Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface (#16387)

github-actions[bot] · github-actions[bot] · commit 42a88c15aeac · 2024-10-18T20:35:41.000Z
* Add isDualModeEnabled to SecureTransportSettingsProvider interface Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add default impl Signed-off-by: Craig Perkins <cwperx@amazon.com> * Respond to comments, update usages and update docstring Signed-off-by: Craig Perkins <cwperx@amazon.com> * Address feedback Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add ExperimentalApi and add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Move DefaultSecureTransportParameters to separate file and add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit f346788) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,6 +24,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Add _list/indices API as paginated alternate to _cat/indices ([#14718](https://github.com/opensearch-project/OpenSearch/pull/14718))
 - Add changes to block calls in cat shards, indices and segments based on dynamic limit settings ([#15986](https://github.com/opensearch-project/OpenSearch/pull/15986))
 - Flat object field use IndexOrDocValuesQuery to optimize query ([#14383](https://github.com/opensearch-project/OpenSearch/issues/14383))
+- Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface ([#16387](https://github.com/opensearch-project/OpenSearch/pull/16387)
 
 ### Dependencies
 - Bump `org.apache.logging.log4j:log4j-core` from 2.23.1 to 2.24.0 ([#15858](https://github.com/opensearch-project/OpenSearch/pull/15858))
diff --git a/modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java b/modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java
@@ -142,9 +142,10 @@ public SSLServerChannelInitializer(String name) {
         protected void initChannel(Channel ch) throws Exception {
             super.initChannel(ch);
 
-            final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
+            final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
+                .map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
+                .orElse(false);
             if (dualModeEnabled) {
-                logger.info("SSL Dual mode enabled, using port unification handler");
                 final ChannelHandler portUnificationHandler = new DualModeSslHandler(
                     settings,
                     secureTransportSettingsProvider,
@@ -258,7 +259,9 @@ protected class SSLClientChannelInitializer extends Netty4Transport.ClientChanne
         public SSLClientChannelInitializer(DiscoveryNode node) {
             this.node = node;
 
-            final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
+            final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
+                .map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
+                .orElse(false);
             hostnameVerificationEnabled = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION.get(settings);
             hostnameVerificationResolveHostName = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME.get(settings);
 
diff --git a/server/src/main/java/org/opensearch/plugins/DefaultSecureTransportParameters.java b/server/src/main/java/org/opensearch/plugins/DefaultSecureTransportParameters.java
@@ -0,0 +1,28 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.plugins;
+
+import org.opensearch.common.network.NetworkModule;
+import org.opensearch.common.settings.Settings;
+
+/**
+ * Default implementation of {@link SecureTransportSettingsProvider.SecureTransportParameters}.
+ */
+class DefaultSecureTransportParameters implements SecureTransportSettingsProvider.SecureTransportParameters {
+    private final Settings settings;
+
+    DefaultSecureTransportParameters(Settings settings) {
+        this.settings = settings;
+    }
+
+    @Override
+    public boolean dualModeEnabled() {
+        return NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
+    }
+}
diff --git a/server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java b/server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java
@@ -36,6 +36,24 @@ default Collection<TransportAdapterProvider<Transport>> getTransportAdapterProvi
         return Collections.emptyList();
     }
 
+    /**
+     * Returns parameters that can be dynamically provided by a plugin providing a {@link SecureTransportSettingsProvider}
+     * implementation
+     * @param settings settings
+     * @return an instance of {@link SecureTransportParameters}
+     */
+    default Optional<SecureTransportParameters> parameters(Settings settings) {
+        return Optional.of(new DefaultSecureTransportParameters(settings));
+    }
+
+    /**
+     * Dynamic parameters that can be provided by the {@link SecureTransportSettingsProvider}
+     */
+    @ExperimentalApi
+    interface SecureTransportParameters {
+        boolean dualModeEnabled();
+    }
+
     /**
      * If supported, builds the {@link TransportExceptionHandler} instance for {@link Transport} instance
      * @param settings settings
