Closed DarshitChanpura closed 1 week ago
Let's add some info around the reason for the reversion.
This is to resolve a failure seen during release integ testing in the ISM plugin.
[2024-06-15T03:57:00,516][WARN ][o.o.i.c.IndicesClusterStateService] [node_name_9200] [openactionit_index_1][0] marking and sending shard failed due to [failed to create index]
java.lang.NullPointerException: Cannot invoke "org.opensearch.index.mapper.MapperService.getMetadataFields()" because the return value of "org.opensearch.index.IndexService.mapperService()" is null
at org.opensearch.security.configuration.SecurityFlsDlsIndexSearcherWrapper.<init>(SecurityFlsDlsIndexSearcherWrapper.java:65) ~[?:?]
at org.opensearch.security.OpenSearchSecurityPlugin.lambda$onIndexModule$3(OpenSearchSecurityPlugin.java:697) ~[?:?]
at org.opensearch.index.IndexService.<init>(IndexService.java:292) ~[opensearch-2.15.0.jar:2.15.0]
at org.opensearch.index.IndexModule.newIndexService(IndexModule.java:634) ~[opensearch-2.15.0.jar:2.15.0]
at org.opensearch.indices.IndicesService.createIndexService(IndicesService.java:888) ~[opensearch-2.15.0.jar:2.15.0]
at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:775) ~[opensearch-2.15.0.jar:2.15.0]
at org.opensearch.indices.IndicesService.createIndex(IndicesService.java:215) ~[opensearch-2.15.0.jar:2.15.0]
at org.opensearch.indices.cluster.IndicesClusterStateService.createIndices(IndicesClusterStateService.java:557) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.indices.cluster.IndicesClusterStateService.applyClusterState(IndicesClusterStateService.java:292) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:625) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.cluster.service.ClusterApplierService.callClusterStateAppliers(ClusterApplierService.java:611) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:579) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:502) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:204) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:882) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedOpenSearchThreadPoolExecutor.java:283) [opensearch-2.15.0.jar:2.15.0]
at org.opensearch.common.util.concurrent.PrioritizedOpenSearchThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedOpenSearchThreadPoolExecutor.java:246) [opensearch-2.15.0.jar:2.15.0]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) [?:?]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) [?:?]
at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]
It was seen in CloseActionIT and OpenActionIT which have integration tests around opening and closing indices.
We reproduced the NPE by closing and opening an index, but have not fully analyzed how the NPE affects FLS rules when re-opening an index.
We plan to introduce this bug fix for FLS Includes rules in a future release and add an additional test case where a closed index is re-opened and searched upon by a user that is mapped to a role with FLS Includes rules.
@DarshitChanpura Can you also update release notes?
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 65.35%. Comparing base (
cdc792c
) to head (fc3fc4c
).
@cwperks done. I've created an issue to track this: https://github.com/opensearch-project/security/issues/4475
Reverts opensearch-project/security#4412 as it is causing ISM plugin failures:
https://ci.opensearch.org/ci/dbc/integ-test/2.15.0/9978/linux/arm64/tar/test-results/8315/integ-test/index-management/with-security/stdout.txt https://ci.opensearch.org/ci/dbc/integ-test/2.15.0/9978/linux/arm64/tar/test-results/8315/integ-test/index-management/with-security/local-cluster-logs/id-0/stdout.txt)
Relevant issue: https://github.com/opensearch-project/security/issues/4475