diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java index 1bda1b2c52..b882a3524e 100644 --- a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java +++ b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java @@ -478,7 +478,7 @@ public List getRestHandlers(Settings settings, RestController restC Objects.requireNonNull(cs), Objects.requireNonNull(adminDns), Objects.requireNonNull(cr))); handlers.add(new SecurityConfigUpdateAction(settings, restController, Objects.requireNonNull(threadPool), adminDns, configPath, principalExtractor)); handlers.add(new SecurityWhoAmIAction(settings, restController, Objects.requireNonNull(threadPool), adminDns, configPath, principalExtractor)); - CreateOnBehalfOfTokenAction cobot = new CreateOnBehalfOfTokenAction(settings, threadPool); + CreateOnBehalfOfTokenAction cobot = new CreateOnBehalfOfTokenAction(settings, threadPool, Objects.requireNonNull(cs)); dcf.registerDCFListener(cobot); handlers.add(cobot); handlers.addAll( diff --git a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java index c273c073f9..7a621f0209 100644 --- a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java +++ b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java @@ -22,6 +22,7 @@ import org.greenrobot.eventbus.Subscribe; import org.opensearch.client.node.NodeClient; +import org.opensearch.cluster.service.ClusterService; import org.opensearch.common.settings.Settings; import org.opensearch.common.transport.TransportAddress; import org.opensearch.core.xcontent.XContentBuilder; @@ -31,6 +32,7 @@ import org.opensearch.rest.RestRequest; import org.opensearch.rest.RestRequest.Method; import org.opensearch.rest.RestStatus; +import org.opensearch.security.OpenSearchSecurityPlugin; import org.opensearch.security.authtoken.jwt.JwtVendor; import org.opensearch.security.securityconf.ConfigModel; import org.opensearch.security.securityconf.DynamicConfigModel; @@ -44,6 +46,7 @@ public class CreateOnBehalfOfTokenAction extends BaseRestHandler { private JwtVendor vendor; private final ThreadPool threadPool; + private final ClusterService clusterService; private ConfigModel configModel; @@ -64,8 +67,9 @@ public void onDynamicConfigModelChanged(DynamicConfigModel dcm) { } } - public CreateOnBehalfOfTokenAction(final Settings settings, final ThreadPool threadPool) { + public CreateOnBehalfOfTokenAction(final Settings settings, final ThreadPool threadPool, final ClusterService clusterService) { this.threadPool = threadPool; + this.clusterService = clusterService; } @Override @@ -104,6 +108,8 @@ public void accept(RestChannel channel) throws Exception { return; } + final String clusterIdentifier = clusterService.getClusterName().value(); + final Map requestBody = request.contentOrSourceParamParser().map(); final String reason = (String)requestBody.getOrDefault("reason", null); @@ -121,9 +127,8 @@ public void accept(RestChannel channel) throws Exception { builder.startObject(); builder.field("user", user.getName()); - /* TODO: Update the issuer to represent the cluster */ final String token = vendor.createJwt( - "OpenSearch", + clusterIdentifier, user.getName(), source, tokenDuration,