Update the issuer to represent the cluster

Signed-off-by: Ryan Liang <[email protected]>
opensearch-project · Jun 28, 2023 · b4be662 · b4be662
1 parent 8540862
commit b4be662
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -478,7 +478,7 @@ public List<RestHandler> getRestHandlers(Settings settings, RestController restC
                         Objects.requireNonNull(cs), Objects.requireNonNull(adminDns), Objects.requireNonNull(cr)));
                 handlers.add(new SecurityConfigUpdateAction(settings, restController, Objects.requireNonNull(threadPool), adminDns, configPath, principalExtractor));
                 handlers.add(new SecurityWhoAmIAction(settings, restController, Objects.requireNonNull(threadPool), adminDns, configPath, principalExtractor));
-                CreateOnBehalfOfTokenAction cobot = new CreateOnBehalfOfTokenAction(settings, threadPool);
+                CreateOnBehalfOfTokenAction cobot = new CreateOnBehalfOfTokenAction(settings, threadPool, Objects.requireNonNull(cs));
                 dcf.registerDCFListener(cobot);
                 handlers.add(cobot);
                 handlers.addAll(

diff --git a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java
@@ -22,6 +22,7 @@
 import org.greenrobot.eventbus.Subscribe;
 
 import org.opensearch.client.node.NodeClient;
+import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.common.transport.TransportAddress;
 import org.opensearch.core.xcontent.XContentBuilder;
@@ -31,6 +32,7 @@
 import org.opensearch.rest.RestRequest;
 import org.opensearch.rest.RestRequest.Method;
 import org.opensearch.rest.RestStatus;
+import org.opensearch.security.OpenSearchSecurityPlugin;
 import org.opensearch.security.authtoken.jwt.JwtVendor;
 import org.opensearch.security.securityconf.ConfigModel;
 import org.opensearch.security.securityconf.DynamicConfigModel;
@@ -44,6 +46,7 @@ public class CreateOnBehalfOfTokenAction extends BaseRestHandler {
 
     private JwtVendor vendor;
     private final ThreadPool threadPool;
+    private final ClusterService clusterService;
 
     private ConfigModel configModel;
 
@@ -64,8 +67,9 @@ public void onDynamicConfigModelChanged(DynamicConfigModel dcm) {
         }
     }
 
-    public CreateOnBehalfOfTokenAction(final Settings settings, final ThreadPool threadPool) {
+    public CreateOnBehalfOfTokenAction(final Settings settings, final ThreadPool threadPool, final ClusterService clusterService) {
         this.threadPool = threadPool;
+        this.clusterService = clusterService;
     }
 
     @Override
@@ -104,6 +108,8 @@ public void accept(RestChannel channel) throws Exception {
                         return;
                     }
 
+                    final String clusterIdentifier = clusterService.getClusterName().value();
+
                     final Map<String, Object> requestBody = request.contentOrSourceParamParser().map();
                     final String reason = (String)requestBody.getOrDefault("reason", null);
 
@@ -121,9 +127,8 @@ public void accept(RestChannel channel) throws Exception {
                     builder.startObject();
                     builder.field("user", user.getName());
 
-                    /* TODO: Update the issuer to represent the cluster */
                     final String token = vendor.createJwt(
-                            "OpenSearch",
+                            clusterIdentifier,
                             user.getName(),
                             source,
                             tokenDuration,