From bca8b361d35b5c61a57e4ea62c815aa0614f2870 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Mon, 1 May 2023 14:50:29 -0400 Subject: [PATCH] Check in extensions registry Signed-off-by: Craig Perkins --- .../org/opensearch/security/OpenSearchSecurityPlugin.java | 8 +++++++- .../security/transport/SecurityRequestHandler.java | 7 ++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 87ca878fc6..ed600af62b 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -94,6 +94,7 @@ import org.opensearch.core.xcontent.NamedXContentRegistry; import org.opensearch.env.Environment; import org.opensearch.env.NodeEnvironment; +import org.opensearch.extensions.ExtensionsManager; import org.opensearch.http.HttpServerTransport; import org.opensearch.http.HttpServerTransport.Dispatcher; import org.opensearch.index.Index; @@ -1187,13 +1188,16 @@ public static class GuiceHolder implements LifecycleComponent { private static IndicesService indicesService; private static PitService pitService; + private static ExtensionsManager extensionsManager; + @Inject public GuiceHolder(final RepositoriesService repositoriesService, - final TransportService remoteClusterService, IndicesService indicesService, PitService pitService) { + final TransportService remoteClusterService, IndicesService indicesService, PitService pitService, ExtensionsManager extensionsManager) { GuiceHolder.repositoriesService = repositoriesService; GuiceHolder.remoteClusterService = remoteClusterService.getRemoteClusterService(); GuiceHolder.indicesService = indicesService; GuiceHolder.pitService = pitService; + GuiceHolder.extensionsManager = extensionsManager; } public static RepositoriesService getRepositoriesService() { @@ -1210,6 +1214,8 @@ public static IndicesService getIndicesService() { public static PitService getPitService() { return pitService; } + public static ExtensionsManager getExtensionsManager() { return extensionsManager; } + @Override public void close() { diff --git a/src/main/java/org/opensearch/security/transport/SecurityRequestHandler.java b/src/main/java/org/opensearch/security/transport/SecurityRequestHandler.java index 9af7046ebe..70a387b713 100644 --- a/src/main/java/org/opensearch/security/transport/SecurityRequestHandler.java +++ b/src/main/java/org/opensearch/security/transport/SecurityRequestHandler.java @@ -42,7 +42,9 @@ import org.opensearch.common.transport.TransportAddress; import org.opensearch.common.util.FeatureFlags; import org.opensearch.common.util.concurrent.ThreadContext; +import org.opensearch.extensions.ExtensionsManager; import org.opensearch.search.internal.ShardSearchRequest; +import org.opensearch.security.OpenSearchSecurityPlugin; import org.opensearch.security.auditlog.AuditLog; import org.opensearch.security.auditlog.AuditLog.Origin; import org.opensearch.security.ssl.SslExceptionHandler; @@ -329,7 +331,10 @@ protected void addAdditionalContextValues(final String action, final TransportRe String extensionUniqueId = getThreadContext().getHeader("extension_unique_id"); if (FeatureFlags.isEnabled(FeatureFlags.EXTENSIONS) && extensionUniqueId != null) { - getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_SSL_TRANSPORT_EXTENSION_REQUEST, Boolean.TRUE); + ExtensionsManager extManager = OpenSearchSecurityPlugin.GuiceHolder.getExtensionsManager(); + if (extManager.getExtensionIdMap().containsKey(extensionUniqueId)) { + getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_SSL_TRANSPORT_EXTENSION_REQUEST, Boolean.TRUE); + } } super.addAdditionalContextValues(action, request, localCerts, peerCerts, principal);