From 96f5e08a9f22c1b6464bc9212ef309de12c18439 Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Thu, 13 Jun 2024 12:12:59 -0400 Subject: [PATCH] Set security plugin 3.0.0 baseline JDK version to JDK-21 Signed-off-by: Andriy Redko --- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/code-hygiene.yml | 6 +++--- .github/workflows/integration-tests.yml | 2 +- .github/workflows/maven-publish.yml | 2 +- .github/workflows/plugin_install.yml | 5 +++-- build.gradle | 4 ++-- .../dlic/auth/http/jwt/HTTPJwtAuthenticator.java | 1 + .../http/kerberos/HTTPSpnegoAuthenticator.java | 1 + .../opensearch/security/DefaultObjectMapper.java | 1 + .../configuration/ConfigurationRepository.java | 1 + .../dlic/rest/api/ConfigUpgradeApiAction.java | 1 + .../security/hasher/BCryptPasswordHasher.java | 2 ++ .../security/http/OnBehalfOfAuthenticator.java | 1 + .../securityconf/DynamicConfigModelV7.java | 1 + .../security/ssl/DefaultSecurityKeyStore.java | 2 ++ .../opensearch/security/support/ConfigHelper.java | 1 + .../security/support/SecurityIndexHandler.java | 1 + .../org/opensearch/security/util/KeyUtils.java | 1 + .../security/http/OnBehalfOfAuthenticatorTest.java | 1 + .../democonfig/CertificateGeneratorTests.java | 1 + .../security/tools/democonfig/InstallerTests.java | 1 + .../SecuritySettingsConfigurerTests.java | 1 + .../democonfig/util/NoExitSecurityManager.java | 1 + 23 files changed, 36 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cfadd0edd6..b8cbcf8d67 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 17 + java-version: 21 - name: Checkout security uses: actions/checkout@v4 @@ -40,7 +40,7 @@ jobs: matrix: gradle_task: ${{ fromJson(needs.generate-test-list.outputs.separateTestsNames) }} platform: [windows-latest, ubuntu-latest] - jdk: [11, 17, 21] + jdk: [21] runs-on: ${{ matrix.platform }} steps: @@ -97,7 +97,7 @@ jobs: strategy: fail-fast: false matrix: - jdk: [11, 17, 21] + jdk: [21] platform: [ubuntu-latest, windows-latest] runs-on: ${{ matrix.platform }} @@ -132,7 +132,7 @@ jobs: strategy: fail-fast: false matrix: - jdk: [17] + jdk: [21] platform: [ubuntu-latest] runs-on: ${{ matrix.platform }} @@ -159,7 +159,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 17 + java-version: 21 - name: Checkout Security Repo uses: actions/checkout@v4 @@ -204,7 +204,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 11 + java-version: 21 - uses: github/codeql-action/init@v3 with: languages: java @@ -219,7 +219,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 11 + java-version: 21 - run: | security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}') diff --git a/.github/workflows/code-hygiene.yml b/.github/workflows/code-hygiene.yml index 2f8820709a..bf830e993b 100644 --- a/.github/workflows/code-hygiene.yml +++ b/.github/workflows/code-hygiene.yml @@ -22,7 +22,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 17 + java-version: 21 - uses: gradle/gradle-build-action@v3 with: @@ -38,7 +38,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 11 + java-version: 21 - uses: gradle/gradle-build-action@v3 with: @@ -54,7 +54,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 11 + java-version: 21 - uses: gradle/gradle-build-action@v3 with: diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 183276e675..cf3904c8cc 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -11,7 +11,7 @@ jobs: strategy: fail-fast: false matrix: - jdk: [11, 17, 21] + jdk: [21] test-run: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] steps: diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml index a837289795..d10fd67beb 100644 --- a/.github/workflows/maven-publish.yml +++ b/.github/workflows/maven-publish.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/setup-java@v4 with: distribution: temurin # Temurin is a distribution of adoptium - java-version: 11 + java-version: 21 - uses: actions/checkout@v4 - uses: aws-actions/configure-aws-credentials@v4 with: diff --git a/.github/workflows/plugin_install.yml b/.github/workflows/plugin_install.yml index 8cfcd156ae..12a9edcf60 100644 --- a/.github/workflows/plugin_install.yml +++ b/.github/workflows/plugin_install.yml @@ -12,7 +12,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, windows-latest] - jdk: [11, 17, 21] + jdk: [21] runs-on: ${{ matrix.os }} steps: @@ -40,12 +40,13 @@ jobs: shell: bash - name: Run Opensearch with A Single Plugin - uses: derek-ho/start-opensearch@v4 + uses: derek-ho/start-opensearch@main with: opensearch-version: ${{ env.OPENSEARCH_VERSION }} plugins: "file:$(pwd)/${{ env.PLUGIN_NAME }}.zip" security-enabled: true admin-password: ${{ steps.random-password.outputs.generated_name }} + jdk-version: 21 - name: Run sanity tests uses: gradle/gradle-build-action@v3 diff --git a/build.gradle b/build.gradle index 692f23cf77..d495bf291c 100644 --- a/build.gradle +++ b/build.gradle @@ -94,8 +94,8 @@ spotbugsTest { enabled = false } -java.sourceCompatibility = JavaVersion.VERSION_11 -java.targetCompatibility = JavaVersion.VERSION_11 +java.sourceCompatibility = JavaVersion.VERSION_21 +java.targetCompatibility = JavaVersion.VERSION_21 compileJava { diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java