opensearch-project
diff --git a/‎common/build.gradle
+2 b/‎common/build.gradle
+2
diff --git a/‎common/src/main/java/org/opensearch/ml/common/MLConfig.java
+18-3 b/‎common/src/main/java/org/opensearch/ml/common/MLConfig.java
+18-3
diff --git a/‎common/src/main/java/org/opensearch/ml/common/connector/Connector.java
+4-4 b/‎common/src/main/java/org/opensearch/ml/common/connector/Connector.java
+4-4
diff --git a/‎common/src/main/java/org/opensearch/ml/common/connector/HttpConnector.java
+7-7 b/‎common/src/main/java/org/opensearch/ml/common/connector/HttpConnector.java
+7-7
diff --git a/‎common/src/main/java/org/opensearch/ml/common/transport/config/MLConfigGetRequest.java
+11-1 b/‎common/src/main/java/org/opensearch/ml/common/transport/config/MLConfigGetRequest.java
+11-1
diff --git a/‎common/src/test/java/org/opensearch/ml/common/connector/AwsConnectorTest.java
+11-11 b/‎common/src/test/java/org/opensearch/ml/common/connector/AwsConnectorTest.java
+11-11
diff --git a/‎common/src/test/java/org/opensearch/ml/common/connector/HttpConnectorTest.java
+7-7 b/‎common/src/test/java/org/opensearch/ml/common/connector/HttpConnectorTest.java
+7-7
@@ -39,6 +39,8 @@ dependencies {
     compileOnly("com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}")
     compileOnly("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}")
     compileOnly group: 'com.networknt' , name: 'json-schema-validator', version: '1.4.0'
+    // Multi-tenant SDK Client
+    compileOnly "org.opensearch:opensearch-remote-metadata-sdk:${opensearch_build}"
 }
 
 lombok {
 
@@ -6,6 +6,8 @@
 package org.opensearch.ml.common;
 
 import static org.opensearch.core.xcontent.XContentParserUtils.ensureExpectedToken;
+import static org.opensearch.ml.common.CommonValue.TENANT_ID_FIELD;
+import static org.opensearch.ml.common.CommonValue.VERSION_2_19_0;
 
 import java.io.IOException;
 import java.time.Instant;
@@ -57,6 +59,7 @@ public class MLConfig implements ToXContentObject, Writeable {
     private final Instant createTime;
     private Instant lastUpdateTime;
     private Instant lastUpdatedTime;
+    private final String tenantId;
 
     @Builder(toBuilder = true)
     public MLConfig(
@@ -66,7 +69,8 @@ public MLConfig(
         Configuration mlConfiguration,
         Instant createTime,
         Instant lastUpdateTime,
-        Instant lastUpdatedTime
+        Instant lastUpdatedTime,
+        String tenantId
     ) {
         this.type = type;
         this.configType = configType;
@@ -75,6 +79,7 @@ public MLConfig(
         this.createTime = createTime;
         this.lastUpdateTime = lastUpdateTime;
         this.lastUpdatedTime = lastUpdatedTime;
+        this.tenantId = tenantId;
     }
 
     public MLConfig(StreamInput input) throws IOException {
@@ -92,6 +97,7 @@ public MLConfig(StreamInput input) throws IOException {
             }
             lastUpdatedTime = input.readOptionalInstant();
         }
+        this.tenantId = streamInputVersion.onOrAfter(VERSION_2_19_0) ? input.readOptionalString() : null;
     }
 
     @Override
@@ -116,6 +122,9 @@ public void writeTo(StreamOutput out) throws IOException {
             }
             out.writeOptionalInstant(lastUpdatedTime);
         }
+        if (streamOutputVersion.onOrAfter(VERSION_2_19_0)) {
+            out.writeOptionalString(tenantId);
+        }
     }
 
     @Override
@@ -133,12 +142,14 @@ public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params
         if (lastUpdateTime != null || lastUpdatedTime != null) {
             builder.field(LAST_UPDATE_TIME_FIELD, lastUpdatedTime == null ? lastUpdateTime.toEpochMilli() : lastUpdatedTime.toEpochMilli());
         }
+        if (tenantId != null) {
+            builder.field(TENANT_ID_FIELD, tenantId);
+        }
         return builder.endObject();
     }
 
     public static MLConfig fromStream(StreamInput in) throws IOException {
-        MLConfig mlConfig = new MLConfig(in);
-        return mlConfig;
+        return new MLConfig(in);
     }
 
     public static MLConfig parse(XContentParser parser) throws IOException {
@@ -149,6 +160,7 @@ public static MLConfig parse(XContentParser parser) throws IOException {
         Instant createTime = null;
         Instant lastUpdateTime = null;
         Instant lastUpdatedTime = null;
+        String tenantId = null;
 
         ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.currentToken(), parser);
         while (parser.nextToken() != XContentParser.Token.END_OBJECT) {
@@ -177,6 +189,8 @@ public static MLConfig parse(XContentParser parser) throws IOException {
                 case LAST_UPDATED_TIME_FIELD:
                     lastUpdatedTime = Instant.ofEpochMilli(parser.longValue());
                     break;
+                case TENANT_ID_FIELD:
+                    tenantId = parser.textOrNull();
                 default:
                     parser.skipChildren();
                     break;
@@ -191,6 +205,7 @@ public static MLConfig parse(XContentParser parser) throws IOException {
             .createTime(createTime)
             .lastUpdateTime(lastUpdateTime)
             .lastUpdatedTime(lastUpdatedTime)
+            .tenantId(tenantId)
             .build();
     }
 }
@@ -16,7 +16,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.function.Function;
+import java.util.function.BiFunction;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -79,9 +79,9 @@ public interface Connector extends ToXContentObject, Writeable {
 
     <T> T createPayload(String action, Map<String, String> parameters);
 
-    void decrypt(String action, Function<String, String> function);
+    void decrypt(String action, BiFunction<String, String, String> function, String tenantId);
 
-    void encrypt(Function<String, String> function);
+    void encrypt(BiFunction<String, String, String> function, String tenantId);
 
     Connector cloneConnector();
 
@@ -91,7 +91,7 @@ public interface Connector extends ToXContentObject, Writeable {
 
     void writeTo(StreamOutput out) throws IOException;
 
-    void update(MLCreateConnectorInput updateContent, Function<String, String> function);
+    void update(MLCreateConnectorInput updateContent, BiFunction<String, String, String> function);
 
     <T> void parseResponse(T orElse, List<ModelTensor> modelTensors, boolean b) throws IOException;
 
 
@@ -21,7 +21,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.function.Function;
+import java.util.function.BiFunction;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -302,7 +302,7 @@ public void writeTo(StreamOutput out) throws IOException {
     }
 
     @Override
-    public void update(MLCreateConnectorInput updateContent, Function<String, String> function) {
+    public void update(MLCreateConnectorInput updateContent, BiFunction<String, String, String> function) {
         if (updateContent.getName() != null) {
             this.name = updateContent.getName();
         }
@@ -320,7 +320,7 @@ public void update(MLCreateConnectorInput updateContent, Function<String, String
         }
         if (updateContent.getCredential() != null && !updateContent.getCredential().isEmpty()) {
             this.credential = updateContent.getCredential();
-            encrypt(function);
+            encrypt(function, this.tenantId);
         }
         if (updateContent.getActions() != null) {
             this.actions = updateContent.getActions();
@@ -379,10 +379,10 @@ private List<String> findStringParametersWithNullDefaultValue(String input) {
     }
 
     @Override
-    public void decrypt(String action, Function<String, String> function) {
+    public void decrypt(String action, BiFunction<String, String, String> function, String tenantId) {
         Map<String, String> decrypted = new HashMap<>();
         for (String key : credential.keySet()) {
-            decrypted.put(key, function.apply(credential.get(key)));
+            decrypted.put(key, function.apply(credential.get(key), tenantId));
         }
         this.decryptedCredential = decrypted;
         Optional<ConnectorAction> connectorAction = findAction(action);
@@ -402,9 +402,9 @@ public Connector cloneConnector() {
     }
 
     @Override
-    public void encrypt(Function<String, String> function) {
+    public void encrypt(BiFunction<String, String, String> function, String tenantId) {
         for (String key : credential.keySet()) {
-            String encrypted = function.apply(credential.get(key));
+            String encrypted = function.apply(credential.get(key), tenantId);
             credential.put(key, encrypted);
         }
     }
 
@@ -6,12 +6,14 @@
 package org.opensearch.ml.common.transport.config;
 
 import static org.opensearch.action.ValidateActions.addValidationError;
+import static org.opensearch.ml.common.CommonValue.VERSION_2_19_0;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 
+import org.opensearch.Version;
 import org.opensearch.action.ActionRequest;
 import org.opensearch.action.ActionRequestValidationException;
 import org.opensearch.core.common.io.stream.InputStreamStreamInput;
@@ -26,21 +28,29 @@
 public class MLConfigGetRequest extends ActionRequest {
 
     String configId;
+    String tenantId;
 
