Remove the wording of seconds in obo endpoint and make the expiry int…

…o configconstants Signed-off-by: Ryan Liang <jiallian@amazon.com>
peternied · Aug 22, 2023 · 7e3824e · 7e3824e
1 parent a126512
commit 7e3824e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java
@@ -41,6 +41,8 @@
 
 import static org.opensearch.rest.RestRequest.Method.POST;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
+import static org.opensearch.security.support.ConfigConstants.OBO_DEFAULT_EXPIRY_SECONDS;
+import static org.opensearch.security.support.ConfigConstants.OBO_MAX_EXPIRY_SECONDS;
 
 public class CreateOnBehalfOfTokenAction extends BaseRestHandler {
 
@@ -129,8 +131,8 @@ public void accept(RestChannel channel) throws Exception {
                     final Integer tokenDuration = Optional.ofNullable(requestBody.get("duration"))
                         .map(value -> (String) value)
                         .map(Integer::parseInt)
-                        .map(value -> Math.min(value, 10 * 60)) // Max duration is 10 minutes
-                        .orElse(5 * 60); // Fallback to default of 5 minutes;
+                        .map(value -> Math.min(value, OBO_MAX_EXPIRY_SECONDS)) // Max duration is 10 minutes
+                        .orElse(OBO_DEFAULT_EXPIRY_SECONDS); // Fallback to default of 5 minutes;
 
                     final String service = (String) requestBody.getOrDefault("service", "self-issued");
                     final User user = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
@@ -148,7 +150,7 @@ public void accept(RestChannel channel) throws Exception {
                         user.getRoles().stream().collect(Collectors.toList())
                     );
                     builder.field("onBehalfOfToken", token);
-                    builder.field("duration", tokenDuration + " seconds");
+                    builder.field("duration", tokenDuration);
                     builder.endObject();
 
                     response = new BytesRestResponse(RestStatus.OK, builder);

diff --git a/src/main/java/org/opensearch/security/support/ConfigConstants.java b/src/main/java/org/opensearch/security/support/ConfigConstants.java
@@ -319,6 +319,10 @@ public enum RolesMappingResolution {
     public static final String TENANCY_PRIVATE_TENANT_NAME = "private";
     public static final String TENANCY_GLOBAL_TENANT_NAME = "global";
     public static final String TENANCY_GLOBAL_TENANT_DEFAULT_NAME = "";
+
+    // On-behalf-of endpoints settings
+    public static final Integer OBO_DEFAULT_EXPIRY_SECONDS = 5 * 60;
+    public static final Integer OBO_MAX_EXPIRY_SECONDS = 10 * 60;
 
     // CS-SUPPRESS-SINGLE: RegexpSingleline get Extensions Settings
     public static final String EXTENSIONS_BWC_PLUGIN_MODE = "bwcPluginMode";