Remove https://aws.oss.sonatype.org/content/repositories/snapshots from maven repositories (#5591)

Signed-off-by: Craig Perkins <[email protected]>
Co-authored-by: Jialiang Liang <[email protected]>

Author: cwperks

.github/workflows/ci.yml

@@ -430,7 +430,7 @@ jobs:
       - id: build-previous
         uses: ./.github/actions/run-bwc-suite
         with:
-          plugin-previous-branch: "2.x"
+          plugin-previous-branch: "2.19"
           plugin-next-branch: "current_branch"
           report-artifact-name: bwc-${{ matrix.platform }}-jdk${{ matrix.jdk }}
           username: admin

build.gradle

@@ -24,7 +24,7 @@ buildscript {
         version_tokens = opensearch_version.tokenize('-')
         opensearch_build = version_tokens[0] + '.0'
 
-        common_utils_version = System.getProperty("common_utils.version", '3.1.0.0-SNAPSHOT')
+        common_utils_version = System.getProperty("common_utils.version", '3.2.0.0-SNAPSHOT')
 
         kafka_version  = '4.0.0'
         open_saml_version = '5.1.5'
@@ -49,7 +49,6 @@ buildscript {
         mavenCentral()
         maven { url "https://plugins.gradle.org/m2/" }
         maven { url "https://central.sonatype.com/repository/maven-snapshots/" }
-        maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
         maven { url "https://artifacts.opensearch.org/snapshots/lucene/" }
         maven { url "https://build.shibboleth.net/nexus/content/groups/public" }
     }
@@ -508,7 +507,6 @@ allprojects {
         mavenCentral()
         maven { url "https://plugins.gradle.org/m2/" }
         maven { url "https://central.sonatype.com/repository/maven-snapshots/" }
-        maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
         maven { url "https://artifacts.opensearch.org/snapshots/lucene/" }
         maven { url "https://build.shibboleth.net/nexus/content/repositories/releases" }
         maven { url "build.shibboleth.net/maven/releases"}

bwc-test/build.gradle

@@ -46,7 +46,6 @@ buildscript {
     repositories {
         mavenLocal()
         maven { url "https://central.sonatype.com/repository/maven-snapshots/" }
-        maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
         mavenCentral()
         maven { url "https://plugins.gradle.org/m2/" }
     }
@@ -59,7 +58,6 @@ buildscript {
 repositories {
     mavenLocal()
     maven { url "https://central.sonatype.com/repository/maven-snapshots/" }
-    maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
     mavenCentral()
     maven { url "https://plugins.gradle.org/m2/" }
 }

bwc-test/src/test/java/org/opensearch/security/bwc/SecurityBackwardsCompatibilityIT.java

@@ -226,9 +226,12 @@ public void testSslCertsInfoEndpoint() throws IOException {
                 @SuppressWarnings("unchecked")
                 Map<String, Object> nodeCerts = (Map<String, Object>) nodeInfo.get("certificates");
                 for (String expectCertKey : expectCertificates) {
-                    assertTrue(nodeCerts.containsKey(expectCertKey));
+                    // required cert types
+                    if (Set.of("http", "transport").contains(expectCertKey)) {
+                        assertTrue(nodeCerts.containsKey(expectCertKey));
+                    }
                     @SuppressWarnings("unchecked")
-                    List<Map<String, Object>> certList = (List<Map<String, Object>>) nodeCerts.get(expectCertKey);
+                    List<Map<String, Object>> certList = (List<Map<String, Object>>) nodeCerts.getOrDefault(expectCertKey, List.of());
                     for (Map<String, Object> singleCert : certList) {
                         verifyCertificateInfo(singleCert);
                     }

libs/opensaml/build.gradle

@@ -14,7 +14,6 @@ buildscript {
         mavenLocal()
         mavenCentral()
         maven { url "https://central.sonatype.com/repository/maven-snapshots/" }
-        maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
     }
 
     dependencies {

sample-resource-plugin/build.gradle

@@ -45,7 +45,6 @@ repositories {
     mavenLocal()
     mavenCentral()
     maven { url "https://central.sonatype.com/repository/maven-snapshots/" }
-    maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
 }
 
 configurations.all {

spi/build.gradle

@@ -13,7 +13,6 @@ repositories {
     mavenLocal()
     mavenCentral()
     maven { url "https://central.sonatype.com/repository/maven-snapshots/" }
-    maven { url "https://aws.oss.sonatype.org/content/repositories/snapshots" }
 }
 
 dependencies {

src/main/java/org/opensearch/security/dlic/rest/api/ssl/CertificateInfo.java

@@ -14,6 +14,7 @@
 import java.io.IOException;
 import java.util.Objects;
 
