security: create config-specific header

The security_config library contains specific bits that are shared between security module and configuration. However, the header declarations for those bits are in headers that aren't easily included in configuration system because of all the additional things brought along. So this commit splits these out into a specific config.h header that is intended to be included by configuration system. Signed-off-by: Noah Watkins <noahwatkins@gmail.com>
redpanda-data · May 24, 2024 · 7379eb3 · 7379eb3
1 parent 9dc3767
commit 7379eb3
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 10 deletions.
diff --git a/src/v/config/configuration.cc b/src/v/config/configuration.cc
@@ -16,9 +16,8 @@
 #include "config/validators.h"
 #include "model/metadata.h"
 #include "model/namespace.h"
+#include "security/config.h"
 #include "security/gssapi_principal_mapper.h"
-#include "security/mtls.h"
-#include "security/oidc_principal_mapping.h"
 #include "security/oidc_url_parser.h"
 #include "ssx/sformat.h"
 #include "storage/config.h"

diff --git a/src/v/security/config.h b/src/v/security/config.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 Redpanda Data, Inc.
+ *
+ * Use of this software is governed by the Business Source License
+ * included in the file licenses/BSL.md
+ *
+ * As of the Change Date specified in that file, in accordance with
+ * the Business Source License, use of this software will be governed
+ * by the Apache License, Version 2.0
+ */
+#pragma once
+
+#include "base/seastarx.h"
+
+#include <seastar/core/sstring.hh>
+
+#include <optional>
+#include <vector>
+
+namespace security::tls {
+
+std::optional<ss::sstring>
+validate_rules(const std::optional<std::vector<ss::sstring>>& r) noexcept;
+
+}
+
+namespace security::oidc {
+
+std::optional<ss::sstring>
+validate_principal_mapping_rule(ss::sstring const& rule);
+
+}
diff --git a/src/v/security/mtls.cc b/src/v/security/mtls.cc
@@ -27,9 +27,6 @@ parse_rules(std::optional<std::vector<ss::sstring>> unparsed_rules);
 
 } // namespace detail
 
-std::optional<ss::sstring>
-validate_rules(const std::optional<std::vector<ss::sstring>>& r) noexcept;
-
 std::ostream& operator<<(std::ostream& os, const rule& r) {
     fmt::print(os, "{}", r);
     return os;

diff --git a/src/v/security/mtls.h b/src/v/security/mtls.h
@@ -86,9 +86,6 @@ class mtls_state {
     std::optional<ss::sstring> _subject;
 };
 
-std::optional<ss::sstring>
-validate_rules(const std::optional<std::vector<ss::sstring>>& r) noexcept;
-
 } // namespace security::tls
 
 template<>

diff --git a/src/v/security/oidc_principal_mapping.h b/src/v/security/oidc_principal_mapping.h
@@ -40,7 +40,5 @@ class principal_mapping_rule {
 };
 
 result<principal_mapping_rule> parse_principal_mapping_rule(std::string_view);
-std::optional<ss::sstring>
-validate_principal_mapping_rule(ss::sstring const& rule);
 
 } // namespace security::oidc