diff --git a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java index dbb1724a55..b4a3717287 100644 --- a/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/LdapAuthenticationTest.java @@ -109,7 +109,6 @@ public class LdapAuthenticationTest { .rolesMapping(new RolesMapping(ALL_ACCESS).backendRoles(CN_GROUP_ADMIN)) .authz( new AuthzDomain("ldap_roles").httpEnabled(true) - .transportEnabled(true) .authorizationBackend( new AuthorizationBackend("ldap").config( () -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapNonTlsPort())) diff --git a/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java b/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java index bac79ffd12..32265f4b81 100644 --- a/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java +++ b/src/integrationTest/java/org/opensearch/security/http/LdapTlsAuthenticationTest.java @@ -156,7 +156,6 @@ public class LdapTlsAuthenticationTest { ) .authz( new AuthzDomain("ldap_roles").httpEnabled(true) - .transportEnabled(true) .authorizationBackend( new AuthorizationBackend("ldap").config( () -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapTlsPort())) diff --git a/src/integrationTest/java/org/opensearch/test/framework/AuthzDomain.java b/src/integrationTest/java/org/opensearch/test/framework/AuthzDomain.java index 5ccf1f9ee0..d56344d5d2 100644 --- a/src/integrationTest/java/org/opensearch/test/framework/AuthzDomain.java +++ b/src/integrationTest/java/org/opensearch/test/framework/AuthzDomain.java @@ -25,8 +25,6 @@ public class AuthzDomain implements ToXContentObject { private boolean httpEnabled; - private boolean transportEnabled; - private AuthorizationBackend authorizationBackend; public AuthzDomain(String id) { @@ -52,17 +50,11 @@ public AuthzDomain authorizationBackend(AuthorizationBackend authorizationBacken return this; } - public AuthzDomain transportEnabled(boolean transportEnabled) { - this.transportEnabled = transportEnabled; - return this; - } - @Override public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException { xContentBuilder.startObject(); xContentBuilder.field("description", description); xContentBuilder.field("http_enabled", httpEnabled); - xContentBuilder.field("transport_enabled", transportEnabled); xContentBuilder.field("authorization_backend", authorizationBackend); xContentBuilder.endObject(); return xContentBuilder; diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java index e5308aa574..b652893bdd 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java @@ -68,8 +68,6 @@ public class DynamicConfigModelV6 extends DynamicConfigModel { private final Path configPath; private SortedSet restAuthDomains; private Set restAuthorizers; - private SortedSet transportAuthDomains; - private Set transportAuthorizers; private List destroyableComponents; private final InternalAuthenticationBackend iab; @@ -216,8 +214,6 @@ private void buildAAA() { final SortedSet restAuthDomains0 = new TreeSet<>(); final Set restAuthorizers0 = new HashSet<>(); - final SortedSet transportAuthDomains0 = new TreeSet<>(); - final Set transportAuthorizers0 = new HashSet<>(); final List destroyableComponents0 = new LinkedList<>(); final List ipAuthFailureListeners0 = new ArrayList<>(); final Multimap authBackendFailureListeners0 = ArrayListMultimap.create(); @@ -229,9 +225,8 @@ private void buildAAA() { for (final Entry ad : authzDyn.getDomains().entrySet()) { final boolean enabled = ad.getValue().enabled; final boolean httpEnabled = enabled && ad.getValue().http_enabled; - final boolean transportEnabled = enabled && ad.getValue().transport_enabled; - if (httpEnabled || transportEnabled) { + if (httpEnabled) { try { final String authzBackendClazz = ad.getValue().authorization_backend.type; @@ -264,10 +259,6 @@ private void buildAAA() { restAuthorizers0.add(authorizationBackend); } - if (transportEnabled) { - transportAuthorizers0.add(authorizationBackend); - } - if (authorizationBackend instanceof Destroyable) { destroyableComponents0.add((Destroyable) authorizationBackend); } @@ -282,9 +273,8 @@ private void buildAAA() { for (final Entry ad : authcDyn.getDomains().entrySet()) { final boolean enabled = ad.getValue().enabled; final boolean