Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport 1.1 changes to 1.x #72

Merged
merged 5 commits into from
Sep 13, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,16 +34,16 @@ jobs:
ref: '1.x'
- name: Build OpenSearch
working-directory: ./OpenSearch
run: ./gradlew publishToMavenLocal -Dbuild.snapshot=false
run: ./gradlew publishToMavenLocal

# common-utils
- name: Build and Test
run: |
./gradlew build -Dopensearch.version=1.1.0
./gradlew build -Dopensearch.version=1.1.0-SNAPSHOT
- name: Publish to Maven Local
run: |
./gradlew publishToMavenLocal -Dopensearch.version=1.1.0
./gradlew publishToMavenLocal -Dopensearch.version=1.1.0-SNAPSHOT
- name: Upload Coverage Report
uses: codecov/codecov-action@v1
Expand Down
16 changes: 12 additions & 4 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
buildscript {
ext {
opensearch_group = "org.opensearch"
opensearch_version = System.getProperty("opensearch.version", "1.1.0")
opensearch_version = System.getProperty("opensearch.version", "1.1.0-SNAPSHOT")
kotlin_version = System.getProperty("kotlin.version", "1.4.32")
}

Expand Down Expand Up @@ -44,7 +44,17 @@ repositories {
jcenter()
}

group 'org.opensearch.commons'
ext {
isSnapshot = "true" == System.getProperty("build.snapshot", "true")
}

allprojects {
group 'org.opensearch.commons'
version = opensearch_version - '-SNAPSHOT' + '.0'
if (isSnapshot) {
version += "-SNAPSHOT"
}
}

sourceCompatibility = 1.8

Expand Down Expand Up @@ -146,8 +156,6 @@ task javadocJar(type: Jar) {
from javadoc.destinationDir
}

version '1.1.0.0'

publishing {
publications {
shadow(MavenPublication) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
## Version 1.1.0.0 Release Notes

Compatible with OpenSearch 1.1.0

### Enhancements

* Adding an utility method that allows consumers to set custom thread context property in InjectSecurity class ([#70](https://github.com/opensearch-project/common-utils/pull/70))

17 changes: 17 additions & 0 deletions src/main/java/org/opensearch/commons/InjectSecurity.java
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,23 @@ public void injectRoles(final List<String> roles) {
}
}

/**
* Allows one to set the property in threadContext if possible to the value provided. If not possible returns false.
* @param property
* @param value
* @return boolean
*/
public boolean injectProperty(final String property, final Object value) {
if (Strings.isNullOrEmpty(property) || value == null || threadContext.getTransient(property) != null) {
log.debug("{}, InjectSecurity - cannot inject property: {}", Thread.currentThread().getName(), id);
return false;
} else {
threadContext.putTransient(property, value);
log.debug("{}, InjectSecurity - inject property: {}", Thread.currentThread().getName(), id);
return true;
}
}

@Override
public void close() {
if (ctx != null) {
Expand Down
54 changes: 54 additions & 0 deletions src/test/java/org/opensearch/commons/InjectSecurityTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,16 @@
package org.opensearch.commons;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.opensearch.commons.ConfigConstants.INJECTED_USER;
import static org.opensearch.commons.ConfigConstants.OPENSEARCH_SECURITY_INJECTED_ROLES;
import static org.opensearch.commons.ConfigConstants.OPENSEARCH_SECURITY_USE_INJECTED_USER_FOR_PLUGINS;

import java.util.Arrays;
import java.util.Map;

import org.junit.jupiter.api.Test;
import org.opensearch.common.settings.Settings;
Expand Down Expand Up @@ -102,4 +105,55 @@ public void testInjectUser() {
assertEquals("plugin", threadContext.getTransient("ctx.name"));
assertNull(threadContext.getTransient(INJECTED_USER));
}

@Test
public void testInjectProperty() {
Settings settings = Settings.builder().put(OPENSEARCH_SECURITY_USE_INJECTED_USER_FOR_PLUGINS, false).build();
Settings headerSettings = Settings.builder().put("request.headers.default", "1").build();
ThreadContext threadContext = new ThreadContext(headerSettings);
threadContext.putHeader("name", "opendistro");
threadContext.putTransient("ctx.name", "plugin");

assertEquals("1", threadContext.getHeader("default"));
assertEquals("opendistro", threadContext.getHeader("name"));
assertEquals("plugin", threadContext.getTransient("ctx.name"));

try (InjectSecurity helper = new InjectSecurity("test-name", settings, threadContext)) {
helper.inject("joe", Arrays.asList("ops-role", "logs-role"));
assertEquals("1", threadContext.getHeader("default"));
assertEquals("opendistro", threadContext.getHeader("name"));
assertEquals("plugin", threadContext.getTransient("ctx.name"));
assertNotNull(threadContext.getTransient(OPENSEARCH_SECURITY_INJECTED_ROLES));
// cannot inject property that is already set
assertFalse(helper.injectProperty(OPENSEARCH_SECURITY_INJECTED_ROLES, "new value"));
assertEquals("plugin|ops-role,logs-role", threadContext.getTransient(OPENSEARCH_SECURITY_INJECTED_ROLES));
// cannot inject invalid property/value
assertFalse(helper.injectProperty("", "new value"));
assertFalse(helper.injectProperty(null, "new value"));
assertFalse(helper.injectProperty("property", null));
// can inject non-set valid properties
assertTrue(helper.injectProperty("property1", true));
assertTrue(helper.injectProperty("property2", "some value"));
assertTrue(helper.injectProperty("property3", ""));
assertTrue(helper.injectProperty("property4", Map.of("key", "value")));
// verify the set properties are not null and equal to what was set
assertNull(threadContext.getTransient("property"));
assertNotNull(threadContext.getTransient("property1"));
assertEquals(true, threadContext.getTransient("property1"));
assertNotNull(threadContext.getTransient("property2"));
assertEquals("some value", threadContext.getTransient("property2"));
assertNotNull(threadContext.getTransient("property3"));
assertEquals("", threadContext.getTransient("property3"));
assertNotNull(threadContext.getTransient("property4"));
assertEquals(Map.of("key", "value"), threadContext.getTransient("property4"));
}
assertEquals("1", threadContext.getHeader("default"));
assertEquals("opendistro", threadContext.getHeader("name"));
assertEquals("plugin", threadContext.getTransient("ctx.name"));
assertNull(threadContext.getTransient(OPENSEARCH_SECURITY_INJECTED_ROLES));
assertNull(threadContext.getTransient("property1"));
assertNull(threadContext.getTransient("property2"));
assertNull(threadContext.getTransient("property3"));
assertNull(threadContext.getTransient("property4"));
}
}