Skip to content

Commit

Permalink
[Enhancement-3191] transport_enabled setting on an auth domain and …
Browse files Browse the repository at this point in the history
…authorizer may be unnecessary after transport client removal (#3939)

Signed-off-by: Prabhas Kurapati <[email protected]>
(cherry picked from commit 881ed58)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
github-actions[bot] committed Jan 19, 2024
1 parent a0c3dba commit 6e4314e
Show file tree
Hide file tree
Showing 13 changed files with 213 additions and 91 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,6 @@ public class LdapAuthenticationTest {
.rolesMapping(new RolesMapping(ALL_ACCESS).backendRoles(CN_GROUP_ADMIN))
.authz(
new AuthzDomain("ldap_roles").httpEnabled(true)
.transportEnabled(true)
.authorizationBackend(
new AuthorizationBackend("ldap").config(
() -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapNonTlsPort()))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,6 @@ public class LdapTlsAuthenticationTest {
)
.authz(
new AuthzDomain("ldap_roles").httpEnabled(true)
.transportEnabled(true)
.authorizationBackend(
new AuthorizationBackend("ldap").config(
() -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapTlsPort()))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ public class AuthzDomain implements ToXContentObject {

private boolean httpEnabled;

private boolean transportEnabled;

private AuthorizationBackend authorizationBackend;

public AuthzDomain(String id) {
Expand All @@ -52,17 +50,11 @@ public AuthzDomain authorizationBackend(AuthorizationBackend authorizationBacken
return this;
}

public AuthzDomain transportEnabled(boolean transportEnabled) {
this.transportEnabled = transportEnabled;
return this;
}

@Override
public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException {
xContentBuilder.startObject();
xContentBuilder.field("description", description);
xContentBuilder.field("http_enabled", httpEnabled);
xContentBuilder.field("transport_enabled", transportEnabled);
xContentBuilder.field("authorization_backend", authorizationBackend);
xContentBuilder.endObject();
return xContentBuilder;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,6 @@ public class DynamicConfigModelV6 extends DynamicConfigModel {
private final Path configPath;
private SortedSet<AuthDomain> restAuthDomains;
private Set<AuthorizationBackend> restAuthorizers;
private SortedSet<AuthDomain> transportAuthDomains;
private Set<AuthorizationBackend> transportAuthorizers;
private List<Destroyable> destroyableComponents;
private final InternalAuthenticationBackend iab;

Expand Down Expand Up @@ -216,8 +214,6 @@ private void buildAAA() {

final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
final List<Destroyable> destroyableComponents0 = new LinkedList<>();
final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
Expand All @@ -229,9 +225,8 @@ private void buildAAA() {
for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {

final String authzBackendClazz = ad.getValue().authorization_backend.type;
Expand Down Expand Up @@ -264,10 +259,6 @@ private void buildAAA() {
restAuthorizers0.add(authorizationBackend);
}

if (transportEnabled) {
transportAuthorizers0.add(authorizationBackend);
}

if (authorizationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authorizationBackend);
}
Expand All @@ -282,9 +273,8 @@ private void buildAAA() {
for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {
AuthenticationBackend authenticationBackend;
final String authBackendClazz = ad.getValue().authentication_backend.type;
Expand Down Expand Up @@ -343,10 +333,6 @@ private void buildAAA() {
restAuthDomains0.add(_ad);
}

if (transportEnabled) {
transportAuthDomains0.add(_ad);
}

if (httpAuthenticator instanceof Destroyable) {
destroyableComponents0.add((Destroyable) httpAuthenticator);
}
Expand All @@ -365,9 +351,7 @@ private void buildAAA() {
List<Destroyable> originalDestroyableComponents = destroyableComponents;

restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);

destroyableComponents = Collections.unmodifiableList(destroyableComponents0);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,6 @@ public class DynamicConfigModelV7 extends DynamicConfigModel {
private final Path configPath;
private SortedSet<AuthDomain> restAuthDomains;
private Set<AuthorizationBackend> restAuthorizers;
private SortedSet<AuthDomain> transportAuthDomains;
private Set<AuthorizationBackend> transportAuthorizers;
private List<Destroyable> destroyableComponents;
private final InternalAuthenticationBackend iab;

