From fa0fcc3be29f3c6c61c9d011508b0fb0b87c34a2 Mon Sep 17 00:00:00 2001 From: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Date: Tue, 16 May 2023 10:55:57 -0700 Subject: [PATCH] [Feature/Extension] Rename the term 'extension' into 'on_behalf_of' (#2774) Signed-off-by: Ryan Liang --- .../security/SecurityConfigurationTests.java | 4 ++-- src/integrationTest/resources/config.yml | 2 +- .../opensearch/security/OpenSearchSecurityPlugin.java | 2 +- .../security/securityconf/DynamicConfigModel.java | 2 +- .../security/securityconf/DynamicConfigModelV6.java | 2 +- .../security/securityconf/DynamicConfigModelV7.java | 4 ++-- .../security/securityconf/impl/v6/ConfigV6.java | 10 ++++++---- .../security/securityconf/impl/v7/ConfigV7.java | 8 ++++---- .../security/authtoken/jwt/JwtVendorTest.java | 10 +++++----- src/test/resources/config.yml | 2 +- src/test/resources/restapi/securityconfig.json | 2 +- .../resources/restapi/securityconfig_nondefault.json | 2 +- 12 files changed, 26 insertions(+), 24 deletions(-) diff --git a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java index 920fd04e00..ab87dce65e 100644 --- a/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java +++ b/src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java @@ -215,7 +215,7 @@ public void shouldUseSecurityAdminTool() throws Exception { } @Test - public void shouldReloadExtensionsConfigurationFromFile() throws Exception { + public void shouldReloadOnBehalfOfConfigurationFromFile() throws Exception { SecurityAdminLauncher securityAdminLauncher = new SecurityAdminLauncher(cluster.getHttpPort(), cluster.getTestCertificates()); File config = configurationDirectory.newFile("config.yml"); ConfigurationFiles.createConfigFile(config); @@ -228,7 +228,7 @@ public void shouldReloadExtensionsConfigurationFromFile() throws Exception { { HttpResponse httpResponse = client.get("_plugins/_security/api/securityconfig"); JsonNode jsonNode = DefaultObjectMapper.objectMapper.readTree(httpResponse.getBody()); - return jsonNode.get("config").get("dynamic").get("extensions"); + return jsonNode.get("config").get("dynamic").get("on_behalf_of"); }, jsonNode -> jsonNode.get("encryption_key").asText().equals("encryption key") && jsonNode.get("signing_key").asText().equals("signing key") ); diff --git a/src/integrationTest/resources/config.yml b/src/integrationTest/resources/config.yml index 3d4be02946..1fbea10e28 100644 --- a/src/integrationTest/resources/config.yml +++ b/src/integrationTest/resources/config.yml @@ -15,6 +15,6 @@ config: authentication_backend: type: "internal" config: {} - extensions: + on_behalf_of: signing_key: "signing key" encryption_key: "encryption key" diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 99cbb0e30b..9bf13957da 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -838,7 +838,7 @@ public Collection createComponents(Client localClient, ClusterService cl securityRestHandler = new SecurityRestFilter(backendRegistry, auditLog, threadPool, principalExtractor, settings, configPath, compatConfig); - //TODO: CREATE A INSTANCE OF HTTPExtensionAuthenticationBackend + HTTPOnBehalfOfJwtAuthenticator acInstance = new HTTPOnBehalfOfJwtAuthenticator(); final DynamicConfigFactory dcf = new DynamicConfigFactory(cr, settings, configPath, localClient, threadPool, cih); diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModel.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModel.java index 0033b3bf5f..8b273be122 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModel.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModel.java @@ -81,7 +81,7 @@ public abstract class DynamicConfigModel { public abstract Multimap getAuthBackendFailureListeners(); public abstract List> getIpClientBlockRegistries(); public abstract Multimap> getAuthBackendClientBlockRegistries(); - public abstract Settings getDynamicExtensionsSettings(); + public abstract Settings getDynamicOnBehalfOfSettings(); protected final Map authImplMap = new HashMap<>(); public DynamicConfigModel() { diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java index 515ad6dcac..1e6467ae6f 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java @@ -190,7 +190,7 @@ public Multimap> getAuthBackendClientBlockRe } @Override - public Settings getDynamicExtensionsSettings() { + public Settings getDynamicOnBehalfOfSettings() { return Settings.EMPTY; } diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java index fa914677a7..c3e3792c5c 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java @@ -190,9 +190,9 @@ public Multimap> getAuthBackendClientBlockRe } @Override - public Settings getDynamicExtensionsSettings() { + public Settings getDynamicOnBehalfOfSettings() { return Settings.builder() - .put(Settings.builder().loadFromSource(config.dynamic.extensions.configAsJson(), XContentType.JSON).build()) + .put(Settings.builder().loadFromSource(config.dynamic.on_behalf_of.configAsJson(), XContentType.JSON).build()) .build(); } diff --git a/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java b/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java index 99d83d0679..301cb68219 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java @@ -72,12 +72,14 @@ public static class Dynamic { public String hosts_resolver_mode = "ip-only"; public String transport_userrname_attribute; public boolean do_not_fail_on_forbidden_empty; - public Extensions extensions = new Extensions(); + public OnBehalfOf on_behalf_of = new OnBehalfOf() { + + }; @Override public String toString() { return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz=" - + authz + ", extensions=" + extensions + "]"; + + authz + ", on_behalf_of=" + on_behalf_of + "]"; } } @@ -322,7 +324,7 @@ public String toString() { } - public static class Extensions { + public static class OnBehalfOf { @JsonProperty("signing_key") private String signingKey; @JsonProperty("encryption_key") @@ -346,7 +348,7 @@ public void setEncryptionKey(String encryptionKey) { @Override public String toString() { - return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]"; + return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]"; } } } diff --git a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java index e8ecd6bd97..9a39979909 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java @@ -126,12 +126,12 @@ public static class Dynamic { public String hosts_resolver_mode = "ip-only"; public String transport_userrname_attribute; public boolean do_not_fail_on_forbidden_empty; - public Extensions extensions = new Extensions(); + public OnBehalfOf on_behalf_of = new OnBehalfOf(); @Override public String toString() { return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz=" - + authz + ", extensions=" + extensions + "]"; + + authz + ", on_behalf_of=" + on_behalf_of + "]"; } } @@ -466,7 +466,7 @@ public String toString() { } - public static class Extensions { + public static class OnBehalfOf { @JsonProperty("signing_key") private String signingKey; @JsonProperty("encryption_key") @@ -499,7 +499,7 @@ public void setEncryptionKey(String encryptionKey) { @Override public String toString() { - return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]"; + return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]"; } } } diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java index db69fd02b1..3330477721 100644 --- a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java +++ b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java @@ -47,7 +47,7 @@ public void testCreateJwkFromSettingsWithoutSigningKey() throws Exception{ public void testCreateJwtWithRoles() throws Exception { String issuer = "cluster_0"; String subject = "admin"; - String audience = "extension_0"; + String audience = "audience_0"; List roles = List.of("IT", "HR"); String expectedRoles = "IT,HR"; Integer expirySeconds = 300; @@ -64,7 +64,7 @@ public void testCreateJwtWithRoles() throws Exception { Assert.assertEquals("cluster_0", jwt.getClaim("iss")); Assert.assertEquals("admin", jwt.getClaim("sub")); - Assert.assertEquals("extension_0", jwt.getClaim("aud")); + Assert.assertEquals("audience_0", jwt.getClaim("aud")); Assert.assertNotNull(jwt.getClaim("iat")); Assert.assertNotNull(jwt.getClaim("exp")); Assert.assertEquals(expectedExp, jwt.getClaim("exp")); @@ -76,7 +76,7 @@ public void testCreateJwtWithRoles() throws Exception { public void testCreateJwtWithBadExpiry() throws Exception { String issuer = "cluster_0"; String subject = "admin"; - String audience = "extension_0"; + String audience = "audience_0"; List roles = List.of("admin"); Integer expirySeconds = -300; String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16); @@ -91,7 +91,7 @@ public void testCreateJwtWithBadExpiry() throws Exception { public void testCreateJwtWithBadEncryptionKey() throws Exception { String issuer = "cluster_0"; String subject = "admin"; - String audience = "extension_0"; + String audience = "audience_0"; List roles = List.of("admin"); Integer expirySeconds = 300; @@ -105,7 +105,7 @@ public void testCreateJwtWithBadEncryptionKey() throws Exception { public void testCreateJwtWithBadRoles() throws Exception { String issuer = "cluster_0"; String subject = "admin"; - String audience = "extension_0"; + String audience = "audience_0"; List roles = null; Integer expirySecond = 300; String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16); diff --git a/src/test/resources/config.yml b/src/test/resources/config.yml index abdeb86421..c4bb432125 100644 --- a/src/test/resources/config.yml +++ b/src/test/resources/config.yml @@ -96,6 +96,6 @@ config: multi_rolespan_enabled: false hosts_resolver_mode: "ip-only" transport_userrname_attribute: null - extensions: + on_behalf_of: signing_key: "signing key" encryption_key: "encryption key" diff --git a/src/test/resources/restapi/securityconfig.json b/src/test/resources/restapi/securityconfig.json index 3fbc385eb8..13bc7c23a6 100644 --- a/src/test/resources/restapi/securityconfig.json +++ b/src/test/resources/restapi/securityconfig.json @@ -154,7 +154,7 @@ "multi_rolespan_enabled":false, "hosts_resolver_mode":"ip-only", "do_not_fail_on_forbidden_empty":false, - "extensions": { + "on_behalf_of": { } } diff --git a/src/test/resources/restapi/securityconfig_nondefault.json b/src/test/resources/restapi/securityconfig_nondefault.json index 4437941815..e30ca9148b 100644 --- a/src/test/resources/restapi/securityconfig_nondefault.json +++ b/src/test/resources/restapi/securityconfig_nondefault.json @@ -171,7 +171,7 @@ "multi_rolespan_enabled" : true, "hosts_resolver_mode" : "ip-only", "do_not_fail_on_forbidden_empty" : false, - "extensions": { + "on_behalf_of": { "signing_key": "signing key", "encryption_key": "encryption key" }