[BUG] Cannot invoke "Object.getClass()" because "event" is null

[merlinz01]

What is the bug? I ran securityadmin.sh with an empty audit.yml file and now I'm getting null-pointer exceptions.

How can one reproduce the bug? Retrieve currrent security config with securityadmin.sh. Rename all .yml filenames with dates to their normal names. Edit an unrelated setting in config.yml. Run securityadmin.sh to update the config. Observe this output from securityadmin.sh:

ERR: Seems ./audit.yml is not in OpenSearch Security 7 format: java.lang.NullPointerException: Cannot invoke "org.opensearch.security.securityconf.impl.SecurityDynamicConfiguration.get_meta()" because "sdc" is null

Edit audit.yml and observe that it is empty. Add these lines:

_meta:
  config_version: 2
  type: "audit"

Run securityadmin.sh again and observe this output:

Will update '/audit' with ./audit.yml 
   SUCC: Configuration for 'audit' created or updated
...
FAIL: 1 nodes reported failures. Failure is /{"_nodes":{"total":1,"successful":0,"failed":1,"failures":[{"type":"failed_node_exception","reason":"Failed node [aAs3rkCcQ72TDfBPZ3rfyw]","node_id":"aAs3rkCcQ72TDfBPZ3rfyw","caused_by":{"type":"exception","reason":"java.lang.NullPointerException: Cannot invoke \"Object.getClass()\" because \"event\" is null","caused_by":{"type":"null_pointer_exception","reason":"Cannot invoke \"Object.getClass()\" because \"event\" is null"}}}]},"cluster_name":"prism-logs-cluster","configupdate_response":{"nodes":{},"node_size":0,"has_failures":true,"failures_size":1}}
FAIL: Expected 1 nodes to return response, but got 0
Done with failures

Remove audit.yml and run securityadmin.sh again and observe the same output. See lots and lots of these in Opensearch logs:

[2024-05-04T01:04:12,908][INFO ][stdout                   ] [main-node] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-05-04T01:04:12,910][INFO ][stdout                   ] [main-node] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-05-04T01:04:12,912][ERROR][o.o.s.c.ConfigurationRepository] [main-node] org.opensearch.security.securityconf.DynamicConfigFactory@7a824730 listener errored: java.lang.NullPointerException: Cannot invoke "Object.getClass()" because "event" is null
java.lang.NullPointerException: Cannot invoke "Object.getClass()" because "event" is null
    at org.greenrobot.eventbus.EventBus.postSingleEvent(EventBus.java:387) ~[eventbus-java-3.3.1.jar:?]
    at org.greenrobot.eventbus.EventBus.post(EventBus.java:275) ~[eventbus-java-3.3.1.jar:?]
    at org.opensearch.security.securityconf.DynamicConfigFactory.onChange(DynamicConfigFactory.java:323) ~[opensearch-security-2.13.0.0.jar:2.13.0.0]
    at org.opensearch.security.configuration.ConfigurationRepository.notifyAboutChanges(ConfigurationRepository.java:430) [opensearch-security-2.13.0.0.jar:2.13.0.0]
    at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:419) [opensearch-security-2.13.0.0.jar:2.13.0.0]
    at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:402) [opensearch-security-2.13.0.0.jar:2.13.0.0]
    at org.opensearch.security.configuration.ConfigurationRepository.initalizeClusterConfiguration(ConfigurationRepository.java:227) [opensearch-security-2.13.0.0.jar:2.13.0.0]
    at org.opensearch.security.configuration.ConfigurationRepository.lambda$initOnNodeStart$0(ConfigurationRepository.java:318) [opensearch-security-2.13.0.0.jar:2.13.0.0]
    at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]

What is the expected behavior? No errors

What is your host/environment?

• OS: Debian 12
• Version 2.13.0
• Plugins

  opensearch-alerting
  opensearch-anomaly-detection
  opensearch-asynchronous-search
  opensearch-cross-cluster-replication
  opensearch-custom-codecs
  opensearch-flow-framework
  opensearch-geospatial
  opensearch-index-management
  opensearch-job-scheduler
  opensearch-knn
  opensearch-ml
  opensearch-neural-search
  opensearch-notifications
  opensearch-notifications-core
  opensearch-observability
  opensearch-reports-scheduler
  opensearch-security
  opensearch-security-analytics
  opensearch-skills
  opensearch-sql

Do you have any screenshots? If applicable, add screenshots to help explain your problem.

Do you have any additional context? Add any other context about the problem.

[merlinz01]

Added these lines to audit.yml, ran securityadmin.sh, and the errors stopped:

config:
  enabled: false

Will be glad when some of this security stuff is streamlined.

[merlinz01]

I think this is still a bug.

See

https://github.com/greenrobot/EventBus/blob/0194926b3bcf70cc0d7bfd3c5da16708dd5ab876/EventBus/src/org/greenrobot/eventbus/EventBus.java#L387

and

https://forum.opensearch.org/t/ava-lang-nullpointerexception-cannot-invoke-object-getclass-because-event-is-null/20821

[merlinz01]

The error is when the audit config does not exist (is null). The audit config is being posted to an event bus, which checks the class of the object being posted, and fails when that object is null.

[stephen-crawford]

[Triage] Hi @merlinz01, thanks for opening this issue. It looks like you also opened a PR and that was merged. Going to mark as triaged. Thanks again.