Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt/Decrypt template credentials #197

Merged
merged 24 commits into from
Nov 29, 2023
Merged

Encrypt/Decrypt template credentials #197

merged 24 commits into from
Nov 29, 2023

Conversation

joshpalis
Copy link
Member

@joshpalis joshpalis commented Nov 25, 2023
edited
Loading

Description

This PR achieves multiple things:

  • Creates a new system index .plugins-flow-framework-config which is instantiated during the initial create workflow request
  • The index is populated by a randomly generated master key and its creation time, but includes logic to attempt to first read and set the master key from the index if it currently exists (this is to handle the case in which the system indices are restored from snapshot, therefore we need to use the same master key used for encryption to successfully decrypt any existing use case templates)
  • implements credential encryption for any use case template credential prior to indexing into the .plugin-ai-global-context and decryption when reading the template from the index for use in provisioning.

Using the following use case template (note the 12345 credential for creating a connector)

{"name":"create-connector-register-deploy-model","description":"test case","use_case":"TEST_CASE","version":{"template":"1.0.0","compatibility":["2.12.0","3.0.0"]},"workflows":{"provision":{"user_params":{},"nodes":[{"id":"workflow_step_1","type":"create_connector","previous_node_inputs":{},"user_inputs":{"name":"OpenAI Chat Connector","version":"1","parameters":{"endpoint":"api.openai.com","model":"gpt-3.5-turbo"},"credential":{"openAI_key":"12345"},"actions":[{"method":"POST","action_type":"predict","url":"https://${parameters.endpoint}/v1/chat/completions"}],"description":"The connector to public OpenAI model service for GPT 3.5","protocol":"http"}},{"id":"workflow_step_2","type":"register_remote_model","previous_node_inputs":{"workflow_step_1":"connector_id"},"user_inputs":{"function_name":"remote","name":"openAI-gpt-3.5-turbo","description":"test model"}},{"id":"workflow_step_3","type":"deploy_model","previous_node_inputs":{"workflow_step_2":"model_id"},"user_inputs":{}}],"edges":[{"source":"workflow_step_1","dest":"workflow_step_2"},{"source":"workflow_step_2","dest":"workflow_step_3"}]}}}

Prior to indexing into the .plugin-ai-global-context, we iterate through the template workflow node user inputs and look for the credential field, encrypting all the fields here :

"credential":{"openAI_key":"AgV4Qqbp08CGmflQLewOsHqvNlRL5kn8sr85FXLoTL61kW8AXwABABVhd3MtY3J5cHRvLXB1YmxpYy1rZXkAREFoMXRSME5tZlBxakhlN0RWMnYvbW1abGozVGlhYjlqTktEcWE3WWFPNGE1aGZTV2t2em51WXVpV2h1YVhEUXFSZz09AAEABkN1c3RvbQAUAAAAgAAAAAw2Is3BMTV4vwEeXDUAMCBdRgNL/WOkOyOoh6vavIoOfI6lB6HD+Jii7ti0ha/7MVbeXuXbZOdefSGO1/jxfAIAABAAQQ8TQMfakJjiu0dxvZZu4CZBVlhIvmow2WHaM2n1HSlG1AH+kg5ix9MMQjDUeNEE/////wAAAAEAAAAAAAAAAAAAAAEAAAAFAppLfxS9pUVlJbl9EYmS1NrnZ3g/AGcwZQIwU4FBtA8VuIRMCExYKZIuIJwDJqhokQ4VA5wvrwq/0ukmD6Uu+h+HVwnVyvoUvknAAjEApPQbk/WqKOz8Y/b/atCNvDPYG7a3qjKBbQ0IFh0nqcdoeQvqXuSXf1p3FA6DqaU6"},

When provisioning, we read the template from the system index, decrypt the template, and then provision.

