use of com.amazon.dataprepper.plugins.certificate.model.Certificate in project data-prepper by opensearch-project.
the class OTelTraceSource method start.
@Override
public void start(Buffer<Record<ExportTraceServiceRequest>> buffer) {
if (buffer == null) {
throw new IllegalStateException("Buffer provided is null");
}
if (server == null) {
final OTelTraceGrpcService oTelTraceGrpcService = new OTelTraceGrpcService(oTelTraceSourceConfig.getRequestTimeoutInMillis(), buffer, pluginMetrics);
final List<ServerInterceptor> serverInterceptors = getAuthenticationInterceptor();
final GrpcServiceBuilder grpcServiceBuilder = GrpcService.builder().addService(ServerInterceptors.intercept(oTelTraceGrpcService, serverInterceptors)).useClientTimeoutHeader(false).useBlockingTaskExecutor(true);
if (oTelTraceSourceConfig.hasHealthCheck()) {
LOG.info("Health check is enabled");
grpcServiceBuilder.addService(new HealthGrpcService());
}
if (oTelTraceSourceConfig.hasProtoReflectionService()) {
LOG.info("Proto reflection service is enabled");
grpcServiceBuilder.addService(ProtoReflectionService.newInstance());
}
grpcServiceBuilder.enableUnframedRequests(oTelTraceSourceConfig.enableUnframedRequests());
final ServerBuilder sb = Server.builder();
sb.disableServerHeader();
sb.service(grpcServiceBuilder.build());
sb.requestTimeoutMillis(oTelTraceSourceConfig.getRequestTimeoutInMillis());
// ACM Cert for SSL takes preference
if (oTelTraceSourceConfig.isSsl() || oTelTraceSourceConfig.useAcmCertForSSL()) {
LOG.info("SSL/TLS is enabled.");
final CertificateProvider certificateProvider = certificateProviderFactory.getCertificateProvider();
final Certificate certificate = certificateProvider.getCertificate();
sb.https(oTelTraceSourceConfig.getPort()).tls(new ByteArrayInputStream(certificate.getCertificate().getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(certificate.getPrivateKey().getBytes(StandardCharsets.UTF_8)));
} else {
LOG.warn("Creating otel_trace_source without SSL/TLS. This is not secure.");
LOG.warn("In order to set up TLS for the otel_trace_source, go here: https://github.com/opensearch-project/data-prepper/tree/main/data-prepper-plugins/otel-trace-source#ssl");
sb.http(oTelTraceSourceConfig.getPort());
}
sb.maxNumConnections(oTelTraceSourceConfig.getMaxConnectionCount());
sb.blockingTaskExecutor(Executors.newScheduledThreadPool(oTelTraceSourceConfig.getThreadCount()), true);
server = sb.build();
}
try {
server.start().get();
} catch (ExecutionException ex) {
if (ex.getCause() != null && ex.getCause() instanceof RuntimeException) {
throw (RuntimeException) ex.getCause();
} else {
throw new RuntimeException(ex);
}
} catch (InterruptedException ex) {
Thread.currentThread().interrupt();
throw new RuntimeException(ex);
}
LOG.info("Started otel_trace_source...");
}
use of com.amazon.dataprepper.plugins.certificate.model.Certificate in project data-prepper by opensearch-project.
the class FileCertificateProviderTest method getCertificateValidPathSuccess.
@Test
public void getCertificateValidPathSuccess() throws IOException {
final String certificateFilePath = "data/certificate/test_cert.crt";
final String privateKeyFilePath = "data/certificate/test_decrypted_key.key";
fileCertificateProvider = new FileCertificateProvider(certificateFilePath, privateKeyFilePath);
final Certificate certificate = fileCertificateProvider.getCertificate();
final Path certFilePath = Path.of(certificateFilePath);
final Path keyFilePath = Path.of(privateKeyFilePath);
final String certAsString = Files.readString(certFilePath);
final String keyAsString = Files.readString(keyFilePath);
assertThat(certificate.getCertificate(), is(certAsString));
assertThat(certificate.getPrivateKey(), is(keyAsString));
}
use of com.amazon.dataprepper.plugins.certificate.model.Certificate in project data-prepper by opensearch-project.
the class OTelMetricsSource method start.
