Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grpc secure transport #17406

Draft
wants to merge 36 commits into
base: main
Choose a base branch
from
Draft

Grpc secure transport #17406

wants to merge 36 commits into from

Conversation

finnegancarroll
Copy link
Contributor

Description

Adds a SecureNetty4GrpcServerTransport which consumes a SecureAuxTransportSettingsProvider and provides a TLS enabled alternative to Netty4GrpcServerTransport.

Pending compaion PR in security repo to add SecureAuxTransportSettingsProvider.

Related Issues

Partially resolves #16905

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions github-actions bot added enhancement Enhancement or improvement to existing feature or request Plugins Roadmap:Cost/Performance/Scale Project-wide roadmap label v3.0.0 Issues and PRs related to version 3.0.0 labels Feb 20, 2025
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for fddab56: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@finnegancarroll
Add addServerConfig() to Netty4GrpcServerTransport to support TLS set…
603832e 
…tings.

Allows children to inject generic lambdas modifying the NettyServerBuilder.
Lambdas will be executed at server construction.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add SecureAuxTransportSettingsProvider to enable TLS for aux transports.
aeaecde 
SecureAuxTransportSettingsProvider which acts as the entrypoint for
injecting security settings into aux transports. To maintain a more generic
and widely adaptable interface javax SSLContext is the container of choice
for security settings.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add SecureNetty4GrpcServerTransport.
32f60d8 
Wrap javax SSLContext for compatibility with gRPC server.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Spotless apply
43ad8e1 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Register secure aux transports with Node.java.
3dd549e 
Hide settings key and override parent port range
in SecureNetty4GrpcServerTransport.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add SecureNetty4GrpcServerTransport.SETTING_GRPC_PORT to plugin setti…
30f0f1a 
…ngs.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add keys/certs for secure gRPC transport test suite.
dde2ddf 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
gRPC testing client.
8b1bf88 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add SecureNetty4GrpcServerTransport unit tests.
9b45fe5 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add default ALPN settings to SSLContextWrapper.
991d0ac 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Do not build default SSLContext for secure transport. Safer to fail.
0691b8d 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
WIP tests.
07c458e 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
boundAddress() public for testing.
190edf2 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Remove proxy detector from gRPC test client.
9c1b1cf 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Netty4GrpcServerTransport health check test.
6b2802e 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Small test naming change.
8e139a8 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add return info to test gRPC client.
7a13221 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Remove insecure credentials from Netty4GrpcServerTransport.
ec0449a 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Refactor gRPC test client to accept SslContext.
9300273 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Refactor SecureAuxTransportSettingsProvider to implement SecureTransp…
9e093c0 
…ortParameters. Remove SSLContextWrapper model.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Clean up test cases. Store SslContext in SecureNetty4GrpcServerTransp…
3334f7e 
…ort.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Configure Netty server to re-use eventLoopGroup pool for service stubs.
33e6614 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Remove redundant settings from SecureNetty4GrpcServerTransport.
af640f3 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add initial readme to plugin root.
426e1b3 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Remove multiple transport type settings in GrpcPlugin. Not necessary.
1fb707a 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Remove depreacted constructor.
120dffb 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add IT infra to Grpc transport plugin.
1757697 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Spotless apply
79cb27b 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Add initial cluster health gRPC IT.
485809e 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Rename GrpcTransportIT -> Netty4GrpcServerTransportIT.
a584d05 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Move boundAddress() helper up to AuxTransport. Add helper in ITs to f…
b921347 
…etch gRPC addresses on cluster.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Spotless apply
8907658 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Changelog
7d087f3 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@finnegancarroll
Javadocs for SecureTransportParameters.
bb95318 
Signed-off-by: Finn Carroll <carrofin@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for a70fd93: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@finnegancarroll
Fix minor naming conflict after rebase with flight server pr. boundAd…
0ac61ba 
…dress() -> getBoundAddress().

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for 0ac61ba: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Feb 21, 2025
Open
@finnegancarroll
Javadocs for org.opensearch.transport.grpc.ssl + Netty4GrpcServerTran…
709cbbb 
…sport.

Signed-off-by: Finn Carroll <carrofin@amazon.com>
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for 709cbbb: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

This was referenced Feb 22, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peternied peternied Awaiting requested review from peternied peternied will be requested when the pull request is marked ready for review peternied is a code owner

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz will be requested when the pull request is marked ready for review anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross will be requested when the pull request is marked ready for review andrross is a code owner

@ashking94 ashking94 Awaiting requested review from ashking94 ashking94 will be requested when the pull request is marked ready for review ashking94 is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar will be requested when the pull request is marked ready for review Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE will be requested when the pull request is marked ready for review CEHENKLE is a code owner

@cwperks cwperks Awaiting requested review from cwperks cwperks will be requested when the pull request is marked ready for review cwperks is a code owner

@dblock dblock Awaiting requested review from dblock dblock will be requested when the pull request is marked ready for review dblock is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis will be requested when the pull request is marked ready for review dbwiddis is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna will be requested when the pull request is marked ready for review gbbafna is a code owner

@jainankitk jainankitk Awaiting requested review from jainankitk jainankitk will be requested when the pull request is marked ready for review jainankitk is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal will be requested when the pull request is marked ready for review kotwanikunal is a code owner

@linuxpi linuxpi Awaiting requested review from linuxpi linuxpi will be requested when the pull request is marked ready for review linuxpi is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 will be requested when the pull request is marked ready for review mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh will be requested when the pull request is marked ready for review msfroh is a code owner

@nknize nknize Awaiting requested review from nknize nknize will be requested when the pull request is marked ready for review nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 will be requested when the pull request is marked ready for review owaiskazi19 is a code owner

@reta reta Awaiting requested review from reta reta will be requested when the pull request is marked ready for review reta is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 will be requested when the pull request is marked ready for review Rishikesh1159 is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale will be requested when the pull request is marked ready for review sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli will be requested when the pull request is marked ready for review saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja will be requested when the pull request is marked ready for review shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami will be requested when the pull request is marked ready for review sohami is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah will be requested when the pull request is marked ready for review VachaShah is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
enhancement Enhancement or improvement to existing feature or request Plugins Roadmap:Cost/Performance/Scale Project-wide roadmap label v3.0.0 Issues and PRs related to version 3.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature Request] Security plugin integration for grpc-transport plugin
1 participant
@finnegancarroll