Cleanup reflection helper and advanced modules enabled / dls fls enab… (

opensearch-project#1001)

* Cleanup reflection helper and advanced modules enabled / dls fls enabled properties

src/main/java/com/amazon/opendistroforelasticsearch/security/auditlog/impl/AuditLogImpl.java

@@ -46,7 +46,6 @@ public final class AuditLogImpl extends AbstractAuditLog {
 
 	private final AuditMessageRouter messageRouter;
 	private final Settings settings;
-	private final boolean dlsFlsAvailable;
 	private final boolean messageRouterEnabled;
 	private volatile boolean enabled;
 	private final Thread shutdownHook;
@@ -57,7 +56,7 @@ public AuditLogImpl(final Settings settings,
 			final ThreadPool threadPool,
 			final IndexNameExpressionResolver resolver,
 			final ClusterService clusterService) {
-		this(settings, configPath, clientProvider, threadPool, resolver, clusterService, null, true);
+		this(settings, configPath, clientProvider, threadPool, resolver, clusterService, null);
 	}
 
 	public AuditLogImpl(final Settings settings,
@@ -66,14 +65,9 @@ public AuditLogImpl(final Settings settings,
 						final ThreadPool threadPool,
 						final IndexNameExpressionResolver resolver,
 						final ClusterService clusterService,
-						final Environment environment,
-						final boolean dlsFlsAvailable) {
+						final Environment environment) {
 		super(settings, threadPool, resolver, clusterService, environment);
 		this.settings = settings;
-		this.dlsFlsAvailable = dlsFlsAvailable;
-		if (!dlsFlsAvailable) {
-			log.debug("Changes to Compliance config will ignored because DLS-FLS is not available.");
-		}
 		this.messageRouter = new AuditMessageRouter(settings, clientProvider, threadPool, configPath);
 		this.messageRouterEnabled = this.messageRouter.isEnabled();
 
@@ -88,9 +82,7 @@ public AuditLogImpl(final Settings settings,
 	public void setConfig(final AuditConfig auditConfig) {
 		enabled = auditConfig.isEnabled() && messageRouterEnabled;
 		onAuditConfigFilterChanged(auditConfig.getFilter());
-		if (dlsFlsAvailable) {
-			onComplianceConfigChanged(auditConfig.getCompliance());
-		}
+		onComplianceConfigChanged(auditConfig.getCompliance());
 	}
 
 	@Override

src/main/java/com/amazon/opendistroforelasticsearch/security/privileges/PrivilegesEvaluator.java

@@ -125,13 +125,13 @@ public class PrivilegesEvaluator {
 
     private final DlsFlsEvaluator dlsFlsEvaluator;
 
-    private final boolean advancedModulesEnabled;
+    private final boolean dlsFlsEnabled;
     private DynamicConfigModel dcm;
 
     public PrivilegesEvaluator(final ClusterService clusterService, final ThreadPool threadPool,
                                final ConfigurationRepository configurationRepository, final IndexNameExpressionResolver resolver,
                                AuditLog auditLog, final Settings settings, final PrivilegesInterceptor privilegesInterceptor, final ClusterInfoHolder clusterInfoHolder,
-                               final IndexResolverReplacer irr, boolean advancedModulesEnabled) {
+                               final IndexResolverReplacer irr, boolean dlsFlsEnabled) {
 
         super();
         this.clusterService = clusterService;
@@ -152,7 +152,7 @@ public PrivilegesEvaluator(final ClusterService clusterService, final ThreadPool
         protectedIndexAccessEvaluator = new OpenDistroProtectedIndexAccessEvaluator(settings, auditLog);
         dlsFlsEvaluator = new DlsFlsEvaluator(settings, threadPool);
         termsAggregationEvaluator = new TermsAggregationEvaluator();
-        this.advancedModulesEnabled = advancedModulesEnabled;
+        this.dlsFlsEnabled = dlsFlsEnabled;
     }
 
     @Subscribe
@@ -245,7 +245,7 @@ public PrivilegesEvaluatorResponse evaluate(final User user, String action0, fin
 
 
         // check dlsfls
-        if (advancedModulesEnabled
+        if (dlsFlsEnabled
                 //&& (action0.startsWith("indices:data/read") || action0.equals(ClusterSearchShardsAction.NAME))
                 && dlsFlsEvaluator.evaluate(request, clusterService, resolver, requestedResolved, user, securityRoles, presponse).isComplete()) {
             return presponse;

src/main/java/com/amazon/opendistroforelasticsearch/security/securityconf/DynamicConfigModelV6.java