@Override
public void start(Buffer<Record<ExportMetricsServiceRequest>> buffer) {
if (buffer == null) {
throw new IllegalStateException("Buffer provided is null");
}
if (server == null) {
final OTelMetricsGrpcService oTelMetricsGrpcService = new OTelMetricsGrpcService(oTelMetricsSourceConfig.getRequestTimeoutInMillis(), buffer, pluginMetrics);
final List<ServerInterceptor> serverInterceptors = getAuthenticationInterceptor();
final GrpcServiceBuilder grpcServiceBuilder = GrpcService.builder().addService(ServerInterceptors.intercept(oTelMetricsGrpcService, serverInterceptors)).useClientTimeoutHeader(false).useBlockingTaskExecutor(true);
if (oTelMetricsSourceConfig.hasHealthCheck()) {
LOG.info("Health check is enabled");
grpcServiceBuilder.addService(new HealthGrpcService());
}
if (oTelMetricsSourceConfig.hasProtoReflectionService()) {
LOG.info("Proto reflection service is enabled");
grpcServiceBuilder.addService(ProtoReflectionService.newInstance());
}
grpcServiceBuilder.enableUnframedRequests(oTelMetricsSourceConfig.enableUnframedRequests());
final ServerBuilder sb = Server.builder();
sb.disableServerHeader();
sb.service(grpcServiceBuilder.build());
sb.requestTimeoutMillis(oTelMetricsSourceConfig.getRequestTimeoutInMillis());
// ACM Cert for SSL takes preference
if (oTelMetricsSourceConfig.isSsl() || oTelMetricsSourceConfig.useAcmCertForSSL()) {
LOG.info("SSL/TLS is enabled.");
final CertificateProvider certificateProvider = certificateProviderFactory.getCertificateProvider();
final Certificate certificate = certificateProvider.getCertificate();
sb.https(oTelMetricsSourceConfig.getPort()).tls(new ByteArrayInputStream(certificate.getCertificate().getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(certificate.getPrivateKey().getBytes(StandardCharsets.UTF_8)));
} else {
LOG.warn("Creating otel_metrics_source without SSL/TLS. This is not secure.");
LOG.warn("In order to set up TLS for the otel_metrics_source, go here: https://github.com/opensearch-project/data-prepper/tree/main/data-prepper-plugins/otel-metrics-source#ssl");
sb.http(oTelMetricsSourceConfig.getPort());
}
sb.maxNumConnections(oTelMetricsSourceConfig.getMaxConnectionCount());
sb.blockingTaskExecutor(Executors.newScheduledThreadPool(oTelMetricsSourceConfig.getThreadCount()), true);
server = sb.build();
}
try {
server.start().get();
} catch (ExecutionException ex) {
if (ex.getCause() != null && ex.getCause() instanceof RuntimeException) {
throw (RuntimeException) ex.getCause();
} else {
throw new RuntimeException(ex);
}
} catch (InterruptedException ex) {
Thread.currentThread().interrupt();
throw new RuntimeException(ex);
}
LOG.info("Started otel_metrics_source...");
}
use of com.amazon.dataprepper.plugins.certificate.model.Certificate in project data-prepper by opensearch-project.
the class HTTPSource method start.
@Override
public void start(final Buffer<Record<Log>> buffer) {
if (buffer == null) {
throw new IllegalStateException("Buffer provided is null");
}
if (server == null) {
final ServerBuilder sb = Server.builder();
sb.disableServerHeader();
if (sourceConfig.isSsl()) {
LOG.info("Creating http source with SSL/TLS enabled.");
final CertificateProvider certificateProvider = certificateProviderFactory.getCertificateProvider();
final Certificate certificate = certificateProvider.getCertificate();
// TODO: enable encrypted key with password
sb.https(sourceConfig.getPort()).tls(new ByteArrayInputStream(certificate.getCertificate().getBytes(StandardCharsets.UTF_8)), new ByteArrayInputStream(certificate.getPrivateKey().getBytes(StandardCharsets.UTF_8)));
} else {
LOG.warn("Creating http source without SSL/TLS. This is not secure.");
LOG.warn("In order to set up TLS for the http source, go here: https://github.com/opensearch-project/data-prepper/tree/main/data-prepper-plugins/http-source#ssl");
sb.http(sourceConfig.getPort());
}
authenticationProvider.addAuthenticationDecorator(sb);
sb.maxNumConnections(sourceConfig.getMaxConnectionCount());
final int requestTimeoutInMillis = sourceConfig.getRequestTimeoutInMillis();
// Allow 2*requestTimeoutInMillis to accommodate non-blocking operations other than buffer writing.
