Removed encrypted flag from repo metadata and moved crypto invocation…

…s to happen via CryptoProvider Signed-off-by: Vikas Bansal <43470111+vikasvb90@users.noreply.github.com>
vikasvb90 · Aug 16, 2023 · 6c80653 · 6c80653
1 parent 3077261
commit 6c80653
Show file tree

Hide file tree

Showing 17 changed files with 194 additions and 383 deletions.
diff --git a/server/src/main/java/org/opensearch/OpenSearchServerException.java b/server/src/main/java/org/opensearch/OpenSearchServerException.java
@@ -1173,14 +1173,7 @@ public static void registerExceptions() {
                 V_2_7_0
             )
         );
-        registerExceptionHandle(
-            new OpenSearchExceptionHandle(
-                CryptoRegistryException.class,
-                CryptoRegistryException::new,
-                171,
-                V_3_0_0
-            )
-        );
+        registerExceptionHandle(new OpenSearchExceptionHandle(CryptoRegistryException.class, CryptoRegistryException::new, 171, V_3_0_0));
         registerExceptionHandle(
             new OpenSearchExceptionHandle(
                 org.opensearch.cluster.block.IndexCreateBlockException.class,

diff --git a/.../main/java/org/opensearch/action/admin/cluster/repositories/put/PutRepositoryRequest.java b/.../main/java/org/opensearch/action/admin/cluster/repositories/put/PutRepositoryRequest.java
@@ -50,7 +50,6 @@
 import static org.opensearch.common.settings.Settings.readSettingsFromStream;
 import static org.opensearch.common.settings.Settings.writeSettingsToStream;
 import static org.opensearch.common.settings.Settings.Builder.EMPTY_SETTINGS;
-import static org.opensearch.common.xcontent.support.XContentMapValues.nodeBooleanValue;
 
 /**
  * Register repository request.
@@ -70,7 +69,6 @@ public class PutRepositoryRequest extends AcknowledgedRequest<PutRepositoryReque
 
     private Settings settings = EMPTY_SETTINGS;
 
-    private Boolean encrypted;
     private CryptoSettings cryptoSettings;
 
     public PutRepositoryRequest(StreamInput in) throws IOException {
@@ -81,10 +79,7 @@ public PutRepositoryRequest(StreamInput in) throws IOException {
         verify = in.readBoolean();
 
         if (in.getVersion().onOrAfter(Version.V_3_0_0)) {
-            encrypted = in.readOptionalBoolean();
-            if (Boolean.TRUE.equals(encrypted)) {
-                cryptoSettings = new CryptoSettings(in);
-            }
+            cryptoSettings = in.readOptionalWriteable(CryptoSettings::new);
         }
     }
 
@@ -106,12 +101,8 @@ public ActionRequestValidationException validate() {
         if (type == null) {
             validationException = addValidationError("type is missing", validationException);
         }
-        if (Boolean.TRUE.equals(encrypted)) {
-            if (cryptoSettings == null) {
-                validationException = addValidationError("crypto_settings is missing", validationException);
-            } else {
-                validationException = cryptoSettings.validate();
-            }
+        if (cryptoSettings != null) {
+            validationException = cryptoSettings.validate();
         }
         return validationException;
     }
@@ -227,21 +218,6 @@ public boolean verify() {
         return this.verify;
     }
 
-    /**
-     * Sets whether repository data should be encrypted and stored.
-     */
-    public PutRepositoryRequest encrypted(Boolean encrypted) {
-        this.encrypted = encrypted;
-        return this;
-    }
-
-    /**
-     * Returns true if repository should be encrypted
-     */
-    public Boolean encrypted() {
-        return encrypted;
-    }
-
     /**
      * Sets the repository crypto settings
      *
@@ -279,8 +255,6 @@ public PutRepositoryRequest source(Map<String, Object> repositoryDefinition) {
                 @SuppressWarnings("unchecked")
                 Map<String, Object> sub = (Map<String, Object>) entry.getValue();
                 settings(sub);
-            } else if (name.equals("encrypted")) {
-                encrypted(nodeBooleanValue(entry.getValue(), "encrypted"));
             } else if (name.equals("crypto_settings")) {
                 if (!(entry.getValue() instanceof Map)) {
                     throw new IllegalArgumentException("Malformed encryption_settings section, should include an inner object");
@@ -302,10 +276,7 @@ public void writeTo(StreamOutput out) throws IOException {
         writeSettingsToStream(settings, out);
         out.writeBoolean(verify);
         if (out.getVersion().onOrAfter(Version.V_3_0_0)) {
-            out.writeOptionalBoolean(encrypted);
-            if (Boolean.TRUE.equals(encrypted)) {
-                cryptoSettings.writeTo(out);
-            }
+            out.writeOptionalWriteable(cryptoSettings);
         }
     }
 
@@ -321,13 +292,10 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
 
         builder.field("verify", verify);
 
