opensearch-project · peternied · Jan 22, 2024 · Jan 19, 2024
@@ -109,7 +109,6 @@ public class LdapAuthenticationTest {
         .rolesMapping(new RolesMapping(ALL_ACCESS).backendRoles(CN_GROUP_ADMIN))
         .authz(
             new AuthzDomain("ldap_roles").httpEnabled(true)
-                .transportEnabled(true)
                 .authorizationBackend(
                     new AuthorizationBackend("ldap").config(
                         () -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapNonTlsPort()))

@@ -156,7 +156,6 @@ public class LdapTlsAuthenticationTest {
         )
         .authz(
             new AuthzDomain("ldap_roles").httpEnabled(true)
-                .transportEnabled(true)
                 .authorizationBackend(
                     new AuthorizationBackend("ldap").config(
                         () -> new LdapAuthorizationConfigBuilder().hosts(List.of("localhost:" + embeddedLDAPServer.getLdapTlsPort()))

@@ -25,8 +25,6 @@ public class AuthzDomain implements ToXContentObject {
 
     private boolean httpEnabled;
 
-    private boolean transportEnabled;
-
     private AuthorizationBackend authorizationBackend;
 
     public AuthzDomain(String id) {
@@ -52,17 +50,11 @@ public AuthzDomain authorizationBackend(AuthorizationBackend authorizationBacken
         return this;
     }
 
-    public AuthzDomain transportEnabled(boolean transportEnabled) {
-        this.transportEnabled = transportEnabled;
-        return this;
-    }
-
     @Override
     public XContentBuilder toXContent(XContentBuilder xContentBuilder, Params params) throws IOException {
         xContentBuilder.startObject();
         xContentBuilder.field("description", description);
         xContentBuilder.field("http_enabled", httpEnabled);
-        xContentBuilder.field("transport_enabled", transportEnabled);
         xContentBuilder.field("authorization_backend", authorizationBackend);
         xContentBuilder.endObject();
         return xContentBuilder;

@@ -68,8 +68,6 @@ public class DynamicConfigModelV6 extends DynamicConfigModel {
     private final Path configPath;
     private SortedSet<AuthDomain> restAuthDomains;
     private Set<AuthorizationBackend> restAuthorizers;
-    private SortedSet<AuthDomain> transportAuthDomains;
-    private Set<AuthorizationBackend> transportAuthorizers;
     private List<Destroyable> destroyableComponents;
     private final InternalAuthenticationBackend iab;
 
@@ -216,8 +214,6 @@ private void buildAAA() {
 
         final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
         final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
-        final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
-        final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
         final List<Destroyable> destroyableComponents0 = new LinkedList<>();
         final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
         final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
@@ -229,9 +225,8 @@ private void buildAAA() {
         for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
             final boolean enabled = ad.getValue().enabled;
             final boolean httpEnabled = enabled && ad.getValue().http_enabled;
-            final boolean transportEnabled = enabled && ad.getValue().transport_enabled;
 
-            if (httpEnabled || transportEnabled) {
+            if (httpEnabled) {
                 try {
 
                     final String authzBackendClazz = ad.getValue().authorization_backend.type;
@@ -264,10 +259,6 @@ private void buildAAA() {
                         restAuthorizers0.add(authorizationBackend);
                     }
 
-                    if (transportEnabled) {
-                        transportAuthorizers0.add(authorizationBackend);
-                    }
-
                     if (authorizationBackend instanceof Destroyable) {
                         destroyableComponents0.add((Destroyable) authorizationBackend);
                     }
@@ -282,9 +273,8 @@ private void buildAAA() {
         for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
             final boolean enabled = ad.getValue().enabled;
             final boolean httpEnabled = enabled && ad.getValue().http_enabled;
-            final boolean transportEnabled = enabled && ad.getValue().transport_enabled;
 
-            if (httpEnabled || transportEnabled) {
+            if (httpEnabled) {
                 try {
                     AuthenticationBackend authenticationBackend;
                     final String authBackendClazz = ad.getValue().authentication_backend.type;
@@ -343,10 +333,6 @@ private void buildAAA() {
                         restAuthDomains0.add(_ad);
                     }
 
-                    if (transportEnabled) {
-                        transportAuthDomains0.add(_ad);
-                    }
-
                     if (httpAuthenticator instanceof Destroyable) {
                         destroyableComponents0.add((Destroyable) httpAuthenticator);
                     }
@@ -365,9 +351,7 @@ private void buildAAA() {
         List<Destroyable> originalDestroyableComponents = destroyableComponents;
 
         restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
-        transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
         restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
-        transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);
 
         destroyableComponents = Collections.unmodifiableList(destroyableComponents0);
 

@@ -76,8 +76,6 @@ public class DynamicConfigModelV7 extends DynamicConfigModel {
     private final Path configPath;
     private SortedSet<AuthDomain> restAuthDomains;
     private Set<AuthorizationBackend> restAuthorizers;
-    private SortedSet<AuthDomain> transportAuthDomains;
-    private Set<AuthorizationBackend> transportAuthorizers;
     private List<Destroyable> destroyableComponents;
     private final InternalAuthenticationBackend iab;
 
@@ -234,8 +232,6 @@ private void buildAAA() {
 
         final SortedSet<AuthDomain> restAuthDomains0 = new TreeSet<>();
         final Set<AuthorizationBackend> restAuthorizers0 = new HashSet<>();
-        final SortedSet<AuthDomain> transportAuthDomains0 = new TreeSet<>();
-        final Set<AuthorizationBackend> transportAuthorizers0 = new HashSet<>();
         final List<Destroyable> destroyableComponents0 = new LinkedList<>();
         final List<AuthFailureListener> ipAuthFailureListeners0 = new ArrayList<>();
         final Multimap<String, AuthFailureListener> authBackendFailureListeners0 = ArrayListMultimap.create();
@@ -246,9 +242,8 @@ private void buildAAA() {
 
         for (final Entry<String, AuthzDomain> ad : authzDyn.getDomains().entrySet()) {
             final boolean httpEnabled = ad.getValue().http_enabled;
-            final boolean transportEnabled = ad.getValue().transport_enabled;
 
