search

opensearch-project / security

πŸ” Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
180 stars 263 forks source link

Set security plugin 3.0.0 baseline JDK version to JDK-21 #4457

Closed reta closed 2 weeks ago

reta commented 2 weeks ago

Description

Set security plugin 3.0.0 baseline JDK version to JDK-21

Issues Resolved

Closes https://github.com/opensearch-project/security/issues/4407

Testing

N/A

Check List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

codecov[bot] commented 2 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 65.24%. Comparing base (681a944) to head (3e8a93d). Report is 2 commits behind head on main.

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/opensearch-project/security/pull/4457/graphs/tree.svg?width=650&height=150&src=pr&token=rBpySfQXMt&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project)](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) ```diff @@ Coverage Diff @@ ## main #4457 +/- ## ========================================== - Coverage 65.43% 65.24% -0.20% ========================================== Files 312 312 Lines 22037 22032 -5 Branches 3557 3558 +1 ========================================== - Hits 14421 14375 -46 - Misses 5843 5888 +45 + Partials 1773 1769 -4 ``` | [Files](https://app.codecov.io/gh/opensearch-project/security/pull/4457?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | Coverage Ξ” | | |---|---|---| | [...mazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Fcom%2Famazon%2Fdlic%2Fauth%2Fhttp%2Fjwt%2FHTTPJwtAuthenticator.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9jb20vYW1hem9uL2RsaWMvYXV0aC9odHRwL2p3dC9IVFRQSnd0QXV0aGVudGljYXRvci5qYXZh) | `73.58% <ΓΈ> (ΓΈ)` | | | [...ic/auth/http/kerberos/HTTPSpnegoAuthenticator.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Fcom%2Famazon%2Fdlic%2Fauth%2Fhttp%2Fkerberos%2FHTTPSpnegoAuthenticator.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9jb20vYW1hem9uL2RsaWMvYXV0aC9odHRwL2tlcmJlcm9zL0hUVFBTcG5lZ29BdXRoZW50aWNhdG9yLmphdmE=) | `0.00% <ΓΈ> (ΓΈ)` | | | [...a/org/opensearch/security/DefaultObjectMapper.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2FDefaultObjectMapper.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9EZWZhdWx0T2JqZWN0TWFwcGVyLmphdmE=) | `65.97% <ΓΈ> (ΓΈ)` | | | [...ecurity/configuration/ConfigurationRepository.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fconfiguration%2FConfigurationRepository.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9jb25maWd1cmF0aW9uL0NvbmZpZ3VyYXRpb25SZXBvc2l0b3J5LmphdmE=) | `72.51% <ΓΈ> (ΓΈ)` | | | [...security/dlic/rest/api/ConfigUpgradeApiAction.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fdlic%2Frest%2Fapi%2FConfigUpgradeApiAction.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9kbGljL3Jlc3QvYXBpL0NvbmZpZ1VwZ3JhZGVBcGlBY3Rpb24uamF2YQ==) | `72.97% <ΓΈ> (ΓΈ)` | | | [...ensearch/security/hasher/BCryptPasswordHasher.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fhasher%2FBCryptPasswordHasher.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9oYXNoZXIvQkNyeXB0UGFzc3dvcmRIYXNoZXIuamF2YQ==) | `85.71% <ΓΈ> (ΓΈ)` | | | [...nsearch/security/http/OnBehalfOfAuthenticator.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fhttp%2FOnBehalfOfAuthenticator.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9odHRwL09uQmVoYWxmT2ZBdXRoZW50aWNhdG9yLmphdmE=) | `91.34% <ΓΈ> (ΓΈ)` | | | [...ch/security/securityconf/DynamicConfigModelV7.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fsecurityconf%2FDynamicConfigModelV7.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9zZWN1cml0eWNvbmYvRHluYW1pY0NvbmZpZ01vZGVsVjcuamF2YQ==) | `61.14% <ΓΈ> (ΓΈ)` | | | [...ensearch/security/ssl/DefaultSecurityKeyStore.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fssl%2FDefaultSecurityKeyStore.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9zc2wvRGVmYXVsdFNlY3VyaXR5S2V5U3RvcmUuamF2YQ==) | `66.53% <ΓΈ> (-7.20%)` | :arrow_down: | | [.../org/opensearch/security/support/ConfigHelper.java](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fsupport%2FConfigHelper.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9zdXBwb3J0L0NvbmZpZ0hlbHBlci5qYXZh) | `88.46% <ΓΈ> (ΓΈ)` | | | ... and [2 more](https://app.codecov.io/gh/opensearch-project/security/pull/4457?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | | ... and [7 files with indirect coverage changes](https://app.codecov.io/gh/opensearch-project/security/pull/4457/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project)
reta commented 2 weeks ago

~Seems like the GA cannot be changed at the same time as JDK baseline, opening https://github.com/opensearch-project/security/pull/4461~ The assumption was wrong, needs https://github.com/derek-ho/start-opensearch/pull/6 first

reta commented 2 weeks ago

@peternied @cwperks @scrawfor99 folks could you please help to review? there are changes in Github branch checks that needs this pull request in. Thank you.

cwperks commented 2 weeks ago

@reta I'm not able to re-run the CI checks that are stuck. You may need to push a change to get the CI checks to re-run.

reta commented 2 weeks ago

@reta I'm not able to re-run the CI checks that are stuck. You may need to push a change to get the CI checks to re-run.

Yes, taking to @gaiksaya , thanks @cwperks !

willyborankin commented 2 weeks ago

@reta I'm not able to re-run the CI checks that are stuck. You may need to push a change to get the CI checks to re-run.

They were created by me in PR which I closed. I'm wondering why they appeared in all PRs :-)

reta commented 2 weeks ago

They were created by me in PR which I closed. I'm wondering why they appeared in all PRs :-)

These checks are configured in repo settings, asked to remove them for now

willyborankin commented 2 weeks ago

@reta I'm not able to re-run the CI checks that are stuck. You may need to push a change to get the CI checks to re-run.

They were created by me in PR which I closed. I'm wondering why they appeared in all PRs :-)

I got it why.

willyborankin commented 2 weeks ago

They were created by me in PR which I closed. I'm wondering why they appeared in all PRs :-)

These checks are configured in repo settings, asked to remove them for now

We do not need them. It was an experiment.