fix master key initialization causing 5 seconds block

Signed-off-by: Bhavana Ramaram <rbhavna@amazon.com>

Author: rbhavna

common/src/main/java/org/opensearch/ml/common/connector/Connector.java

@@ -13,10 +13,13 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.function.BiConsumer;
+import java.util.function.BiFunction;
 import java.util.function.Function;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.apache.commons.text.StringSubstitutor;
+import org.opensearch.core.action.ActionListener;
 import org.opensearch.core.common.io.stream.StreamInput;
 import org.opensearch.core.common.io.stream.StreamOutput;
 import org.opensearch.core.common.io.stream.Writeable;
@@ -62,8 +65,8 @@ public interface Connector extends ToXContentObject, Writeable {
 
     <T> T createPayload(String action, Map<String, String> parameters);
 
-    void decrypt(String action, Function<String, String> function);
-    void encrypt(Function<String, String> function);
+    void decrypt(String action, BiConsumer<String, ActionListener<String>> function, ActionListener<String> listener);
+    void encrypt(BiConsumer<String, ActionListener<String>> function, ActionListener<String> listener);
 
     Connector cloneConnector();
 
@@ -73,7 +76,7 @@ public interface Connector extends ToXContentObject, Writeable {
 
     void writeTo(StreamOutput out) throws IOException;
 
-    void update(MLCreateConnectorInput updateContent, Function<String, String> function);
+    void update(MLCreateConnectorInput updateContent, BiConsumer<String, ActionListener<String>> function, ActionListener<String> listener);
 
     <T> void parseResponse(T orElse, List<ModelTensor> modelTensors, boolean b) throws IOException;
 

common/src/main/java/org/opensearch/ml/common/connector/HttpConnector.java

@@ -12,6 +12,7 @@
 import org.apache.commons.text.StringSubstitutor;
 import org.opensearch.common.io.stream.BytesStreamOutput;
 import org.opensearch.commons.authuser.User;
+import org.opensearch.core.action.ActionListener;
 import org.opensearch.core.common.io.stream.StreamInput;
 import org.opensearch.core.common.io.stream.StreamOutput;
 import org.opensearch.core.xcontent.XContentBuilder;
@@ -25,6 +26,11 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.BiConsumer;
+import java.util.function.BiFunction;
+import java.util.function.Consumer;
 import java.util.function.Function;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -273,7 +279,7 @@ public void writeTo(StreamOutput out) throws IOException {
     }
 
     @Override
-    public void update(MLCreateConnectorInput updateContent, Function<String, String> function) {
+    public void update(MLCreateConnectorInput updateContent, BiConsumer<String, ActionListener<String>> consumer, ActionListener<String> listener) {
         if (updateContent.getName() != null) {
             this.name = updateContent.getName();
         }
@@ -291,7 +297,7 @@ public void update(MLCreateConnectorInput updateContent, Function<String, String
         }
         if (updateContent.getCredential() != null && updateContent.getCredential().size() > 0) {
             this.credential = updateContent.getCredential();
-            encrypt(function);
+            encrypt(consumer, listener);
         }
         if (updateContent.getActions() != null) {
             this.actions = updateContent.getActions();
@@ -349,15 +355,42 @@ private List<String> findStringParametersWithNullDefaultValue(String input) {
     }
 
