Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Enhancement-3191] transport_enabled setting on an auth domain and authorizer may be unnecessary after transport client removal #3939

Merged
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,6 @@ public class LdapAuthenticationTest {
.rolesMapping(new RolesMapping(ALL_ACCESS).backendRoles(CN_GROUP_ADMIN))
.authz(
new AuthzDomain("ldap_roles").httpEnabled(true)
.transportEnabled(true)
.authorizationBackend(
new AuthorizationBackend("ldap").config(
() -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapNonTlsPort()))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,6 @@ public class LdapTlsAuthenticationTest {
)
.authz(
new AuthzDomain("ldap_roles").httpEnabled(true)
.transportEnabled(true)
.authorizationBackend(
new AuthorizationBackend("ldap").config(
() -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapTlsPort()))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@ public class AuthzDomain implements ToXContentObject {

private boolean httpEnabled;

private boolean transportEnabled;

private AuthorizationBackend authorizationBackend;

public AuthzDomain(String id) {
Expand All @@ -52,17 +50,11 @@ public AuthzDomain authorizationBackend(AuthorizationBackend authorizationBacken
return this;
}

public AuthzDomain transportEnabled(boolean transportEnabled) {
this.transportEnabled = transportEnabled;
return this;
}

@Override
public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException {
xContentBuilder.startObject();
xContentBuilder.field("description", description);
xContentBuilder.field("http_enabled", httpEnabled);
xContentBuilder.field("transport_enabled", transportEnabled);
xContentBuilder.field("authorization_backend", authorizationBackend);
xContentBuilder.endObject();
return xContentBuilder;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,6 @@ public class DynamicConfigModelV6 extends DynamicConfigModel {
private final Path configPath;
private SortedSet<AuthDomain> restAuthDomains;
private Set<AuthorizationBackend> restAuthorizers;
private SortedSet<AuthDomain> transportAuthDomains;
private Set<AuthorizationBackend> transportAuthorizers;
private List<Destroyable> destroyableComponents;
private final InternalAuthenticationBackend iab;

Expand Down Expand Up @@ -216,8 +214,6 @@ private void buildAAA() {

final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
final List<Destroyable> destroyableComponents0 = new LinkedList<>();
final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
Expand All @@ -229,9 +225,8 @@ private void buildAAA() {
for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {

final String authzBackendClazz = ad.getValue().authorization_backend.type;
Expand Down Expand Up @@ -264,10 +259,6 @@ private void buildAAA() {
restAuthorizers0.add(authorizationBackend);
}

if (transportEnabled) {
transportAuthorizers0.add(authorizationBackend);
}

if (authorizationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authorizationBackend);
}
Expand All @@ -282,9 +273,8 @@ private void buildAAA() {
for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
final boolean enabled = ad.getValue().enabled;
final boolean httpEnabled = enabled && ad.getValue().http_enabled;
final boolean transportEnabled = enabled && ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {
AuthenticationBackend authenticationBackend;
final String authBackendClazz = ad.getValue().authentication_backend.type;
Expand Down Expand Up @@ -343,10 +333,6 @@ private void buildAAA() {
restAuthDomains0.add(_ad);
}

if (transportEnabled) {
transportAuthDomains0.add(_ad);
}

if (httpAuthenticator instanceof Destroyable) {
destroyableComponents0.add((Destroyable) httpAuthenticator);
}
Expand All @@ -365,9 +351,7 @@ private void buildAAA() {
List<Destroyable> originalDestroyableComponents = destroyableComponents;

restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);

destroyableComponents = Collections.unmodifiableList(destroyableComponents0);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,6 @@ public class DynamicConfigModelV7 extends DynamicConfigModel {
private final Path configPath;
private SortedSet<AuthDomain> restAuthDomains;
private Set<AuthorizationBackend> restAuthorizers;
private SortedSet<AuthDomain> transportAuthDomains;
private Set<AuthorizationBackend> transportAuthorizers;
private List<Destroyable> destroyableComponents;
private final InternalAuthenticationBackend iab;