-            if (httpEnabled || transportEnabled) {
+            if (httpEnabled) {
                 try {
 
                     final String authzBackendClazz = ad.getValue().authorization_backend.type;
@@ -281,10 +276,6 @@ private void buildAAA() {
                         restAuthorizers0.add(authorizationBackend);
                     }
 
-                    if (transportEnabled) {
-                        transportAuthorizers0.add(authorizationBackend);
-                    }
-
                     if (authorizationBackend instanceof Destroyable) {
                         destroyableComponents0.add((Destroyable) authorizationBackend);
                     }
@@ -298,9 +289,8 @@ private void buildAAA() {
 
         for (final Entry<String, AuthcDomain> ad : authcDyn.getDomains().entrySet()) {
             final boolean httpEnabled = ad.getValue().http_enabled;
-            final boolean transportEnabled = ad.getValue().transport_enabled;
 
-            if (httpEnabled || transportEnabled) {
+            if (httpEnabled) {
                 try {
                     AuthenticationBackend authenticationBackend;
                     final String authBackendClazz = ad.getValue().authentication_backend.type;
@@ -359,10 +349,6 @@ private void buildAAA() {
                         restAuthDomains0.add(_ad);
                     }
 
-                    if (transportEnabled) {
-                        transportAuthDomains0.add(_ad);
-                    }
-
                     if (httpAuthenticator instanceof Destroyable) {
                         destroyableComponents0.add((Destroyable) httpAuthenticator);
                     }
@@ -398,9 +384,7 @@ private void buildAAA() {
         List<Destroyable> originalDestroyableComponents = destroyableComponents;
 
         restAuthDomains = Collections.unmodifiableSortedSet(restAuthDomains0);
-        transportAuthDomains = Collections.unmodifiableSortedSet(transportAuthDomains0);
         restAuthorizers = Collections.unmodifiableSet(restAuthorizers0);
-        transportAuthorizers = Collections.unmodifiableSet(transportAuthorizers0);
 
         destroyableComponents = Collections.unmodifiableList(destroyableComponents0);
 

@@ -38,9 +38,12 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException;
 
 import org.opensearch.security.DefaultObjectMapper;
 import org.opensearch.security.auth.internal.InternalAuthenticationBackend;
+import org.opensearch.security.setting.DeprecatedSettings;
 
 public class ConfigV6 {
 
@@ -224,8 +227,6 @@
         @JsonInclude(JsonInclude.Include.NON_NULL)
         public boolean http_enabled = true;
         @JsonInclude(JsonInclude.Include.NON_NULL)
-        public boolean transport_enabled = true;
-        @JsonInclude(JsonInclude.Include.NON_NULL)
         public boolean enabled = true;
         public int order = 0;
         public HttpAuthenticator http_authenticator = new HttpAuthenticator();
@@ -235,8 +236,6 @@
         public String toString() {
             return "AuthcDomain [http_enabled="
                 + http_enabled
-                + ", transport_enabled="
-                + transport_enabled
                 + ", enabled="
                 + enabled
                 + ", order="
@@ -248,6 +247,31 @@
                 + "]";
         }
 
+        @JsonAnySetter
+        public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
+            switch (name) {
+                case "transport_enabled":
+                    DeprecatedSettings.logCustomDeprecationMessage(
+                        String.format(
+                            "In AuthcDomain, using http_authenticator=%s, authentication_backend=%s",
+                            http_authenticator,
+                            authentication_backend
+                        ),
+                        name
+                    );
+                    break;
+                default:
+                    throw new UnrecognizedPropertyException(
+                        null,
+                        "Unrecognized field " + name + " present in the input data for AuthcDomain config",
+                        null,
+                        AuthcDomain.class,
+                        name,
+                        null
+                    );
+            }
+        }
+
     }
 
     public static class HttpAuthenticator {
@@ -337,24 +361,41 @@
         @JsonInclude(JsonInclude.Include.NON_NULL)
         public boolean http_enabled = true;
         @JsonInclude(JsonInclude.Include.NON_NULL)
-        public boolean transport_enabled = true;
-        @JsonInclude(JsonInclude.Include.NON_NULL)
         public boolean enabled = true;
         public AuthzBackend authorization_backend = new AuthzBackend();
 
         @Override
         public String toString() {
             return "AuthzDomain [http_enabled="
                 + http_enabled
-                + ", transport_enabled="
-                + transport_enabled
                 + ", enabled="
                 + enabled
                 + ", authorization_backend="
                 + authorization_backend
                 + "]";
         }
 
+        @JsonAnySetter
+        public void unknownPropertiesHandler(String name, Object value) throws JsonMappingException {
+            switch (name) {
+                case "transport_enabled":
+                    DeprecatedSettings.logCustomDeprecationMessage(
+                        String.format("In AuthzDomain, using authorization_backend=%s", authorization_backend),
+                        name
+                    );
+                    break;
+                default:
+                    throw new UnrecognizedPropertyException(
+                        null,
+                        "Unrecognized field " + name + " present in the input data for AuthzDomain config",
+                        null,
+                        AuthzDomain.class,
+                        name,
+                        null
+                    );
+            }
+        }
+
     }
 
     public static class OnBehalfOfSettings {