+import org.opensearch.Version;
 import org.opensearch.core.common.io.stream.StreamInput;
 import org.opensearch.core.common.io.stream.StreamOutput;
 import org.opensearch.core.common.io.stream.Writeable;
@@ -68,10 +69,17 @@ public CertificateInfo(final StreamInput in) throws IOException {
         this.issuer = in.readOptionalString();
         this.notAfter = in.readOptionalString();
         this.notBefore = in.readOptionalString();
-        this.format = in.readOptionalString();
-        this.alias = in.readOptionalString();
-        this.serialNumber = in.readOptionalString();
-        this.hasPrivateKey = in.readBoolean();
+        if (in.getVersion().onOrAfter(Version.V_3_0_0)) {
+            this.format = in.readOptionalString();
+            this.alias = in.readOptionalString();
+            this.serialNumber = in.readOptionalString();
+            this.hasPrivateKey = in.readBoolean();
+        } else {
+            this.format = null;
+            this.alias = null;
+            this.serialNumber = null;
+            this.hasPrivateKey = false;
+        }
     }
 
     @Override
@@ -81,10 +89,12 @@ public void writeTo(final StreamOutput out) throws IOException {
         out.writeOptionalString(issuer);
         out.writeOptionalString(notAfter);
         out.writeOptionalString(notBefore);
-        out.writeOptionalString(format);
-        out.writeOptionalString(alias);
-        out.writeOptionalString(serialNumber);
-        out.writeBoolean(hasPrivateKey);
+        if (out.getVersion().onOrAfter(Version.V_3_0_0)) {
+            out.writeOptionalString(format);
+            out.writeOptionalString(alias);
+            out.writeOptionalString(serialNumber);
+            out.writeBoolean(hasPrivateKey);
+        }
     }
 
     @Override

src/main/java/org/opensearch/security/dlic/rest/api/ssl/CertificatesInfo.java

@@ -12,7 +12,9 @@
 package org.opensearch.security.dlic.rest.api.ssl;
 
 import java.io.IOException;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
@@ -22,7 +24,6 @@
 import org.opensearch.core.common.io.stream.Writeable;
 import org.opensearch.core.xcontent.ToXContent;
 import org.opensearch.core.xcontent.XContentBuilder;
-import org.opensearch.security.ssl.config.CertType;
 
 public class CertificatesInfo implements Writeable, ToXContent {
     private final Map<String, List<CertificateInfo>> certificates;
@@ -32,45 +33,32 @@ public CertificatesInfo(final Map<String, List<CertificateInfo>> certificates) {
     }
 
     public CertificatesInfo(final StreamInput in) throws IOException {
-        if (in.getVersion().onOrAfter(Version.V_3_2_0)) {
-            certificates = in.readMap(StreamInput::readString, listIn -> listIn.readList(CertificateInfo::new));
+        if (in.getVersion().before(Version.V_3_0_0)) {
+            Map<CertificateType_2_19, List<CertificateInfo>> compatMap = in.readMap(
+                keyIn -> keyIn.readEnum(CertificateType_2_19.class),
+                listIn -> listIn.readList(CertificateInfo::new)
+            );
+            certificates = new HashMap<>();
+            for (Map.Entry<CertificateType_2_19, List<CertificateInfo>> entry : compatMap.entrySet()) {
+                certificates.put(entry.getKey().value(), entry.getValue());
+            }
         } else {
-            /*
-            Previous versions represent cert types with an enum and serialize based on
-            enum ordinal. To maintain backwards compatibility we fall back to mapping these
-            enum ordinals to the appropriate native certificate type.
-             */
-            certificates = in.readMap((StreamInput streamIn) -> switch (streamIn.readEnum(CertType.LegacyCertType.class)) {
-                case CertType.LegacyCertType.HTTP -> CertType.HTTP.id();
-                case CertType.LegacyCertType.TRANSPORT -> CertType.TRANSPORT.id();
-                case CertType.LegacyCertType.TRANSPORT_CLIENT -> CertType.TRANSPORT_CLIENT.id();
-            }, listIn -> listIn.readList(CertificateInfo::new));
+            certificates = in.readMap(StreamInput::readString, listIn -> listIn.readList(CertificateInfo::new));
         }
     }
 