@@ -355,19 +355,12 @@ private void destroyDestroyables(List<Destroyable> destroyableComponents) {
     private <T> T newInstance(final String clazzOrShortcut, String type, final Settings settings, final Path configPath) {
 
         String clazz = clazzOrShortcut;
-        boolean isEnterprise = false;
 
         if(authImplMap.containsKey(clazz+"_"+type)) {
             clazz = authImplMap.get(clazz+"_"+type);
-        } else {
-            isEnterprise = true;
-        }
-
-        if(ReflectionHelper.isAdvancedModuleAAAModule(clazz)) {
-            isEnterprise = true;
         }
 
-        return ReflectionHelper.instantiateAAA(clazz, settings, configPath, isEnterprise);
+        return ReflectionHelper.instantiateAAA(clazz, settings, configPath);
     }
 
     private String translateShortcutToClassName(final String clazzOrShortcut, final String type) {

src/main/java/com/amazon/opendistroforelasticsearch/security/securityconf/DynamicConfigModelV7.java

@@ -354,19 +354,12 @@ private void destroyDestroyables(List<Destroyable> destroyableComponents) {
     private <T> T newInstance(final String clazzOrShortcut, String type, final Settings settings, final Path configPath) {
 
         String clazz = clazzOrShortcut;
-        boolean isEnterprise = false;
 
         if(authImplMap.containsKey(clazz+"_"+type)) {
             clazz = authImplMap.get(clazz+"_"+type);
-        } else {
-            isEnterprise = true;
-        }
-
-        if(ReflectionHelper.isAdvancedModuleAAAModule(clazz)) {
-            isEnterprise = true;
         }
 
-        return ReflectionHelper.instantiateAAA(clazz, settings, configPath, isEnterprise);
+        return ReflectionHelper.instantiateAAA(clazz, settings, configPath);
     }
 
     private String translateShortcutToClassName(final String clazzOrShortcut, final String type) {

src/main/java/com/amazon/opendistroforelasticsearch/security/support/ReflectionHelper.java

@@ -31,38 +31,19 @@
 package com.amazon.opendistroforelasticsearch.security.support;
 
 import java.io.InputStream;
-import java.lang.reflect.Constructor;
 import java.net.URL;
 import java.nio.file.Path;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;
 
-import com.amazon.opendistroforelasticsearch.security.auditlog.impl.AuditLogImpl;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.elasticsearch.ElasticsearchException;
-import org.elasticsearch.client.Client;
-import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
-import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.env.Environment;
-import org.elasticsearch.index.IndexService;
-import org.elasticsearch.rest.RestController;
-import org.elasticsearch.rest.RestHandler;
-import org.elasticsearch.threadpool.ThreadPool;
 
-import com.amazon.opendistroforelasticsearch.security.auditlog.AuditLog;
-import com.amazon.opendistroforelasticsearch.security.auditlog.NullAuditLog;
-import com.amazon.opendistroforelasticsearch.security.compliance.ComplianceIndexingOperationListener;
-import com.amazon.opendistroforelasticsearch.security.configuration.AdminDNs;
-import com.amazon.opendistroforelasticsearch.security.configuration.DlsFlsRequestValve;
-import com.amazon.opendistroforelasticsearch.security.configuration.ConfigurationRepository;
-import com.amazon.opendistroforelasticsearch.security.privileges.PrivilegesEvaluator;
-import com.amazon.opendistroforelasticsearch.security.privileges.PrivilegesInterceptor;
 import com.amazon.opendistroforelasticsearch.security.ssl.transport.DefaultPrincipalExtractor;
 import com.amazon.opendistroforelasticsearch.security.ssl.transport.PrincipalExtractor;
 import com.amazon.opendistroforelasticsearch.security.transport.DefaultInterClusterRequestEvaluator;
@@ -78,156 +59,8 @@ public static Set<ModuleInfo> getModulesLoaded() {
         return Collections.unmodifiableSet(modulesLoaded);
     }
 