Logs show the provisioning process completed successfully, with template credentials reading the original value 12345

[2023-11-25T00:46:57,995][INFO ][o.o.f.t.ProvisionWorkflowTransportAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Queueing process [workflow_step_1]. Can start immediately!
[2023-11-25T00:46:57,996][INFO ][o.o.f.t.ProvisionWorkflowTransportAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Queueing process [workflow_step_2]. Must wait for [workflow_step_1] to complete first.
[2023-11-25T00:46:57,996][INFO ][o.o.f.w.ProcessNode      ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Starting workflow_step_1.
[2023-11-25T00:46:57,997][INFO ][o.o.f.t.ProvisionWorkflowTransportAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Queueing process [workflow_step_3]. Must wait for [workflow_step_2] to complete first.
[2023-11-25T00:46:58,021][INFO ][o.r.Reflections          ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Reflections took 12 ms to scan 1 urls, producing 6 keys and 34 values 
[2023-11-25T00:46:58,030][INFO ][o.o.f.t.ProvisionWorkflowTransportAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] updated workflow H1HxA4wBXiCehp6dMpsV state to PROVISIONING
[2023-11-25T00:46:58,033][INFO ][o.r.Reflections          ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Reflections took 6 ms to scan 1 urls, producing 8 keys and 38 values 
[2023-11-25T00:46:58,040][INFO ][o.r.Reflections          ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Reflections took 3 ms to scan 1 urls, producing 5 keys and 14 values 
[2023-11-25T00:46:58,047][INFO ][o.r.Reflections          ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Reflections took 2 ms to scan 1 urls, producing 3 keys and 8 values 
[2023-11-25T00:46:58,053][INFO ][o.r.Reflections          ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Reflections took 3 ms to scan 1 urls, producing 5 keys and 15 values 
[2023-11-25T00:46:58,066][INFO ][o.r.Reflections          ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Reflections took 7 ms to scan 1 urls, producing 11 keys and 49 values 
[2023-11-25T00:46:58,072][INFO ][o.r.Reflections          ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Reflections took 2 ms to scan 1 urls, producing 8 keys and 11 values 
[2023-11-25T00:46:58,186][INFO ][o.o.m.a.c.TransportCreateConnectorAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] connector created, indexing into the connector system index
[2023-11-25T00:46:58,190][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-connector/SBl_4NXuTTqhQocCWbjNYg]
[2023-11-25T00:46:58,200][INFO ][o.o.c.m.MetadataCreateIndexService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] [.plugins-ml-connector] creating index, cause [api], templates [], shards [1]/[1]
[2023-11-25T00:46:58,202][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] updating number_of_replicas to [0] for indices [.plugins-ml-connector]
[2023-11-25T00:46:58,226][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-connector/SBl_4NXuTTqhQocCWbjNYg]
[2023-11-25T00:46:58,270][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.plugins-ml-connector][0]]]).
[2023-11-25T00:46:58,293][INFO ][o.o.m.i.MLIndicesHandler ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] create index:.plugins-ml-connector
[2023-11-25T00:46:58,325][INFO ][o.o.m.a.c.TransportCreateConnectorAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Connector saved into index, result:CREATED, connector id: IFHxA4wBXiCehp6dqJv2
[2023-11-25T00:46:58,326][INFO ][o.o.f.w.CreateConnectorStep] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Created connector successfully
[2023-11-25T00:46:58,326][INFO ][o.o.f.w.ProcessNode      ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Finished workflow_step_1.
[2023-11-25T00:46:58,326][INFO ][o.o.f.w.ProcessNode      ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Starting workflow_step_2.
[2023-11-25T00:46:58,353][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-model-group/laFZvpLpR8qnHlEbhPAG8A]
[2023-11-25T00:46:58,361][INFO ][o.o.c.m.MetadataCreateIndexService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] [.plugins-ml-model-group] creating index, cause [api], templates [], shards [1]/[1]
[2023-11-25T00:46:58,362][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] updating number_of_replicas to [0] for indices [.plugins-ml-model-group]
[2023-11-25T00:46:58,385][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-model-group/laFZvpLpR8qnHlEbhPAG8A]
[2023-11-25T00:46:58,435][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.plugins-ml-model-group][0]]]).
