Skip to content

Commit

Permalink
[Backport 2.x] [Enhancement-3191] transport_enabled setting on an a…
Browse files Browse the repository at this point in the history 
…uth domain and authorizer may be unnecessary after transport client removal (#3966)

Backport 881ed58 from #3939.

Signed-off-by: Prabhas Kurapati <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
@opensearch-trigger-bot @github-actions
opensearch-trigger-bot[bot] and github-actions[bot] authored Jan 22, 2024
1 parent a404aac commit e008610
Show file tree
Hide file tree
Showing 13 changed files with 213 additions and 91 deletions.
1 change: 0 additions & 1 deletion src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,6 @@ public class LdapAuthenticationTest {
.rolesMapping(new RolesMapping(ALL_ACCESS).backendRoles(CN_GROUP_ADMIN))
.authz(
new AuthzDomain("ldap_roles").httpEnabled(true)
.transportEnabled(true)
.authorizationBackend(
new AuthorizationBackend("ldap").config(
() -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapNonTlsPort()))
Expand Down
1 change: 0 additions & 1 deletion src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,6 @@ public class LdapTlsAuthenticationTest {
)
.authz(
new AuthzDomain("ldap_roles").httpEnabled(true)
.transportEnabled(true)
.authorizationBackend(
new AuthorizationBackend("ldap").config(
() -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapTlsPort()))
Expand Down
8 changes: 0 additions & 8 deletions src/integrationTest/java/org/opensearch/test/framework/AuthzDomain.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ public class AuthzDomain implements ToXContentObject {

private boolean httpEnabled;

private boolean transportEnabled;

private AuthorizationBackend authorizationBackend;

public AuthzDomain(String id) {
Expand All @@ -52,17 +50,11 @@ public AuthzDomain authorizationBackend(AuthorizationBackend authorizationBacken
return this;
}

public AuthzDomain transportEnabled(boolean transportEnabled) {
this.transportEnabled = transportEnabled;
return this;
}

@Override
public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException {
xContentBuilder.startObject();
xContentBuilder.field("description", description);
xContentBuilder.field("http_enabled", httpEnabled);
xContentBuilder.field("transport_enabled", transportEnabled);
xContentBuilder.field("authorization_backend", authorizationBackend);
xContentBuilder.endObject();
return xContentBuilder;
Expand Down
20 changes: 2 additions & 18 deletions src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,6 @@ public class DynamicConfigModelV6 extends DynamicConfigModel {
private final Path configPath;
private SortedSet<AuthDomain> restAuthDomains;
private Set<AuthorizationBackend> restAuthorizers;
private SortedSet<AuthDomain> transportAuthDomains;
private Set<AuthorizationBackend> transportAuthorizers;
private List<Destroyable> destroyableComponents;
private final InternalAuthenticationBackend iab;

Expand Down Expand Up @@ -216,8 +214,6 @@ private void buildAAA() {

final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
final List<Destroyable> destroyableComponents0 = new LinkedList<>();
final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
Expand All @@ -229,9 +225,8 @@ private void buildAAA() {
for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {

final String authzBackendClazz = ad.getValue().authorization_backend.type;
Expand Down Expand Up @@ -264,10 +259,6 @@ private void buildAAA() {
restAuthorizers0.add(authorizationBackend);
}

if (transportEnabled) {
transportAuthorizers0.add(authorizationBackend);
}

if (authorizationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authorizationBackend);
}
Expand All @@ -282,9 +273,8 @@ private void buildAAA() {
for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {
AuthenticationBackend authenticationBackend;
final String authBackendClazz = ad.getValue().authentication_backend.type;
Expand Down Expand Up @@ -343,10 +333,6 @@ private void buildAAA() {
restAuthDomains0.add(_ad);
}

if (transportEnabled) {
transportAuthDomains0.add(_ad);
}

if (httpAuthenticator instanceof Destroyable) {
destroyableComponents0.add((Destroyable) httpAuthenticator);
}
Expand All @@ -365,9 +351,7 @@ private void buildAAA() {
List<Destroyable> originalDestroyableComponents = destroyableComponents;

restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);

destroyableComponents = Collections.unmodifiableList(destroyableComponents0);