-        if (null != encrypted) {
-            builder.field("encrypted", encrypted);
-            if (encrypted == true) {
-                builder.startObject("crypto_settings");
-                cryptoSettings.toXContent(builder, params);
-                builder.endObject();
-            }
+        if (cryptoSettings != null) {
+            builder.startObject("crypto_settings");
+            cryptoSettings.toXContent(builder, params);
+            builder.endObject();
         }
 
         builder.endObject();

diff --git a/...ava/org/opensearch/action/admin/cluster/repositories/put/PutRepositoryRequestBuilder.java b/...ava/org/opensearch/action/admin/cluster/repositories/put/PutRepositoryRequestBuilder.java
@@ -143,17 +143,6 @@ public PutRepositoryRequestBuilder setVerify(boolean verify) {
         return this;
     }
 
-    /**
-     * Sets whether repository data should be encrypted and stored.
-     *
-     * @param encrypted true if repository data should be encrypted and stored, false otherwise
-     * @return this builder
-     */
-    public PutRepositoryRequestBuilder setEncrypted(Boolean encrypted) {
-        request.encrypted(encrypted);
-        return this;
-    }
-
     /**
      * Sets the repository encryption settings
      *

diff --git a/server/src/main/java/org/opensearch/cluster/metadata/RepositoriesMetadata.java b/server/src/main/java/org/opensearch/cluster/metadata/RepositoriesMetadata.java
@@ -208,7 +208,6 @@ public static RepositoriesMetadata fromXContent(XContentParser parser) throws IO
                 Settings settings = Settings.EMPTY;
                 long generation = RepositoryData.UNKNOWN_REPO_GEN;
                 long pendingGeneration = RepositoryData.EMPTY_REPO_GEN;
-                Boolean encrypted = null;
                 CryptoMetadata cryptoMetadata = null;
                 while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
                     if (token == XContentParser.Token.FIELD_NAME) {
@@ -233,11 +232,6 @@ public static RepositoriesMetadata fromXContent(XContentParser parser) throws IO
                                 throw new OpenSearchParseException("failed to parse repository [{}], unknown type", name);
                             }
                             pendingGeneration = parser.longValue();
-                        } else if ("encrypted".equals(currentFieldName)) {
-                            if (parser.nextToken() != XContentParser.Token.VALUE_BOOLEAN) {
-                                throw new OpenSearchParseException("failed to parse repository [{}], unknown type", name);
-                            }
-                            encrypted = parser.booleanValue();
                         } else if ("crypto_metadata".equals(currentFieldName)) {
                             if (parser.nextToken() != XContentParser.Token.START_OBJECT) {
                                 throw new OpenSearchParseException("failed to parse repository [{}], unknown type", name);
@@ -257,7 +251,7 @@ public static RepositoriesMetadata fromXContent(XContentParser parser) throws IO
                 if (type == null) {
                     throw new OpenSearchParseException("failed to parse repository [{}], missing repository type", name);
                 }
-                repository.add(new RepositoryMetadata(name, type, settings, generation, pendingGeneration, encrypted, cryptoMetadata));
+                repository.add(new RepositoryMetadata(name, type, settings, generation, pendingGeneration, cryptoMetadata));
             } else {
                 throw new OpenSearchParseException("failed to parse repositories");
             }
@@ -291,8 +285,7 @@ public EnumSet<Metadata.XContentContext> context() {
     public static void toXContent(RepositoryMetadata repository, XContentBuilder builder, ToXContent.Params params) throws IOException {
         builder.startObject(repository.name());
         builder.field("type", repository.type());
-        if (Boolean.TRUE.equals(repository.encrypted())) {
-            builder.field("encrypted", true);
+        if (repository.cryptoMetadata() != null) {
             repository.cryptoMetadata().toXContent(repository.cryptoMetadata(), builder, params);
         }
         builder.startObject("settings");

diff --git a/server/src/main/java/org/opensearch/cluster/metadata/RepositoryMetadata.java b/server/src/main/java/org/opensearch/cluster/metadata/RepositoryMetadata.java
@@ -51,7 +51,6 @@ public class RepositoryMetadata implements Writeable {
     private final String name;
     private final String type;
     private final Settings settings;
-    private final Boolean encrypted;
     private final CryptoMetadata cryptoMetadata;
 
     /**
@@ -72,19 +71,19 @@ public class RepositoryMetadata implements Writeable {
      * @param settings repository settings
      */
     public RepositoryMetadata(String name, String type, Settings settings) {
-        this(name, type, settings, RepositoryData.UNKNOWN_REPO_GEN, RepositoryData.EMPTY_REPO_GEN, false, null);
+        this(name, type, settings, RepositoryData.UNKNOWN_REPO_GEN, RepositoryData.EMPTY_REPO_GEN, null);
     }
 
