Setting 'insecure' overrides 'certPath'

Fixes #5267
opensearch-project · Dec 17, 2024 · e9797f2 · e9797f2
1 parent 956a89a
commit e9797f2
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 6 deletions.
diff --git a/...main/java/org/opensearch/dataprepper/plugins/sink/opensearch/ConnectionConfiguration.java b/...main/java/org/opensearch/dataprepper/plugins/sink/opensearch/ConnectionConfiguration.java
@@ -275,11 +275,11 @@ public static ConnectionConfiguration readConnectionConfiguration(final PluginSe
 
     final String certPath = pluginSetting.getStringOrDefault(CERT_PATH, null);
     final boolean insecure = pluginSetting.getBooleanOrDefault(INSECURE, false);
-    if (certPath != null) {
-      builder = builder.withCert(certPath);
-    } else {
-      //We will set insecure flag only if certPath is null
-      builder = builder.withInsecure(insecure);
+    // Insecure == true will override configured certPath
+    if (insecure) {
+      builder.withInsecure(insecure);
+    } else if (certPath != null) {
+      builder.withCert(certPath);
     }
     final String proxy = pluginSetting.getStringOrDefault(PROXY, null);
     builder = builder.withProxy(proxy);

diff --git a/...java/org/opensearch/dataprepper/plugins/sink/opensearch/ConnectionConfigurationTests.java b/...java/org/opensearch/dataprepper/plugins/sink/opensearch/ConnectionConfigurationTests.java
@@ -283,7 +283,20 @@ void testCreateClientWithCertPath() throws IOException {
         client.close();
     }
 
-    @Test
+  @Test
+  void testCreateClientWithInsecureAndCertPath() throws IOException {
+    // Insecure should take precedence over cert path when both are set
+    final PluginSetting pluginSetting = generatePluginSetting(
+        TEST_HOSTS, TEST_USERNAME, TEST_PASSWORD, TEST_CONNECT_TIMEOUT, TEST_SOCKET_TIMEOUT, false, null, null, TEST_CERT_PATH, true);
+    final ConnectionConfiguration connectionConfiguration =
+        ConnectionConfiguration.readConnectionConfiguration(pluginSetting);
+    assertNull(connectionConfiguration.getCertPath());
+    final RestHighLevelClient client = connectionConfiguration.createClient(awsCredentialsSupplier);
+    assertNotNull(client);
+    client.close();
+  }
+
+  @Test
     void testCreateOpenSearchClientWithCertPath() throws IOException {
         final PluginSetting pluginSetting = generatePluginSetting(
                 TEST_HOSTS, TEST_USERNAME, TEST_PASSWORD, TEST_CONNECT_TIMEOUT, TEST_SOCKET_TIMEOUT, false, null, null, TEST_CERT_PATH, false);