Expand Down Expand Up @@ -234,8 +232,6 @@ private void buildAAA() {

final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
final List<Destroyable> destroyableComponents0 = new LinkedList<>();
final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
Expand All @@ -246,9 +242,8 @@ private void buildAAA() {

for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
final boolean httpEnabled = ad.getValue().http_enabled;
final boolean transportEnabled = ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {

final String authzBackendClazz = ad.getValue().authorization_backend.type;
Expand Down Expand Up @@ -281,10 +276,6 @@ private void buildAAA() {
restAuthorizers0.add(authorizationBackend);
}

if (transportEnabled) {
transportAuthorizers0.add(authorizationBackend);
}

if (authorizationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authorizationBackend);
}
Expand All @@ -298,9 +289,8 @@ private void buildAAA() {

for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
final boolean httpEnabled = ad.getValue().http_enabled;
final boolean transportEnabled = ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {
AuthenticationBackend authenticationBackend;
final String authBackendClazz = ad.getValue().authentication_backend.type;
Expand Down Expand Up @@ -359,10 +349,6 @@ private void buildAAA() {
restAuthDomains0.add(_ad);
}

if (transportEnabled) {
transportAuthDomains0.add(_ad);
}

if (httpAuthenticator instanceof Destroyable) {
destroyableComponents0.add((Destroyable) httpAuthenticator);
}
Expand Down Expand Up @@ -398,9 +384,7 @@ private void buildAAA() {
List<Destroyable> originalDestroyableComponents = destroyableComponents;

restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);

destroyableComponents = Collections.unmodifiableList(destroyableComponents0);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,12 @@
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;

import org.opensearch.security.DefaultObjectMapper;
import org.opensearch.security.auth.internal.InternalAuthenticationBackend;
import org.opensearch.security.setting.DeprecatedSettings;

public class ConfigV6 {

Expand Down Expand Up @@ -224,8 +227,6 @@ public static class AuthcDomain {
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean http_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean transport_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean enabled = true;
public int order = 0;
public HttpAuthenticator http_authenticator = new HttpAuthenticator();
Expand All @@ -235,8 +236,6 @@ public static class AuthcDomain {
public String toString() {
return "AuthcDomain [http_enabled="
+ http_enabled
+ ", transport_enabled="
+ transport_enabled
+ ", enabled="
+ enabled
+ ", order="
Expand All @@ -248,6 +247,31 @@ public String toString() {
+ "]";
}

@JsonAnySetter
public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
switch (name) {
case "transport_enabled":
DeprecatedSettings.logCustomDeprecationMessage(
String.format(
"In AuthcDomain, using http_authenticator=%s, authentication_backend=%s",
http_authenticator,
authentication_backend
),
name
);
break;
default:
throw new UnrecognizedPropertyException(

Check warning on line 264 in src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java#L264

Added line #L264 was not covered by tests
null,
"Unrecognized field " + name + " present in the input data for AuthcDomain config",
null,
AuthcDomain.class,
name,
null
);
}
}

}

public static class HttpAuthenticator {
Expand Down Expand Up @@ -337,24 +361,41 @@ public static class AuthzDomain {
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean http_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean transport_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean enabled = true;
public AuthzBackend authorization_backend = new AuthzBackend();

@Override
public String toString() {
return "AuthzDomain [http_enabled="
+ http_enabled
+ ", transport_enabled="
+ transport_enabled
+ ", enabled="
+ enabled
+ ", authorization_backend="
+ authorization_backend
+ "]";
}

@JsonAnySetter
public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
switch (name) {
case "transport_enabled":
DeprecatedSettings.logCustomDeprecationMessage(
String.format("In AuthzDomain, using authorization_backend=%s", authorization_backend),
name
);
break;
default:
throw new UnrecognizedPropertyException(

Check warning on line 388 in src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java#L388

Added line #L388 was not covered by tests
null,
"Unrecognized field " + name + " present in the input data for AuthzDomain config",
null,
AuthzDomain.class,
name,
null
);
}
}

}

public static class OnBehalfOfSettings {
Expand Down
Loading

0 comments on commit 6e4314e

Please sign in to comment.