From 9331809447eb00c79b0ee36e681574b1d69563ce Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Fri, 3 Nov 2023 16:43:15 -0400 Subject: [PATCH] [Backport 2.x] OnBehalfOf tokens feature is disabled by default (#3645) Backport 823a31192bf166490bda92c54069a8987761ee97 from #3643. Signed-off-by: Craig Perkins Signed-off-by: Craig Perkins Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] --- .../security/securityconf/impl/v6/ConfigV6.java | 2 +- .../security/securityconf/impl/v7/ConfigV7.java | 4 +++- .../security/securityconf/impl/v6/ConfigV6Test.java | 10 ++++++++++ .../security/securityconf/impl/v7/ConfigV7Test.java | 10 ++++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java b/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java index 79a745c54e..0c95e56bd1 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java @@ -359,7 +359,7 @@ public String toString() { public static class OnBehalfOfSettings { @JsonProperty("enabled") - private Boolean oboEnabled = Boolean.TRUE; + private Boolean oboEnabled = Boolean.FALSE; @JsonProperty("signing_key") private String signingKey; @JsonProperty("encryption_key") diff --git a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java index 8fb2199ddf..faeb5d2432 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java @@ -148,6 +148,8 @@ public String toString() { + authc + ", authz=" + authz + + ", on_behalf_of=" + + on_behalf_of + "]"; } } @@ -482,7 +484,7 @@ public String toString() { public static class OnBehalfOfSettings { @JsonProperty("enabled") - private Boolean oboEnabled = Boolean.TRUE; + private Boolean oboEnabled = Boolean.FALSE; @JsonProperty("signing_key") private String signingKey; @JsonProperty("encryption_key") diff --git a/src/test/java/org/opensearch/security/securityconf/impl/v6/ConfigV6Test.java b/src/test/java/org/opensearch/security/securityconf/impl/v6/ConfigV6Test.java index 245127995e..f9febb3bda 100644 --- a/src/test/java/org/opensearch/security/securityconf/impl/v6/ConfigV6Test.java +++ b/src/test/java/org/opensearch/security/securityconf/impl/v6/ConfigV6Test.java @@ -106,4 +106,14 @@ public void testDashboards() throws Exception { assertEquals(kibana, DefaultObjectMapper.readTree(json)); assertEquals(kibana, DefaultObjectMapper.readValue(json, ConfigV6.Kibana.class)); } + + @Test + public void testOnBehalfOfSettings() { + ConfigV6.OnBehalfOfSettings oboSettings; + + oboSettings = new ConfigV6.OnBehalfOfSettings(); + Assert.assertEquals(oboSettings.getOboEnabled(), Boolean.FALSE); + Assert.assertNull(oboSettings.getSigningKey()); + Assert.assertNull(oboSettings.getEncryptionKey()); + } } diff --git a/src/test/java/org/opensearch/security/securityconf/impl/v7/ConfigV7Test.java b/src/test/java/org/opensearch/security/securityconf/impl/v7/ConfigV7Test.java index 92af5aeebd..07d446074c 100644 --- a/src/test/java/org/opensearch/security/securityconf/impl/v7/ConfigV7Test.java +++ b/src/test/java/org/opensearch/security/securityconf/impl/v7/ConfigV7Test.java @@ -97,4 +97,14 @@ public void testDashboards() throws Exception { assertEquals(kibana, DefaultObjectMapper.readTree(json)); assertEquals(kibana, DefaultObjectMapper.readValue(json, ConfigV7.Kibana.class)); } + + @Test + public void testOnBehalfOfSettings() { + ConfigV7.OnBehalfOfSettings oboSettings; + + oboSettings = new ConfigV7.OnBehalfOfSettings(); + Assert.assertEquals(oboSettings.getOboEnabled(), Boolean.FALSE); + Assert.assertNull(oboSettings.getSigningKey()); + Assert.assertNull(oboSettings.getEncryptionKey()); + } }