Skip to content

Commit

Permalink
[Feature/Extension] Rename the term 'extension' into 'on_behalf_of' (o…
Browse files Browse the repository at this point in the history
…pensearch-project#2774)


Signed-off-by: Ryan Liang <[email protected]>
  • Loading branch information
RyanL1997 authored May 16, 2023
1 parent f1cee3b commit fa0fcc3
Show file tree
Hide file tree
Showing 12 changed files with 26 additions and 24 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ public void shouldUseSecurityAdminTool() throws Exception {
}

@Test
public void shouldReloadExtensionsConfigurationFromFile() throws Exception {
public void shouldReloadOnBehalfOfConfigurationFromFile() throws Exception {
SecurityAdminLauncher securityAdminLauncher = new SecurityAdminLauncher(cluster.getHttpPort(), cluster.getTestCertificates());
File config = configurationDirectory.newFile("config.yml");
ConfigurationFiles.createConfigFile(config);
Expand All @@ -228,7 +228,7 @@ public void shouldReloadExtensionsConfigurationFromFile() throws Exception {
{
HttpResponse httpResponse = client.get("_plugins/_security/api/securityconfig");
JsonNode jsonNode = DefaultObjectMapper.objectMapper.readTree(httpResponse.getBody());
return jsonNode.get("config").get("dynamic").get("extensions");
return jsonNode.get("config").get("dynamic").get("on_behalf_of");

}, jsonNode -> jsonNode.get("encryption_key").asText().equals("encryption key") && jsonNode.get("signing_key").asText().equals("signing key")
);
Expand Down
2 changes: 1 addition & 1 deletion src/integrationTest/resources/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ config:
authentication_backend:
type: "internal"
config: {}
extensions:
on_behalf_of:
signing_key: "signing key"
encryption_key: "encryption key"
Original file line number Diff line number Diff line change
Expand Up @@ -838,7 +838,7 @@ public Collection<Object> createComponents(Client localClient, ClusterService cl

securityRestHandler = new SecurityRestFilter(backendRegistry, auditLog, threadPool,
principalExtractor, settings, configPath, compatConfig);
//TODO: CREATE A INSTANCE OF HTTPExtensionAuthenticationBackend
HTTPOnBehalfOfJwtAuthenticator acInstance = new HTTPOnBehalfOfJwtAuthenticator();

final DynamicConfigFactory dcf = new DynamicConfigFactory(cr, settings, configPath, localClient, threadPool, cih);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ public abstract class DynamicConfigModel {
public abstract Multimap<String, AuthFailureListener> getAuthBackendFailureListeners();
public abstract List<ClientBlockRegistry<InetAddress>> getIpClientBlockRegistries();
public abstract Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRegistries();
public abstract Settings getDynamicExtensionsSettings();
public abstract Settings getDynamicOnBehalfOfSettings();
protected final Map<String, String> authImplMap = new HashMap<>();

public DynamicConfigModel() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ public Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRe
}

@Override
public Settings getDynamicExtensionsSettings() {
public Settings getDynamicOnBehalfOfSettings() {
return Settings.EMPTY;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -190,9 +190,9 @@ public Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRe
}

@Override
public Settings getDynamicExtensionsSettings() {
public Settings getDynamicOnBehalfOfSettings() {
return Settings.builder()
.put(Settings.builder().loadFromSource(config.dynamic.extensions.configAsJson(), XContentType.JSON).build())
.put(Settings.builder().loadFromSource(config.dynamic.on_behalf_of.configAsJson(), XContentType.JSON).build())
.build();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,12 +72,14 @@ public static class Dynamic {
public String hosts_resolver_mode = "ip-only";
public String transport_userrname_attribute;
public boolean do_not_fail_on_forbidden_empty;
public Extensions extensions = new Extensions();
public OnBehalfOf on_behalf_of = new OnBehalfOf() {

};

@Override
public String toString() {
return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz="
+ authz + ", extensions=" + extensions + "]";
+ authz + ", on_behalf_of=" + on_behalf_of + "]";
}
}

