diff --git a/config/config.yml b/config/config.yml index 1493a0d7f1..e2d12c18d1 100644 --- a/config/config.yml +++ b/config/config.yml @@ -14,9 +14,8 @@ # After authentication authorization (authz) will be applied. There can be zero or more authorizers which collect # the roles from a given backend for the authenticated user. # -# Both, authc and auth can be enabled/disabled separately for REST and TRANSPORT layer. Default is true for both. +# Both, authc and auth can be enabled/disabled separately for REST layer. Default is true for both. # http_enabled: true -# transport_enabled: true # # For HTTP it is possible to allow anonymous authentication. If that is the case then the HTTP authenticators try to # find user credentials in the HTTP request. If credentials are found then the user gets regularly authenticated. @@ -86,7 +85,6 @@ config: authc: kerberos_auth_domain: http_enabled: false - transport_enabled: false order: 6 http_authenticator: type: kerberos @@ -101,7 +99,6 @@ config: basic_internal_auth_domain: description: "Authenticate via HTTP Basic against internal users database" http_enabled: true - transport_enabled: true order: 4 http_authenticator: type: basic @@ -111,7 +108,6 @@ config: proxy_auth_domain: description: "Authenticate via proxy" http_enabled: false - transport_enabled: false order: 3 http_authenticator: type: proxy @@ -124,7 +120,6 @@ config: jwt_auth_domain: description: "Authenticate via Json Web Token" http_enabled: false - transport_enabled: false order: 0 http_authenticator: type: jwt @@ -141,7 +136,6 @@ config: clientcert_auth_domain: description: "Authenticate via SSL client certificates" http_enabled: false - transport_enabled: false order: 2 http_authenticator: type: clientcert @@ -153,7 +147,6 @@ config: ldap: description: "Authenticate via LDAP or Active Directory" http_enabled: false - transport_enabled: false order: 5 http_authenticator: type: basic @@ -184,7 +177,6 @@ config: roles_from_myldap: description: "Authorize via LDAP or Active Directory" http_enabled: false - transport_enabled: false authorization_backend: # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too) type: ldap @@ -228,7 +220,6 @@ config: roles_from_another_ldap: description: "Authorize via another Active Directory" http_enabled: false - transport_enabled: false authorization_backend: type: ldap #config goes here ... diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java index e5308aa574..18241920d0 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java @@ -68,8 +68,6 @@ public class DynamicConfigModelV6 extends DynamicConfigModel { private final Path configPath; private SortedSet restAuthDomains; private Set restAuthorizers; - private SortedSet transportAuthDomains; - private Set transportAuthorizers; private List destroyableComponents; private final InternalAuthenticationBackend iab; @@ -216,8 +214,6 @@ private void buildAAA() { final SortedSet restAuthDomains0 = new TreeSet<>(); final Set restAuthorizers0 = new HashSet<>(); - final SortedSet transportAuthDomains0 = new TreeSet<>(); - final Set transportAuthorizers0 = new HashSet<>(); final List destroyableComponents0 = new LinkedList<>(); final List ipAuthFailureListeners0 = new ArrayList<>(); final Multimap authBackendFailureListeners0 = ArrayListMultimap.create(); @@ -229,9 +225,8 @@ private void buildAAA() { for (final Entry ad : authzDyn.getDomains().entrySet()) { final boolean enabled = ad.getValue().enabled; final boolean httpEnabled = enabled && ad.getValue().http_enabled; - final boolean transportEnabled = enabled && ad.getValue().transport_enabled; - if (httpEnabled || transportEnabled) { + if (httpEnabled) { try { final String authzBackendClazz = ad.getValue().authorization_backend.type; @@ -264,10 +259,6 @@ private void buildAAA() { restAuthorizers0.add(authorizationBackend); } - if (transportEnabled) { - transportAuthorizers0.add(authorizationBackend); - } - if (authorizationBackend instanceof Destroyable) { destroyableComponents0.add((Destroyable) authorizationBackend); } @@ -343,10 +334,6 @@ private void buildAAA() { restAuthDomains0.add(_ad); } - if (transportEnabled) { - transportAuthDomains0.add(_ad); - } - if (httpAuthenticator instanceof Destroyable) { destroyableComponents0.add((Destroyable) httpAuthenticator); } @@ -365,9 +352,7 @@ private void buildAAA() { List originalDestroyableComponents = destroyableComponents; restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0); - transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0); restAuthorizers = Collections.unmodifiableSet(restAuthorizers0); - transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0); destroyableComponents = Collections.unmodifiableList(destroyableComponents0); diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java index 0de83f2e2e..33eedb785a 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java @@ -76,8 +76,6 @@ public class DynamicConfigModelV7 extends DynamicConfigModel { private final Path configPath; private SortedSet restAuthDomains; private Set restAuthorizers; - private SortedSet transportAuthDomains; - private Set transportAuthorizers; private List destroyableComponents; private final InternalAuthenticationBackend iab; @@ -234,8 +232,6 @@ private void buildAAA() { final SortedSet restAuthDomains0 = new TreeSet<>(); final Set restAuthorizers0 = new HashSet<>(); - final SortedSet transportAuthDomains0 = new TreeSet<>(); - final Set transportAuthorizers0 = new HashSet<>(); final List destroyableComponents0 = new LinkedList<>(); final List ipAuthFailureListeners0 = new ArrayList<>(); final Multimap authBackendFailureListeners0 = ArrayListMultimap.create(); @@ -246,9 +242,8 @@ private void buildAAA() { for (final Entry ad : authzDyn.getDomains().entrySet()) { final boolean httpEnabled = ad.getValue().http_enabled; - final boolean transportEnabled = ad.getValue().transport_enabled; - if (httpEnabled || transportEnabled) { + if (httpEnabled) { try { final String authzBackendClazz = ad.getValue().authorization_backend.type; @@ -281,10 +276,6 @@ private void buildAAA() { restAuthorizers0.add(authorizationBackend); } - if (transportEnabled) { - transportAuthorizers0.add(authorizationBackend); - } - if (authorizationBackend instanceof Destroyable) { destroyableComponents0.add((Destroyable) authorizationBackend); } @@ -359,10 +350,6 @@ private void buildAAA() { restAuthDomains0.add(_ad); } - if (transportEnabled) { - transportAuthDomains0.add(_ad); - } - if (httpAuthenticator instanceof Destroyable) { destroyableComponents0.add((Destroyable) httpAuthenticator); } @@ -398,9 +385,7 @@ private void buildAAA() { List originalDestroyableComponents = destroyableComponents; restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0); - transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0); restAuthorizers = Collections.unmodifiableSet(restAuthorizers0); - transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0); destroyableComponents = Collections.unmodifiableList(destroyableComponents0);