Skip to content

Relax field-level meta validation constraints#20578

Open
urmichm wants to merge 3 commits intoopensearch-project:mainfrom
urmichm:meta-19884
Open

Relax field-level meta validation constraints#20578
urmichm wants to merge 3 commits intoopensearch-project:mainfrom
urmichm:meta-19884

Conversation

@urmichm
Copy link
Contributor

@urmichm urmichm commented Feb 9, 2026

Description

Restrictions on the field-level meta have been relaxed:

  • meta accepts any number of entries as long as the following restrictions are met
  • meta's values must be Strings of any length
  • meta's values can not be nulls
  • meta's keys must be Strings of any length

Related Issues

Resolves #19884

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions github-actions bot added enhancement Enhancement or improvement to existing feature or request Indexing Indexing, Bulk Indexing and anything related to indexing labels Feb 9, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 9, 2026

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

These changes relax validation constraints for field-level _meta metadata in the mapper. The maximum entry count, key length, and value length restrictions are removed from TypeParsers.parseMeta, while null-value and non-string type checks remain enforced. The corresponding test is updated to reflect these relaxed validation rules.

Changes

Cohort / File(s) Summary
Validation Logic Relaxation
server/src/main/java/org/opensearch/index/mapper/TypeParsers.java
Removed max entry count (5), per-key length (20 chars), and per-value length (50 chars) constraints. Retained null-value prohibition and added explicit error messaging for non-String values.
Test Updates
server/src/test/java/org/opensearch/index/mapper/TypeParsersTests.java
Replaced validation tests that expected MapperParsingException for excessive key length and max entries. New test constructs meta map with multiple long keys and asserts successful parsing with matching size.
Changelog
CHANGELOG.md
Added changelog entry documenting the relaxation of field-level meta validation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: relaxing validation constraints for field-level meta in OpenSearch mappings.
Description check ✅ Passed The description clearly explains the relaxed restrictions, references the resolved issue #19884, confirms testing is included, and follows the required template format.
Linked Issues check ✅ Passed The PR successfully implements the feature request from issue #19884 by allowing field-level _meta blocks with relaxed validation on entry count and string length constraints.
Out of Scope Changes check ✅ Passed All changes are directly related to relaxing field-level meta validation: modifications to TypeParsers.parseMeta, updated tests, and CHANGELOG entry align with issue #19884 requirements.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.


Comment @coderabbitai help to get the list of available commands and usage tips.

Signed-off-by: Michael Urmich <urmich.m@gmail.com>
@github-actions
Copy link
Contributor

github-actions bot commented Feb 9, 2026

❗ AI-powered Code-Diff-Analyzer found issues on commit 5f656fd.

PathLineSeverityDescription
server/src/main/java/org/opensearch/index/mapper/TypeParsers.java89mediumIntentional removal of input validation limits on metadata fields (size limit of 5 entries, key length limit of 20 chars, value length limit of 50 chars). While documented as a feature change in CHANGELOG, this could enable resource exhaustion or DoS attacks through unbounded metadata. Without context from issue #19884, cannot definitively determine if this weakening of security controls is justified by legitimate requirements.

The table above displays the top 10 most important findings.

Total: 1 | Critical: 0 | High: 0 | Medium: 1 | Low: 0


Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.


⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 9, 2026

❌ Gradle check result for 5f656fd: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions
Copy link
Contributor

❌ Gradle check result for 5f656fd: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions
Copy link
Contributor

❌ Gradle check result for e2080f7: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Signed-off-by: Mikhail Urmich <32458509+urmichm@users.noreply.github.com>
@github-actions
Copy link
Contributor

❗ AI-powered Code-Diff-Analyzer found issues on commit 6ee1908.

PathLineSeverityDescription
server/src/main/java/org/opensearch/index/mapper/TypeParsers.java89mediumIntentional removal of security validation limits: meta field entry count (was max 5), key length (was max 20 chars), and value length (was max 50 chars) protections removed. While documented in CHANGELOG, this enables potential DoS via resource exhaustion, unbounded data storage in meta fields, and possible covert channels. Change appears legitimate but creates exploitable attack surface.

The table above displays the top 10 most important findings.

Total: 1 | Critical: 0 | High: 0 | Medium: 1 | Low: 0


Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.


⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

@urmichm
Copy link
Contributor Author

urmichm commented Feb 17, 2026

I shall add some more explanation on why relaxing the restrictions won't impact on the cluster stage.
Currently, we have _meta on the mappings level and meta on the field level. Since only the field level has the restriction, the data is simply migrated to the other place with extra characters.

We keep the meta strictly as Map<String,String>, but drop the restriction on how long the keys and values are and how many entries are in the map.

Example:

{
    "settings": {  ... },
    "mappings": {
        "properties": {
            "secret_text": {
                "type": "text",
                "meta": {
                       // this 'meta' block will be rejected due to field below
                       "description": "This text has already too many chars and will not be allowed."
                }
            }, ........
        },
        "_meta": {
            "fields_description": {
               // the whole '_meta' block will be allowed with this nested parameter
               "secret_text" : "This text has already too many chars and will not be allowed."
            },
            ...
        }
    }
}

@sandeshkr419 please share your feedback :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement Enhancement or improvement to existing feature or request Indexing Indexing, Bulk Indexing and anything related to indexing

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature Request] Relax meta block on field level

1 participant