     @Override
-    public void decrypt(String action, Function<String, String> function) {
+    public void decrypt(String action, BiConsumer<String, ActionListener<String>> consumer, ActionListener<String> listener) {
         Map<String, String> decrypted = new HashMap<>();
+        AtomicBoolean completed = new AtomicBoolean(false);
+
         for (String key : credential.keySet()) {
-            decrypted.put(key, function.apply(credential.get(key)));
-        }
-        this.decryptedCredential = decrypted;
-        Optional<ConnectorAction> connectorAction = findAction(action);
-        Map<String, String> headers = connectorAction.isPresent() ? connectorAction.get().getHeaders() : null;
-        this.decryptedHeaders = createDecryptedHeaders(headers);
+            consumer.accept(credential.get(key), new ActionListener<>() {
+                @Override
+                public void onResponse(String decryptedValue) {
+                    decrypted.put(key, decryptedValue);
+                    if (decrypted.size() == credential.size() && !completed.get()) {
+                        completed.set(true);
+                        decryptedCredential = decrypted;
+                        Optional<ConnectorAction> connectorAction = findAction(action);
+                        Map<String, String> headers = connectorAction.isPresent() ? connectorAction.get().getHeaders() : null;
+                        decryptedHeaders = createDecryptedHeaders(headers);
+                        listener.onResponse("All credentials encrypted successfully"); // Notify that decryption is complete
+                    }
+                }
+
+                @Override
+                public void onFailure(Exception e) {
+                    log.error("Failed to decrypt credential for key: " + key, e);
+                    if (!completed.getAndSet(true)) {
+                        listener.onFailure(e);
+                    }
+                }
+            });
+        }
+//        Map<String, String> decrypted = new HashMap<>();
+//        for (String key : credential.keySet()) {
+//            decrypted.put(key, function.apply(credential.get(key)));
+//        }
+//        this.decryptedCredential = decrypted;
+//        Optional<ConnectorAction> connectorAction = findAction(action);
+//        Map<String, String> headers = connectorAction.isPresent() ? connectorAction.get().getHeaders() : null;
+//        this.decryptedHeaders = createDecryptedHeaders(headers);
     }
 
     @Override
@@ -372,10 +405,35 @@ public Connector cloneConnector() {
     }
 
     @Override
-    public void encrypt(Function<String, String> function) {
+//    public void encrypt(Function<String, String> function) {
+//        for (String key : credential.keySet()) {
+//            String encrypted = function.apply(credential.get(key));
+//            credential.put(key, encrypted);
+//        }
+//    }
+
+    public void encrypt(BiConsumer<String, ActionListener<String>> consumer, ActionListener<String> listener) {
+        AtomicBoolean completed = new AtomicBoolean(false);
+
         for (String key : credential.keySet()) {
-            String encrypted = function.apply(credential.get(key));
-            credential.put(key, encrypted);
+            consumer.accept(credential.get(key), new ActionListener<>() {
+                @Override
+                public void onResponse(String encrypted) {
+                    credential.put(key, encrypted);
+                    if (credential.entrySet().stream().allMatch(entry -> entry.getValue() != null)) {
+                        completed.set(true);
+                        listener.onResponse("All credentials encrypted successfully");
+                    }
+                }
+
+                @Override
+                public void onFailure(Exception e) {
+                    log.error("Failed to encrypt credential for key: " + key, e);
+                    if (!completed.getAndSet(true)) {
+                        listener.onFailure(e);
+                    }
+                }
+            });
         }
     }
 

ml-algorithms/src/main/java/org/opensearch/ml/engine/MLEngine.java

@@ -197,8 +197,8 @@ private void validateInput(Input input) {
         }
     }
 
-    public String encrypt(String credential) {
-        return encryptor.encrypt(credential);
+    public void encrypt(String credential, ActionListener<String> listener) {
+        encryptor.encrypt(credential, listener);
     }
 
 }

ml-algorithms/src/main/java/org/opensearch/ml/engine/algorithms/remote/RemoteModel.java