index 4a863c7cb1..08eaeed65e 100644 --- a/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java @@ -63,6 +63,7 @@ public class HTTPJwtAuthenticator implements HTTPAuthenticator { private final List requiredAudience; private final String requireIssuer; + @SuppressWarnings("removal") public HTTPJwtAuthenticator(final Settings settings, final Path configPath) { super(); diff --git a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java index 125bbed073..53d60b7261 100644 --- a/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java +++ b/src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java @@ -190,6 +190,7 @@ public AuthCredentials run() { return creds; } + @SuppressWarnings("removal") private AuthCredentials extractCredentials0(final SecurityRequest request) { if (acceptorPrincipal == null || acceptorKeyTabPath == null) { diff --git a/src/main/java/org/opensearch/security/DefaultObjectMapper.java b/src/main/java/org/opensearch/security/DefaultObjectMapper.java index 2d18667c54..d7ec09f5d9 100644 --- a/src/main/java/org/opensearch/security/DefaultObjectMapper.java +++ b/src/main/java/org/opensearch/security/DefaultObjectMapper.java @@ -139,6 +139,7 @@ public static T getOrDefault(Map properties, String key, T d return value != null ? value : defaultValue; } + @SuppressWarnings("removal") public static T readTree(JsonNode node, Class clazz) throws IOException { final SecurityManager sm = System.getSecurityManager(); diff --git a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java index 44ba77428f..d7c5fcaed4 100644 --- a/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java +++ b/src/main/java/org/opensearch/security/configuration/ConfigurationRepository.java @@ -655,6 +655,7 @@ public static int getDefaultConfigVersion() { return ConfigurationRepository.DEFAULT_CONFIG_VERSION; } + @SuppressWarnings("removal") private class AccessControllerWrappedThread extends Thread { private final Thread innerThread; diff --git a/src/main/java/org/opensearch/security/dlic/rest/api/ConfigUpgradeApiAction.java b/src/main/java/org/opensearch/security/dlic/rest/api/ConfigUpgradeApiAction.java index f295ab8c1c..8559ab49d7 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/api/ConfigUpgradeApiAction.java +++ b/src/main/java/org/opensearch/security/dlic/rest/api/ConfigUpgradeApiAction.java @@ -265,6 +265,7 @@ private SecurityDynamicConfiguration loadYamlFile(final String filepath, return ConfigHelper.fromYamlFile(filepath, cType, ConfigurationRepository.DEFAULT_CONFIG_VERSION, 0, 0); } + @SuppressWarnings("removal") JsonNode loadConfigFileAsJson(final CType cType) throws IOException { final var cd = securityApiDependencies.configurationRepository().getConfigDirectory(); final var filepath = cType.configFile(Path.of(cd)).toString(); diff --git a/src/main/java/org/opensearch/security/hasher/BCryptPasswordHasher.java b/src/main/java/org/opensearch/security/hasher/BCryptPasswordHasher.java index 043c0392d9..7373fe6f77 100644 --- a/src/main/java/org/opensearch/security/hasher/BCryptPasswordHasher.java +++ b/src/main/java/org/opensearch/security/hasher/BCryptPasswordHasher.java @@ -30,6 +30,7 @@ public class BCryptPasswordHasher implements PasswordHasher { private static final HashingFunction DEFAULT_BCRYPT_FUNCTION = BcryptFunction.getInstance(Bcrypt.Y, 12); + @SuppressWarnings("removal") @Override public String hash(char[] password) { if (password == null || password.length == 0) { @@ -49,6 +50,7 @@ public String hash(char[] password) { } } + @SuppressWarnings("removal") @Override public boolean check(char[] password, String hash) { if (password == null || password.length == 0) { diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java index 23db7accda..327a25f849 100644 --- a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java @@ -66,6 +66,7 @@ public class OnBehalfOfAuthenticator implements HTTPAuthenticator { private final EncryptionDecryptionUtil encryptionUtil; + @SuppressWarnings("removal") public OnBehalfOfAuthenticator(Settings settings, String clusterName) { String oboEnabledSetting = settings.get("enabled", "true"); oboEnabled = Boolean.parseBoolean(oboEnabledSetting); diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java index ca237bc054..4bc9e82882 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java @@ -425,6 +425,7 @@ private void destroyDestroyables(List destroyableComponents) { } } + @SuppressWarnings("removal") private T newInstance(final String clazzOrShortcut, String type, final Settings settings, final Path configPath) { final String clazz = authImplMap.computeIfAbsent(clazzOrShortcut + "_" + type, k -> clazzOrShortcut); return AccessController.doPrivileged((PrivilegedAction) () -> { diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java index 7ff90c1a66..b697bbedff 100644 --- a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java +++ b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java @@ -972,6 +972,7 @@ private void initEnabledSSLCiphers() { enabledTransportProtocolsJDKProvider.retainAll(allowedSecureTransportSSLProtocols); } + @SuppressWarnings("removal") private SslContext buildSSLServerContext( final