Adding requested tenant to the thread context transient user info for…

… consumption (#850)
opendistro-for-elasticsearch · Dec 1, 2020 · 7131b6a · 7131b6a
1 parent 7c60b4f
commit 7131b6a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/.../java/com/amazon/opendistroforelasticsearch/security/filter/OpenDistroSecurityFilter.java b/.../java/com/amazon/opendistroforelasticsearch/security/filter/OpenDistroSecurityFilter.java
@@ -98,7 +98,7 @@
 
 import static com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.isActionTraceEnabled;
 import static com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin.traceAction;
-import static com.amazon.opendistroforelasticsearch.security.support.ConfigConstants.OPENDISTRO_SECURITY_USER_AND_ROLES;
+import static com.amazon.opendistroforelasticsearch.security.support.ConfigConstants.OPENDISTRO_SECURITY_USER_INFO_THREAD_CONTEXT;
 
 public class OpenDistroSecurityFilter implements ActionFilter {
 
@@ -302,8 +302,8 @@ private <Request extends ActionRequest, Response extends ActionResponse> void ap
                 log.debug(pres);
             }
 
-            if(threadContext.getTransient(OPENDISTRO_SECURITY_USER_AND_ROLES) == null) {
-                threadContext.putTransient(OPENDISTRO_SECURITY_USER_AND_ROLES, user.getUserRolesString());
+            if(threadContext.getTransient(OPENDISTRO_SECURITY_USER_INFO_THREAD_CONTEXT) == null) {
+                threadContext.putTransient(OPENDISTRO_SECURITY_USER_INFO_THREAD_CONTEXT, user.getUserInfoString());
             }
 
             if (pres.isAllowed()) {

diff --git a/src/main/java/com/amazon/opendistroforelasticsearch/security/support/ConfigConstants.java b/src/main/java/com/amazon/opendistroforelasticsearch/security/support/ConfigConstants.java
@@ -99,7 +99,7 @@ public class ConfigConstants {
     public static final String OPENDISTRO_SECURITY_USER = OPENDISTRO_SECURITY_CONFIG_PREFIX+"user";
     public static final String OPENDISTRO_SECURITY_USER_HEADER = OPENDISTRO_SECURITY_CONFIG_PREFIX+"user_header";
 
-    public static final String OPENDISTRO_SECURITY_USER_AND_ROLES = OPENDISTRO_SECURITY_CONFIG_PREFIX + "user_and_roles";
+    public static final String OPENDISTRO_SECURITY_USER_INFO_THREAD_CONTEXT = OPENDISTRO_SECURITY_CONFIG_PREFIX + "user_info";
 
     public static final String OPENDISTRO_SECURITY_INJECTED_USER = "injected_user";
     public static final String OPENDISTRO_SECURITY_INJECTED_USER_HEADER = "injected_user_header";

diff --git a/src/main/java/com/amazon/opendistroforelasticsearch/security/user/User.java b/src/main/java/com/amazon/opendistroforelasticsearch/security/user/User.java
@@ -40,6 +40,8 @@
 import java.util.Map;
 import java.util.Set;
 
+import com.google.common.collect.ImmutableList;
+import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.io.stream.Writeable;
@@ -264,7 +266,12 @@ public final Set<String> getOpenDistroSecurityRoles() {
         return this.openDistroSecurityRoles == null ? Collections.emptySet() : Collections.unmodifiableSet(this.openDistroSecurityRoles);
     }
 
-    public final String getUserRolesString() {
-        return name + "|" + String.join(",", getRoles()) + "|" + String.join(",", getOpenDistroSecurityRoles());
+    public final String getUserInfoString() {
+        final ImmutableList.Builder<String> builder = ImmutableList.builder();
+        builder.add(name, String.join(",", getRoles()),  String.join(",", getOpenDistroSecurityRoles()));
+        if (!Strings.isNullOrEmpty(requestedTenant)) {
+            builder.add(requestedTenant);
+        }
+        return String.join("|", builder.build());
     }
 }