Add disablePrototypePoisoningProtection configuration

Enables the configuration of `disablePrototypePoisoningProtection` by setting
`opensearch.disablePrototypePoisoningProtection`. Enables users to store
protected logs that include reserve words from JS without the
OpenSearch JS client throwing errors.

Related issue:
opensearch-project#1777

Signed-off-by: Kawika Avilla <kavilla414@gmail.com>

CHANGELOG.md

@@ -46,6 +46,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Vis Builder] Add field summary popovers ([#2682](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2682))
 - [I18n] Register ru, ru-RU locale ([#2817](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2817))
 - Add yarn opensearch arg to setup plugin dependencies ([#2544](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/2544))
+- Add disablePrototypePoisoningProtection configuration ([#2992](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/2992))
 
 ### 🐛 Bug Fixes
 

config/opensearch_dashboards.yml

@@ -107,6 +107,9 @@
 # Logs queries sent to OpenSearch. Requires logging.verbose set to true.
 #opensearch.logQueries: false
 
+# Disables errors from client and enables you to utilize protected words within cluster
+#opensearch.disablePrototypePoisoningProtection: false
+
 # Specifies the path where OpenSearch Dashboards creates the process ID file.
 #pid.file: /var/run/opensearchDashboards.pid
 

src/core/server/opensearch/client/client_config.test.ts

@@ -184,6 +184,24 @@ describe('parseClientOptions', () => {
               ]
           `);
     });
+
+    it('`disablePrototypePoisoningProtection` option', () => {
+      expect(
+        parseClientOptions(createConfig({ disablePrototypePoisoningProtection: false }), false)
+          .disablePrototypePoisoningProtection
+      ).toEqual(false);
+      expect(
+        parseClientOptions(createConfig({ disablePrototypePoisoningProtection: true }), false)
+          .disablePrototypePoisoningProtection
+      ).toEqual(true);
+
+      expect(
+        parseClientOptions(createConfig({}), false).disablePrototypePoisoningProtection
+      ).toBeUndefined();
+      expect(
+        parseClientOptions(createConfig({}), true).disablePrototypePoisoningProtection
+      ).toBeUndefined();
+    });
   });
 
   describe('authorization', () => {

src/core/server/opensearch/client/client_config.ts

@@ -52,6 +52,7 @@ export type OpenSearchClientConfig = Pick<
   | 'hosts'
   | 'username'
   | 'password'
+  | 'disablePrototypePoisoningProtection'
 > & {
   memoryCircuitBreaker?:
     | OpenSearchConfig['memoryCircuitBreaker']
@@ -115,6 +116,10 @@ export function parseClientOptions(config: OpenSearchClientConfig, scoped: boole
     );
   }
 
+  if (config.disablePrototypePoisoningProtection != null) {
+    clientOptions.disablePrototypePoisoningProtection = config.disablePrototypePoisoningProtection;
+  }
+
   return clientOptions;
 }
 

src/core/server/opensearch/opensearch_config.test.ts

@@ -72,6 +72,7 @@ test('set correct defaults', () => {
     OpenSearchConfig {
       "apiVersion": "7.x",
       "customHeaders": Object {},
+      "disablePrototypePoisoningProtection": undefined,
       "healthCheckDelay": "PT2.5S",
       "hosts": Array [
         "http://localhost:9200",

src/core/server/opensearch/opensearch_config.ts

@@ -142,6 +142,7 @@ export const configSchema = schema.object({
     }),
     schema.boolean({ defaultValue: false })
   ),
+  disablePrototypePoisoningProtection: schema.maybe(schema.boolean({ defaultValue: false })),
 });
 
 const deprecations: ConfigDeprecationProvider = ({ renameFromRoot, renameFromRootWithoutMap }) => [
@@ -318,6 +319,12 @@ export class OpenSearchConfig {
    */
   public readonly customHeaders: OpenSearchConfigType['customHeaders'];
 
+  /**
+   * Specifies whether the client should attempt to protect against reserved words
+   * or not.
+   */
+  public readonly disablePrototypePoisoningProtection?: boolean;
+
   constructor(rawConfig: OpenSearchConfigType) {
     this.ignoreVersionMismatch = rawConfig.ignoreVersionMismatch;
     this.apiVersion = rawConfig.apiVersion;
@@ -338,6 +345,7 @@ export class OpenSearchConfig {
     this.username = rawConfig.username;
     this.password = rawConfig.password;
     this.customHeaders = rawConfig.customHeaders;
+    this.disablePrototypePoisoningProtection = rawConfig.disablePrototypePoisoningProtection;
 
     const { alwaysPresentCertificate, verificationMode } = rawConfig.ssl;
     const { key, keyPassphrase, certificate, certificateAuthorities } = readKeyAndCerts(rawConfig);

src/dev/build/tasks/os_packages/docker_generator/resources/bin/opensearch-dashboards-docker

@@ -50,6 +50,7 @@ opensearch_dashboards_vars=(
     opensearch.ssl.truststore.password
     opensearch.ssl.verificationMode
     opensearch.username
+    opensearch.disablePrototypePoisoningProtection
     i18n.locale
     interpreter.enableInVisualize
     opensearchDashboards.autocompleteTerminateAfter

yarn.lock

@@ -16566,11 +16566,6 @@ strip-json-comments@3.1.1, strip-json-comments@^3.0.1, strip-json-comments@^3.1.
   resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006"
   integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==
 
-strip-json-comments@~2.0.1:
-  version "2.0.1"
-  resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a"
-  integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo=
-
 strong-log-transformer@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/strong-log-transformer/-/strong-log-transformer-2.1.0.tgz#0f5ed78d325e0421ac6f90f7f10e691d6ae3ae10"