     @Builder
-    public MLConfigGetRequest(String configId) {
+    public MLConfigGetRequest(String configId, String tenantId) {
         this.configId = configId;
+        this.tenantId = tenantId;
     }
 
     public MLConfigGetRequest(StreamInput in) throws IOException {
         super(in);
+        Version streamInputVersion = in.getVersion();
         this.configId = in.readString();
+        this.tenantId = streamInputVersion.onOrAfter(VERSION_2_19_0) ? in.readOptionalString() : null;
     }
 
     @Override
     public void writeTo(StreamOutput out) throws IOException {
         super.writeTo(out);
+        Version streamOutputVersion = out.getVersion();
         out.writeString(this.configId);
+        if (streamOutputVersion.onOrAfter(VERSION_2_19_0)) {
+            out.writeOptionalString(tenantId);
+        }
     }
 
     @Override
 
@@ -18,7 +18,7 @@
 import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
-import java.util.function.Function;
+import java.util.function.BiFunction;
 
 import org.junit.Assert;
 import org.junit.Before;
@@ -39,13 +39,13 @@ public class AwsConnectorTest {
     @Rule
     public ExpectedException exceptionRule = ExpectedException.none();
 
-    Function<String, String> encryptFunction;
-    Function<String, String> decryptFunction;
+    BiFunction<String, String, String> encryptFunction;
+    BiFunction<String, String, String> decryptFunction;
 
     @Before
     public void setUp() {
-        encryptFunction = s -> "encrypted: " + s.toLowerCase(Locale.ROOT);
-        decryptFunction = s -> "decrypted: " + s.toUpperCase(Locale.ROOT);
+        encryptFunction = (s, v) -> "encrypted: " + s.toLowerCase(Locale.ROOT);
+        decryptFunction = (s, v) -> "decrypted: " + s.toUpperCase(Locale.ROOT);
     }
 
     @Test
@@ -115,8 +115,8 @@ public void constructor_NoPredictAction() {
             .build();
         Assert.assertNotNull(connector);
 
-        connector.encrypt(encryptFunction);
-        connector.decrypt(PREDICT.name(), decryptFunction);
+        connector.encrypt(encryptFunction, null);
+        connector.decrypt(PREDICT.name(), decryptFunction, null);
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_ACCESS_KEY", connector.getAccessKey());
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_SECRET_KEY", connector.getSecretKey());
         Assert.assertEquals(null, connector.getSessionToken());
@@ -159,8 +159,8 @@ public void constructor() {
         String url = "https://${parameters.endpoint}/model1";
 
         AwsConnector connector = createAwsConnector(parameters, credential, url);
-        connector.encrypt(encryptFunction);
-        connector.decrypt(PREDICT.name(), decryptFunction);
+        connector.encrypt(encryptFunction, null);
+        connector.decrypt(PREDICT.name(), decryptFunction, null);
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_ACCESS_KEY", connector.getAccessKey());
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_SECRET_KEY", connector.getSecretKey());
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_SESSION_TOKEN", connector.getSessionToken());
@@ -180,8 +180,8 @@ public void constructor_NoParameter() {
 
         String url = "https://test.com";
         AwsConnector connector = createAwsConnector(null, credential, url);
-        connector.encrypt(encryptFunction);
-        connector.decrypt(PREDICT.name(), decryptFunction);
+        connector.encrypt(encryptFunction, null);
+        connector.decrypt(PREDICT.name(), decryptFunction, null);
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_ACCESS_KEY", connector.getAccessKey());
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_SECRET_KEY", connector.getSecretKey());
         Assert.assertEquals("decrypted: ENCRYPTED: TEST_SESSION_TOKEN", connector.getSessionToken());
 
@@ -15,7 +15,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.function.Function;
+import java.util.function.BiFunction;
 
 import org.junit.Assert;
 import org.junit.Before;
@@ -38,8 +38,8 @@ public class HttpConnectorTest {
     @Rule
     public ExpectedException exceptionRule = ExpectedException.none();
 
-    Function<String, String> encryptFunction;
-    Function<String, String> decryptFunction;
+    BiFunction<String, String, String> encryptFunction;
+    BiFunction<String, String, String> decryptFunction;
 
     String TEST_CONNECTOR_JSON_STRING = "{\"name\":\"test_connector_name\",\"version\":\"1\","
         + "\"description\":\"this is a test connector\",\"protocol\":\"http\","
@@ -55,8 +55,8 @@ public class HttpConnectorTest {
 
     @Before
     public void setUp() {
-        encryptFunction = s -> "encrypted: " + s.toLowerCase(Locale.ROOT);
-        decryptFunction = s -> "decrypted: " + s.toUpperCase(Locale.ROOT);
+        encryptFunction = (s, v) -> "encrypted: " + s.toLowerCase(Locale.ROOT);
+        decryptFunction = (s, v) -> "decrypted: " + s.toUpperCase(Locale.ROOT);
     }
 