httpEnabled = enabled && ad.getValue().http_enabled; - final boolean transportEnabled = enabled && ad.getValue().transport_enabled; - if (httpEnabled || transportEnabled) { + if (httpEnabled) { try { AuthenticationBackend authenticationBackend; final String authBackendClazz = ad.getValue().authentication_backend.type; @@ -343,10 +333,6 @@ private void buildAAA() { restAuthDomains0.add(_ad); } - if (transportEnabled) { - transportAuthDomains0.add(_ad); - } - if (httpAuthenticator instanceof Destroyable) { destroyableComponents0.add((Destroyable) httpAuthenticator); } @@ -365,9 +351,7 @@ private void buildAAA() { List originalDestroyableComponents = destroyableComponents; restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0); - transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0); restAuthorizers = Collections.unmodifiableSet(restAuthorizers0); - transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0); destroyableComponents = Collections.unmodifiableList(destroyableComponents0); diff --git a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java index 0de83f2e2e..91bb59db64 100644 --- a/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java @@ -76,8 +76,6 @@ public class DynamicConfigModelV7 extends DynamicConfigModel { private final Path configPath; private SortedSet restAuthDomains; private Set restAuthorizers; - private SortedSet transportAuthDomains; - private Set transportAuthorizers; private List destroyableComponents; private final InternalAuthenticationBackend iab; @@ -234,8 +232,6 @@ private void buildAAA() { final SortedSet restAuthDomains0 = new TreeSet<>(); final Set restAuthorizers0 = new HashSet<>(); - final SortedSet transportAuthDomains0 = new TreeSet<>(); - final Set transportAuthorizers0 = new HashSet<>(); final List destroyableComponents0 = new LinkedList<>(); final List ipAuthFailureListeners0 = new ArrayList<>(); final Multimap authBackendFailureListeners0 = ArrayListMultimap.create(); @@ -246,9 +242,8 @@ private void buildAAA() { for (final Entry ad : authzDyn.getDomains().entrySet()) { final boolean httpEnabled = ad.getValue().http_enabled; - final boolean transportEnabled = ad.getValue().transport_enabled; - if (httpEnabled || transportEnabled) { + if (httpEnabled) { try { final String authzBackendClazz = ad.getValue().authorization_backend.type; @@ -281,10 +276,6 @@ private void buildAAA() { restAuthorizers0.add(authorizationBackend); } - if (transportEnabled) { - transportAuthorizers0.add(authorizationBackend); - } - if (authorizationBackend instanceof Destroyable) { destroyableComponents0.add((Destroyable) authorizationBackend); } @@ -298,9 +289,8 @@ private void buildAAA() { for (final Entry ad : authcDyn.getDomains().entrySet()) { final boolean httpEnabled = ad.getValue().http_enabled; - final boolean transportEnabled = ad.getValue().transport_enabled; - if (httpEnabled || transportEnabled) { + if (httpEnabled) { try { AuthenticationBackend authenticationBackend; final String authBackendClazz = ad.getValue().authentication_backend.type; @@ -359,10 +349,6 @@ private void buildAAA() { restAuthDomains0.add(_ad); } - if (transportEnabled) { - transportAuthDomains0.add(_ad); - } - if (httpAuthenticator instanceof Destroyable) { destroyableComponents0.add((Destroyable) httpAuthenticator); } @@ -398,9 +384,7 @@ private void buildAAA() { List originalDestroyableComponents = destroyableComponents; restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0); - transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0); restAuthorizers = Collections.unmodifiableSet(restAuthorizers0); - transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0); destroyableComponents = Collections.unmodifiableList(destroyableComponents0); diff --git a/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java b/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java index 0c95e56bd1..c5b954675b 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java @@ -38,9 +38,12 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException; import org.opensearch.security.DefaultObjectMapper; import org.opensearch.security.auth.internal.InternalAuthenticationBackend; +import