Fix SystemIntegratorsTests

Signed-off-by: Craig Perkins <[email protected]>

src/main/java/org/opensearch/security/auth/BackendRegistry.java

@@ -138,11 +138,14 @@ public BackendRegistry(
         this.xffResolver = xffResolver;
         this.auditLog = auditLog;
         this.userInjector = new UserInjector(settings, threadPool, auditLog, xffResolver);
+        this.restAuthDomains = Collections.emptySortedSet();
+        this.ipAuthFailureListeners = Collections.emptyList();
 
         this.ttlInMin = settings.getAsInt(ConfigConstants.SECURITY_CACHE_TTL_MINUTES, 60);
 
         // This is going to be defined in the opensearch.yml, so it's best suited to be initialized once.
         this.injectedUserEnabled = opensearchSettings.getAsBoolean(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, false);
+        initialized = this.injectedUserEnabled;
 
         createCaches();
     }

src/main/java/org/opensearch/security/ssl/http/netty/Netty4HttpRequestHeaderVerifier.java

@@ -47,6 +47,7 @@ public class Netty4HttpRequestHeaderVerifier extends SimpleChannelInboundHandler
     private final NamedXContentRegistry xContentRegistry;
     private final HttpHandlingSettings handlingSettings;
     private final Settings settings;
+    private final boolean injectUserEnabled;
     private final boolean passthrough;
 
     public Netty4HttpRequestHeaderVerifier(
@@ -62,6 +63,8 @@ public Netty4HttpRequestHeaderVerifier(
         this.handlingSettings = handlingSettings;
         this.settings = settings;
 
+        this.injectUserEnabled = settings.getAsBoolean(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, false);
+
         boolean sslOnly = settings.getAsBoolean(ConfigConstants.SECURITY_SSL_ONLY, false);
         boolean disabled = settings.getAsBoolean(ConfigConstants.SECURITY_DISABLED, false);
         boolean client = !"node".equals(settings.get(OpenSearchSecuritySSLPlugin.CLIENT_TYPE));
@@ -88,6 +91,7 @@ public void channelRead0(ChannelHandlerContext ctx, DefaultHttpRequest msg) thro
         );
         ThreadContext threadContext = threadPool.getThreadContext();
         try (ThreadContext.StoredContext ignore = threadPool.getThreadContext().stashContext()) {
+            injectUser(restRequest, threadContext);
             boolean isAuthenticated = !restFilter.checkAndAuthenticateRequest(restRequest, interceptingRestChannel, threadContext);
 
             ThreadContext.StoredContext contextToRestore = threadPool.getThreadContext().newStoredContext(false);
@@ -114,4 +118,13 @@ public void channelRead0(ChannelHandlerContext ctx, DefaultHttpRequest msg) thro
             ctx.fireChannelRead(msg);
         }
     }
+
+    private void injectUser(RestRequest request, ThreadContext threadContext) {
+        if (this.injectUserEnabled) {
+            threadContext.putTransient(
+                ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER,
+                request.header(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER)
+            );
+        }
+    }
 }

src/test/java/org/opensearch/security/SystemIntegratorsTests.java

@@ -44,10 +44,7 @@ public class SystemIntegratorsTests extends SingleClusterTest {
     @Test
     public void testInjectedUserMalformed() throws Exception {
 
-        final Settings settings = Settings.builder()
-            .put(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, true)
-            .put("http.type", "org.opensearch.security.http.UserInjectingServerTransport")
-            .build();
+        final Settings settings = Settings.builder().put(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, true).build();
 
         setup(settings, ClusterConfiguration.USERINJECTOR);
 
@@ -115,10 +112,7 @@ public void testInjectedUserMalformed() throws Exception {
     @Test
     public void testInjectedUser() throws Exception {
 
-        final Settings settings = Settings.builder()
-            .put(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, true)
-            .put("http.type", "org.opensearch.security.http.UserInjectingServerTransport")
-            .build();
+        final Settings settings = Settings.builder().put(ConfigConstants.SECURITY_UNSUPPORTED_INJECT_USER_ENABLED, true).build();
 
         setup(settings, ClusterConfiguration.USERINJECTOR);
 
@@ -132,6 +126,7 @@ public void testInjectedUser() throws Exception {
             new BasicHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_USER, "admin||127.0.0:80|")
         );
         Assert.assertEquals(HttpStatus.SC_OK, resc.getStatusCode());
+        System.out.println("resc.getBody(): " + resc.getBody());
         Assert.assertTrue(resc.getBody().contains("User [name=admin, backend_roles=[], requestedTenant=null]"));
         Assert.assertTrue(resc.getBody().contains("\"remote_address\":\"127.0.0.0:80\""));
         Assert.assertTrue(resc.getBody().contains("\"backend_roles\":[]"));
@@ -250,7 +245,7 @@ public void testInjectedUser() throws Exception {
     @Test
     public void testInjectedUserDisabled() throws Exception {
 
-        final Settings settings = Settings.builder().put("http.type", "org.opensearch.security.http.UserInjectingServerTransport").build();
+        final Settings settings = Settings.builder().build();
 
         setup(settings, ClusterConfiguration.USERINJECTOR);
 
@@ -276,7 +271,6 @@ public void testInjectedAdminUser() throws Exception {
                 ConfigConstants.SECURITY_AUTHCZ_ADMIN_DN,
                 Lists.newArrayList("CN=kirk,OU=client,O=client,L=Test,C=DE", "injectedadmin")
             )
-            .put("http.type", "org.opensearch.security.http.UserInjectingServerTransport")
             .build();
 
         setup(settings, ClusterConfiguration.USERINJECTOR);
@@ -312,7 +306,6 @@ public void testInjectedAdminUserAdminInjectionDisabled() throws Exception {
                 ConfigConstants.SECURITY_AUTHCZ_ADMIN_DN,
                 Lists.newArrayList("CN=kirk,OU=client,O=client,L=Test,C=DE", "injectedadmin")
             )
-            .put("http.type", "org.opensearch.security.http.UserInjectingServerTransport")
             .build();
 
         setup(settings, ClusterConfiguration.USERINJECTOR);

src/test/java/org/opensearch/security/test/helper/cluster/ClusterConfiguration.java

@@ -41,7 +41,6 @@
 import org.opensearch.script.mustache.MustacheModulePlugin;
 import org.opensearch.search.aggregations.matrix.MatrixAggregationModulePlugin;
 import org.opensearch.security.OpenSearchSecurityPlugin;
-import org.opensearch.security.test.plugin.UserInjectorPlugin;
 import org.opensearch.transport.Netty4ModulePlugin;
 
 public enum ClusterConfiguration {
@@ -79,11 +78,7 @@ public enum ClusterConfiguration {
     CLIENTNODE(new NodeSettings(true, false), new NodeSettings(false, true), new NodeSettings(false, true), new NodeSettings(false, false)),
 
     // 3 nodes (1m, 2d) plus additional UserInjectorPlugin
-    USERINJECTOR(
-        new NodeSettings(true, false, Lists.newArrayList(UserInjectorPlugin.class)),
-        new NodeSettings(false, true, Lists.newArrayList(UserInjectorPlugin.class)),
-        new NodeSettings(false, true, Lists.newArrayList(UserInjectorPlugin.class))
-    );
+    USERINJECTOR(new NodeSettings(true, false), new NodeSettings(false, true), new NodeSettings(false, true));
 
     private List<NodeSettings> nodeSettings = new LinkedList<>();