Replace default value constants with in-line values. Improve default …

…behaviour test cases Signed-off-by: Paris Larkins <[email protected]>
opensearch-project · Oct 2, 2024 · e2ceeeb · e2ceeeb
1 parent 1841a59
commit e2ceeeb
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 8 deletions.
diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java
@@ -169,15 +169,15 @@ public DefaultSecurityKeyStore(final Settings settings, final Path configPath) {
         );
         httpSSLEnforceCertReloadDnVerification = settings.getAsBoolean(
             SSLConfigConstants.SECURITY_SSL_HTTP_ENFORCE_CERT_RELOAD_DN_VERIFICATION,
-            SSLConfigConstants.SECURITY_SSL_HTTP_ENFORCE_CERT_RELOAD_DN_VERIFICATION_DEFAULT
+            true
         );
         transportSSLEnabled = settings.getAsBoolean(
             SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLED,
             SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLED_DEFAULT
         );
         transportSSLEnforceCertReloadDnVerification = settings.getAsBoolean(
             SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENFORCE_CERT_RELOAD_DN_VERIFICATION,
-            SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENFORCE_CERT_RELOAD_DN_VERIFICATION_DEFAULT
+            true
         );
         final boolean useOpenSSLForHttpIfAvailable = OpenSearchSecuritySSLPlugin.OPENSSL_SUPPORTED
             && settings.getAsBoolean(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, true);

diff --git a/src/main/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPlugin.java b/src/main/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPlugin.java
@@ -641,15 +641,15 @@ public List<Setting<?>> getSettings() {
         settings.add(
             Setting.boolSetting(
                 SSLConfigConstants.SECURITY_SSL_HTTP_ENFORCE_CERT_RELOAD_DN_VERIFICATION,
-                SSLConfigConstants.SECURITY_SSL_HTTP_ENFORCE_CERT_RELOAD_DN_VERIFICATION_DEFAULT,
+                true,
                 Property.NodeScope,
                 Property.Filtered
             )
         );
         settings.add(
             Setting.boolSetting(
                 SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENFORCE_CERT_RELOAD_DN_VERIFICATION,
-                SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENFORCE_CERT_RELOAD_DN_VERIFICATION_DEFAULT,
+                true,
                 Property.NodeScope,
                 Property.Filtered
             )

diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java
@@ -40,7 +40,6 @@ public final class SSLConfigConstants {
     public static final String SECURITY_SSL_HTTP_TRUSTSTORE_TYPE = "plugins.security.ssl.http.truststore_type";
     public static final String SECURITY_SSL_HTTP_ENFORCE_CERT_RELOAD_DN_VERIFICATION =
         "plugins.security.ssl.http.enforce_cert_reload_dn_verification";
-    public static final Boolean SECURITY_SSL_HTTP_ENFORCE_CERT_RELOAD_DN_VERIFICATION_DEFAULT = true;
     public static final String SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE =
         "plugins.security.ssl.transport.enable_openssl_if_available";
     public static final String SECURITY_SSL_TRANSPORT_ENABLED = "plugins.security.ssl.transport.enabled";
@@ -52,7 +51,6 @@ public final class SSLConfigConstants {
 
     public static final String SECURITY_SSL_TRANSPORT_ENFORCE_CERT_RELOAD_DN_VERIFICATION =
         "plugins.security.ssl.transport.enforce_cert_reload_dn_verification";
-    public static final Boolean SECURITY_SSL_TRANSPORT_ENFORCE_CERT_RELOAD_DN_VERIFICATION_DEFAULT = true;
     public static final String SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS = "plugins.security.ssl.transport.keystore_alias";
     public static final String SECURITY_SSL_TRANSPORT_SERVER_KEYSTORE_ALIAS = "plugins.security.ssl.transport.server.keystore_alias";
     public static final String SECURITY_SSL_TRANSPORT_CLIENT_KEYSTORE_ALIAS = "plugins.security.ssl.transport.client.keystore_alias";

diff --git a/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java b/src/test/java/org/opensearch/security/ssl/SecuritySSLReloadCertsActionTests.java
@@ -250,7 +250,7 @@ public void testReloadHttpCertDifferentTrustChain_noSkipDnValidationFail() throw
     public void testReloadHttpCertDifferentTrustChain_defaultSettingValidationFail() throws Exception {
         updateFiles(defaultCertFilePath, pemCertFilePath);
         updateFiles(defaultKeyFilePath, pemKeyFilePath);
-        initTestCluster(pemCertFilePath, pemKeyFilePath, pemCertFilePath, pemKeyFilePath, true, null, true);
+        initTestCluster(pemCertFilePath, pemKeyFilePath, pemCertFilePath, pemKeyFilePath, true, null, null);
 
         RestHelper rh = getRestHelperAdminUser();
         // Change http certs to one signed by a different CA than the previous one
@@ -321,7 +321,7 @@ public void testReloadTransportCertDifferentTrustChain_noSkipDnValidationFail()
     public void testReloadTransportCertDifferentTrustChain_defaultSettingValidationFail() throws Exception {
         updateFiles(defaultCertFilePath, pemCertFilePath);
         updateFiles(defaultKeyFilePath, pemKeyFilePath);
-        initTestCluster(pemCertFilePath, pemKeyFilePath, pemCertFilePath, pemKeyFilePath, true, true, null);
+        initTestCluster(pemCertFilePath, pemKeyFilePath, pemCertFilePath, pemKeyFilePath, true, null, null);
 
         RestHelper rh = getRestHelperAdminUser();
         // Change transport certs to one signed by a different CA than the previous one