forked from opensearch-project/security
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Backport 2.x] Extracted the user attr handling methods from ConfigMo…
…delV7 into its own class (opensearch-project#4431)
- Loading branch information
1 parent
1a313f4
commit d19b1ef
Showing
2 changed files
with
73 additions
and
48 deletions.
There are no files selected for viewing
69 changes: 69 additions & 0 deletions
69
src/main/java/org/opensearch/security/privileges/UserAttributes.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
* | ||
* Modifications Copyright OpenSearch Contributors. See | ||
* GitHub history for details. | ||
*/ | ||
package org.opensearch.security.privileges; | ||
|
||
import java.util.Map; | ||
import java.util.Set; | ||
|
||
import com.google.common.base.Joiner; | ||
import com.google.common.collect.Iterables; | ||
|
||
import org.opensearch.security.user.User; | ||
|
||
/** | ||
* Support for interpolating user attributes used in index patterns and DLS queries. | ||
* | ||
* This code was moved over from ConfigModelV7. | ||
*/ | ||
public class UserAttributes { | ||
public static String replaceProperties(String orig, User user) { | ||
|
||
if (user == null || orig == null) { | ||
return orig; | ||
} | ||
|
||
orig = orig.replace("${user.name}", user.getName()).replace("${user_name}", user.getName()); | ||
orig = replaceRoles(orig, user); | ||
orig = replaceSecurityRoles(orig, user); | ||
for (Map.Entry<String, String> entry : user.getCustomAttributesMap().entrySet()) { | ||
if (entry == null || entry.getKey() == null || entry.getValue() == null) { | ||
continue; | ||
} | ||
orig = orig.replace("${" + entry.getKey() + "}", entry.getValue()); | ||
orig = orig.replace("${" + entry.getKey().replace('.', '_') + "}", entry.getValue()); | ||
} | ||
return orig; | ||
} | ||
|
||
private static String replaceRoles(final String orig, final User user) { | ||
String retVal = orig; | ||
if (orig.contains("${user.roles}") || orig.contains("${user_roles}")) { | ||
final String commaSeparatedRoles = toQuotedCommaSeparatedString(user.getRoles()); | ||
retVal = orig.replace("${user.roles}", commaSeparatedRoles).replace("${user_roles}", commaSeparatedRoles); | ||
} | ||
return retVal; | ||
} | ||
|
||
private static String replaceSecurityRoles(final String orig, final User user) { | ||
String retVal = orig; | ||
if (orig.contains("${user.securityRoles}") || orig.contains("${user_securityRoles}")) { | ||
final String commaSeparatedRoles = toQuotedCommaSeparatedString(user.getSecurityRoles()); | ||
retVal = orig.replace("${user.securityRoles}", commaSeparatedRoles).replace("${user_securityRoles}", commaSeparatedRoles); | ||
} | ||
return retVal; | ||
} | ||
|
||
private static String toQuotedCommaSeparatedString(final Set<String> roles) { | ||
return Joiner.on(',').join(Iterables.transform(roles, s -> { | ||
return new StringBuilder(s.length() + 2).append('"').append(s).append('"').toString(); | ||
})); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters