From 7379eb30d7958036e86c14ceaa3a5233c9822f0d Mon Sep 17 00:00:00 2001 From: Noah Watkins Date: Fri, 24 May 2024 12:16:27 -0700 Subject: [PATCH] security: create config-specific header The security_config library contains specific bits that are shared between security module and configuration. However, the header declarations for those bits are in headers that aren't easily included in configuration system because of all the additional things brought along. So this commit splits these out into a specific config.h header that is intended to be included by configuration system. Signed-off-by: Noah Watkins --- src/v/config/configuration.cc | 3 +-- src/v/security/config.h | 32 +++++++++++++++++++++++++ src/v/security/mtls.cc | 3 --- src/v/security/mtls.h | 3 --- src/v/security/oidc_principal_mapping.h | 2 -- 5 files changed, 33 insertions(+), 10 deletions(-) create mode 100644 src/v/security/config.h diff --git a/src/v/config/configuration.cc b/src/v/config/configuration.cc index 268f569af677e..0de6b13a781fd 100644 --- a/src/v/config/configuration.cc +++ b/src/v/config/configuration.cc @@ -16,9 +16,8 @@ #include "config/validators.h" #include "model/metadata.h" #include "model/namespace.h" +#include "security/config.h" #include "security/gssapi_principal_mapper.h" -#include "security/mtls.h" -#include "security/oidc_principal_mapping.h" #include "security/oidc_url_parser.h" #include "ssx/sformat.h" #include "storage/config.h" diff --git a/src/v/security/config.h b/src/v/security/config.h new file mode 100644 index 0000000000000..02a15ab898e3f --- /dev/null +++ b/src/v/security/config.h @@ -0,0 +1,32 @@ +/* + * Copyright 2024 Redpanda Data, Inc. + * + * Use of this software is governed by the Business Source License + * included in the file licenses/BSL.md + * + * As of the Change Date specified in that file, in accordance with + * the Business Source License, use of this software will be governed + * by the Apache License, Version 2.0 + */ +#pragma once + +#include "base/seastarx.h" + +#include + +#include +#include + +namespace security::tls { + +std::optional +validate_rules(const std::optional>& r) noexcept; + +} + +namespace security::oidc { + +std::optional +validate_principal_mapping_rule(ss::sstring const& rule); + +} diff --git a/src/v/security/mtls.cc b/src/v/security/mtls.cc index a255e4bd0f4af..175fb9c51d063 100644 --- a/src/v/security/mtls.cc +++ b/src/v/security/mtls.cc @@ -27,9 +27,6 @@ parse_rules(std::optional> unparsed_rules); } // namespace detail -std::optional -validate_rules(const std::optional>& r) noexcept; - std::ostream& operator<<(std::ostream& os, const rule& r) { fmt::print(os, "{}", r); return os; diff --git a/src/v/security/mtls.h b/src/v/security/mtls.h index 52e1f901a74a0..231a84bc4bbc5 100644 --- a/src/v/security/mtls.h +++ b/src/v/security/mtls.h @@ -86,9 +86,6 @@ class mtls_state { std::optional _subject; }; -std::optional -validate_rules(const std::optional>& r) noexcept; - } // namespace security::tls template<> diff --git a/src/v/security/oidc_principal_mapping.h b/src/v/security/oidc_principal_mapping.h index b9598f7171f84..6de648ec632fc 100644 --- a/src/v/security/oidc_principal_mapping.h +++ b/src/v/security/oidc_principal_mapping.h @@ -40,7 +40,5 @@ class principal_mapping_rule { }; result parse_principal_mapping_rule(std::string_view); -std::optional -validate_principal_mapping_rule(ss::sstring const& rule); } // namespace security::oidc