Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove TransportClient auth/auth #1701

Merged
merged 9 commits into from
Apr 12, 2022
+32 −444
Merged

Remove TransportClient auth/auth #1701

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
5c11264
Remove code related to TransportClient auth/auth (#1578)
jochenkressin Mar 23, 2022
30d7315
Remove Transport Auth auditlog categories (#1578)
jochenkressin Mar 23, 2022
8363896
Merge branch 'opensearch-project:main' into remove-transport-auth
jochenkressin Mar 23, 2022
0d4d14f
Code cosmetic - removed obsolete comment
jochenkressin Mar 23, 2022
cf6cd11
Merge branch 'opensearch-project:main' into remove-transport-auth
jochenkressin Apr 7, 2022
bbd7636
Enforce privileges evaluation for injected user (#1578)
jochenkressin Apr 10, 2022
546bfa4
Merge remote-tracking branch 'origin/main' into remove-transport-auth
peternied Apr 12, 2022
3cebc7a
Clean up import statement changes
peternied Apr 12, 2022
ac78bd9
Readd dropped imports
peternied Apr 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,6 @@
import org.apache.http.HttpHeaders;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.LogManager;
import org.opensearch.OpenSearchSecurityException;
import org.opensearch.SpecialPermission;
import org.opensearch.common.Strings;
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -801,7 +801,7 @@ public Collection<Object> createComponents(Client localClient, ClusterService cl
evaluator = new PrivilegesEvaluator(clusterService, threadPool, cr, resolver, auditLog,
settings, privilegesInterceptor, cih, irr, dlsFlsEnabled, namedXContentRegistry);

sf = new SecurityFilter(localClient, settings, evaluator, adminDns, dlsFlsValve, auditLog, threadPool, cs, compatConfig, irr, backendRegistry, namedXContentRegistry);
sf = new SecurityFilter(settings, evaluator, adminDns, dlsFlsValve, auditLog, threadPool, cs, compatConfig, irr, xffResolver);

final String principalExtractorClass = settings.get(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PRINCIPAL_EXTRACTOR_CLASS, null);

Expand Down
2 changes: 0 additions & 2 deletions src/main/java/org/opensearch/security/auditlog/AuditLog.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,7 @@
public interface AuditLog extends Closeable {

//login
void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task);
void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request);
void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task);
void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request);

//privs
Expand Down
10 changes: 0 additions & 10 deletions src/main/java/org/opensearch/security/auditlog/NullAuditLog.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,21 +52,11 @@ public void close() throws IOException {
//noop, intentionally left empty
}

@Override
public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) {
//noop, intentionally left empty
}

@Override
public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
//noop, intentionally left empty
}

@Override
public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) {
//noop, intentionally left empty
}

@Override
public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {
//noop, intentionally left empty
Expand Down
32 changes: 0 additions & 32 deletions src/main/java/org/opensearch/security/auditlog/impl/AbstractAuditLog.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,23 +133,6 @@ public ComplianceConfig getComplianceConfig() {
return this.complianceConfig;
}

@Override
public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, Task task) {
final String action = null;

if(!checkTransportFilter(AuditCategory.FAILED_LOGIN, action, effectiveUser, request)) {
return;
}

final TransportAddress remoteAddress = getRemoteAddress();
final List<AuditMessage> msgs = RequestResolver.resolve(AuditCategory.FAILED_LOGIN, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser, remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null);

for(AuditMessage msg: msgs) {
save(msg);
}
}


@Override
public void logFailedLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {

Expand All @@ -168,21 +151,6 @@ public void logFailedLogin(String effectiveUser, boolean securityadmin, String i
save(msg);
}

@Override
public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, TransportRequest request, String action, Task task) {

if(!checkTransportFilter(AuditCategory.AUTHENTICATED, action, effectiveUser, request)) {
return;
}

final TransportAddress remoteAddress = getRemoteAddress();
final List<AuditMessage> msgs = RequestResolver.resolve(AuditCategory.AUTHENTICATED, getOrigin(), action, null, effectiveUser, securityadmin, initiatingUser,remoteAddress, request, getThreadContextHeaders(), task, resolver, clusterService, settings, auditConfigFilter.shouldLogRequestBody(), auditConfigFilter.shouldResolveIndices(), auditConfigFilter.shouldResolveBulkRequests(), securityIndex, auditConfigFilter.shouldExcludeSensitiveHeaders(), null);

for(AuditMessage msg: msgs) {
save(msg);
}
}

@Override
public void logSucceededLogin(String effectiveUser, boolean securityadmin, String initiatingUser, RestRequest request) {

Expand Down
14 changes: 0 additions & 14 deletions src/main/java/org/opensearch/security/auditlog/impl/AuditLogImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,27 +128,13 @@ protected void save(final AuditMessage msg) {
}
}

@Override
public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, Task task) {
if (enabled) {
super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request, task);
}
}

@Override
public void logFailedLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) {
if (enabled) {
super.logFailedLogin(effectiveUser, securityAdmin, initiatingUser, request);
}
}

@Override
public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, TransportRequest request, String action, Task task) {
if (enabled) {
super.logSucceededLogin(effectiveUser, securityAdmin, initiatingUser, request, action, task);
}
}

@Override
public void logSucceededLogin(String effectiveUser, boolean securityAdmin, String initiatingUser, RestRequest request) {
if (enabled) {
Expand Down
Loading