-    public RepositoryMetadata(String name, String type, Settings settings, Boolean encrypted, CryptoMetadata cryptoMetadata) {
-        this(name, type, settings, RepositoryData.UNKNOWN_REPO_GEN, RepositoryData.EMPTY_REPO_GEN, encrypted, cryptoMetadata);
+    public RepositoryMetadata(String name, String type, Settings settings, CryptoMetadata cryptoMetadata) {
+        this(name, type, settings, RepositoryData.UNKNOWN_REPO_GEN, RepositoryData.EMPTY_REPO_GEN, cryptoMetadata);
     }
 
     public RepositoryMetadata(RepositoryMetadata metadata, long generation, long pendingGeneration) {
-        this(metadata.name, metadata.type, metadata.settings, generation, pendingGeneration, metadata.encrypted, metadata.cryptoMetadata);
+        this(metadata.name, metadata.type, metadata.settings, generation, pendingGeneration, metadata.cryptoMetadata);
     }
 
     public RepositoryMetadata(String name, String type, Settings settings, long generation, long pendingGeneration) {
-        this(name, type, settings, generation, pendingGeneration, null, null);
+        this(name, type, settings, generation, pendingGeneration, null);
     }
 
     public RepositoryMetadata(
@@ -93,7 +92,6 @@ public RepositoryMetadata(
         Settings settings,
         long generation,
         long pendingGeneration,
-        Boolean encrypted,
         CryptoMetadata cryptoMetadata
     ) {
         this.name = name;
@@ -106,7 +104,6 @@ public RepositoryMetadata(
             + "] must be greater or equal to generation ["
             + generation
             + "]";
-        this.encrypted = encrypted;
         this.cryptoMetadata = cryptoMetadata;
     }
 
@@ -137,15 +134,6 @@ public Settings settings() {
         return this.settings;
     }
 
-    /**
-     * Returns whether repository is encrypted
-     *
-     * @return whether repository is encrypted
-     */
-    public Boolean encrypted() {
-        return encrypted;
-    }
-
     /**
      * Returns crypto metadata of repository
      *
@@ -186,14 +174,8 @@ public RepositoryMetadata(StreamInput in) throws IOException {
         generation = in.readLong();
         pendingGeneration = in.readLong();
         if (in.getVersion().onOrAfter(Version.V_3_0_0)) {
-            encrypted = in.readOptionalBoolean();
-            if (Boolean.TRUE.equals(encrypted)) {
-                cryptoMetadata = new CryptoMetadata(in);
-            } else {
-                cryptoMetadata = null;
-            }
+            cryptoMetadata = in.readOptionalWriteable(CryptoMetadata::new);
         } else {
-            encrypted = null;
             cryptoMetadata = null;
         }
     }
@@ -211,10 +193,7 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeLong(generation);
         out.writeLong(pendingGeneration);
         if (out.getVersion().onOrAfter(Version.V_3_0_0)) {
-            out.writeOptionalBoolean(encrypted);
-            if (Boolean.TRUE.equals(encrypted)) {
-                cryptoMetadata.writeTo(out);
-            }
+            out.writeOptionalWriteable(cryptoMetadata);
         }
     }
 
@@ -228,7 +207,6 @@ public boolean equalsIgnoreGenerations(RepositoryMetadata other) {
         return name.equals(other.name)
             && type.equals(other.type())
             && settings.equals(other.settings())
-            && encrypted == other.encrypted()
             && Objects.equals(cryptoMetadata, other.cryptoMetadata());
     }
 
@@ -244,31 +222,18 @@ public boolean equals(Object o) {
         if (generation != that.generation) return false;
         if (pendingGeneration != that.pendingGeneration) return false;
         if (!settings.equals(that.settings)) return false;
-        if (encrypted != that.encrypted) return false;
         return Objects.equals(cryptoMetadata, that.cryptoMetadata);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(name, type, settings, generation, pendingGeneration, encrypted, cryptoMetadata);
+        return Objects.hash(name, type, settings, generation, pendingGeneration, cryptoMetadata);
     }
 
     @Override
     public String toString() {
-        String toStr = "RepositoryMetadata{"
-            + name
-            + "}{"
-            + type
-            + "}{"
-            + settings
-            + "}{"
-            + generation
-            + "}{"
-            + pendingGeneration
-            + "}{"
-            + encrypted
-            + "}";
-        if (Boolean.TRUE.equals(encrypted)) {
+        String toStr = "RepositoryMetadata{" + name + "}{" + type + "}{" + settings + "}{" + generation + "}{" + pendingGeneration + "}";
+        if (cryptoMetadata != null) {
             return toStr + "{" + cryptoMetadata + "}";
         }
         return toStr;

diff --git a/server/src/main/java/org/opensearch/common/blobstore/AsyncMultiStreamBlobContainer.java b/server/src/main/java/org/opensearch/common/blobstore/AsyncMultiStreamBlobContainer.java
@@ -32,7 +32,6 @@ public interface AsyncMultiStreamBlobContainer extends BlobContainer {
      */
     void asyncBlobUpload(WriteContext writeContext, ActionListener<Void> completionListener) throws IOException;
 
-
     /**
      * @return whether underlying blobContainer can verify integrity of data after transfer. If true and if expected
      * checksum is provided in WriteContext, then the checksum of transferred data is compared with expected checksum