Expand Down Expand Up @@ -322,7 +324,7 @@ public String toString() {

}

public static class Extensions {
public static class OnBehalfOf {
@JsonProperty("signing_key")
private String signingKey;
@JsonProperty("encryption_key")
Expand All @@ -346,7 +348,7 @@ public void setEncryptionKey(String encryptionKey) {

@Override
public String toString() {
return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -126,12 +126,12 @@ public static class Dynamic {
public String hosts_resolver_mode = "ip-only";
public String transport_userrname_attribute;
public boolean do_not_fail_on_forbidden_empty;
public Extensions extensions = new Extensions();
public OnBehalfOf on_behalf_of = new OnBehalfOf();

@Override
public String toString() {
return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz="
+ authz + ", extensions=" + extensions + "]";
+ authz + ", on_behalf_of=" + on_behalf_of + "]";
}
}

Expand Down Expand Up @@ -466,7 +466,7 @@ public String toString() {

}

public static class Extensions {
public static class OnBehalfOf {
@JsonProperty("signing_key")
private String signingKey;
@JsonProperty("encryption_key")
Expand Down Expand Up @@ -499,7 +499,7 @@ public void setEncryptionKey(String encryptionKey) {

@Override
public String toString() {
return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public void testCreateJwkFromSettingsWithoutSigningKey() throws Exception{
public void testCreateJwtWithRoles() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List<String> roles = List.of("IT", "HR");
String expectedRoles = "IT,HR";
Integer expirySeconds = 300;
Expand All @@ -64,7 +64,7 @@ public void testCreateJwtWithRoles() throws Exception {

Assert.assertEquals("cluster_0", jwt.getClaim("iss"));
Assert.assertEquals("admin", jwt.getClaim("sub"));
Assert.assertEquals("extension_0", jwt.getClaim("aud"));
Assert.assertEquals("audience_0", jwt.getClaim("aud"));
Assert.assertNotNull(jwt.getClaim("iat"));
Assert.assertNotNull(jwt.getClaim("exp"));
Assert.assertEquals(expectedExp, jwt.getClaim("exp"));
Expand All @@ -76,7 +76,7 @@ public void testCreateJwtWithRoles() throws Exception {
public void testCreateJwtWithBadExpiry() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List <String> roles = List.of("admin");
Integer expirySeconds = -300;
String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16);
Expand All @@ -91,7 +91,7 @@ public void testCreateJwtWithBadExpiry() throws Exception {
public void testCreateJwtWithBadEncryptionKey() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List <String> roles = List.of("admin");
Integer expirySeconds = 300;

Expand All @@ -105,7 +105,7 @@ public void testCreateJwtWithBadEncryptionKey() throws Exception {
public void testCreateJwtWithBadRoles() throws Exception {
String issuer = "cluster_0";
String subject = "admin";
String audience = "extension_0";
String audience = "audience_0";
List <String> roles = null;
Integer expirySecond = 300;
String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16);
Expand Down
2 changes: 1 addition & 1 deletion src/test/resources/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,6 @@ config:
multi_rolespan_enabled: false
hosts_resolver_mode: "ip-only"
transport_userrname_attribute: null
extensions:
on_behalf_of:
signing_key: "signing key"
encryption_key: "encryption key"
2 changes: 1 addition & 1 deletion src/test/resources/restapi/securityconfig.json
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@
"multi_rolespan_enabled":false,
"hosts_resolver_mode":"ip-only",
"do_not_fail_on_forbidden_empty":false,
"extensions": {
"on_behalf_of": {
}
}

Expand Down
2 changes: 1 addition & 1 deletion src/test/resources/restapi/securityconfig_nondefault.json
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@
"multi_rolespan_enabled" : true,
"hosts_resolver_mode" : "ip-only",
"do_not_fail_on_forbidden_empty" : false,
"extensions": {
"on_behalf_of": {
"signing_key": "signing key",
"encryption_key": "encryption key"
}
Expand Down

0 comments on commit fa0fcc3

Please sign in to comment.