[2023-11-25T00:46:58,455][INFO ][o.o.m.i.MLIndicesHandler ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] create index:.plugins-ml-model-group
[2023-11-25T00:46:58,474][INFO ][stdout                   ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] registering the model
[2023-11-25T00:46:58,479][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-task/42JqnMOdRqi6fPKXlr-mdA]
[2023-11-25T00:46:58,487][INFO ][o.o.c.m.MetadataCreateIndexService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] [.plugins-ml-task] creating index, cause [api], templates [], shards [1]/[1]
[2023-11-25T00:46:58,488][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] updating number_of_replicas to [0] for indices [.plugins-ml-task]
[2023-11-25T00:46:58,511][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-task/42JqnMOdRqi6fPKXlr-mdA]
[2023-11-25T00:46:58,512][INFO ][o.o.f.w.CreateConnectorStep] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] updated resources created of H1HxA4wBXiCehp6dMpsV
[2023-11-25T00:46:58,559][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.plugins-ml-task][0]]]).
[2023-11-25T00:46:58,578][INFO ][o.o.m.i.MLIndicesHandler ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] create index:.plugins-ml-task
[2023-11-25T00:46:58,622][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-model/i1-j3b0nS36y9upUJMQbgQ]
[2023-11-25T00:46:58,629][INFO ][o.o.c.m.MetadataCreateIndexService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] [.plugins-ml-model] creating index, cause [api], templates [], shards [1]/[1]
[2023-11-25T00:46:58,630][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] updating number_of_replicas to [0] for indices [.plugins-ml-model]
[2023-11-25T00:46:58,651][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-model/i1-j3b0nS36y9upUJMQbgQ]
[2023-11-25T00:46:58,701][INFO ][o.o.c.r.a.AllocationService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.plugins-ml-model][0]]]).
[2023-11-25T00:46:58,722][INFO ][o.o.m.i.MLIndicesHandler ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] create index:.plugins-ml-model
[2023-11-25T00:46:58,735][INFO ][o.o.p.PluginsService     ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] PluginService:onIndexModule index:[.plugins-ml-model/i1-j3b0nS36y9upUJMQbgQ]
[2023-11-25T00:46:58,744][INFO ][o.o.c.m.MetadataMappingService] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] [.plugins-ml-model/i1-j3b0nS36y9upUJMQbgQ] update_mapping [_doc]
[2023-11-25T00:46:58,785][INFO ][o.o.m.m.MLModelManager   ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] create new model meta doc I1HxA4wBXiCehp6dqpuk for upload task IlHxA4wBXiCehp6dqpsU
[2023-11-25T00:46:58,787][INFO ][o.o.f.w.RegisterRemoteModelStep] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Remote Model registration successful
[2023-11-25T00:46:58,788][INFO ][o.o.f.w.ProcessNode      ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Finished workflow_step_2.
[2023-11-25T00:46:58,788][INFO ][o.o.f.w.ProcessNode      ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Starting workflow_step_3.
[2023-11-25T00:46:58,798][INFO ][o.o.m.a.d.TransportDeployModelAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Will deploy model on these nodes: u27NpfV6QPWIb_nULHPf9w
[2023-11-25T00:46:58,840][INFO ][o.o.m.m.MLModelManager   ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Set connector IFHxA4wBXiCehp6dqJv2 for the model: I1HxA4wBXiCehp6dqpuk
[2023-11-25T00:46:58,840][INFO ][o.o.f.w.DeployModelStep  ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Model deployment state COMPLETED
[2023-11-25T00:46:58,841][INFO ][o.o.f.w.ProcessNode      ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Finished workflow_step_3.
[2023-11-25T00:46:58,841][INFO ][o.o.f.t.ProvisionWorkflowTransportAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Provisioning completed successfully for workflow H1HxA4wBXiCehp6dMpsV
[2023-11-25T00:46:58,863][INFO ][o.o.f.t.ProvisionWorkflowTransportAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] updated workflow H1HxA4wBXiCehp6dMpsV state to COMPLETED
[2023-11-25T00:46:58,900][INFO ][o.o.m.a.f.TransportForwardAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] deploy model done with state: DEPLOYED, model id: I1HxA4wBXiCehp6dqpuk
[2023-11-25T00:46:58,901][INFO ][o.o.m.a.d.TransportDeployModelOnNodeAction] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] deploy model task done JFHxA4wBXiCehp6dqpvx
[2023-11-25T00:46:58,901][INFO ][o.o.m.m.MLModelManager   ] [dev-dsk-jpalis-2c-27c8aa11.us-west-2.amazon.com] Completed setting connector IFHxA4wBXiCehp6dqJv2 in the model I1HxA4wBXiCehp6dqpuk

