Introduction of AuthToken Authenticator and AuthenticationBackend

[palashhedau]

opendistro-for-elasticsearch/security pull request intake form

Please provide as much details as possible to get feedback/acceptance on your PR quickly

1. Category: (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
   New feature - Auth Token Authenticator and AuthenticationBackend

2. Github Issue # or road-map entry, if available:

3. Description of changes:
   CR Handle PerformanceAnalyzer transport channel. #1 for AuthToken - Intoduction of Auth Token Authenticator and AuthenticationBackend
   Asynchronous operation for AuthToken Authentication Backend
   Addition of new Field in security for auth token jwt configuration - auth_token_provider

4. Why these changes are required?
   New Functionality

5. What is the old behavior before changes and new behavior after changes? (Please add any example/logs/screen-shot if available)

6. Testing done: (Please provide details of testing done: Unit testing, integration testing and manual testing)
   Tested manually for old DI
   Added unit test for auth_token_provider field
   Tested Serialization and Deserialization of User class

7. TO-DOs, if any: (Please describe pending items and provide Github issues# for each of them)

8. Is it backport from master branch? (If yes, please add backport PR # and commits #)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov]

Codecov Report

Merging #1000 (3fc065f) into main (68e7e08) will decrease coverage by 0.35%.
The diff coverage is 38.15%.

@@             Coverage Diff              @@
##               main    #1000      +/-   ##
============================================
- Coverage     64.47%   64.12%   -0.36%     
- Complexity     3168     3178      +10     
============================================
  Files           244      252       +8     
  Lines         17034    17274     +240     
  Branches       3022     3042      +20     
============================================
+ Hits          10983    11077      +94     
- Misses         4517     4653     +136     
- Partials       1534     1544      +10     

Impacted Files	Coverage Δ	Complexity Δ
...ic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java	47.25% <0.00%> (-2.75%)	11.00 <0.00> (ø)
...c/auth/ldap/backend/LDAPAuthenticationBackend.java	79.27% <ø> (ø)	23.00 <0.00> (ø)
...on/dlic/auth/ldap2/LDAPAuthenticationBackend2.java	66.01% <ø> (ø)	16.00 <0.00> (ø)
...ticsearch/security/auth/AuthenticationBackend.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...earch/security/auth/SyncAuthenticationBackend.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...search/security/auth/SyncAuthorizationBackend.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...urity/auth/internal/NoOpAuthenticationBackend.java	80.00% <ø> (ø)	3.00 <0.00> (ø)
...forelasticsearch/security/authtoken/AuthToken.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
.../authenticator/AuthTokenAuthenticationBackend.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
...n/authenticator/AuthTokenHttpJwtAuthenticator.java	0.00% <0.00%> (ø)	0.00 <0.00> (?)
... and 21 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 68e7e08...3fc065f. Read the comment docs.

[debjanibnrj]

How will this be class be initialized? It does not have setters and uses empty constructor

[palashhedau]

This class is not fully written as a part of this CR. It will be initialized in the upcoming one. This class is just introduced as other class has dependency.

public AuthToken getTokenByClaims(Map<String, Object> claims) {
return null;
}

[debjanibnrj]

do we need to initialize settings and configPath?

[palashhedau]

Actually we dont require it. The HTTPAuthenticator initializer expect the class to have this constructor with "final Settings settings, final Path configPath" params and hence its mandatory

[palashhedau]

But now changing the implementator requires it to pass it to superclass, so now in use :)

[debjanibnrj]

what does this object store?

[palashhedau]

It is a builder class for AuthCredentials. Its supposed to have similar class element structure as that of a AuthCredentials class

[peternied]

@palashhedau this pull request has been sitting for a considerable time now, I am going to close this out. Let me know if you'd like to reopen it and work towards getting this merged.