompatibility = JavaVersion.VERSION_21


compileJava {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ public class HTTPJwtAuthenticator implements HTTPAuthenticator {
private final List<String> requiredAudience;
private final String requireIssuer;

@SuppressWarnings("removal")
public HTTPJwtAuthenticator(final Settings settings, final Path configPath) {
super();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ public AuthCredentials run() {
return creds;
}

@SuppressWarnings("removal")
private AuthCredentials extractCredentials0(final SecurityRequest request) {

if (acceptorPrincipal == null || acceptorKeyTabPath == null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ public static <T> T getOrDefault(Map<String, Object> properties, String key, T d
return value != null ? value : defaultValue;
}

@SuppressWarnings("removal")
public static <T> T readTree(JsonNode node, Class<T> clazz) throws IOException {

final SecurityManager sm = System.getSecurityManager();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -655,6 +655,7 @@ public static int getDefaultConfigVersion() {
return ConfigurationRepository.DEFAULT_CONFIG_VERSION;
}

@SuppressWarnings("removal")
private class AccessControllerWrappedThread extends Thread {
private final Thread innerThread;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,7 @@ private <T> SecurityDynamicConfiguration<T> loadYamlFile(final String filepath,
return ConfigHelper.fromYamlFile(filepath, cType, ConfigurationRepository.DEFAULT_CONFIG_VERSION, 0, 0);
}

@SuppressWarnings("removal")
JsonNode loadConfigFileAsJson(final CType cType) throws IOException {
final var cd = securityApiDependencies.configurationRepository().getConfigDirectory();
final var filepath = cType.configFile(Path.of(cd)).toString();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ public class BCryptPasswordHasher implements PasswordHasher {

private static final HashingFunction DEFAULT_BCRYPT_FUNCTION = BcryptFunction.getInstance(Bcrypt.Y, 12);

@SuppressWarnings("removal")
@Override
public String hash(char[] password) {
if (password == null || password.length == 0) {
Expand All @@ -49,6 +50,7 @@ public String hash(char[] password) {
}
}

@SuppressWarnings("removal")
@Override
public boolean check(char[] password, String hash) {
if (password == null || password.length == 0) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ public class OnBehalfOfAuthenticator implements HTTPAuthenticator {

private final EncryptionDecryptionUtil encryptionUtil;

@SuppressWarnings("removal")
public OnBehalfOfAuthenticator(Settings settings, String clusterName) {
String oboEnabledSetting = settings.get("enabled", "true");
oboEnabled = Boolean.parseBoolean(oboEnabledSetting);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,7 @@ private void destroyDestroyables(List<Destroyable> destroyableComponents) {
}
}

@SuppressWarnings("removal")
private <T> T newInstance(final String clazzOrShortcut, String type, final Settings settings, final Path configPath) {
final String clazz = authImplMap.computeIfAbsent(clazzOrShortcut + "_" + type, k -> clazzOrShortcut);
return AccessController.doPrivileged((PrivilegedAction<T>) () -> {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -972,6 +972,7 @@ private void initEnabledSSLCiphers() {
enabledTransportProtocolsJDKProvider.retainAll(allowedSecureTransportSSLProtocols);
}

@SuppressWarnings("removal")
private SslContext buildSSLServerContext(
final PrivateKey _key,
final X509Certificate[] _cert,
Expand Down Expand Up @@ -1003,6 +1004,7 @@ public SslContextBuilder run() throws Exception {
}
}

@SuppressWarnings("removal")
private SslContext buildSSLServerContext(
final File _key,
final File _cert,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ public static void uploadFile(Client tc, String filepath, String index, CType cT
uploadFile(tc, filepath, index, cType, configVersion, false);
}

@SuppressWarnings("removal")
public static void uploadFile(
Client tc,
String filepath,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ public void createIndex(ActionListener<Boolean> listener) {
}
}

@SuppressWarnings("removal")
public void uploadDefaultConfiguration(final Path configDir, final ActionListener<Set<SecurityConfig>> listener) {
try (final ThreadContext.StoredContext threadContext = client.threadPool().getThreadContext().stashContext()) {
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
Expand Down
1 change: 1 addition & 0 deletions src/main/java/org/opensearch/security/util/KeyUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@

public class KeyUtils {

@SuppressWarnings("removal")
public static JwtParserBuilder createJwtParserBuilderFromSigningKey(final String signingKey, final Logger log) {
final SecurityManager sm = System.getSecurityManager();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;

@SuppressWarnings("removal")
public class OnBehalfOfAuthenticatorTest {
final static String clusterName = "cluster_0";
final static String enableOBO = "true";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
import static org.opensearch.security.tools.democonfig.util.DemoConfigHelperUtil.deleteDirectoryRecursive;
import static org.junit.Assert.fail;

@SuppressWarnings("removal")
public class CertificateGeneratorTests {

private static Installer installer;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.fail;

@SuppressWarnings("removal")
public class InstallerTests {
private final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
private final PrintStream originalOut = System.out;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
import static org.opensearch.security.tools.democonfig.util.DemoConfigHelperUtil.deleteDirectoryRecursive;
import static org.junit.Assert.fail;

@SuppressWarnings("removal")
@RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class)
public class SecuritySettingsConfigurerTests {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
/**
* Helper class to allow capturing and testing exit codes and block test execution from exiting mid-way
*/
@SuppressWarnings("removal")
public class NoExitSecurityManager extends SecurityManager {
@Override
public void checkPermission(java.security.Permission perm) {
Expand Down
Loading