Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] POST /_render/template results in a NullPointerException when security plugin is enabled #3672

Closed
Xtansia opened this issue Nov 8, 2023 · 2 comments · Fixed by opensearch-project/OpenSearch#11170
Closed

[BUG] POST /_render/template results in a NullPointerException when security plugin is enabled #3672

Xtansia opened this issue Nov 8, 2023 · 2 comments · Fixed by opensearch-project/OpenSearch#11170
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. v2.12.0 Items targeting 2.12.0

Comments

@Xtansia
Copy link
Contributor

Xtansia commented Nov 8, 2023

What is the bug?
Since version 2.10.0 making a POST /_render/template request results in a NullPointerException when the security plugin is enabled. The same request succeeds when the plugin is disabled on the same versions.

How can one reproduce the bug?
Steps to reproduce the behavior:

  1. Spin up a cluster of version 2.10.0 or greater with security enabled
  2. Make the request:
POST /_render/template
{
  "params":{
    "status":["pending","published"]
  },
  "source":"\n{\n\t\"query\": {\n\t  \"terms\": {\n\t\t\"status\": [\n\t\t  \"{{#status}}\",\n\t\t  \"{{.}}\",\n\t\t  \"{{/status}}\"\n\t\t]\n\t  }\n\t}\n  }"
}

What is the expected behavior?
The request to succeed outputting:

{
  "template_output": {
    "query": {
      "terms": {
        "status": [
          "",
          "pending",
          "",
          "published",
          ""
        ]
      }
    }
  }
}

What is your host/environment?
Using example docker-compose: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/#sample-docker-composeyml

Stacktrace

2023-11-09 12:41:05 [2023-11-08T23:41:05,433][ERROR][o.o.s.f.SecurityFilter   ] [opensearch-node1] Unexpected exception java.lang.NullPointerException: Cannot invoke "org.opensearch.action.search.SearchRequest.indices()" because "this.request" is null
2023-11-09 12:41:05 java.lang.NullPointerException: Cannot invoke "org.opensearch.action.search.SearchRequest.indices()" because "this.request" is null
2023-11-09 12:41:05     at org.opensearch.script.mustache.SearchTemplateRequest.indices(SearchTemplateRequest.java:262) ~[lang-mustache-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.security.resolver.IndexResolverReplacer.getOrReplaceAllIndices(IndexResolverReplacer.java:753) ~[opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.security.resolver.IndexResolverReplacer.resolveRequest(IndexResolverReplacer.java:433) ~[opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.security.privileges.PrivilegesEvaluator.evaluate(PrivilegesEvaluator.java:304) ~[opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.security.filter.SecurityFilter.apply0(SecurityFilter.java:381) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.security.filter.SecurityFilter.apply(SecurityFilter.java:165) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.action.support.TransportAction.execute(TransportAction.java:188) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.action.support.TransportAction.execute(TransportAction.java:107) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.client.node.NodeClient.executeLocally(NodeClient.java:110) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.client.node.NodeClient.doExecute(NodeClient.java:97) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:476) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.script.mustache.RestRenderSearchTemplateAction.lambda$prepareRequest$0(RestRenderSearchTemplateAction.java:84) [lang-mustache-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:128) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.security.filter.SecurityRestFilter.lambda$wrap$2(SecurityRestFilter.java:187) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.rest.RestController.dispatchRequest(RestController.java:323) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.rest.RestController.tryAllHandlers(RestController.java:414) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.rest.RestController.dispatchRequest(RestController.java:252) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.security.ssl.http.netty.ValidatingDispatcher.dispatchRequest(ValidatingDispatcher.java:70) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:385) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:466) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:368) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:56) [transport-netty4-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:42) [transport-netty4-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at org.opensearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:72) [transport-netty4-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:102) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1471) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1334) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1383) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [netty-common-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at java.lang.Thread.run(Thread.java:833) [?:?]
2023-11-09 12:41:05 [2023-11-08T23:41:05,445][WARN ][r.suppressed             ] [opensearch-node1] path: /_render/template, params: {pretty=true}
2023-11-09 12:41:05 org.opensearch.OpenSearchSecurityException: Unexpected exception indices:data/read/search/template
2023-11-09 12:41:05     at org.opensearch.security.filter.SecurityFilter.apply0(SecurityFilter.java:479) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.security.filter.SecurityFilter.apply(SecurityFilter.java:165) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.action.support.TransportAction.execute(TransportAction.java:188) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.action.support.TransportAction.execute(TransportAction.java:107) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.client.node.NodeClient.executeLocally(NodeClient.java:110) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.client.node.NodeClient.doExecute(NodeClient.java:97) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:476) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.script.mustache.RestRenderSearchTemplateAction.lambda$prepareRequest$0(RestRenderSearchTemplateAction.java:84) [lang-mustache-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:128) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.security.filter.SecurityRestFilter.lambda$wrap$2(SecurityRestFilter.java:187) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.rest.RestController.dispatchRequest(RestController.java:323) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.rest.RestController.tryAllHandlers(RestController.java:414) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.rest.RestController.dispatchRequest(RestController.java:252) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.security.ssl.http.netty.ValidatingDispatcher.dispatchRequest(ValidatingDispatcher.java:70) [opensearch-security-2.11.0.0.jar:2.11.0.0]
2023-11-09 12:41:05     at org.opensearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:385) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:466) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:368) [opensearch-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:56) [transport-netty4-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at org.opensearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:42) [transport-netty4-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at org.opensearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:72) [transport-netty4-client-2.11.0.jar:2.11.0]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:102) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1471) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1334) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1383) [netty-handler-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) [netty-codec-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) [netty-transport-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [netty-common-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.100.Final.jar:4.1.100.Final]
2023-11-09 12:41:05     at java.lang.Thread.run(Thread.java:833) [?:?]

