Merge branch 'main' of https://github.com/opensearch-project/OpenSearch…

… into listsegmentsfinal
opensearch-project · Sep 19, 2022 · fc48cfb · fc48cfb
2 parents c227b9b + 4657716
commit fc48cfb
Show file tree

Hide file tree

Showing 37 changed files with 2,015 additions and 130 deletions.
diff --git a/.ci/bwcVersions b/.ci/bwcVersions
@@ -51,4 +51,5 @@ BWC_VERSION:
   - "2.2.1"
   - "2.2.2"
   - "2.3.0"
+  - "2.3.1"
   - "2.4.0"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,12 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Support for labels on version bump PRs, skip label support for changelog verifier ([#4391](https://github.com/opensearch-project/OpenSearch/pull/4391))
 - Update previous release bwc version to 2.4.0 ([#4455](https://github.com/opensearch-project/OpenSearch/pull/4455))
 - 2.3.0 release notes ([#4457](https://github.com/opensearch-project/OpenSearch/pull/4457))
+- Added missing javadocs for `:distribution:tools` modules ([#4483](https://github.com/opensearch-project/OpenSearch/pull/4483))
+- Add BWC version 2.3.1 ([#4513](https://github.com/opensearch-project/OpenSearch/pull/4513))
+- [Segment Replication] Add snapshot and restore tests for segment replication feature ([#3993](https://github.com/opensearch-project/OpenSearch/pull/3993))
+
+### Dependencies
+- Bumps `reactive-streams` from 1.0.3 to 1.0.4
 
 ### Dependencies
 - Bumps `org.gradle.test-retry` from 1.4.0 to 1.4.1
@@ -32,9 +38,11 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))
 - Use RemoteSegmentStoreDirectory instead of RemoteDirectory ([#4240](https://github.com/opensearch-project/OpenSearch/pull/4240))
 - Plugin ZIP publication groupId value is configurable ([#4156](https://github.com/opensearch-project/OpenSearch/pull/4156))
+- Weighted round-robin scheduling policy for shard coordination traffic ([#4241](https://github.com/opensearch-project/OpenSearch/pull/4241))
 - Add index specific setting for remote repository ([#4253](https://github.com/opensearch-project/OpenSearch/pull/4253))
 - [Segment Replication] Update replicas to commit SegmentInfos instead of relying on SIS files from primary shards. ([#4402](https://github.com/opensearch-project/OpenSearch/pull/4402))
 - [CCR] Add getHistoryOperationsFromTranslog method to fetch the history snapshot from translogs ([#3948](https://github.com/opensearch-project/OpenSearch/pull/3948))
+- [Remote Store] Change behaviour in replica recovery for remote translog enabled indices ([#4318](https://github.com/opensearch-project/OpenSearch/pull/4318))
 
 ### Deprecated
 
@@ -60,7 +68,9 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Segment Replication] Fix timeout issue by calculating time needed to process getSegmentFiles ([#4426](https://github.com/opensearch-project/OpenSearch/pull/4426))
 - [Bug]: gradle check failing with java heap OutOfMemoryError (([#4328](https://github.com/opensearch-project/OpenSearch/
 - `opensearch.bat` fails to execute when install path includes spaces ([#4362](https://github.com/opensearch-project/OpenSearch/pull/4362))
+- Getting security exception due to access denied 'java.lang.RuntimePermission' 'accessDeclaredMembers' when trying to get snapshot with S3 IRSA ([#4469](https://github.com/opensearch-project/OpenSearch/pull/4469))
 - Fixed flaky test `ResourceAwareTasksTests.testTaskIdPersistsInThreadContext` ([#4484](https://github.com/opensearch-project/OpenSearch/pull/4484))
+- Fixed the ignore_malformed setting to also ignore objects ([#4494](https://github.com/opensearch-project/OpenSearch/pull/4494))
 
