Adds capability to introduce index listeners for all resource plugins

Signed-off-by: Darshit Chanpura <[email protected]>
DarshitChanpura · Oct 15, 2024 · d72f9c4 · d72f9c4
1 parent d0cc8a8
commit d72f9c4
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 19 deletions.
diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -121,7 +121,6 @@
 import org.opensearch.indices.IndicesService;
 import org.opensearch.indices.SystemIndexDescriptor;
 import org.opensearch.plugins.ClusterPlugin;
-import org.opensearch.plugins.ExtensiblePlugin;
 import org.opensearch.plugins.ExtensionAwarePlugin;
 import org.opensearch.plugins.IdentityPlugin;
 import org.opensearch.plugins.MapperPlugin;
@@ -244,8 +243,7 @@ public final class OpenSearchSecurityPlugin extends OpenSearchSecuritySSLPlugin
         IdentityPlugin,
         ResourceAccessControlPlugin,
         // CS-SUPPRESS-SINGLE: RegexpSingleline get Extensions Settings
-        ExtensionAwarePlugin,
-        ExtensiblePlugin
+        ExtensionAwarePlugin
 // CS-ENFORCE-SINGLE
 
 {
@@ -724,6 +722,7 @@ public void onIndexModule(IndexModule indexModule) {
                 )
             );
 
+            log.info("Indices to listen to: {}", this.indicesToListen);
             if (this.indicesToListen.contains(indexModule.getIndex().getName())) {
                 indexModule.addIndexOperationListener(ResourceSharingIndexListener.getInstance());
                 log.warn("Security plugin started listening to operations on index {}", indexModule.getIndex().getName());
@@ -859,20 +858,6 @@ public void onQueryPhase(SearchContext searchContext, long tookInNanos) {
         }
     }
 
-    // CS-SUPPRESS-SINGLE: RegexpSingleline Extensions manager used to allow/disallow TLS connections to extensions
-    @Override
-    public void loadExtensions(ExtensionLoader loader) {
-
-        log.info("Loading resource plugins");
-        for (ResourcePlugin resourcePlugin : loader.loadExtensions(ResourcePlugin.class)) {
-            String resourceIndex = resourcePlugin.getResourceIndex();
-
-            this.indicesToListen.add(resourceIndex);
-            log.info("Loaded resource plugin: {}, index: {}", resourcePlugin, resourceIndex);
-        }
-    }
-    // CS-ENFORCE-SINGLE
-
     @Override
     public List<ActionFilter> getActionFilters() {
         List<ActionFilter> filters = new ArrayList<>(1);
@@ -2113,6 +2098,15 @@ public void onNodeStarted(DiscoveryNode localNode) {
 
         // create resource sharing index if absent
         rmr.createResourceSharingIndexIfAbsent();
+
+        log.info("Loading resource plugins");
+        for (ResourcePlugin resourcePlugin : OpenSearchSecurityPlugin.GuiceHolder.getResourceService().listResourcePlugins()) {
+            String resourceIndex = resourcePlugin.getResourceIndex();
+
+            this.indicesToListen.add(resourceIndex);
+            log.info("Loaded resource plugin: {}, index: {}", resourcePlugin, resourceIndex);
+        }
+
         final Set<ModuleInfo> securityModules = ReflectionHelper.getModulesLoaded();
         log.info("{} OpenSearch Security modules loaded so far: {}", securityModules.size(), securityModules);
     }
@@ -2130,6 +2124,7 @@ public Collection<Class<? extends LifecycleComponent>> getGuiceServiceClasses()
 
         final List<Class<? extends LifecycleComponent>> services = new ArrayList<>(1);
         services.add(GuiceHolder.class);
+        log.info("Guice service classes loaded");
         return services;
     }
 
@@ -2285,13 +2280,15 @@ public GuiceHolder(
             final TransportService remoteClusterService,
             IndicesService indicesService,
             PitService pitService,
-            ExtensionsManager extensionsManager
+            ExtensionsManager extensionsManager,
+            ResourceService resourceService
         ) {
             GuiceHolder.repositoriesService = repositoriesService;
             GuiceHolder.remoteClusterService = remoteClusterService.getRemoteClusterService();
             GuiceHolder.indicesService = indicesService;
             GuiceHolder.pitService = pitService;
             GuiceHolder.extensionsManager = extensionsManager;
+            GuiceHolder.resourceService = resourceService;
         }
         // CS-ENFORCE-SINGLE
 
@@ -2317,6 +2314,10 @@ public static ExtensionsManager getExtensionsManager() {
         }
         // CS-ENFORCE-SINGLE
 
+        public static ResourceService getResourceService() {
+            return resourceService;
+        }
+
         @Override
         public void close() {}
 

diff --git a/src/test/java/org/opensearch/security/transport/SecurityInterceptorTests.java b/src/test/java/org/opensearch/security/transport/SecurityInterceptorTests.java
@@ -20,6 +20,7 @@
 import org.junit.Test;
 
 import org.opensearch.Version;
+import org.opensearch.accesscontrol.resources.ResourceService;
 import org.opensearch.action.search.PitService;
 import org.opensearch.cluster.ClusterName;
 import org.opensearch.cluster.node.DiscoveryNode;
@@ -171,7 +172,8 @@ public void setup() {
             transportService,
             mock(IndicesService.class),
             mock(PitService.class),
-            mock(ExtensionsManager.class)
+            mock(ExtensionsManager.class),
+            mock(ResourceService.class)
         );
         // CS-ENFORCE-SINGLE