Do you have any additional context?
Add any other context about the problem.
@Xtansia Xtansia added bug Something isn't working untriaged Require the attention of the repository maintainers and may need to be prioritized labels Nov 8, 2023
@peternied peternied removed the untriaged Require the attention of the repository maintainers and may need to be prioritized label Nov 10, 2023
This was referenced Nov 13, 2023
Merged
Merged
@stephen-crawford
Copy link
Contributor

[Triage] This is a new cluster permission request which is being implemented by OpenSearch#11170. Thank you for filing this issue around the transport action support.

@stephen-crawford stephen-crawford added the triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. label Nov 20, 2023
@cwperks cwperks mentioned this issue Dec 12, 2023
Merged
8 tasks
@peternied peternied reopened this Dec 15, 2023
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Dec 15, 2023
@expani expani mentioned this issue Dec 18, 2023
Closed
@peternied peternied removed the untriaged Require the attention of the repository maintainers and may need to be prioritized label Dec 18, 2023
cwperks added a commit that referenced this issue Dec 19, 2023
@cwperks
Add render search template as a cluster permission (#3689)
cc57710 
### Description

Companion PRs in core: 

- opensearch-project/OpenSearch#11170
- opensearch-project/OpenSearch#11591

This PR adds render search template as a cluster perm so that its
separately permissioned from a SearchTemplateRequest which needs a set
of indices to authorize the request. The companion PR in core separates
the transport actions that handle search template request and render
search template request so that they can be authorized separately.

I am opening this in Draft until the core PR is merged because this PR
depends on the core PR.

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)

Bug fix

### Issues Resolved

- #3672

### Check List
- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Copy link
Member

cwperks commented Dec 19, 2023
edited
Loading

#3689 has been merged. Closing this issue.

@cwperks cwperks closed this as completed Dec 19, 2023
cwperks added a commit to cwperks/security that referenced this issue Dec 19, 2023
@cwperks
Add render search template as a cluster permission (opensearch-projec…
5acefc9 
…t#3689)

Companion PRs in core:

- opensearch-project/OpenSearch#11170
- opensearch-project/OpenSearch#11591

This PR adds render search template as a cluster perm so that its
separately permissioned from a SearchTemplateRequest which needs a set
of indices to authorize the request. The companion PR in core separates
the transport actions that handle search template request and render
search template request so that they can be authorized separately.

I am opening this in Draft until the core PR is merged because this PR
depends on the core PR.

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)

Bug fix

- opensearch-project#3672

- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
(cherry picked from commit cc57710)
This was referenced Jan 5, 2024
Merged
Closed
@cwperks cwperks added the v2.12.0 Items targeting 2.12.0 label Jan 5, 2024
prabhask5 pushed a commit to prabhask5/opensearch-security that referenced this issue Jan 11, 2024
@cwperks @prabhask5
Add render search template as a cluster permission (opensearch-projec…
f2a4aa2 
…t#3689)

### Description

Companion PRs in core:

- opensearch-project/OpenSearch#11170
- opensearch-project/OpenSearch#11591

This PR adds render search template as a cluster perm so that its
separately permissioned from a SearchTemplateRequest which needs a set
of indices to authorize the request. The companion PR in core separates
the transport actions that handle search template request and render
search template request so that they can be authorized separately.

I am opening this in Draft until the core PR is merged because this PR
depends on the core PR.

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)

Bug fix

### Issues Resolved

- opensearch-project#3672

### Check List
- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Prabhas Kurapati <prabhask@berkeley.edu>
dlin2028 pushed a commit to dlin2028/security that referenced this issue May 1, 2024
@cwperks @dlin2028
Add render search template as a cluster permission (opensearch-projec…
238f3ca 
…t#3689)

### Description

Companion PRs in core: 

- opensearch-project/OpenSearch#11170
- opensearch-project/OpenSearch#11591

This PR adds render search template as a cluster perm so that its
separately permissioned from a SearchTemplateRequest which needs a set
of indices to authorize the request. The companion PR in core separates
the transport actions that handle search template request and render
search template request so that they can be authorized separately.

I am opening this in Draft until the core PR is merged because this PR
depends on the core PR.

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)

Bug fix

### Issues Resolved

- opensearch-project#3672

### Check List
- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. v2.12.0 Items targeting 2.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create separate transport action for render search template action cwperks/OpenSearch
4 participants
@Xtansia @peternied @cwperks @stephen-crawford