PR cleanup

Signed-off-by: Derek Ho <[email protected]>

src/main/java/org/opensearch/security/action/apitokens/ApiTokenAction.java

@@ -12,9 +12,11 @@
 package org.opensearch.security.action.apitokens;
 
 import java.io.IOException;
+import java.time.Instant;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
 import com.google.common.collect.ImmutableList;
@@ -128,7 +130,7 @@ private RestChannelConsumer handlePost(RestRequest request, NodeClient client) {
                     (String) requestBody.get(NAME_FIELD),
                     clusterPermissions,
                     indexPermissions,
-                    (Long) requestBody.getOrDefault(EXPIRATION_FIELD, Long.MAX_VALUE)
+                    (Long) requestBody.getOrDefault(EXPIRATION_FIELD, Instant.now().toEpochMilli() + TimeUnit.DAYS.toMillis(30))
                 );
 
                 builder.startObject();

src/main/java/org/opensearch/security/action/apitokens/ApiTokenRepository.java

@@ -43,7 +43,13 @@ public String createApiToken(
         apiTokenIndexHandler.createApiTokenIndexIfAbsent();
         // TODO: Add validation on whether user is creating a token with a subset of their permissions
         ExpiringBearerAuthToken token = securityTokenManager.issueApiToken(name, expiration, clusterPermissions, indexPermissions);
-        ApiToken apiToken = new ApiToken(name, securityTokenManager.encryptToken(token.getCompleteToken()), clusterPermissions, indexPermissions, expiration);
+        ApiToken apiToken = new ApiToken(
+            name,
+            securityTokenManager.encryptToken(token.getCompleteToken()),
+            clusterPermissions,
+            indexPermissions,
+            expiration
+        );
         apiTokenIndexHandler.indexTokenMetadata(apiToken);
         return token.getCompleteToken();
     }

src/main/java/org/opensearch/security/identity/SecurityTokenManager.java

@@ -141,21 +141,19 @@ public ExpiringBearerAuthToken issueOnBehalfOfToken(final Subject subject, final
         }
     }
 
-    public ExpiringBearerAuthToken issueApiToken(final String name, final Long expiration, final List<String> clusterPermissions, final List<ApiToken.IndexPermission> indexPermissions) {
+    public ExpiringBearerAuthToken issueApiToken(
+        final String name,
+        final Long expiration,
+        final List<String> clusterPermissions,
+        final List<ApiToken.IndexPermission> indexPermissions
+    ) {
         final User user = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
         if (user == null) {
             throw new OpenSearchSecurityException("Unsupported user to generate Api Token");
         }
 
         try {
-            return apiTokenJwtVendor.createJwt(
-                cs.getClusterName().value(),
-                name,
-                name,
-                expiration,
-                clusterPermissions,
-                indexPermissions
-            );
+            return apiTokenJwtVendor.createJwt(cs.getClusterName().value(), name, name, expiration, clusterPermissions, indexPermissions);
         } catch (final Exception ex) {
             logger.error("Error creating Api Token for " + user.getName(), ex);
             throw new OpenSearchSecurityException("Unable to generate Api Token");

src/test/java/org/opensearch/security/identity/SecurityTokenManagerTest.java

@@ -28,7 +28,6 @@
 import org.opensearch.identity.Subject;
 import org.opensearch.identity.tokens.AuthToken;
 import org.opensearch.identity.tokens.OnBehalfOfClaims;
-import org.opensearch.security.action.apitokens.ApiToken;
 import org.opensearch.security.authtoken.jwt.ExpiringBearerAuthToken;
 import org.opensearch.security.authtoken.jwt.JwtVendor;
 import org.opensearch.security.securityconf.ConfigModel;
@@ -263,7 +262,7 @@ public void issueApiToken_success() throws Exception {
 
         final ExpiringBearerAuthToken authToken = mock(ExpiringBearerAuthToken.class);
         when(jwtVendor.createJwt(anyString(), anyString(), anyString(), anyLong(), any(), any())).thenReturn(authToken);
-        final AuthToken returnedToken = tokenManager.issueApiToken(new ApiToken("elmo", List.of("*"), List.of()));
+        final AuthToken returnedToken = tokenManager.issueApiToken("elmo", Long.MAX_VALUE, List.of("*"), List.of());
 
         assertThat(returnedToken, equalTo(authToken));
 
@@ -284,7 +283,7 @@ public void encryptCallsJwtEncrypt() throws Exception {
 
         final ExpiringBearerAuthToken authToken = mock(ExpiringBearerAuthToken.class);
         when(jwtVendor.createJwt(anyString(), anyString(), anyString(), anyLong(), any(), any())).thenReturn(authToken);
-        final AuthToken returnedToken = tokenManager.issueApiToken(new ApiToken("elmo", List.of("*"), List.of()));
+        final AuthToken returnedToken = tokenManager.issueApiToken("elmo", Long.MAX_VALUE, List.of("*"), List.of());
 
         assertThat(returnedToken, equalTo(authToken));