org.opensearch.security.setting.DeprecatedSettings; public class ConfigV6 { @@ -224,8 +227,6 @@ public static class AuthcDomain { @JsonInclude(JsonInclude.Include.NON_NULL) public boolean http_enabled = true; @JsonInclude(JsonInclude.Include.NON_NULL) - public boolean transport_enabled = true; - @JsonInclude(JsonInclude.Include.NON_NULL) public boolean enabled = true; public int order = 0; public HttpAuthenticator http_authenticator = new HttpAuthenticator(); @@ -235,8 +236,6 @@ public static class AuthcDomain { public String toString() { return "AuthcDomain [http_enabled=" + http_enabled - + ", transport_enabled=" - + transport_enabled + ", enabled=" + enabled + ", order=" @@ -248,6 +247,31 @@ public String toString() { + "]"; } + @JsonAnySetter + public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException { + switch (name) { + case "transport_enabled": + DeprecatedSettings.logCustomDeprecationMessage( + String.format( + "In AuthcDomain, using http_authenticator=%s, authentication_backend=%s", + http_authenticator, + authentication_backend + ), + name + ); + break; + default: + throw new UnrecognizedPropertyException( + null, + "Unrecognized field " + name + " present in the input data for AuthcDomain config", + null, + AuthcDomain.class, + name, + null + ); + } + } + } public static class HttpAuthenticator { @@ -337,8 +361,6 @@ public static class AuthzDomain { @JsonInclude(JsonInclude.Include.NON_NULL) public boolean http_enabled = true; @JsonInclude(JsonInclude.Include.NON_NULL) - public boolean transport_enabled = true; - @JsonInclude(JsonInclude.Include.NON_NULL) public boolean enabled = true; public AuthzBackend authorization_backend = new AuthzBackend(); @@ -346,8 +368,6 @@ public static class AuthzDomain { public String toString() { return "AuthzDomain [http_enabled=" + http_enabled - + ", transport_enabled=" - + transport_enabled + ", enabled=" + enabled + ", authorization_backend=" @@ -355,6 +375,27 @@ public String toString() { + "]"; } + @JsonAnySetter + public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException { + switch (name) { + case "transport_enabled": + DeprecatedSettings.logCustomDeprecationMessage( + String.format("In AuthzDomain, using authorization_backend=%s", authorization_backend), + name + ); + break; + default: + throw new UnrecognizedPropertyException( + null, + "Unrecognized field " + name + " present in the input data for AuthzDomain config", + null, + AuthzDomain.class, + name, + null + ); + } + } + } public static class OnBehalfOfSettings { diff --git a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java index faeb5d2432..4028719379 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java @@ -39,10 +39,13 @@ import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException; import org.opensearch.security.DefaultObjectMapper; import org.opensearch.security.auth.internal.InternalAuthenticationBackend; import org.opensearch.security.securityconf.impl.v6.ConfigV6; +import org.opensearch.security.setting.DeprecatedSettings; public class ConfigV7 { @@ -293,7 +296,6 @@ public static class AuthcDomain { @JsonInclude(JsonInclude.Include.NON_NULL) public boolean http_enabled = true; @JsonInclude(JsonInclude.Include.NON_NULL) - public boolean transport_enabled = true; // public boolean enabled= true; public int order = 0; public HttpAuthenticator http_authenticator = new HttpAuthenticator(); @@ -307,10 +309,8 @@ public AuthcDomain() { public AuthcDomain(ConfigV6.AuthcDomain v6) { super(); http_enabled = v6.http_enabled && v6.enabled; - transport_enabled = v6.transport_enabled && v6.enabled; // if(v6.enabled)vv { // http_enabled = true; - // transport_enabled = true; // } order = v6.order; http_authenticator = new HttpAuthenticator(v6.http_authenticator); @@ -322,8 +322,6 @@ public AuthcDomain(ConfigV6.AuthcDomain v6) { public String toString() { return "AuthcDomain [http_enabled=" + http_enabled - + ", transport_enabled=" - + transport_enabled + ", order=" + order + ", http_authenticator=" @@ -335,6 +333,31 @@ public String toString() { + "]"; } + @JsonAnySetter + public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException { + switch (name) { + case "transport_enabled": + DeprecatedSettings.logCustomDeprecationMessage( + String.format( + "In AuthcDomain, using http_authenticator=%s, authentication_backend=%s", + http_authenticator, + authentication_backend + ), + name + ); + break; + default: + throw new UnrecognizedPropertyException( + null, + "Unrecognized field " + name + " present in the input data for AuthcDomain config", + null, + AuthcDomain.class, + name, + null + ); + } + } + } public static class HttpAuthenticator { @@ -451,8 +474,6 @@ public String toString() { public static class AuthzDomain { @JsonInclude(JsonInclude.Include.NON_NULL) public boolean http_enabled = true; - @JsonInclude(JsonInclude.Include.NON_NULL) - public boolean transport_enabled = true; public AuthzBackend authorization_backend = new AuthzBackend(); public String description; @@ -462,7 +483,6 @@ public AuthzDomain() { public AuthzDomain(ConfigV6.AuthzDomain v6) { http_enabled = v6.http_enabled && v6.enabled; - transport_enabled = v6.transport_enabled && v6.enabled; authorization_backend = new AuthzBackend(v6.authorization_backend); description = "Migrated from v6"; } @@ -471,8 +491,6 @@ public AuthzDomain(ConfigV6.AuthzDomain v6) { public String toString() { return "AuthzDomain [http_enabled=" + http_enabled - + ", transport_enabled=" - + transport_enabled + ", authorization_backend=" + authorization_backend + ", description=" @@ -480,6 +498,26 @@ public String toString() { + "]"; } + @JsonAnySetter + public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException { + switch (name) { + case "transport_enabled": + DeprecatedSettings.logCustomDeprecationMessage( + String.format("In AuthzDomain, using authorization_backend=%s", authorization_backend), + name + ); + break; + default: + throw new UnrecognizedPropertyException( + null, + "Unrecognized field " + name + " present in the input data for AuthzDomain config", + null, + AuthzDomain.class, + name, + null + ); + } + } } public static class OnBehalfOfSettings { diff --git a/src/main/java/org/opensearch/security/setting/DeprecatedSettings.java b/src/main/java/org/opensearch/security/setting/DeprecatedSettings.java index b415dc7c7f..91eb96abdd 100644 --- a/src/main/java/org/opensearch/security/setting/DeprecatedSettings.java +++ b/src/main/java/org/opensearch/security/setting/DeprecatedSettings.java @@ -5,6 +5,7 @@ package org.opensearch.security.setting; +import org.opensearch.Version; import org.opensearch.common.logging.DeprecationLogger; import org.opensearch.common.settings.Settings; @@ -28,4 +29,18 @@ public static void checkForDeprecatedSetting(final Settings settings, final Stri ); } } + + /** + * Logs that a specific setting is deprecated, including a specific supplemental message parameter containing information that details where this setting can be removed from. Should be used in cases where a setting is not supported by the codebase and processing it would introduce errors on setup. + */ + public static void logCustomDeprecationMessage(final String deprecationLocationInformation, final String deprecatedSettingKey) { + DEPRECATION_LOGGER.deprecate( + deprecatedSettingKey, + "In OpenSearch " + + Version.CURRENT + + " the setting '{}' is deprecated, it should be removed from the relevant config file using the following location information: " + + deprecationLocationInformation, + deprecatedSettingKey + ); + } } diff --git a/src/test/java/org/opensearch/security/setting/DeprecatedSettingsTest.java b/src/test/java/org/opensearch/security/setting/DeprecatedSettingsTest.java index a0f9558228..3fa8e45816 100644 --- a/src/test/java/org/opensearch/security/setting/DeprecatedSettingsTest.java +++ b/src/test/java/org/opensearch/security/setting/DeprecatedSettingsTest.java @@ -5,17 +5,22 @@ package org.opensearch.security.setting; +import com.fasterxml.jackson.databind.JsonMappingException; import org.junit.After; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; +import org.opensearch.Version; import org.opensearch.common.logging.DeprecationLogger; import org.opensearch.common.settings.Settings; +import org.opensearch.security.securityconf.impl.CType; +import org.opensearch.security.support.ConfigHelper; import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; +import