Issues Resolved

#75
Part of issue #88

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@joshpalis
added RegisterRemoteModelStep and tests
9bb74eb 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Adding RegisterLocalModelStep, fixing tests, adding input/ouput defin…
d93a581 
…itions to workflow step json

Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Merge branch 'main' into registerModel
a5997b7
@joshpalis
Fixing javadoc warnings, fixing log message
366f05e 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Addressing PR comments,making description field optional for Register…
5f0a357 
…RemoteModelStep and RegisterLocalModelStep

Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
moving modelConfig builder before adding allConfig
285eb6f 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
initial implementation
da2e4b3 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Merge main
541d3f7 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Fixing create workflow transport action
005b6e1 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Removing duplicate register_remote_model validator
b9a50a0 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Adding bouncy castle dependency to resolve encryption issue
4994a2d 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Merge branch 'main' into encrypt
50d4b7c
@joshpalis
Fixing CreateWorkflowTransportActionTests
b8e8ad7 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Adding initial unit tests for encryptor utils
fb3ad2e 
Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Implemented encryption/decryption for workflow node user inputs with …
38ff53c 
…credential

Signed-off-by: Joshua Palis <[email protected]>
@joshpalis joshpalis added the backport 2.x backport PRs to 2.x branch label Nov 25, 2023
dbwiddis
dbwiddis reviewed Nov 27, 2023
View reviewed changes
Copy link
Member

@dbwiddis dbwiddis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First pass. Looks great, but I think way too much of "encryption utils" are publicly accessible if not needed.

The methods dealing with master key index in two different classes should probably be refactored to be in the same class.

src/test/java/org/opensearch/flowframework/common/EncryptorUtilsTests.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/common/CommonValue.java Show resolved Hide resolved
@joshpalis joshpalis marked this pull request as ready for review November 27, 2023 21:49
owaiskazi19
owaiskazi19 reviewed Nov 29, 2023
View reviewed changes
Copy link
Member

@owaiskazi19 owaiskazi19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good. Most of comments are related to logging here.

src/main/java/org/opensearch/flowframework/indices/FlowFrameworkIndicesHandler.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/transport/CreateWorkflowTransportAction.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/transport/CreateWorkflowTransportAction.java Outdated Show resolved Hide resolved
src/main/java/org/opensearch/flowframework/util/EncryptorUtils.java Show resolved Hide resolved
@joshpalis
Addressing PR comments, changing master key index name to config, fix…
d8aa0b7 
…es error messages as well. Added create time field to config index, ensured that updates are also encrypted

Signed-off-by: Joshua Palis <[email protected]>
@joshpalis
Added TODO
eacdebd 
Signed-off-by: Joshua Palis <[email protected]>
owaiskazi19
owaiskazi19 approved these changes Nov 29, 2023
View reviewed changes
Copy link
Member

@owaiskazi19 owaiskazi19 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

amitgalitz
amitgalitz approved these changes Nov 29, 2023
View reviewed changes
Copy link
Member

@amitgalitz amitgalitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for adding this

dbwiddis
dbwiddis approved these changes Nov 29, 2023
View reviewed changes
Copy link
Member

@dbwiddis dbwiddis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM2!

@joshpalis joshpalis merged commit 772fbbd into opensearch-project:main Nov 29, 2023
19 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 29, 2023
@github-actions
Encrypt/Decrypt template credentials (#197)
e7fd1be 
* added RegisterRemoteModelStep and tests

Signed-off-by: Joshua Palis <[email protected]>

* Adding RegisterLocalModelStep, fixing tests, adding input/ouput definitions to workflow step json

Signed-off-by: Joshua Palis <[email protected]>

* Fixing javadoc warnings, fixing log message

Signed-off-by: Joshua Palis <[email protected]>

* Addressing PR comments,making description field optional for RegisterRemoteModelStep and RegisterLocalModelStep

Signed-off-by: Joshua Palis <[email protected]>

* moving modelConfig builder before adding allConfig

Signed-off-by: Joshua Palis <[email protected]>

* initial implementation

Signed-off-by: Joshua Palis <[email protected]>

* Fixing create workflow transport action

Signed-off-by: Joshua Palis <[email protected]>

* Removing duplicate register_remote_model validator

Signed-off-by: Joshua Palis <[email protected]>

* Adding bouncy castle dependency to resolve encryption issue

Signed-off-by: Joshua Palis <[email protected]>

* Fixing CreateWorkflowTransportActionTests

Signed-off-by: Joshua Palis <[email protected]>

* Adding initial unit tests for encryptor utils

Signed-off-by: Joshua Palis <[email protected]>

* Implemented encryption/decryption for workflow node user inputs with credential

Signed-off-by: Joshua Palis <[email protected]>

* Addressing PR comments

Signed-off-by: Joshua Palis <[email protected]>

* Suppressing unchecked warning, making credential strings constants

Signed-off-by: Joshua Palis <[email protected]>

* Removing setMasterKey from initializeMasterKey method

Signed-off-by: Joshua Palis <[email protected]>

* Adding final template encryption decryption test

Signed-off-by: Joshua Palis <[email protected]>

* Addressing PR comments, changing master key index name to config, fixes error messages as well. Added create time field to config index, ensured that updates are also encrypted

Signed-off-by: Joshua Palis <[email protected]>

* Added TODO

Signed-off-by: Joshua Palis <[email protected]>

* changing getMasterKeyIndexMapping method name

Signed-off-by: Joshua Palis <[email protected]>

* Removing unnecessary aws sdk dependency

Signed-off-by: Joshua Palis <[email protected]>

---------

Signed-off-by: Joshua Palis <[email protected]>
(cherry picked from commit 772fbbd)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 29, 2023
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 29, 2023
@github-actions
Encrypt/Decrypt template credentials (#197)
51d0525 
* added RegisterRemoteModelStep and tests

Signed-off-by: Joshua Palis <[email protected]>

* Adding RegisterLocalModelStep, fixing tests, adding input/ouput definitions to workflow step json

Signed-off-by: Joshua Palis <[email protected]>

* Fixing javadoc warnings, fixing log message

Signed-off-by: Joshua Palis <[email protected]>

* Addressing PR comments,making description field optional for RegisterRemoteModelStep and RegisterLocalModelStep

Signed-off-by: Joshua Palis <[email protected]>

* moving modelConfig builder before adding allConfig

Signed-off-by: Joshua Palis <[email protected]>

* initial implementation

Signed-off-by: Joshua Palis <[email protected]>

* Fixing create workflow transport action

Signed-off-by: Joshua Palis <[email protected]>

* Removing duplicate register_remote_model validator

Signed-off-by: Joshua Palis <[email protected]>

* Adding bouncy castle dependency to resolve encryption issue

Signed-off-by: Joshua Palis <[email protected]>

* Fixing CreateWorkflowTransportActionTests

Signed-off-by: Joshua Palis <[email protected]>

* Adding initial unit tests for encryptor utils

Signed-off-by: Joshua Palis <[email protected]>

* Implemented encryption/decryption for workflow node user inputs with credential

Signed-off-by: Joshua Palis <[email protected]>

* Addressing PR comments

Signed-off-by: Joshua Palis <[email protected]>

* Suppressing unchecked warning, making credential strings constants

Signed-off-by: Joshua Palis <[email protected]>

* Removing setMasterKey from initializeMasterKey method

Signed-off-by: Joshua Palis <[email protected]>

* Adding final template encryption decryption test

Signed-off-by: Joshua Palis <[email protected]>

* Addressing PR comments, changing master key index name to config, fixes error messages as well. Added create time field to config index, ensured that updates are also encrypted