     @Test
@@ -124,7 +124,7 @@ public void cloneConnector() {
     @Test
     public void decrypt() {
         HttpConnector connector = createHttpConnector();
-        connector.decrypt(PREDICT.name(), decryptFunction);
+        connector.decrypt(PREDICT.name(), decryptFunction, null);
         Map<String, String> decryptedCredential = connector.getDecryptedCredential();
         Assert.assertEquals(1, decryptedCredential.size());
         Assert.assertEquals("decrypted: TEST_KEY_VALUE", decryptedCredential.get("key"));
@@ -141,7 +141,7 @@ public void decrypt() {
     @Test
     public void encrypted() {
         HttpConnector connector = createHttpConnector();
-        connector.encrypt(encryptFunction);
+        connector.encrypt(encryptFunction, null);
         Map<String, String> credential = connector.getCredential();
         Assert.assertEquals(1, credential.size());
         Assert.assertEquals("encrypted: test_key_value", credential.get("key"));
Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,8 @@ dependencies {`
`39`	`39`	`compileOnly("com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}")`
`40`	`40`	`compileOnly("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}")`
`41`	`41`	`compileOnly group: 'com.networknt' , name: 'json-schema-validator', version: '1.4.0'`
	`42`	`+ // Multi-tenant SDK Client`
	`43`	`+ compileOnly "org.opensearch:opensearch-remote-metadata-sdk:${opensearch_build}"`
`42`	`44`	`}`
`43`	`45`
`44`	`46`	`lombok {`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`import java.util.List;`
`22`	`22`	`import java.util.Map;`
`23`	`23`	`import java.util.Optional;`
`24`		`-import java.util.function.Function;`
	`24`	`+import java.util.function.BiFunction;`
`25`	`25`	`import java.util.regex.Matcher;`
`26`	`26`	`import java.util.regex.Pattern;`
`27`	`27`
`@@ -302,7 +302,7 @@ public void writeTo(StreamOutput out) throws IOException {`
`302`	`302`	`}`
`303`	`303`
`304`	`304`	`@Override`
`305`		`- public void update(MLCreateConnectorInput updateContent, Function<String, String> function) {`
	`305`	`+ public void update(MLCreateConnectorInput updateContent, BiFunction<String, String, String> function) {`
`306`	`306`	`if (updateContent.getName() != null) {`
`307`	`307`	`this.name = updateContent.getName();`
`308`	`308`	`}`
`@@ -320,7 +320,7 @@ public void update(MLCreateConnectorInput updateContent, Function<String, String`
`320`	`320`	`}`
`321`	`321`	`if (updateContent.getCredential() != null && !updateContent.getCredential().isEmpty()) {`
`322`	`322`	`this.credential = updateContent.getCredential();`
`323`		`- encrypt(function);`
	`323`	`+ encrypt(function, this.tenantId);`
`324`	`324`	`}`
`325`	`325`	`if (updateContent.getActions() != null) {`
`326`	`326`	`this.actions = updateContent.getActions();`
`@@ -379,10 +379,10 @@ private List<String> findStringParametersWithNullDefaultValue(String input) {`
`379`	`379`	`}`
`380`	`380`
`381`	`381`	`@Override`
`382`		`- public void decrypt(String action, Function<String, String> function) {`
	`382`	`+ public void decrypt(String action, BiFunction<String, String, String> function, String tenantId) {`
`383`	`383`	`Map<String, String> decrypted = new HashMap<>();`
`384`	`384`	`for (String key : credential.keySet()) {`
`385`		`- decrypted.put(key, function.apply(credential.get(key)));`
	`385`	`+ decrypted.put(key, function.apply(credential.get(key), tenantId));`
`386`	`386`	`}`
`387`	`387`	`this.decryptedCredential = decrypted;`
`388`	`388`	`Optional<ConnectorAction> connectorAction = findAction(action);`
`@@ -402,9 +402,9 @@ public Connector cloneConnector() {`
`402`	`402`	`}`
`403`	`403`
`404`	`404`	`@Override`
`405`		`- public void encrypt(Function<String, String> function) {`
	`405`	`+ public void encrypt(BiFunction<String, String, String> function, String tenantId) {`
`406`	`406`	`for (String key : credential.keySet()) {`
`407`		`- String encrypted = function.apply(credential.get(key));`
	`407`	`+ String encrypted = function.apply(credential.get(key), tenantId);`
`408`	`408`	`credential.put(key, encrypted);`
`409`	`409`	`}`
`410`	`410`	`}`