Address review feedback

Signed-off-by: Craig Perkins <[email protected]>
cwperks · Dec 11, 2024 · 3e353c9 · 3e353c9
1 parent 2a0aa3a
commit 3e353c9
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 17 deletions.
diff --git a/src/integrationTest/java/org/opensearch/security/ThreadPoolTests.java b/src/integrationTest/java/org/opensearch/security/ThreadPoolTests.java
@@ -21,7 +21,6 @@
 import org.opensearch.common.xcontent.XContentFactory;
 import org.opensearch.core.rest.RestStatus;
 import org.opensearch.core.xcontent.XContentBuilder;
-import org.opensearch.security.http.ExampleSystemIndexPlugin;
 import org.opensearch.test.framework.TestSecurityConfig.AuthcDomain;
 import org.opensearch.test.framework.cluster.ClusterManager;
 import org.opensearch.test.framework.cluster.LocalCluster;
@@ -47,7 +46,6 @@ public class ThreadPoolTests {
         .anonymousAuth(false)
         .authc(AUTHC_DOMAIN)
         .users(USER_ADMIN)
-        .plugin(ExampleSystemIndexPlugin.class)
         .nodeSettings(Map.of(SECURITY_RESTAPI_ROLES_ENABLED, List.of("user_" + USER_ADMIN.getName() + "__" + ALL_ACCESS.getName())))
         .build();
 

diff --git a/.../java/org/opensearch/security/plugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java b/.../java/org/opensearch/security/plugin/RestBulkIndexDocumentIntoMixOfSystemIndexAction.java
@@ -18,7 +18,6 @@
 import org.opensearch.action.support.WriteRequest;
 import org.opensearch.client.Client;
 import org.opensearch.client.node.NodeClient;
-import org.opensearch.common.xcontent.XContentType;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.core.rest.RestStatus;
 import org.opensearch.core.xcontent.ToXContent;
@@ -61,8 +60,8 @@ public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client
             public void accept(RestChannel channel) throws Exception {
                 contextSwitcher.runAs(() -> {
                     BulkRequestBuilder builder = client.prepareBulk();
-                    builder.add(new IndexRequest(SYSTEM_INDEX_1).source("{\"content\":1}", XContentType.JSON));
-                    builder.add(new IndexRequest(SYSTEM_INDEX_2).source("{\"content\":1}", XContentType.JSON));
+                    builder.add(new IndexRequest(SYSTEM_INDEX_1).source("content", 1));
+                    builder.add(new IndexRequest(SYSTEM_INDEX_2).source("content", 1));
                     builder.setRefreshPolicy(WriteRequest.RefreshPolicy.IMMEDIATE);
                     BulkRequest bulkRequest = builder.request();
                     client.bulk(bulkRequest, ActionListener.wrap(r -> {

diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java
@@ -391,16 +391,11 @@ public boolean authenticate(final SecurityRequestChannel request) {
 
         if (authenticated) {
             final User impersonatedUser = impersonate(request, authenticatedUser);
-            threadPool.getThreadContext()
-                .putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, impersonatedUser == null ? authenticatedUser : impersonatedUser);
-            UserSubject subject = new SecurityUser(threadPool, impersonatedUser == null ? authenticatedUser : impersonatedUser);
+            final User effectiveUser = impersonatedUser == null ? authenticatedUser : impersonatedUser;
+            threadPool.getThreadContext().putTransient(ConfigConstants.OPENDISTRO_SECURITY_USER, effectiveUser);
+            UserSubject subject = new SecurityUser(threadPool, effectiveUser);
             threadPool.getThreadContext().putPersistent(ConfigConstants.OPENDISTRO_SECURITY_AUTHENTICATED_USER, subject);
-            auditLog.logSucceededLogin(
-                (impersonatedUser == null ? authenticatedUser : impersonatedUser).getName(),
-                false,
-                authenticatedUser.getName(),
-                request
-            );
+            auditLog.logSucceededLogin(effectiveUser.getName(), false, authenticatedUser.getName(), request);
         } else {
             if (isDebugEnabled) {
                 log.debug("User still not authenticated after checking {} auth domains", restAuthDomains.size());

diff --git a/src/main/java/org/opensearch/security/filter/SecurityFilter.java b/src/main/java/org/opensearch/security/filter/SecurityFilter.java
@@ -319,9 +319,7 @@ private <Request extends ActionRequest, Response extends ActionResponse> void ap
 
             if (Origin.LOCAL.toString().equals(threadContext.getTransient(ConfigConstants.OPENDISTRO_SECURITY_ORIGIN))
                 && (interClusterRequest || HeaderHelper.isDirectRequest(threadContext))
-                && (injectedRoles == null)
-                && (user == null)
-                && !enforcePrivilegesEvaluation) {
+                && (user == null)) {
 
                 chain.proceed(task, action, request, listener);
                 return;