Signed-off-by: Joshua Palis <[email protected]>

* Added TODO

Signed-off-by: Joshua Palis <[email protected]>

* changing getMasterKeyIndexMapping method name

Signed-off-by: Joshua Palis <[email protected]>

* Removing unnecessary aws sdk dependency

Signed-off-by: Joshua Palis <[email protected]>

---------

Signed-off-by: Joshua Palis <[email protected]>
(cherry picked from commit 772fbbd)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 29, 2023
Merged
joshpalis pushed a commit that referenced this pull request Nov 29, 2023
@opensearch-trigger-bot @github-actions
[Backport 2.x] Encrypt/Decrypt template credentials (#216)
f716f73 
Encrypt/Decrypt template credentials (#197)

* added RegisterRemoteModelStep and tests



* Adding RegisterLocalModelStep, fixing tests, adding input/ouput definitions to workflow step json



* Fixing javadoc warnings, fixing log message



* Addressing PR comments,making description field optional for RegisterRemoteModelStep and RegisterLocalModelStep



* moving modelConfig builder before adding allConfig



* initial implementation



* Fixing create workflow transport action



* Removing duplicate register_remote_model validator



* Adding bouncy castle dependency to resolve encryption issue



* Fixing CreateWorkflowTransportActionTests



* Adding initial unit tests for encryptor utils



* Implemented encryption/decryption for workflow node user inputs with credential



* Addressing PR comments



* Suppressing unchecked warning, making credential strings constants



* Removing setMasterKey from initializeMasterKey method



* Adding final template encryption decryption test



* Addressing PR comments, changing master key index name to config, fixes error messages as well. Added create time field to config index, ensured that updates are also encrypted



* Added TODO



* changing getMasterKeyIndexMapping method name



* Removing unnecessary aws sdk dependency



---------


(cherry picked from commit 772fbbd)

Signed-off-by: Joshua Palis <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
joshpalis pushed a commit that referenced this pull request Nov 29, 2023
@opensearch-trigger-bot @github-actions
[Backport feature/agent_framework] Encrypt/Decrypt template credentia…
56111fc 
…ls (#217)

Encrypt/Decrypt template credentials (#197)

* added RegisterRemoteModelStep and tests



* Adding RegisterLocalModelStep, fixing tests, adding input/ouput definitions to workflow step json



* Fixing javadoc warnings, fixing log message



* Addressing PR comments,making description field optional for RegisterRemoteModelStep and RegisterLocalModelStep



* moving modelConfig builder before adding allConfig



* initial implementation



* Fixing create workflow transport action



* Removing duplicate register_remote_model validator



* Adding bouncy castle dependency to resolve encryption issue



* Fixing CreateWorkflowTransportActionTests



* Adding initial unit tests for encryptor utils



* Implemented encryption/decryption for workflow node user inputs with credential



* Addressing PR comments



* Suppressing unchecked warning, making credential strings constants



* Removing setMasterKey from initializeMasterKey method



* Adding final template encryption decryption test



* Addressing PR comments, changing master key index name to config, fixes error messages as well. Added create time field to config index, ensured that updates are also encrypted



* Added TODO



* changing getMasterKeyIndexMapping method name



* Removing unnecessary aws sdk dependency



---------


(cherry picked from commit 772fbbd)

Signed-off-by: Joshua Palis <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@owaiskazi19 owaiskazi19 owaiskazi19 approved these changes

@dbwiddis dbwiddis dbwiddis approved these changes

@amitgalitz amitgalitz amitgalitz approved these changes

@ohltyler ohltyler Awaiting requested review from ohltyler ohltyler is a code owner

@jackiehanyang jackiehanyang Awaiting requested review from jackiehanyang jackiehanyang is a code owner

Assignees
No one assigned
Labels
backport feature/agent_framework backport 2.x backport PRs to 2.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@joshpalis @dbwiddis @owaiskazi19 @amitgalitz