 ### Security
 - CVE-2022-25857 org.yaml:snakeyaml DOS vulnerability ([#4341](https://github.com/opensearch-project/OpenSearch/pull/4341))

diff --git a/...on-checker/src/main/java/org/opensearch/tools/java_version_checker/SuppressForbidden.java b/...on-checker/src/main/java/org/opensearch/tools/java_version_checker/SuppressForbidden.java
@@ -43,5 +43,10 @@
 @Retention(RetentionPolicy.CLASS)
 @Target({ ElementType.CONSTRUCTOR, ElementType.FIELD, ElementType.METHOD, ElementType.TYPE })
 public @interface SuppressForbidden {
+    /**
+     * The argument to this annotation, specifying the reason a forbidden API is being used.
+     *
+     * @return The reason the error is being suppressed.
+     */
     String reason();
 }
diff --git a/...version-checker/src/main/java/org/opensearch/tools/java_version_checker/package-info.java b/...version-checker/src/main/java/org/opensearch/tools/java_version_checker/package-info.java
@@ -0,0 +1,12 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+/**
+ * Tools to validate minimum version of the runtime Java.
+ */
+package org.opensearch.tools.java_version_checker;
diff --git a/...ribution/tools/keystore-cli/src/main/java/org/opensearch/common/settings/KeyStoreCli.java b/...ribution/tools/keystore-cli/src/main/java/org/opensearch/common/settings/KeyStoreCli.java
@@ -36,7 +36,7 @@
 import org.opensearch.cli.Terminal;
 
 /**
- * A cli tool for managing secrets in the opensearch keystore.
+ * A CLI tool for managing secrets in the OpenSearch keystore.
  */
 public class KeyStoreCli extends LoggingAwareMultiCommand {
 
@@ -52,6 +52,12 @@ private KeyStoreCli() {
         subcommands.put("has-passwd", new HasPasswordKeyStoreCommand());
     }
 
+    /**
+     * Main entry point for the OpenSearch Keystore CLI tool.
+     *
+     * @param args  CLI commands for managing secrets.
+     * @throws Exception if an exception was encountered executing the command.
+     */
     public static void main(String[] args) throws Exception {
         exit(new KeyStoreCli().main(args, Terminal.DEFAULT));
     }

diff --git a/...ibution/tools/keystore-cli/src/main/java/org/opensearch/common/settings/package-info.java b/...ibution/tools/keystore-cli/src/main/java/org/opensearch/common/settings/package-info.java
@@ -0,0 +1,12 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+/**
+ * Classes implementing a CLI tool for managing secrets in the OpenSearch keystore.
+ */
+package org.opensearch.common.settings;
diff --git a/distribution/tools/launchers/build.gradle b/distribution/tools/launchers/build.gradle
@@ -54,6 +54,5 @@ testingConventions {
 }
 
 javadoc.enabled = false
-missingJavadoc.enabled = false
 loggerUsageCheck.enabled = false
 jarHell.enabled = false
diff --git a/distribution/tools/launchers/src/main/java/org/opensearch/tools/launchers/package-info.java b/distribution/tools/launchers/src/main/java/org/opensearch/tools/launchers/package-info.java
@@ -0,0 +1,12 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+/**
+ * Classes implementing utility methods for launching JVMs.
+ */
+package org.opensearch.tools.launchers;
diff --git a/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/PluginCli.java b/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/PluginCli.java
@@ -42,7 +42,7 @@
 import java.util.Collections;
 
 /**
- * A cli tool for adding, removing and listing plugins for opensearch.
+ * A CLI tool for adding, removing and listing plugins for OpenSearch.
  */
 public class PluginCli extends LoggingAwareMultiCommand {
 
@@ -56,6 +56,12 @@ private PluginCli() {
         commands = Collections.unmodifiableCollection(subcommands.values());
     }
 
+    /**
+     * Main entry point for the OpenSearch Plugin CLI tool.
+     *
+     * @param args  CLI commands for managing plugins.
+     * @throws Exception if an exception was encountered executing the command.
+     */
     public static void main(String[] args) throws Exception {
         exit(new PluginCli().main(args, Terminal.DEFAULT));
     }

diff --git a/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/PluginHelper.java b/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/PluginHelper.java
@@ -19,6 +19,8 @@
  */
 public class PluginHelper {
 
