Add setting reindex.remote.allowlist, and deprecate setting reindex.r…

…emote.whitelist Signed-off-by: Tianli Feng <ftianli@amazon.com>
opensearch-project · Feb 22, 2022 · c8dfd68 · c8dfd68
1 parent fb187ea
commit c8dfd68
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 5 deletions.
diff --git a/client/rest-high-level/build.gradle b/client/rest-high-level/build.gradle
@@ -92,7 +92,7 @@ check.dependsOn(asyncIntegTest)
 testClusters.all {
   testDistribution = 'ARCHIVE'
   systemProperty 'opensearch.scripting.update.ctx_in_params', 'false'
-  setting 'reindex.remote.whitelist', '[ "[::1]:*", "127.0.0.1:*" ]'
+  setting 'reindex.remote.allowlist', '[ "[::1]:*", "127.0.0.1:*" ]'
 
   extraConfigFile 'roles.yml', file('roles.yml')
   user username: System.getProperty('tests.rest.cluster.username', 'test_user'),

diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle
@@ -50,7 +50,7 @@ testClusters.all {
   module ':modules:parent-join'
   module ':modules:lang-painless'
   // Whitelist reindexing from the local node so we can test reindex-from-remote.
-  setting 'reindex.remote.whitelist', '127.0.0.1:*'
+  setting 'reindex.remote.allowlist', '127.0.0.1:*'
 }
 
 test {

diff --git a/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexPlugin.java b/modules/reindex/src/main/java/org/opensearch/index/reindex/ReindexPlugin.java
@@ -133,6 +133,7 @@ public Collection<Object> createComponents(
     public List<Setting<?>> getSettings() {
         final List<Setting<?>> settings = new ArrayList<>();
         settings.add(TransportReindexAction.REMOTE_CLUSTER_WHITELIST);
+        settings.add(TransportReindexAction.REMOTE_CLUSTER_ALLOWLIST);
         settings.addAll(ReindexSslConfig.getSettings());
         return settings;
     }

diff --git a/modules/reindex/src/main/java/org/opensearch/index/reindex/TransportReindexAction.java b/modules/reindex/src/main/java/org/opensearch/index/reindex/TransportReindexAction.java
@@ -60,7 +60,15 @@ public class TransportReindexAction extends HandledTransportAction<ReindexReques
         "reindex.remote.whitelist",
         emptyList(),
         Function.identity(),
-        Property.NodeScope
+        Property.NodeScope, Property.Deprecated
+    );
+    // The setting below is going to replace the above. 
+    // To keep backwards compatibility, the old usage is remained, and it's also used as the fallback for the new usage.
+    public static final Setting<List<String>> REMOTE_CLUSTER_ALLOWLIST = Setting.listSetting(
+            "reindex.remote.allowlist", 
+            REMOTE_CLUSTER_WHITELIST,
+            Function.identity(),
+            Property.NodeScope
     );
     public static Optional<RemoteReindexExtension> remoteExtension = Optional.empty();
 

diff --git a/...s/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java b/...s/reindex/src/test/java/org/opensearch/index/reindex/ReindexFromRemoteWhitelistTests.java
@@ -131,7 +131,7 @@ public void testUnwhitelistedRemote() {
             IllegalArgumentException.class,
             () -> checkRemoteWhitelist(buildRemoteWhitelist(whitelist), newRemoteInfo("not in list", port))
         );
-        assertEquals("[not in list:" + port + "] not whitelisted in reindex.remote.whitelist", e.getMessage());
+        assertEquals("[not in list:" + port + "] not whitelisted in reindex.remote.allowlist", e.getMessage());
     }
 
     public void testRejectMatchAll() {

diff --git a/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml b/modules/reindex/src/yamlRestTest/resources/rest-api-spec/test/reindex/20_validation.yml
@@ -308,7 +308,7 @@
 ---
 "unwhitelisted remote host fails":
   - do:
-      catch: /\[badremote:9200\] not whitelisted in reindex.remote.whitelist/
+      catch: /\[badremote:9200\] not whitelisted in reindex.remote.allowlist/
       reindex:
         body:
           source: