Remove TransportClient auth/auth (opensearch-project#1701)

* Remove code related to TransportClient auth/auth (opensearch-project#1578) Signed-off-by: Jochen Kressin <jkressin@floragunn.com>
ochprince · Apr 12, 2022 · 29cfb85 · 29cfb85
1 parent 286da6c
commit 29cfb85
Show file tree

Hide file tree

Showing 21 changed files with 32 additions and 444 deletions.
diff --git a/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java b/src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java
@@ -28,8 +28,6 @@
 import org.apache.http.HttpHeaders;
 import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.apache.logging.log4j.LogManager;
 import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.SpecialPermission;
 import org.opensearch.common.Strings;

diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -801,7 +801,7 @@ public Collection<Object> createComponents(Client localClient, ClusterService cl
         evaluator = new PrivilegesEvaluator(clusterService, threadPool, cr, resolver, auditLog,
                 settings, privilegesInterceptor, cih, irr, dlsFlsEnabled, namedXContentRegistry);
 
-        sf = new SecurityFilter(localClient, settings, evaluator, adminDns, dlsFlsValve, auditLog, threadPool, cs, compatConfig, irr, backendRegistry, namedXContentRegistry);
+        sf = new SecurityFilter(settings, evaluator, adminDns, dlsFlsValve, auditLog, threadPool, cs, compatConfig, irr, xffResolver);
 
         final String principalExtractorClass = settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PRINCIPAL_EXTRACTOR_CLASS, null);
 

diff --git a/src/main/java/org/opensearch/security/auditlog/AuditLog.java b/src/main/java/org/opensearch/security/auditlog/AuditLog.java
@@ -48,9 +48,7 @@
 public interface AuditLog extends Closeable {
 
     //login
-    void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task);
     void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request);
-    void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task);
     void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request);
 
     //privs

diff --git a/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java b/src/main/java/org/opensearch/security/auditlog/NullAuditLog.java
@@ -52,21 +52,11 @@ public void close() throws IOException {
         //noop, intentionally left empty
     }
 
-    @Override
-    public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) {
-        //noop, intentionally left empty
-    }
-
     @Override
     public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
         //noop, intentionally left empty
     }
 
-    @Override
-    public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) {
-        //noop, intentionally left empty
-    }
-
     @Override
     public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
         //noop, intentionally left empty

diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java b/src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java
@@ -133,23 +133,6 @@ public ComplianceConfig getComplianceConfig() {
         return this.complianceConfig;
     }
 
-    @Override
-    public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) {
-        final String action = null;
-
-        if(!checkTransportFilter(AuditCategory.FAILED_LOGIN, action, effectiveUser, request)) {
-            return;
-        }
-
-        final TransportAddress remoteAddress = getRemoteAddress();
-        final List<AuditMessage> msgs = RequestResolver.resolve(AuditCategory.FAILED_LOGIN, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser, remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null);
-
-        for(AuditMessage msg: msgs) {
-            save(msg);
-        }
-    }
-
-
     @Override
     public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
 
@@ -168,21 +151,6 @@ public void logFailedLogin(String effectiveUser, boolean securityadmin, String i
         save(msg);
     }
 
-    @Override
-    public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) {
-
-        if(!checkTransportFilter(AuditCategory.AUTHENTICATED, action, effectiveUser, request)) {
-            return;
-        }
-
-        final TransportAddress remoteAddress = getRemoteAddress();
-        final List<AuditMessage> msgs = RequestResolver.resolve(AuditCategory.AUTHENTICATED, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser,remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null);
-
-        for(AuditMessage msg: msgs) {
-            save(msg);
-        }
-    }
-
     @Override
     public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
 

diff --git a/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java b/src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java
@@ -128,27 +128,13 @@ protected void save(final AuditMessage msg) {
 		}
 	}
 
-	@Override
-	public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, Task task) {
-		if (enabled) {
-			super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request, task);
-		}
-	}
-
 	@Override
 	public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) {
 		if (enabled) {
 			super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request);
 		}
 	}
 
-	@Override
-	public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, String action, Task task) {
-		if (enabled) {
-			super.logSucceededLogin(effectiveUser, securityAdmin, initiatingUser, request, action, task);
-		}
-	}
-
 	@Override
 	public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) {
 		if (enabled) {