sb.requestTimeout(Duration.ofMillis(2 * requestTimeoutInMillis));
final int threads = sourceConfig.getThreadCount();
final ScheduledThreadPoolExecutor blockingTaskExecutor = new ScheduledThreadPoolExecutor(threads);
sb.blockingTaskExecutor(blockingTaskExecutor, true);
final int maxPendingRequests = sourceConfig.getMaxPendingRequests();
final LogThrottlingStrategy logThrottlingStrategy = new LogThrottlingStrategy(maxPendingRequests, blockingTaskExecutor.getQueue());
final LogThrottlingRejectHandler logThrottlingRejectHandler = new LogThrottlingRejectHandler(maxPendingRequests, pluginMetrics);
// TODO: allow customization on URI path for log ingestion
sb.decorator(HTTPSourceConfig.DEFAULT_LOG_INGEST_URI, ThrottlingService.newDecorator(logThrottlingStrategy, logThrottlingRejectHandler));
final LogHTTPService logHTTPService = new LogHTTPService(requestTimeoutInMillis, buffer, pluginMetrics);
sb.annotatedService(HTTPSourceConfig.DEFAULT_LOG_INGEST_URI, logHTTPService);
if (sourceConfig.hasHealthCheckService()) {
LOG.info("HTTP source health check is enabled");
sb.service(HTTP_HEALTH_CHECK_PATH, HealthCheckService.of());
}
server = sb.build();
}
try {
server.start().get();
} catch (ExecutionException ex) {
if (ex.getCause() != null && ex.getCause() instanceof RuntimeException) {
throw (RuntimeException) ex.getCause();
} else {
throw new RuntimeException(ex);
}
} catch (InterruptedException ex) {
Thread.currentThread().interrupt();
throw new RuntimeException(ex);
}
LOG.info("Started http source on port " + sourceConfig.getPort() + "...");
}
use of com.amazon.dataprepper.plugins.certificate.model.Certificate in project data-prepper by opensearch-project.
the class ACMCertificateProvider method getCertificate.
public Certificate getCertificate() {
ExportCertificateResponse exportCertificateResponse = null;
long timeSlept = 0L;
// The private key from ACM is encrypted. Passphrase is the privateKey password that will be used to decrypt the
// private key. If it's not provided, generate a random password. The configured passphrase can
// be used to decrypt the private key manually using openssl commands for any inspection or debugging.
final String pkPassphrase = Optional.ofNullable(passphrase).orElse(generatePassphrase(PASSPHRASE_CHAR_COUNT));
while (exportCertificateResponse == null && timeSlept < totalTimeout) {
try {
ExportCertificateRequest exportCertificateRequest = ExportCertificateRequest.builder().certificateArn(acmArn).passphrase(SdkBytes.fromByteArray(pkPassphrase.getBytes())).build();
exportCertificateResponse = acmClient.exportCertificate(exportCertificateRequest);
} catch (final RequestInProgressException ex) {
try {
Thread.sleep(SLEEP_INTERVAL);
} catch (InterruptedException iex) {
throw new RuntimeException(iex);
}
} catch (final ResourceNotFoundException | InvalidArnException ex) {
LOG.error("Exception retrieving the certificate with arn: {}", acmArn, ex);
throw ex;
}
timeSlept += SLEEP_INTERVAL;
}
if (exportCertificateResponse != null) {
final String decryptedPrivateKey = getDecryptedPrivateKey(exportCertificateResponse.privateKey(), pkPassphrase);
return new Certificate(exportCertificateResponse.certificate(), decryptedPrivateKey);
} else {
throw new IllegalStateException(String.format("Exception retrieving certificate results. Time spent retrieving certificate is" + " %d ms and total time out set is %d ms.", timeSlept, totalTimeout));
}
}
Aggregations