-    private static boolean advancedModulesDisabled() {
-        return !advancedModulesEnabled;
-    }
-
-    public static void registerMngtRestApiHandler(final Settings settings) {
-
-        if (advancedModulesDisabled()) {
-            return;
-        }
-
-        if(!settings.getAsBoolean("http.enabled", true)) {
-
-            try {
-                final Class<?> clazz = Class.forName("com.amazon.opendistroforelasticsearch.security.dlic.rest.api.OpenDistroSecurityRestApiActions");
-                //addLoadedModule(clazz);
-                //no addLoadedModule(clazz) here because its not a typical module
-                //and it is not loaded in every case/on every node
-            } catch (final Throwable e) {
-                log.warn("Unable to register Rest Management Api Module due to {}", e.toString());
-                if(log.isDebugEnabled()) {
-                    log.debug("Stacktrace: ",e);
-                }
-            }
-        }
-    }
-
     @SuppressWarnings("unchecked")
-    public static Collection<RestHandler> instantiateMngtRestApiHandler(final Settings settings, final Path configPath, final RestController restController,
-            final Client localClient, final AdminDNs adminDns, final ConfigurationRepository cr, final ClusterService cs, final PrincipalExtractor principalExtractor,
-            final PrivilegesEvaluator evaluator, final ThreadPool threadPool, final AuditLog auditlog) {
-
-        if (advancedModulesDisabled()) {
-            return Collections.emptyList();
-        }
-
-        try {
-            final Class<?> clazz = Class.forName("com.amazon.opendistroforelasticsearch.security.dlic.rest.api.OpenDistroSecurityRestApiActions");
-            final Collection<RestHandler> ret = (Collection<RestHandler>) clazz
-                    .getDeclaredMethod("getHandler", Settings.class, Path.class, RestController.class, Client.class, AdminDNs.class, ConfigurationRepository.class,
-                            ClusterService.class, PrincipalExtractor.class, PrivilegesEvaluator.class, ThreadPool.class, AuditLog.class)
-                    .invoke(null, settings, configPath, restController, localClient, adminDns, cr, cs, principalExtractor, evaluator, threadPool, auditlog);
-            addLoadedModule(clazz);
-            return ret;
-        } catch (final Throwable e) {
-            log.warn("Unable to enable Rest Management Api Module due to {}", e.toString());
-            if(log.isDebugEnabled()) {
-                log.debug("Stacktrace: ",e);
-            }
-            return Collections.emptyList();
-        }
-    }
-
-    public static DlsFlsRequestValve instantiateDlsFlsValve() {
-
-        if (advancedModulesDisabled()) {
-            return new DlsFlsRequestValve.NoopDlsFlsRequestValve();
-        }
-
-        try {
-            final Class<?> clazz = Class.forName("com.amazon.opendistroforelasticsearch.security.configuration.DlsFlsValveImpl");
-            final DlsFlsRequestValve ret = (DlsFlsRequestValve) clazz.newInstance();
-            return ret;
-        } catch (final Throwable e) {
-            log.warn("Unable to enable DLS/FLS Valve Module due to {}", e.toString());
-            if(log.isDebugEnabled()) {
-                log.debug("Stacktrace: ",e);
-            }
-            return new DlsFlsRequestValve.NoopDlsFlsRequestValve();
-        }
-    }
-
-    public static AuditLog instantiateAuditLog(final Settings settings, final Path configPath, final Client localClient, final ThreadPool threadPool, final IndexNameExpressionResolver resolver, final ClusterService clusterService, final boolean dlsFlsAvailable, final Environment environment) {
-
-        if (advancedModulesDisabled()) {
-            return new NullAuditLog();
-        }
-
-        try {
-            final AuditLog impl = new AuditLogImpl(settings, configPath, localClient, threadPool, resolver, clusterService, environment, dlsFlsAvailable);
-            addLoadedModule(AuditLogImpl.class);
-            return impl;
-        } catch (final Throwable e) {
-            log.warn("Unable to enable Auditlog Module due to {}", e.toString());
-            if(log.isDebugEnabled()) {
-                log.debug("Stacktrace: ",e);
-            }
-            return new NullAuditLog();
-        }
-    }
-
-    public static ComplianceIndexingOperationListener instantiateComplianceListener(AuditLog auditlog) {
-
-        if (advancedModulesDisabled()) {
-            return new ComplianceIndexingOperationListener();
-        }
-
-        try {
-            final Class<?> clazz = Class.forName("com.amazon.opendistroforelasticsearch.security.compliance.ComplianceIndexingOperationListenerImpl");
-            final ComplianceIndexingOperationListener impl = (ComplianceIndexingOperationListener) clazz
-                    .getConstructor(AuditLog.class)
-                    .newInstance(auditlog);
-            addLoadedModule(clazz);
-            return impl;
-        } catch (final ClassNotFoundException e) {
-            //TODO produce a single warn msg, this here is issued for every index
-           log.debug("Unable to enable Compliance Module due to {}", e.toString());
-           if(log.isDebugEnabled()) {
-               log.debug("Stacktrace: ",e);
-           }
-           return new ComplianceIndexingOperationListener();
-        } catch (final Throwable e) {
-            log.error("Unable to enable Compliance Module due to {}", e.toString());
-            if(log.isDebugEnabled()) {
-                log.debug("Stacktrace: ",e);
-            }
-            return new ComplianceIndexingOperationListener();
-        }
-    }
-
-    public static PrivilegesInterceptor instantiatePrivilegesInterceptorImpl(final IndexNameExpressionResolver resolver, final ClusterService clusterService,
-            final Client localClient, final ThreadPool threadPool) {
-
-        final PrivilegesInterceptor noop = new PrivilegesInterceptor(resolver, clusterService, localClient, threadPool);
-
-        if (advancedModulesDisabled()) {
-            return noop;
-        }
-
-        try {
-            final Class<?> clazz = Class.forName("com.amazon.opendistroforelasticsearch.security.configuration.PrivilegesInterceptorImpl");
-            final PrivilegesInterceptor ret = (PrivilegesInterceptor) clazz.getConstructor(IndexNameExpressionResolver.class, ClusterService.class, Client.class, ThreadPool.class)
-                    .newInstance(resolver, clusterService, localClient, threadPool);
-            addLoadedModule(clazz);
-            return ret;
-        } catch (final Throwable e) {
-            log.warn("Unable to enable Kibana Module due to {}", e.toString());
-            if(log.isDebugEnabled()) {
-                log.debug("Stacktrace: ",e);
-            }
-            return noop;
-        }
-    }
-
-    @SuppressWarnings("unchecked")
-    public static <T> T instantiateAAA(final String clazz, final Settings settings, final Path configPath, final boolean checkEnterprise) {
-
-        if (advancedModulesDisabled()) {
-            throw new ElasticsearchException("Can not load '{}' because advanced modules are disabled", clazz);
-        }
-
+    public static <T> T instantiateAAA(final String clazz, final Settings settings, final Path configPath) {
         try {
             final Class<?> clazz0 = Class.forName(clazz);
             final T ret = (T) clazz0.getConstructor(Settings.class, Path.class).newInstance(settings, configPath);
@@ -246,7 +79,6 @@ public static <T> T instantiateAAA(final String clazz, final Settings settings,
     }
 