+    private PluginHelper() {}
+
     /**
      * Verify if a plugin exists with any folder name.
      * @param pluginPath   the path for the plugins directory.

diff --git a/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/package-info.java b/distribution/tools/plugin-cli/src/main/java/org/opensearch/plugins/package-info.java
@@ -0,0 +1,12 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+/**
+ * Classes implementing a CLI tool for managing plugins in OpenSearch.
+ */
+package org.opensearch.plugins;
diff --git a/gradle/missing-javadoc.gradle b/gradle/missing-javadoc.gradle
@@ -95,10 +95,6 @@ configure([
   project(":client:client-benchmark-noop-api-plugin"),
   project(":client:rest-high-level"),
   project(":client:test"),
-  project(":distribution:tools:java-version-checker"),
-  project(":distribution:tools:keystore-cli"),
-  project(":distribution:tools:launchers"),
-  project(":distribution:tools:plugin-cli"),
   project(":doc-tools"),
   project(":example-plugins:custom-settings"),
   project(":example-plugins:custom-significance-heuristic"),

diff --git a/plugins/repository-azure/build.gradle b/plugins/repository-azure/build.gradle
@@ -55,7 +55,7 @@ dependencies {
   api "io.netty:netty-transport-native-unix-common:${versions.netty}"
   implementation project(':modules:transport-netty4')
   api 'com.azure:azure-storage-blob:12.16.1'
-  api 'org.reactivestreams:reactive-streams:1.0.3'
+  api 'org.reactivestreams:reactive-streams:1.0.4'
   api 'io.projectreactor:reactor-core:3.4.18'
   api 'io.projectreactor.netty:reactor-netty:1.0.18'
   api 'io.projectreactor.netty:reactor-netty-core:1.0.22'

diff --git a/plugins/repository-azure/licenses/reactive-streams-1.0.3.jar.sha1 b/plugins/repository-azure/licenses/reactive-streams-1.0.3.jar.sha1
diff --git a/plugins/repository-azure/licenses/reactive-streams-1.0.4.jar.sha1 b/plugins/repository-azure/licenses/reactive-streams-1.0.4.jar.sha1
@@ -0,0 +1 @@
+3864a1320d97d7b045f729a326e1e077661f31b7
diff --git a/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java b/plugins/repository-s3/src/main/java/org/opensearch/repositories/s3/S3Service.java
@@ -305,21 +305,28 @@ static AWSCredentialsProvider buildCredentials(Logger logger, S3ClientSettings c
             }
 
             if (irsaCredentials.getIdentityTokenFile() == null) {
-                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
-                    securityTokenService,
+                final STSAssumeRoleSessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
                     new STSAssumeRoleSessionCredentialsProvider.Builder(irsaCredentials.getRoleArn(), irsaCredentials.getRoleSessionName())
-                        .withStsClient(securityTokenService)
-                        .build()
+                        .withStsClient(securityTokenService);
+
+                final STSAssumeRoleSessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
+                    stsCredentialsProviderBuilder::build
                 );
+
+                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
             } else {
-                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(
-                    securityTokenService,
+                final STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder stsCredentialsProviderBuilder =
                     new STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder(
                         irsaCredentials.getRoleArn(),
                         irsaCredentials.getRoleSessionName(),
                         irsaCredentials.getIdentityTokenFile()
-                    ).withStsClient(securityTokenService).build()
+                    ).withStsClient(securityTokenService);
+
+                final STSAssumeRoleWithWebIdentitySessionCredentialsProvider stsCredentialsProvider = SocketAccess.doPrivileged(
+                    stsCredentialsProviderBuilder::build
                 );
+
+                return new PrivilegedSTSAssumeRoleSessionCredentialsProvider<>(securityTokenService, stsCredentialsProvider);
             }
         } else if (basicCredentials != null) {
             logger.debug("Using basic key/secret credentials");