@@ -94,16 +94,40 @@ public boolean isModelReady() {
     public void initModel(MLModel model, Map<String, Object> params, Encryptor encryptor) {
         try {
             Connector connector = model.getConnector().cloneConnector();
-            connector.decrypt(PREDICT.name(), (credential) -> encryptor.decrypt(credential));
-            this.connectorExecutor = MLEngineClassLoader.initInstance(connector.getProtocol(), connector, Connector.class);
-            this.connectorExecutor.setScriptService((ScriptService) params.get(SCRIPT_SERVICE));
-            this.connectorExecutor.setClusterService((ClusterService) params.get(CLUSTER_SERVICE));
-            this.connectorExecutor.setClient((Client) params.get(CLIENT));
-            this.connectorExecutor.setXContentRegistry((NamedXContentRegistry) params.get(XCONTENT_REGISTRY));
-            this.connectorExecutor.setRateLimiter((TokenBucket) params.get(RATE_LIMITER));
-            this.connectorExecutor.setUserRateLimiterMap((Map<String, TokenBucket>) params.get(USER_RATE_LIMITER_MAP));
-            this.connectorExecutor.setMlGuard((MLGuard) params.get(GUARDRAILS));
-            this.connectorExecutor.setConnectorPrivateIpEnabled((AtomicBoolean) params.get(CONNECTOR_PRIVATE_IP_ENABLED));
+                ActionListener<String> decryptListener = new ActionListener<>() {
+                    @Override
+                    public void onResponse(String response) {
+                    try {
+                        connectorExecutor = MLEngineClassLoader.initInstance(connector.getProtocol(), connector, Connector.class);
+                        connectorExecutor.setScriptService((ScriptService) params.get(SCRIPT_SERVICE));
+                        connectorExecutor.setClusterService((ClusterService) params.get(CLUSTER_SERVICE));
+                        connectorExecutor.setClient((Client) params.get(CLIENT));
+                        connectorExecutor.setXContentRegistry((NamedXContentRegistry) params.get(XCONTENT_REGISTRY));
+                        connectorExecutor.setRateLimiter((TokenBucket) params.get(RATE_LIMITER));
+                        connectorExecutor.setUserRateLimiterMap((Map<String, TokenBucket>) params.get(USER_RATE_LIMITER_MAP));
+                        connectorExecutor.setMlGuard((MLGuard) params.get(GUARDRAILS));
+                        connectorExecutor.setConnectorPrivateIpEnabled((AtomicBoolean) params.get(CONNECTOR_PRIVATE_IP_ENABLED));
+                    } catch (Exception e) {
+                        log.error("Failed to init remote model.", e);
+                    }
+                }
+
+                @Override
+                public void onFailure(Exception e) {
+                    log.error("Failed to decrypt connector credentials.", e);
+                }
+            };
+            connector.decrypt(PREDICT.name(), (credential, listener) -> encryptor.decrypt(credential, decryptListener), decryptListener);
+//            connector.decrypt(PREDICT.name(), (credential) -> encryptor.decrypt(credential));
+//            this.connectorExecutor = MLEngineClassLoader.initInstance(connector.getProtocol(), connector, Connector.class);
+//            this.connectorExecutor.setScriptService((ScriptService) params.get(SCRIPT_SERVICE));
+//            this.connectorExecutor.setClusterService((ClusterService) params.get(CLUSTER_SERVICE));
+//            this.connectorExecutor.setClient((Client) params.get(CLIENT));
+//            this.connectorExecutor.setXContentRegistry((NamedXContentRegistry) params.get(XCONTENT_REGISTRY));
+//            this.connectorExecutor.setRateLimiter((TokenBucket) params.get(RATE_LIMITER));
+//            this.connectorExecutor.setUserRateLimiterMap((Map<String, TokenBucket>) params.get(USER_RATE_LIMITER_MAP));
+//            this.connectorExecutor.setMlGuard((MLGuard) params.get(GUARDRAILS));
+//            this.connectorExecutor.setConnectorPrivateIpEnabled((AtomicBoolean) params.get(CONNECTOR_PRIVATE_IP_ENABLED));
         } catch (RuntimeException e) {
             log.error("Failed to init remote model.", e);
             throw e;

ml-algorithms/src/main/java/org/opensearch/ml/engine/encryptor/Encryptor.java

@@ -5,6 +5,8 @@
 
 package org.opensearch.ml.engine.encryptor;
 
+import org.opensearch.core.action.ActionListener;
+
 public interface Encryptor {
 
     /**
@@ -13,15 +15,15 @@ public interface Encryptor {
      * @param plainText plainText.
      * @return String encryptedText.
      */
-    String encrypt(String plainText);
+    void encrypt(String plainText, ActionListener<String> listener);
 
     /**
      * Takes encryptedText and returns plain text.
      *
      * @param encryptedText encryptedText.
      * @return String plainText.
      */
-    String decrypt(String encryptedText);
+    void decrypt(String encryptedText, ActionListener<String> listener);
 
     /**
      * Set up the masterKey for dynamic updating