static org.opensearch.security.configuration.ConfigurationRepository.DEFAULT_CONFIG_VERSION; import static org.opensearch.security.setting.DeprecatedSettings.checkForDeprecatedSetting; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyString; @@ -61,4 +66,96 @@ public void testCheckForDeprecatedSettingFoundLegacy() { verify(logger).deprecate(eq("legacyKey"), anyString(), any(), any()); } + + @Test + public void testForTransportEnabledDeprecationMessageOnYamlLoad() throws Exception { + ConfigHelper.fromYamlString( + "---\n" + + "_meta:\n" + + " type: \"config\"\n" + + " config_version: 2\n" + + "config:\n" + + " dynamic:\n" + + " authc:\n" + + " authentication_domain_kerb:\n" + + " http_enabled: false\n" + + " transport_enabled: false\n" + + " order: 3\n" + + " http_authenticator:\n" + + " challenge: true\n" + + " type: \"kerberos\"\n" + + " config: {}\n" + + " authentication_backend:\n" + + " type: \"noop\"\n" + + " config: {}\n" + + " description: \"Migrated from v6\"\n" + + " authz:\n" + + " roles_from_xxx:\n" + + " http_enabled: false\n" + + " transport_enabled: false\n" + + " authorization_backend:\n" + + " type: \"xxx\"\n" + + " config: {}\n" + + " description: \"Migrated from v6\"", + CType.CONFIG, + DEFAULT_CONFIG_VERSION, + 0, + 0 + ); + verify(logger).deprecate( + "transport_enabled", + "In OpenSearch " + + Version.CURRENT + + " the setting '{}' is deprecated, it should be removed from the relevant config file using the following location information: In AuthcDomain, using http_authenticator=HttpAuthenticator [challenge=true, type=null, config={}], authentication_backend=AuthcBackend [type=org.opensearch.security.auth.internal.InternalAuthenticationBackend, config={}]", + "transport_enabled" + ); + verify(logger).deprecate( + "transport_enabled", + "In OpenSearch " + + Version.CURRENT + + " the setting '{}' is deprecated, it should be removed from the relevant config file using the following location information: In AuthzDomain, using authorization_backend=AuthzBackend [type=noop, config={}]", + "transport_enabled" + ); + } + + @Test + public void testForExceptionOnUnknownAuthcAuthzSettingsOnYamlLoad() throws Exception { + try { + ConfigHelper.fromYamlString( + "---\n" + + "_meta:\n" + + " type: \"config\"\n" + + " config_version: 2\n" + + "config:\n" + + " dynamic:\n" + + " authc:\n" + + " authentication_domain_kerb:\n" + + " http_enabled: false\n" + + " unknown_property: false\n" + + " order: 3\n" + + " http_authenticator:\n" + + " challenge: true\n" + + " type: \"kerberos\"\n" + + " config: {}\n" + + " authentication_backend:\n" + + " type: \"noop\"\n" + + " config: {}\n" + + " description: \"Migrated from v6\"\n" + + " authz:\n" + + " roles_from_xxx:\n" + + " http_enabled: false\n" + + " unknown_property: false\n" + + " authorization_backend:\n" + + " type: \"xxx\"\n" + + " config: {}\n" + + " description: \"Migrated from v6\"", + CType.CONFIG, + DEFAULT_CONFIG_VERSION, + 0, + 0 + ); + } catch (JsonMappingException e) { + verifyNoInteractions(logger); + } + } } diff --git a/src/test/resources/restapi/invalid_config.json b/src/test/resources/restapi/invalid_config.json index 7bbbf2201f..1d43e1edab 100644 --- a/src/test/resources/restapi/invalid_config.json +++ b/src/test/resources/restapi/invalid_config.json @@ -23,7 +23,6 @@ "authc":{ "authentication_domain_kerb":{ "http_enabled":false, - "transport_enabled":false, "order":3, "http_authenticator":{ "challenge":true, @@ -42,7 +41,6 @@ }, "authentication_domain_clientcert":{ "http_enabled":false, - "transport_enabled":false, "order":1, "http_authenticator":{ "challenge":true, @@ -61,7 +59,6 @@ }, "authentication_domain_proxy":{ "http_enabled":false, - "transport_enabled":false, "order":2, "http_authenticator":{ "challenge":true, @@ -81,7 +78,6 @@ }, "authentication_domain_basic_internal":{ "http_enabled":true, - "transport_enabled":true, "order":0, "http_authenticator":{ "challenge":true, @@ -102,7 +98,6 @@ "authz":{ "roles_from_xxx":{ "http_enabled":false, - "transport_enabled":false, "authorization_backend":{ "type":"xxx", "config":{ @@ -113,7 +108,6 @@ }, "roles_from_myldap":{ "http_enabled":false, - "transport_enabled":false, "authorization_backend":{ "type":"ldap", "config":{ diff --git a/src/test/resources/restapi/security_config.json b/src/test/resources/restapi/security_config.json index e5c09050cc..30b8611e5a 100644 --- a/src/test/resources/restapi/security_config.json +++ b/src/test/resources/restapi/security_config.json @@ -23,7 +23,6 @@ "authc":{ "authentication_domain_kerb":{ "http_enabled":false, - "transport_enabled":false, "order":3, "http_authenticator":{ "challenge":true, @@ -42,7 +41,6 @@ }, "authentication_domain_clientcert":{ "http_enabled":false, - "transport_enabled":false, "order":1, "http_authenticator":{ "challenge":true, @@ -61,7 +59,6 @@ }, "authentication_domain_proxy":{ "http_enabled":false, - "transport_enabled":false, "order":2, "http_authenticator":{ "challenge":true, @@ -81,7 +78,6 @@ }, "authentication_domain_basic_internal":{ "http_enabled":true, - "transport_enabled":true, "order":0, "http_authenticator":{ "challenge":true, @@ -102,7 +98,6 @@ "authz":{ "roles_from_xxx":{ "http_enabled":false, - "transport_enabled":false, "authorization_backend":{ "type":"xxx", "config":{ @@ -113,7 +108,6 @@ }, "roles_from_myldap":{ "http_enabled":false, - "transport_enabled":false, "authorization_backend":{ "type":"ldap", "config":{ diff --git a/src/test/resources/restapi/securityconfig.json b/src/test/resources/restapi/securityconfig.json index 4e4b1bba63..a577cb2a30 100644 --- a/src/test/resources/restapi/securityconfig.json +++ b/src/test/resources/restapi/securityconfig.json @@ -23,7 +23,6 @@ "authc":{ "authentication_domain_saml": { "http_enabled" : true, - "transport_enabled" : false, "order" : 5, "http_authenticator" : { "challenge" : true, @@ -44,7 +43,6 @@ }, "authentication_domain_kerb":{ "http_enabled":false, - "transport_enabled":false, "order":3, "http_authenticator":{ "challenge":true, @@ -63,7 +61,6 @@ }, "authentication_domain_clientcert":{ "http_enabled":false, - "transport_enabled":false, "order":1, "http_authenticator":{ "challenge":true, @@ -82,7 +79,6 @@ }, "authentication_domain_proxy":{ "http_enabled":false, - "transport_enabled":false, "order":2, "http_authenticator":{ "challenge":true, @@ -102,7 +98,6 @@ }, "authentication_domain_basic_internal":{ "http_enabled":true, - "transport_enabled":true, "order":0, "http_authenticator":{ "challenge":true, @@ -123,7 +118,6 @@ "authz":{ "roles_from_xxx":{ "http_enabled":false, - "transport_enabled":false, "authorization_backend":{ "type":"xxx", "config":{ @@ -134,7 +128,6 @@ }, "roles_from_myldap":{ "http_enabled":false, - "transport_enabled":false, "authorization_backend":{ "type":"ldap", "config":{ diff --git a/src/test/resources/restapi/securityconfig_nondefault.json b/src/test/resources/restapi/securityconfig_nondefault.json index a5660c6496..2482e99674 100644 --- a/src/test/resources/restapi/securityconfig_nondefault.json +++ b/src/test/resources/restapi/securityconfig_nondefault.json @@ -22,7 +22,6 @@ "authc" : { "jwt_auth_domain" : { "http_enabled" : true, - "transport_enabled" : true, "order" : 0, "http_authenticator" : { "challenge" : false, @@ -40,7 +39,6 @@ }, "ldap" : { "http_enabled" : false, - "transport_enabled" : false, "order" : 5, "http_authenticator" : { "challenge" : false, @@ -65,7 +63,6 @@ }, "basic_internal_auth_domain" : { "http_enabled" : true, - "transport_enabled" : true, "order" : 4, "http_authenticator" : { "challenge" : true, @@ -80,7 +77,6 @@ }, "proxy_auth_domain" : { "http_enabled" : false, - "transport_enabled" : false, "order" : 3, "http_authenticator" : { "challenge" : false, @@ -98,7 +94,6 @@ }, "clientcert_auth_domain" : { "http_enabled" : false, - "transport_enabled" : false, "order" : 2, "http_authenticator" : { "challenge" : false, @@ -115,7 +110,6 @@ }, "kerberos_auth_domain" : { "http_enabled" : false, - "transport_enabled" : false, "order" : 6, "http_authenticator" : { "challenge" : true, @@ -134,7 +128,6 @@ "authz" : { "roles_from_another_ldap" : { "http_enabled" : false, - "transport_enabled" : false, "authorization_backend" : { "type" : "ldap", "config" : { } @@ -143,7 +136,6 @@ }, "roles_from_myldap" : { "http_enabled" : false, - "transport_enabled" : false, "authorization_backend" : { "type" : "ldap", "config" : {