Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable TLS for Netty4GrpcServerTransport #17796

Merged
merged 1 commit into from
Apr 10, 2025
Merged

Enable TLS for Netty4GrpcServerTransport #17796

merged 1 commit into from
Apr 10, 2025
+1,239 −39

Conversation

finnegancarroll
Copy link
Contributor

@finnegancarroll finnegancarroll commented Apr 4, 2025
edited
Loading

Description

Introduces SecureNetty4GrpcServerTransport, a TLS enabled alternative to Netty4GrpcServerTransport.
Security settings for this transport are configurable under OpenSearchSecureSettingsFactory experimental API.
Otherwise default JDK SSLContext is used with client auth REQUIRED.

Please find ongoing work supporting auxiliary transports in security plugin here:
#17854

Integration tests:

./gradlew :plugins:transport-grpc:internalClusterTest

Related Issues

Partially resolves #16905

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions github-actions bot added enhancement Enhancement or improvement to existing feature or request Plugins Roadmap:Cost/Performance/Scale Project-wide roadmap label v3.0.0 Issues and PRs related to version 3.0.0 labels Apr 4, 2025
@finnegancarroll
Copy link
Contributor Author

@reta @cwperks @andrross
Apologies I force pushed to the pr branch after closing the PR and am not sure of the commit hash before rebasing...
Moving all commits here.
Original PR: #17406

Unresolved conversations:

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2025

❌ Gradle check result for 33a66b1: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@finnegancarroll finnegancarroll force-pushed the grpc-secure-transport-save-apr3 branch from fafc5ab to 137f5f1 Compare April 8, 2025 18:26
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2025

❌ Gradle check result for 137f5f1: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@finnegancarroll finnegancarroll force-pushed the grpc-secure-transport-save-apr3 branch from 137f5f1 to 937eb6a Compare April 8, 2025 19:49
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2025

❌ Gradle check result for 937eb6a: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2025

❌ Gradle check result for 937eb6a: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@finnegancarroll finnegancarroll force-pushed the grpc-secure-transport-save-apr3 branch from 937eb6a to a07c01b Compare April 8, 2025 22:47
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 8, 2025

❕ Gradle check result for a07c01b: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

@finnegancarroll finnegancarroll force-pushed the grpc-secure-transport-save-apr3 branch from a07c01b to 915f062 Compare April 9, 2025 00:12
@finnegancarroll finnegancarroll mentioned this pull request Apr 9, 2025
Open
6 tasks
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 9, 2025

❕ Gradle check result for 915f062: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

@finnegancarroll
Copy link
Contributor Author

Auxiliary transport meta issue to capture some of the enhancements discussed here:
#17854

@finnegancarroll
Enable TLS for SecureNetty4GrpcServerTransport
17eea00 
- Adds SecureAuxTransportSettingsProvider to provide aux transports access to
a javax SSLContext and cipher/client auth params for configuring TLS.
- Implements SecureNetty4GrpcServerTransport to consume a
SecureAuxTransportSettingsProvider for a TLS enabled gRPC transport.
- Add aux transport type settings and port setttings for new secure transport.
- Add logic to detect and register secure aux transports provided by plugins.
- Integration tests for SecureNetty4GrpcServerTransport basic client cert
authentication.

Signed-off-by: Finn Carroll <[email protected]>
@finnegancarroll finnegancarroll force-pushed the grpc-secure-transport-save-apr3 branch from 915f062 to 17eea00 Compare April 9, 2025 22:31
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 9, 2025

✅ Gradle check result for 17eea00: SUCCESS

@reta
Copy link
Collaborator

reta commented Apr 10, 2025

@cwperks LGTY? thanks @finnegancarroll !

cwperks
cwperks approved these changes Apr 10, 2025
View reviewed changes
Copy link
Member

@cwperks cwperks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything has been addressed. Thank you @finnegancarroll! This is a great forward looking feature.

@reta reta merged commit 18a3b75 into opensearch-project:main Apr 10, 2025
31 of 32 checks passed
@cwperks cwperks mentioned this pull request Apr 10, 2025
Merged
5 tasks
@peterzhuamazon peterzhuamazon mentioned this pull request Apr 10, 2025
Open
66 tasks
This was referenced Apr 10, 2025
Draft
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reta reta reta approved these changes

@cwperks cwperks cwperks approved these changes

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@ashking94 ashking94 Awaiting requested review from ashking94 ashking94 is a code owner

@bugmakerrrrrr bugmakerrrrrr Awaiting requested review from bugmakerrrrrr bugmakerrrrrr is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@jainankitk jainankitk Awaiting requested review from jainankitk jainankitk is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@linuxpi linuxpi Awaiting requested review from linuxpi linuxpi is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
enhancement Enhancement or improvement to existing feature or request Plugins Roadmap:Cost/Performance/Scale Project-wide roadmap label v3.0.0 Issues and PRs related to version 3.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature Request] Security plugin integration for grpc-transport plugin
3 participants
@finnegancarroll @reta @cwperks