Expand Down Expand Up @@ -234,8 +232,6 @@ private void buildAAA() {

final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
final List<Destroyable> destroyableComponents0 = new LinkedList<>();
final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
Expand All @@ -246,9 +242,8 @@ private void buildAAA() {

for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
final boolean httpEnabled = ad.getValue().http_enabled;
final boolean transportEnabled = ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {

final String authzBackendClazz = ad.getValue().authorization_backend.type;
Expand Down Expand Up @@ -281,10 +276,6 @@ private void buildAAA() {
restAuthorizers0.add(authorizationBackend);
}

if (transportEnabled) {
transportAuthorizers0.add(authorizationBackend);
}

if (authorizationBackend instanceof Destroyable) {
destroyableComponents0.add((Destroyable) authorizationBackend);
}
Expand All @@ -298,9 +289,8 @@ private void buildAAA() {

for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
final boolean httpEnabled = ad.getValue().http_enabled;
final boolean transportEnabled = ad.getValue().transport_enabled;

if (httpEnabled || transportEnabled) {
if (httpEnabled) {
try {
AuthenticationBackend authenticationBackend;
final String authBackendClazz = ad.getValue().authentication_backend.type;
Expand Down Expand Up @@ -359,10 +349,6 @@ private void buildAAA() {
restAuthDomains0.add(_ad);
}

if (transportEnabled) {
transportAuthDomains0.add(_ad);
}

if (httpAuthenticator instanceof Destroyable) {
destroyableComponents0.add((Destroyable) httpAuthenticator);
}
Expand Down Expand Up @@ -398,9 +384,7 @@ private void buildAAA() {
List<Destroyable> originalDestroyableComponents = destroyableComponents;

restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);

destroyableComponents = Collections.unmodifiableList(destroyableComponents0);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,12 @@
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;

import org.opensearch.security.DefaultObjectMapper;
import org.opensearch.security.auth.internal.InternalAuthenticationBackend;
import org.opensearch.security.setting.DeprecatedSettings;

public class ConfigV6 {

Expand Down Expand Up @@ -224,8 +227,6 @@
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean http_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean transport_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean enabled = true;
public int order = 0;
public HttpAuthenticator http_authenticator = new HttpAuthenticator();
Expand All @@ -235,8 +236,6 @@
public String toString() {
return "AuthcDomain [http_enabled="
+ http_enabled
+ ", transport_enabled="
+ transport_enabled
+ ", enabled="
+ enabled
+ ", order="
Expand All @@ -248,6 +247,31 @@
+ "]";
}

@JsonAnySetter
public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
switch (name) {
case "transport_enabled":
DeprecatedSettings.logCustomDeprecationMessage(
String.format(
"In AuthcDomain, using http_authenticator=%s, authentication_backend=%s",
http_authenticator,
authentication_backend
),
name
);
break;
default:
throw new UnrecognizedPropertyException(

Check warning on line 264 in src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java#L264

Added line #L264 was not covered by tests
null,
"Unrecognized field " + name + " present in the input data for AuthcDomain config",
null,
AuthcDomain.class,
name,
null
);
}
}

}

public static class HttpAuthenticator {
Expand Down Expand Up @@ -337,24 +361,41 @@
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean http_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean transport_enabled = true;
@JsonInclude(JsonInclude.Include.NON_NULL)
public boolean enabled = true;
public AuthzBackend authorization_backend = new AuthzBackend();

@Override
public String toString() {
return "AuthzDomain [http_enabled="
+ http_enabled
+ ", transport_enabled="
+ transport_enabled
+ ", enabled="
+ enabled
+ ", authorization_backend="
+ authorization_backend
+ "]";
}

@JsonAnySetter
public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
switch (name) {
case "transport_enabled":
DeprecatedSettings.logCustomDeprecationMessage(
String.format("In AuthzDomain, using authorization_backend=%s", authorization_backend),
name
);
break;
default:
throw new UnrecognizedPropertyException(

Check warning on line 388 in src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java#L388

Added line #L388 was not covered by tests
null,
"Unrecognized field " + name + " present in the input data for AuthzDomain config",
null,
AuthzDomain.class,
name,
null
);
}
}

}

public static class OnBehalfOfSettings {
Expand Down
Loading
Loading