Feature activation for multi-tenancy

src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java

@@ -115,6 +115,11 @@
 import org.opensearch.search.query.QuerySearchResult;
 import org.opensearch.security.action.configupdate.ConfigUpdateAction;
 import org.opensearch.security.action.configupdate.TransportConfigUpdateAction;
+import org.opensearch.security.action.tenancy.MultiTenancyRetrieveAction;
+import org.opensearch.security.action.tenancy.MultiTenancyRetrieveTransportAction;
+import org.opensearch.security.action.tenancy.MultiTenancyUpdateAction;
+import org.opensearch.security.action.tenancy.MultiTenancyUpdateTransportAction;
+import org.opensearch.security.action.tenancy.MutliTenancyRetrieveRestHandler;
 import org.opensearch.security.action.whoami.TransportWhoAmIAction;
 import org.opensearch.security.action.whoami.WhoAmIAction;
 import org.opensearch.security.auditlog.AuditLog;
@@ -469,6 +474,7 @@ public List<RestHandler> getRestHandlers(Settings settings, RestController restC
                         Objects.requireNonNull(cs), Objects.requireNonNull(adminDns), Objects.requireNonNull(cr)));
                 handlers.add(new SecurityConfigUpdateAction(settings, restController, Objects.requireNonNull(threadPool), adminDns, configPath, principalExtractor));
                 handlers.add(new SecurityWhoAmIAction(settings, restController, Objects.requireNonNull(threadPool), adminDns, configPath, principalExtractor));
+                handlers.add(new MutliTenancyRetrieveRestHandler());
                 handlers.addAll(
                         SecurityRestApiActions.getHandler(
                                 settings,
@@ -505,6 +511,9 @@ public UnaryOperator<RestHandler> getRestHandlerWrapper(final ThreadContext thre
         if(!disabled && !SSLConfig.isSslOnlyMode()) {
             actions.add(new ActionHandler<>(ConfigUpdateAction.INSTANCE, TransportConfigUpdateAction.class));
             actions.add(new ActionHandler<>(WhoAmIAction.INSTANCE, TransportWhoAmIAction.class));
+
+            actions.add(new ActionHandler<>(MultiTenancyRetrieveAction.INSTANCE, MultiTenancyRetrieveTransportAction.class));
+            actions.add(new ActionHandler<>(MultiTenancyUpdateAction.INSTANCE, MultiTenancyUpdateTransportAction.class));
         }
         return actions;
     }

src/main/java/org/opensearch/security/action/tenancy/BooleanSettingRetrieveResponse.java

@@ -0,0 +1,58 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.action.tenancy;
+
+import java.io.IOException;
+
+import org.opensearch.action.ActionResponse;
+import org.opensearch.common.Strings;
+import org.opensearch.common.io.stream.StreamInput;
+import org.opensearch.common.io.stream.StreamOutput;
+import org.opensearch.common.xcontent.XContentType;
+import org.opensearch.core.xcontent.ToXContentObject;
+import org.opensearch.core.xcontent.XContentBuilder;
+
+public class BooleanSettingRetrieveResponse extends ActionResponse implements ToXContentObject {
+
+    private Boolean value;
+
+    public BooleanSettingRetrieveResponse(final StreamInput in) throws IOException {
+        super(in);
+        this.value = in.readBoolean();
+    }
+
+    public BooleanSettingRetrieveResponse(final Boolean value) {
+        this.value = value;
+    }
+
+    public Boolean getValue() {
+        return value;
+    }
+
+    @Override
+    public void writeTo(final StreamOutput out) throws IOException {
+        out.writeBoolean(getValue());
+    }
+
+    @Override
+    public String toString() {
+        return Strings.toString(XContentType.JSON, this, true, true);
+    }
+
+    @Override
+    public XContentBuilder toXContent(final XContentBuilder builder, final Params params) throws IOException {
+        builder.startObject();
+        builder.field("value", getValue());
+        builder.endObject();
+        return builder;
+    }
+}

src/main/java/org/opensearch/security/action/tenancy/BooleanSettingUpdateRequest.java

