Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement the configuration persistence logic #95

Closed
Tracked by #349
AlexRuiz7 opened this issue Oct 9, 2024 · 1 comment · Fixed by #120
Closed
Tracked by #349

Implement the configuration persistence logic #95

AlexRuiz7 opened this issue Oct 9, 2024 · 1 comment · Fixed by #120
Assignees
@mcasas993
Labels
level/task Task issue type/enhancement Enhancement issue

Comments

@AlexRuiz7
Copy link
Member

AlexRuiz7 commented Oct 9, 2024
edited by mcasas993
Loading

Description

This issue continues the research performed in #86 to investigate the different configuration persistence methods available within the development of Indexer plugins.

The Command Manager plugin sends data to the Management API in the server, so it needs to know the endpoint of its HTTP Rest API and its credentials in order to establish the communication.

This information is dynamic and needs to be provided to the Command Manager during runtime, The plugin will read this information from the configuration persisted in the file system during its initialization.

The configuration might change over time. In order to avoid a restart of the Wazuh Indexer node to refresh the information, the plugin should be able to receive the new information when the configuration changes. In order to do that, our plugin needs to extend the ReloadablePlugin interface. We can follow the research in #86 (comment) as a guide.

Following the conclusion of the research, we are going to use a key store as our configuration persistence method. The key store must be unique and should be created automatically if it does not exist. In this case, the plugin will raise a custom exception that requires the key store to be initialized by the user.

Note

The key store can be mocked using Gradle.

Functional requirements

  • The key store is loaded on plugin's initialization.
  • The plugin reacts properly if the required information is missing (custom exception).
  • The plugin reloads changes to the configuration on runtime.

Implementation restrictions

  • The plugin must implement the ReloadblePlugin interface to receive changes to the configuration.
  • The configuration is represented by a singleton object, which can be accessed within the plugin.
@AlexRuiz7 AlexRuiz7 added level/task Task issue type/enhancement Enhancement issue labels Oct 9, 2024
@AlexRuiz7 AlexRuiz7 mentioned this issue Oct 9, 2024
Open
15 tasks
@wazuhci wazuhci moved this to Backlog in Release 5.0.0 Oct 9, 2024
@mcasas993 mcasas993 self-assigned this Oct 9, 2024
@wazuhci wazuhci moved this from Backlog to In progress in Release 5.0.0 Oct 9, 2024
@mcasas993 mcasas993 mentioned this issue Oct 9, 2024
Closed
@mcasas993 mcasas993 linked a pull request Oct 9, 2024 that will close this issue
Implement a new KeyStore file to configure the persistence logic #97
Closed
@f-galland f-galland self-assigned this Oct 18, 2024
@mcasas993 mcasas993 mentioned this issue Oct 25, 2024
Merged
@mcasas993 mcasas993 linked a pull request Oct 25, 2024 that will close this issue
Add CommangManagerSettings and the respective tests #120
Merged
@mcasas993
Copy link
Member

Opensearch solution

We ask for help to OpenSearch for managing the Settings in the Keystore, and they give us a simple solution:

The plugins can declare "secure" settings and then they will have access to the decrypted value directly. They only have access to their own declared secure settings, but not secure settings declared by other plugins

They can be declared like this and they can be accessed like any other setting.

The different between secureSetting vs normal setting is that secureSetting is stored in the keystore.

So we are going to refactor the code to simplify the solution.

@wazuhci wazuhci moved this from In progress to Done in Release 5.0.0 Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mcasas993 mcasas993

Labels
level/task Task issue type/enhancement Enhancement issue
Projects
Release 5.0.0
Status: Done
Milestone
No milestone
3 participants
@AlexRuiz7 @mcasas993 @f-galland