[BUG] Cannot invoke "Object.getClass()" because "event" is null

[merlinz01]

What is the bug?
I ran securityadmin.sh with an empty audit.yml file and now I'm getting null-pointer exceptions.

How can one reproduce the bug?
Retrieve currrent security config with securityadmin.sh.
Rename all .yml filenames with dates to their normal names.
Edit an unrelated setting in config.yml.
Run securityadmin.sh to update the config.
Observe this output from securityadmin.sh:

ERR: Seems ./audit.yml is not in OpenSearch Security 7 format: java.lang.NullPointerException: Cannot invoke "org.opensearch.security.securityconf.impl.SecurityDynamicConfiguration.get_meta()" because "sdc" is null

Edit audit.yml and observe that it is empty. Add these lines:

_meta:
  config_version: 2
  type: "audit"

Run securityadmin.sh again and observe this output:

Will update '/audit' with ./audit.yml 
   SUCC: Configuration for 'audit' created or updated
...
FAIL: 1 nodes reported failures. Failure is /{"_nodes":{"total":1,"successful":0,"failed":1,"failures":[{"type":"failed_node_exception","reason":"Failed node [aAs3rkCcQ72TDfBPZ3rfyw]","node_id":"aAs3rkCcQ72TDfBPZ3rfyw","caused_by":{"type":"exception","reason":"java.lang.NullPointerException: Cannot invoke \"Object.getClass()\" because \"event\" is null","caused_by":{"type":"null_pointer_exception","reason":"Cannot invoke \"Object.getClass()\" because \"event\" is null"}}}]},"cluster_name":"prism-logs-cluster","configupdate_response":{"nodes":{},"node_size":0,"has_failures":true,"failures_size":1}}
FAIL: Expected 1 nodes to return response, but got 0
Done with failures

Remove audit.yml and run securityadmin.sh again and observe the same output.
See lots and lots of these in Opensearch logs:

[2024-05-04T01:04:12,908][INFO ][stdout                   ] [main-node] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-05-04T01:04:12,910][INFO ][stdout                   ] [main-node] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-05-04T01:04:12,912][ERROR][o.o.s.c.ConfigurationRepository] [main-node] org.opensearch.security.securityconf.DynamicConfigFactory@7a824730 listener errored: java.lang.NullPointerException: Cannot invoke "Object.getClass()" because "event" is null
java.lang.NullPointerException: Cannot invoke "Object.getClass()" because "event" is null
	at org.greenrobot.eventbus.EventBus.postSingleEvent(EventBus.java:387) ~[eventbus-java-3.3.1.jar:?]
	at org.greenrobot.eventbus.EventBus.post(EventBus.java:275) ~[eventbus-java-3.3.1.jar:?]
	at org.opensearch.security.securityconf.DynamicConfigFactory.onChange(DynamicConfigFactory.java:323) ~[opensearch-security-2.13.0.0.jar:2.13.0.0]
	at org.opensearch.security.configuration.ConfigurationRepository.notifyAboutChanges(ConfigurationRepository.java:430) [opensearch-security-2.13.0.0.jar:2.13.0.0]
	at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration0(ConfigurationRepository.java:419) [opensearch-security-2.13.0.0.jar:2.13.0.0]
	at org.opensearch.security.configuration.ConfigurationRepository.reloadConfiguration(ConfigurationRepository.java:402) [opensearch-security-2.13.0.0.jar:2.13.0.0]
	at org.opensearch.security.configuration.ConfigurationRepository.initalizeClusterConfiguration(ConfigurationRepository.java:227) [opensearch-security-2.13.0.0.jar:2.13.0.0]
	at org.opensearch.security.configuration.ConfigurationRepository.lambda$initOnNodeStart$0(ConfigurationRepository.java:318) [opensearch-security-2.13.0.0.jar:2.13.0.0]
	at java.base/java.lang.Thread.run(Thread.java:1583) [?:?]

What is the expected behavior?
No errors

What is your host/environment?

• OS: Debian 12
• Version 2.13.0
• Plugins

opensearch-alerting
opensearch-anomaly-detection
opensearch-asynchronous-search
opensearch-cross-cluster-replication
opensearch-custom-codecs
opensearch-flow-framework
opensearch-geospatial
opensearch-index-management
opensearch-job-scheduler
opensearch-knn
opensearch-ml
opensearch-neural-search
opensearch-notifications
opensearch-notifications-core
opensearch-observability
opensearch-reports-scheduler
opensearch-security
opensearch-security-analytics
opensearch-skills
opensearch-sql

Do you have any screenshots?
If applicable, add screenshots to help explain your problem.

Do you have any additional context?
Add any other context about the problem.

[merlinz01]

Added these lines to audit.yml, ran securityadmin.sh, and the errors stopped:

config:
  enabled: false

Will be glad when some of this security stuff is streamlined.

[merlinz01]

I think this is still a bug.

See

https://github.com/greenrobot/EventBus/blob/0194926b3bcf70cc0d7bfd3c5da16708dd5ab876/EventBus/src/org/greenrobot/eventbus/EventBus.java#L387

and

https://forum.opensearch.org/t/ava-lang-nullpointerexception-cannot-invoke-object-getclass-because-event-is-null/20821

[merlinz01]

The error is when the audit config does not exist (is null). The audit config is being posted to an event bus, which checks the class of the object being posted, and fails when that object is null.

[stephen-crawford]

[Triage] Hi @merlinz01, thanks for opening this issue. It looks like you also opened a PR and that was merged. Going to mark as triaged. Thanks again.