Skip to content

Commit

Permalink
[Feature/Extension] Rename the term 'extension' into 'on_behalf_of' (o…
Browse files Browse the repository at this point in the history 
…pensearch-project#2774)


Signed-off-by: Ryan Liang <jiallian@amazon.com>
  • Loading branch information
@RyanL1997
RyanL1997 authored May 16, 2023
1 parent f1cee3b commit fa0fcc3
Show file tree
Hide file tree
Showing 12 changed files with 26 additions and 24 deletions.
4 changes: 2 additions & 2 deletions src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ public void shouldUseSecurityAdminTool() throws Exception {
}

@Test
public void shouldReloadExtensionsConfigurationFromFile() throws Exception {
public void shouldReloadOnBehalfOfConfigurationFromFile() throws Exception {
SecurityAdminLauncher securityAdminLauncher = new SecurityAdminLauncher(cluster.getHttpPort(), cluster.getTestCertificates());
File config = configurationDirectory.newFile("config.yml");
ConfigurationFiles.createConfigFile(config);
Expand All @@ -228,7 +228,7 @@ public void shouldReloadExtensionsConfigurationFromFile() throws Exception {
{
HttpResponse httpResponse = client.get("_plugins/_security/api/securityconfig");
JsonNode jsonNode = DefaultObjectMapper.objectMapper.readTree(httpResponse.getBody());
return jsonNode.get("config").get("dynamic").get("extensions");
return jsonNode.get("config").get("dynamic").get("on_behalf_of");

}, jsonNode -> jsonNode.get("encryption_key").asText().equals("encryption key") && jsonNode.get("signing_key").asText().equals("signing key")
);
Expand Down
2 changes: 1 addition & 1 deletion src/integrationTest/resources/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ config:
authentication_backend:
type: "internal"
config: {}
extensions:
on_behalf_of:
signing_key: "signing key"
encryption_key: "encryption key"
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -838,7 +838,7 @@ public Collection<Object> createComponents(Client localClient, ClusterService cl

securityRestHandler = new SecurityRestFilter(backendRegistry, auditLog, threadPool,
principalExtractor, settings, configPath, compatConfig);
//TODO: CREATE A INSTANCE OF HTTPExtensionAuthenticationBackend
HTTPOnBehalfOfJwtAuthenticator acInstance = new HTTPOnBehalfOfJwtAuthenticator();

final DynamicConfigFactory dcf = new DynamicConfigFactory(cr, settings, configPath, localClient, threadPool, cih);
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/security/securityconf/DynamicConfigModel.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public abstract class DynamicConfigModel {
public abstract Multimap<String, AuthFailureListener> getAuthBackendFailureListeners();
public abstract List<ClientBlockRegistry<InetAddress>> getIpClientBlockRegistries();
public abstract Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRegistries();
public abstract Settings getDynamicExtensionsSettings();
public abstract Settings getDynamicOnBehalfOfSettings();
protected final Map<String, String> authImplMap = new HashMap<>();

public DynamicConfigModel() {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ public Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRe
}

@Override
public Settings getDynamicExtensionsSettings() {
public Settings getDynamicOnBehalfOfSettings() {
return Settings.EMPTY;
}

Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,9 +190,9 @@ public Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRe
}

@Override
public Settings getDynamicExtensionsSettings() {
public Settings getDynamicOnBehalfOfSettings() {
return Settings.builder()
.put(Settings.builder().loadFromSource(config.dynamic.extensions.configAsJson(), XContentType.JSON).build())
.put(Settings.builder().loadFromSource(config.dynamic.on_behalf_of.configAsJson(), XContentType.JSON).build())
.build();
}

Expand Down
10 changes: 6 additions & 4 deletions src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,12 +72,14 @@ public static class Dynamic {
public String hosts_resolver_mode = "ip-only";
public String transport_userrname_attribute;
public boolean do_not_fail_on_forbidden_empty;
public Extensions extensions = new Extensions();
public OnBehalfOf on_behalf_of = new OnBehalfOf() {

};