     public static InterClusterRequestEvaluator instantiateInterClusterRequestEvaluator(final String clazz, final Settings settings) {
-
         try {
             final Class<?> clazz0 = Class.forName(clazz);
             final InterClusterRequestEvaluator ret = (InterClusterRequestEvaluator) clazz0.getConstructor(Settings.class).newInstance(settings);
@@ -262,7 +94,6 @@ public static InterClusterRequestEvaluator instantiateInterClusterRequestEvaluat
     }
 
     public static PrincipalExtractor instantiatePrincipalExtractor(final String clazz) {
-
         try {
             final Class<?> clazz0 = Class.forName(clazz);
             final PrincipalExtractor ret = (PrincipalExtractor) clazz0.newInstance();
@@ -277,36 +108,6 @@ public static PrincipalExtractor instantiatePrincipalExtractor(final String claz
         }
     }
 
-    public static boolean isAdvancedModuleAAAModule(final String clazz) {
-        boolean advancedModuleInstalled = false;
-
-        if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.ldap.backend.LDAPAuthorizationBackend")) {
-            advancedModuleInstalled = true;
-        }
-
-        if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.ldap.backend.LDAPAuthenticationBackend")) {
-            advancedModuleInstalled = true;
-        }
-
-        if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator")) {
-            advancedModuleInstalled = true;
-        }
-
-        if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.jwt.keybyoidc.HTTPJwtKeyByOpenIdConnectAuthenticator")) {
-            advancedModuleInstalled = true;
-        }
-
-        if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.kerberos.HTTPSpnegoAuthenticator")) {
-            advancedModuleInstalled = true;
-        }
-
-        if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticator")) {
-            advancedModuleInstalled = true;
-        }
-
-        return advancedModuleInstalled;
-    }
-
     public static boolean addLoadedModule(Class<?> clazz) {
         ModuleInfo moduleInfo = getModuleInfo(clazz);
         if (log.isDebugEnabled()) {
@@ -315,13 +116,6 @@ public static boolean addLoadedModule(Class<?> clazz) {
         return modulesLoaded.add(moduleInfo);
     }
 
-    private static boolean advancedModulesEnabled;
-
-    // TODO static hack
-    public static void init(final boolean advancedModulesEnabled) {
-        ReflectionHelper.advancedModulesEnabled = advancedModulesEnabled;
-    }
-
     private static ModuleInfo getModuleInfo(final Class<?> impl) {
 
         ModuleType moduleType = ModuleType.getByDefaultImplClass(impl);