From 7e3824e8ae50b4367b5d4664c0925752c7da92d4 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 21 Aug 2023 14:44:07 -0700 Subject: [PATCH] Remove the wording of seconds in obo endpoint and make the expiry into configconstants Signed-off-by: Ryan Liang --- .../action/onbehalf/CreateOnBehalfOfTokenAction.java | 8 +++++--- .../org/opensearch/security/support/ConfigConstants.java | 4 ++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java index 134517e631..70b9c6cce2 100644 --- a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java +++ b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java @@ -41,6 +41,8 @@ import static org.opensearch.rest.RestRequest.Method.POST; import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix; +import static org.opensearch.security.support.ConfigConstants.OBO_DEFAULT_EXPIRY_SECONDS; +import static org.opensearch.security.support.ConfigConstants.OBO_MAX_EXPIRY_SECONDS; public class CreateOnBehalfOfTokenAction extends BaseRestHandler { @@ -129,8 +131,8 @@ public void accept(RestChannel channel) throws Exception { final Integer tokenDuration = Optional.ofNullable(requestBody.get("duration")) .map(value -> (String) value) .map(Integer::parseInt) - .map(value -> Math.min(value, 10 * 60)) // Max duration is 10 minutes - .orElse(5 * 60); // Fallback to default of 5 minutes; + .map(value -> Math.min(value, OBO_MAX_EXPIRY_SECONDS)) // Max duration is 10 minutes + .orElse(OBO_DEFAULT_EXPIRY_SECONDS); // Fallback to default of 5 minutes; final String service = (String) requestBody.getOrDefault("service", "self-issued"); final User user = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER); @@ -148,7 +150,7 @@ public void accept(RestChannel channel) throws Exception { user.getRoles().stream().collect(Collectors.toList()) ); builder.field("onBehalfOfToken", token); - builder.field("duration", tokenDuration + " seconds"); + builder.field("duration", tokenDuration); builder.endObject(); response = new BytesRestResponse(RestStatus.OK, builder); diff --git a/src/main/java/org/opensearch/security/support/ConfigConstants.java b/src/main/java/org/opensearch/security/support/ConfigConstants.java index 3b0b6a1091..5b9dd12373 100644 --- a/src/main/java/org/opensearch/security/support/ConfigConstants.java +++ b/src/main/java/org/opensearch/security/support/ConfigConstants.java @@ -319,6 +319,10 @@ public enum RolesMappingResolution { public static final String TENANCY_PRIVATE_TENANT_NAME = "private"; public static final String TENANCY_GLOBAL_TENANT_NAME = "global"; public static final String TENANCY_GLOBAL_TENANT_DEFAULT_NAME = ""; + + // On-behalf-of endpoints settings + public static final Integer OBO_DEFAULT_EXPIRY_SECONDS = 5 * 60; + public static final Integer OBO_MAX_EXPIRY_SECONDS = 10 * 60; // CS-SUPPRESS-SINGLE: RegexpSingleline get Extensions Settings public static final String EXTENSIONS_BWC_PLUGIN_MODE = "bwcPluginMode";