     @Override
     public void writeTo(StreamOutput out) throws IOException {
-        if (out.getVersion().onOrAfter(Version.V_3_2_0)) {
-            out.writeMap(certificates, StreamOutput::writeString, StreamOutput::writeList);
-        } else {
-            /*
-            We need to write only map elements which previous versions will understand.
-            CertTypes are strictly bound to LegacyCertType enum in these versions and only has knowledge of
-            HTTP, TRANSPORT, TRANSPORT_CLIENT.
-             */
-            Set<String> legacyCerts = certificates.keySet();
-            legacyCerts.retainAll(List.of(CertType.HTTP.id(), CertType.TRANSPORT.id(), CertType.TRANSPORT_CLIENT.id()));
-            out.writeVInt(legacyCerts.size());
-            for (String certId : legacyCerts) {
-                if (CertType.HTTP.id().equals(certId)) {
-                    out.writeEnum(CertType.LegacyCertType.HTTP);
-                } else if (CertType.TRANSPORT.id().equals(certId)) {
-                    out.writeEnum(CertType.LegacyCertType.TRANSPORT);
-                } else if (CertType.TRANSPORT_CLIENT.id().equals(certId)) {
-                    out.writeEnum(CertType.LegacyCertType.TRANSPORT_CLIENT);
+        if (out.getVersion().before(Version.V_3_0_0)) {
+            Map<CertificateType_2_19, List<CertificateInfo>> compatMap = new HashMap<>();
+            for (Map.Entry<String, List<CertificateInfo>> entry : certificates.entrySet()) {
+                if (Set.of("http", "transport").contains(entry.getKey().toLowerCase(Locale.ROOT))) {
+                    compatMap.put(CertificateType_2_19.from(entry.getKey()), entry.getValue());
                 }
-                out.writeList(certificates.get(certId));
             }
+            out.writeMap(compatMap, StreamOutput::writeEnum, StreamOutput::writeList);
+        } else {
+            out.writeMap(certificates, StreamOutput::writeString, StreamOutput::writeList);
         }
     }
 
@@ -82,4 +70,38 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
         }
         return builder.endObject();
     }
+
+    public enum CertificateType_2_19 {
+        HTTP("http"),
+        TRANSPORT("transport"),
+        ALL("all");
+
+        private final String value;
+
+        private CertificateType_2_19(String value) {
+            this.value = value;
+        }
+
+        public static boolean isHttp(final CertificateType_2_19 certificateType) {
+            return certificateType == HTTP || certificateType == ALL;
+        }
+
+        public static boolean isTransport(final CertificateType_2_19 certificateType) {
+            return certificateType == TRANSPORT || certificateType == ALL;
+        }
+
+        public String value() {
+            return value.toLowerCase(Locale.ROOT);
+        }
+
+        public static CertificateType_2_19 from(final String certType) {
+            if (certType == null) {
+                return ALL;
+            }
+            for (final var t : values())
+                if (t.value.equalsIgnoreCase(certType)) return t;
+            throw new IllegalArgumentException("Invalid certificate type: " + certType);
+        }
+
+    }
 }

src/main/java/org/opensearch/security/dlic/rest/api/ssl/CertificatesInfoNodesRequest.java

@@ -14,6 +14,7 @@
 import java.io.IOException;
 import java.util.Optional;
 
+import org.opensearch.Version;
 import org.opensearch.action.ActionRequestValidationException;
 import org.opensearch.action.support.nodes.BaseNodesRequest;
 import org.opensearch.core.common.Strings;
@@ -33,7 +34,11 @@ public CertificatesInfoNodesRequest(String certTypeID, boolean inMemory, String.
 
     public CertificatesInfoNodesRequest(final StreamInput in) throws IOException {
         super(in);
-        certTypeID = in.readOptionalString();
+        if (in.getVersion().before(Version.V_3_0_0)) {
+            certTypeID = in.readEnum(CertificatesInfo.CertificateType_2_19.class).value();
+        } else {
+            certTypeID = in.readOptionalString();
+        }
         inMemory = in.readBoolean();
     }
 
@@ -48,7 +53,15 @@ public boolean inMemory() {
     @Override
     public void writeTo(final StreamOutput out) throws IOException {
         super.writeTo(out);
-        out.writeOptionalString(certTypeID);
+        if (out.getVersion().before(Version.V_3_0_0)) {
+            if (certTypeID == null) {
+                out.writeEnum(CertificatesInfo.CertificateType_2_19.ALL);
+            } else {
+                out.writeEnum(CertificatesInfo.CertificateType_2_19.valueOf(certTypeID));
+            }
+        } else {
+            out.writeOptionalString(certTypeID);
+        }
         out.writeBoolean(inMemory);
     }