Expand Down
20 changes: 2 additions & 18 deletions src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,6 @@ public class DynamicConfigModelV7 extends DynamicConfigModel {
private final Path configPath;
private SortedSet<AuthDomain> restAuthDomains;
private Set<AuthorizationBackend> restAuthorizers;
private SortedSet<AuthDomain> transportAuthDomains;
private Set<AuthorizationBackend> transportAuthorizers;
private List<Destroyable> destroyableComponents;
private final InternalAuthenticationBackend iab;

Expand Down Expand Up @@ -234,8 +232,6 @@ private void buildAAA() {

final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
final List<Destroyable> destroyableComponents0 = new LinkedList<>();
final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
Expand All @@ -246,9 +242,8 @@ private void buildAAA() {

for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
final boolean httpEnabled = ad.getValue().http_enabled;
final boolean transportEnabled = ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {

final String authzBackendClazz = ad.getValue().authorization_backend.type;
Expand Down Expand Up @@ -281,10 +276,6 @@ private void buildAAA() {
restAuthorizers0.add(authorizationBackend);
}

if (transportEnabled) {
transportAuthorizers0.add(authorizationBackend);
}

if (authorizationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authorizationBackend);
}
Expand All @@ -298,9 +289,8 @@ private void buildAAA() {

for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
final boolean httpEnabled = ad.getValue().http_enabled;
final boolean transportEnabled = ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {
AuthenticationBackend authenticationBackend;
final String authBackendClazz = ad.getValue().authentication_backend.type;
Expand Down Expand Up @@ -359,10 +349,6 @@ private void buildAAA() {
restAuthDomains0.add(_ad);
}

if (transportEnabled) {
transportAuthDomains0.add(_ad);
}

if (httpAuthenticator instanceof Destroyable) {
destroyableComponents0.add((Destroyable) httpAuthenticator);
}
Expand Down Expand Up @@ -398,9 +384,7 @@ private void buildAAA() {
List<Destroyable> originalDestroyableComponents = destroyableComponents;

restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);

destroyableComponents = Collections.unmodifiableList(destroyableComponents0);

Expand Down
57 changes: 49 additions & 8 deletions src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,12 @@
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;

import org.opensearch.security.DefaultObjectMapper;
import org.opensearch.security.auth.internal.InternalAuthenticationBackend;
import org.opensearch.security.setting.DeprecatedSettings;

public class ConfigV6 {

Expand Down Expand Up @@ -224,8 +227,6 @@ public static class AuthcDomain {
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean http_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean transport_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean enabled = true;
public int order = 0;
public HttpAuthenticator http_authenticator = new HttpAuthenticator();
Expand All @@ -235,8 +236,6 @@ public static class AuthcDomain {
public String toString() {
return "AuthcDomain [http_enabled="
+ http_enabled
+ ", transport_enabled="
+ transport_enabled
+ ", enabled="
+ enabled
+ ", order="
Expand All @@ -248,6 +247,31 @@ public String toString() {
+ "]";
}

@JsonAnySetter
public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
switch (name) {
case "transport_enabled":
DeprecatedSettings.logCustomDeprecationMessage(
String.format(
"In AuthcDomain, using http_authenticator=%s, authentication_backend=%s",
http_authenticator,
authentication_backend
),
name
);
break;
default:
throw new UnrecognizedPropertyException(
null,
"Unrecognized field " + name + " present in the input data for AuthcDomain config",
null,
AuthcDomain.class,
name,
null
);
}
}

}

public static class HttpAuthenticator {
Expand Down Expand Up @@ -337,24 +361,41 @@ public static class AuthzDomain {
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean http_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean transport_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean enabled = true;
public AuthzBackend authorization_backend = new AuthzBackend();

@Override
public String toString() {
return "AuthzDomain [http_enabled="
+ http_enabled
+ ", transport_enabled="
+ transport_enabled
+ ", enabled="
+ enabled
+ ", authorization_backend="
+ authorization_backend
+ "]";
}

@JsonAnySetter
public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
switch (name) {
case "transport_enabled":
DeprecatedSettings.logCustomDeprecationMessage(
String.format("In AuthzDomain, using authorization_backend=%s", authorization_backend),
name
);
break;
default:
throw new UnrecognizedPropertyException(
null,
"Unrecognized field " + name + " present in the input data for AuthzDomain config",
null,
AuthzDomain.class,
name,
null
);
}
}

}

public static class OnBehalfOfSettings {
Expand Down
Loading

0 comments on commit e008610

Please sign in to comment.