PrivateKey _key, final X509Certificate[] _cert, @@ -1003,6 +1004,7 @@ public SslContextBuilder run() throws Exception { } } + @SuppressWarnings("removal") private SslContext buildSSLServerContext( final File _key, final File _cert, diff --git a/src/main/java/org/opensearch/security/support/ConfigHelper.java b/src/main/java/org/opensearch/security/support/ConfigHelper.java index e8526478f2..d9e2921da6 100644 --- a/src/main/java/org/opensearch/security/support/ConfigHelper.java +++ b/src/main/java/org/opensearch/security/support/ConfigHelper.java @@ -66,6 +66,7 @@ public static void uploadFile(Client tc, String filepath, String index, CType cT uploadFile(tc, filepath, index, cType, configVersion, false); } + @SuppressWarnings("removal") public static void uploadFile( Client tc, String filepath, diff --git a/src/main/java/org/opensearch/security/support/SecurityIndexHandler.java b/src/main/java/org/opensearch/security/support/SecurityIndexHandler.java index 1ed8a99614..73af39a348 100644 --- a/src/main/java/org/opensearch/security/support/SecurityIndexHandler.java +++ b/src/main/java/org/opensearch/security/support/SecurityIndexHandler.java @@ -87,6 +87,7 @@ public void createIndex(ActionListener listener) { } } + @SuppressWarnings("removal") public void uploadDefaultConfiguration(final Path configDir, final ActionListener> listener) { try (final ThreadContext.StoredContext threadContext = client.threadPool().getThreadContext().stashContext()) { AccessController.doPrivileged((PrivilegedAction) () -> { diff --git a/src/main/java/org/opensearch/security/util/KeyUtils.java b/src/main/java/org/opensearch/security/util/KeyUtils.java index 4f03c08cd5..bdf7bf04e0 100644 --- a/src/main/java/org/opensearch/security/util/KeyUtils.java +++ b/src/main/java/org/opensearch/security/util/KeyUtils.java @@ -33,6 +33,7 @@ public class KeyUtils { + @SuppressWarnings("removal") public static JwtParserBuilder createJwtParserBuilderFromSigningKey(final String signingKey, final Logger log) { final SecurityManager sm = System.getSecurityManager(); diff --git a/src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java b/src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java index 672738326d..bae4fa7f28 100644 --- a/src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java +++ b/src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java @@ -67,6 +67,7 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +@SuppressWarnings("removal") public class OnBehalfOfAuthenticatorTest { final static String clusterName = "cluster_0"; final static String enableOBO = "true"; diff --git a/src/test/java/org/opensearch/security/tools/democonfig/CertificateGeneratorTests.java b/src/test/java/org/opensearch/security/tools/democonfig/CertificateGeneratorTests.java index 3b43311679..71771f8116 100644 --- a/src/test/java/org/opensearch/security/tools/democonfig/CertificateGeneratorTests.java +++ b/src/test/java/org/opensearch/security/tools/democonfig/CertificateGeneratorTests.java @@ -42,6 +42,7 @@ import static org.opensearch.security.tools.democonfig.util.DemoConfigHelperUtil.deleteDirectoryRecursive; import static org.junit.Assert.fail; +@SuppressWarnings("removal") public class CertificateGeneratorTests { private static Installer installer; diff --git a/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java b/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java index 268bd9ea0e..cef2d79725 100644 --- a/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java +++ b/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java @@ -44,6 +44,7 @@ import static org.junit.Assert.assertThrows; import static org.junit.Assert.fail; +@SuppressWarnings("removal") public class InstallerTests { private final ByteArrayOutputStream outContent = new ByteArrayOutputStream(); private final PrintStream originalOut = System.out; diff --git a/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java b/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java index f4b56e6f76..160d361aef 100644 --- a/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java +++ b/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java @@ -55,6 +55,7 @@ import static org.opensearch.security.tools.democonfig.util.DemoConfigHelperUtil.deleteDirectoryRecursive; import static org.junit.Assert.fail; +@SuppressWarnings("removal") @RunWith(com.carrotsearch.randomizedtesting.RandomizedRunner.class) public class SecuritySettingsConfigurerTests { diff --git a/src/test/java/org/opensearch/security/tools/democonfig/util/NoExitSecurityManager.java b/src/test/java/org/opensearch/security/tools/democonfig/util/NoExitSecurityManager.java index 0602812f5d..1b09ecf2dd 100644 --- a/src/test/java/org/opensearch/security/tools/democonfig/util/NoExitSecurityManager.java +++ b/src/test/java/org/opensearch/security/tools/democonfig/util/NoExitSecurityManager.java @@ -14,6 +14,7 @@ /** * Helper class to allow capturing and testing exit codes and block test execution from exiting mid-way */ +@SuppressWarnings("removal") public class NoExitSecurityManager extends SecurityManager { @Override public void checkPermission(java.security.Permission perm) {