Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Support additional params in SecureTransportSettingsProvider to enable building of SslContext outside of security plugin #5011

Open
rishabhmaurya opened this issue Jan 6, 2025 · 2 comments
Open

[FEATURE] Support additional params in SecureTransportSettingsProvider to enable building of SslContext outside of security plugin #5011

rishabhmaurya opened this issue Jan 6, 2025 · 2 comments
Assignees
@rishabhmaurya
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@rishabhmaurya
Copy link

Is your feature request related to a problem?
The netty's io.netty.handler.ssl.SslContext is needed by Flight server being introduced in opensearch-project/OpenSearch#16962. Today, it cannot be built outside of security plugin as SecureTransportSettingsProvider doesn't expose it.

What solution would you like?
Provide a way for consumers of SecureTransportSettingsProvider to build SslContext.
Since its a netty dependency which we don't want to add to server module thus we cannot build it in security plugin and expose it using SecureTransportSettingsProvider. Instead, expose all parameters needed to build SslContext to its consumer (plugins & modules) to build it directly.

What alternatives have you considered?
A clear and concise description of any alternative solutions or features you've considered.

Do you have any additional context?
Add any other context or screenshots about the feature request here.
@rishabhmaurya rishabhmaurya added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jan 6, 2025
@rishabhmaurya rishabhmaurya self-assigned this Jan 6, 2025
This was referenced Jan 6, 2025
Open
Open
@cwperks cwperks added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Jan 13, 2025
@cwperks
Copy link
Member

cwperks commented Jan 13, 2025

[Triage] Thank you for filing this issue @rishabhmaurya . Can you elaborate on the parameters you would like to add and configure in SecureTransportSettingsProvider?

@rishabhmaurya
Copy link
Author

rishabhmaurya commented Jan 20, 2025
edited
Loading

@cwperks I will raise a PR for it, thank you. I will be adding following parameters to SecureTransportSettingsProvider.SecureTransportParameters. Please let me know if you have any concerns exposing them?

interface SecureTransportParameters {
        boolean dualModeEnabled();

        KeyManagerFactory keyManagerFactory();

        String sslProvider();

        String clientAuth();

        Iterable<String> protocols();

        Iterable<String> cipherSuites();

        TrustManagerFactory trustManagerFactory();
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rishabhmaurya rishabhmaurya

Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rishabhmaurya @cwperks