@Override
public String toString() {
return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz="
+ authz + ", extensions=" + extensions + "]";
+ authz + ", on_behalf_of=" + on_behalf_of + "]";
}
}

Expand Down Expand Up @@ -322,7 +324,7 @@ public String toString() {

}

public static class Extensions {
public static class OnBehalfOf {
@JsonProperty("signing_key")
private String signingKey;
@JsonProperty("encryption_key")
Expand All @@ -346,7 +348,7 @@ public void setEncryptionKey(String encryptionKey) {

@Override
public String toString() {
return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
}
}
}
8 changes: 4 additions & 4 deletions src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,12 +126,12 @@ public static class Dynamic {
public String hosts_resolver_mode = "ip-only";
public String transport_userrname_attribute;
public boolean do_not_fail_on_forbidden_empty;
public Extensions extensions = new Extensions();
public OnBehalfOf on_behalf_of = new OnBehalfOf();

@Override
public String toString() {
return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz="
+ authz + ", extensions=" + extensions + "]";
+ authz + ", on_behalf_of=" + on_behalf_of + "]";
}
}

Expand Down Expand Up @@ -466,7 +466,7 @@ public String toString() {

}

public static class Extensions {
public static class OnBehalfOf {
@JsonProperty("signing_key")
private String signingKey;
@JsonProperty("encryption_key")
Expand Down Expand Up @@ -499,7 +499,7 @@ public void setEncryptionKey(String encryptionKey) {

@Override
public String toString() {
return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
}
}
}
10 changes: 5 additions & 5 deletions src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public void testCreateJwkFromSettingsWithoutSigningKey() throws Exception{
public void testCreateJwtWithRoles() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List<String> roles = List.of("IT", "HR");
String expectedRoles = "IT,HR";
Integer expirySeconds = 300;
Expand All @@ -64,7 +64,7 @@ public void testCreateJwtWithRoles() throws Exception {

Assert.assertEquals("cluster_0", jwt.getClaim("iss"));
Assert.assertEquals("admin", jwt.getClaim("sub"));
Assert.assertEquals("extension_0", jwt.getClaim("aud"));
Assert.assertEquals("audience_0", jwt.getClaim("aud"));
Assert.assertNotNull(jwt.getClaim("iat"));
Assert.assertNotNull(jwt.getClaim("exp"));
Assert.assertEquals(expectedExp, jwt.getClaim("exp"));
Expand All @@ -76,7 +76,7 @@ public void testCreateJwtWithRoles() throws Exception {
public void testCreateJwtWithBadExpiry() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List <String> roles = List.of("admin");
Integer expirySeconds = -300;
String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16);
Expand All @@ -91,7 +91,7 @@ public void testCreateJwtWithBadExpiry() throws Exception {
public void testCreateJwtWithBadEncryptionKey() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List <String> roles = List.of("admin");
Integer expirySeconds = 300;

Expand All @@ -105,7 +105,7 @@ public void testCreateJwtWithBadEncryptionKey() throws Exception {
public void testCreateJwtWithBadRoles() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List <String> roles = null;
Integer expirySecond = 300;
String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16);
Expand Down
2 changes: 1 addition & 1 deletion src/test/resources/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,6 @@ config:
multi_rolespan_enabled: false
hosts_resolver_mode: "ip-only"
transport_userrname_attribute: null
extensions:
on_behalf_of:
signing_key: "signing key"
encryption_key: "encryption key"
2 changes: 1 addition & 1 deletion src/test/resources/restapi/securityconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@
"multi_rolespan_enabled":false,
"hosts_resolver_mode":"ip-only",
"do_not_fail_on_forbidden_empty":false,
"extensions": {
"on_behalf_of": {
}
}

Expand Down
2 changes: 1 addition & 1 deletion src/test/resources/restapi/securityconfig_nondefault.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@
"multi_rolespan_enabled" : true,
"hosts_resolver_mode" : "ip-only",
"do_not_fail_on_forbidden_empty" : false,
"extensions": {
"on_behalf_of": {
"signing_key": "signing key",
"encryption_key": "encryption key"
}
Expand Down

0 comments on commit fa0fcc3

Please sign in to comment.