@@ -0,0 +1,63 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.action.tenancy;
+
+import java.io.IOException;
+
+import org.opensearch.action.ActionRequest;
+import org.opensearch.action.ActionRequestValidationException;
+import org.opensearch.common.io.stream.StreamInput;
+import org.opensearch.core.ParseField;
+import org.opensearch.core.xcontent.ConstructingObjectParser;
+import org.opensearch.core.xcontent.XContentParser;
+
+public class BooleanSettingUpdateRequest extends ActionRequest {
+
+    private Boolean value;
+
+    public BooleanSettingUpdateRequest(final StreamInput in) throws IOException {
+        super(in);
+        in.readBoolean();
+    }
+
+    public BooleanSettingUpdateRequest(final Boolean value) {
+        super();
+        this.value = value;
+    }
+
+    public Boolean getValue() {
+        return value;
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        if (getValue() == null) {
+            final ActionRequestValidationException validationException = new ActionRequestValidationException();
+            validationException.addValidationError("Missing boolean value");
+            return validationException;
+        }
+        return null;
+    }
+
+    private static final ConstructingObjectParser<BooleanSettingUpdateRequest, Void> PARSER = new ConstructingObjectParser<>(
+        BooleanSettingUpdateRequest.class.getName(),
+        args -> new BooleanSettingUpdateRequest((Boolean) args[0])
+    );
+
+    static {
+        PARSER.declareBoolean(ConstructingObjectParser.constructorArg(), new ParseField("value"));
+    }
+
+    public static BooleanSettingUpdateRequest fromXContent(final XContentParser parser) {
+        return PARSER.apply(parser, null);
+    }
+}

src/main/java/org/opensearch/security/action/tenancy/EmptyRequest.java

@@ -0,0 +1,34 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.action.tenancy;
+
+import java.io.IOException;
+
+import org.opensearch.action.ActionRequest;
+import org.opensearch.action.ActionRequestValidationException;
+import org.opensearch.common.io.stream.StreamInput;
+
+public class EmptyRequest extends ActionRequest {
+
+    public EmptyRequest(final StreamInput in) throws IOException {
+        super(in);
+    }
+
+    public EmptyRequest() throws IOException {
+        super();
+    }
+
+	@Override
+	public ActionRequestValidationException validate() {
+        return null;
+	}
+}

src/main/java/org/opensearch/security/action/tenancy/MultiTenancyRetrieveAction.java

@@ -0,0 +1,24 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.action.tenancy;
+
+import org.opensearch.action.ActionType;
+
+public class MultiTenancyRetrieveAction extends ActionType<BooleanSettingRetrieveResponse> {
+
+    public static final MultiTenancyRetrieveAction INSTANCE = new MultiTenancyRetrieveAction();
+    public static final String NAME = "securityconfig:admin/config/tenancy/multitenancy_enabled/read";
+
+    protected MultiTenancyRetrieveAction() {
+        super(NAME, BooleanSettingRetrieveResponse::new);
+    }
+}

src/main/java/org/opensearch/security/action/tenancy/MultiTenancyRetrieveTransportAction.java

@@ -0,0 +1,57 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.action.tenancy;
+
+import java.util.Collections;
+
+import org.opensearch.action.ActionListener;
+import org.opensearch.action.support.ActionFilters;
+import org.opensearch.action.support.HandledTransportAction;
+import org.opensearch.common.inject.Inject;
+import org.opensearch.common.settings.Settings;
+import org.opensearch.security.configuration.ConfigurationRepository;
+import org.opensearch.security.securityconf.impl.CType;
+import org.opensearch.security.securityconf.impl.SecurityDynamicConfiguration;
+import org.opensearch.security.securityconf.impl.v7.ConfigV7;
+import org.opensearch.tasks.Task;
+import org.opensearch.transport.TransportService;
+
+public class MultiTenancyRetrieveTransportAction
+        extends HandledTransportAction<EmptyRequest, BooleanSettingRetrieveResponse> {
+
+    private final ConfigurationRepository config;
+
+    @Inject
+    public MultiTenancyRetrieveTransportAction(final Settings settings,
+            final TransportService transportService,
+            final ActionFilters actionFilters,
+            final ConfigurationRepository config) {
+        super(MultiTenancyRetrieveAction.NAME, transportService, actionFilters, EmptyRequest::new);
+
+        this.config = config;
+    }
+
+    /** Load the configuration from the security index and return a copy */
+    protected final SecurityDynamicConfiguration<?> load() {
+        return config.getConfigurationsFromIndex(Collections.singleton(CType.CONFIG), false).get(CType.CONFIG).deepClone();
+    }
+
+    @Override
+    protected void doExecute(final Task task, final EmptyRequest request, final ActionListener<BooleanSettingRetrieveResponse> listener) {
+        // Get the security configuration and lookup the config setting state
+        final SecurityDynamicConfiguration<?> dynamicConfig = load();
+        ConfigV7 config = (ConfigV7)dynamicConfig.getCEntry("config");
+        final Boolean value = config.dynamic.kibana.multitenancy_enabled;
+
+        listener.onResponse(new BooleanSettingRetrieveResponse(value));
+    }
+}

src/main/java/org/opensearch/security/action/tenancy/MultiTenancyUpdateAction.java

@@ -0,0 +1,24 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.action.tenancy;
+
+import org.opensearch.action.ActionType;
+
+public class MultiTenancyUpdateAction extends ActionType<BooleanSettingRetrieveResponse> {
+
+    public static final MultiTenancyUpdateAction INSTANCE = new MultiTenancyUpdateAction();
+    public static final String NAME = "securityconfig:admin/config/tenancy/multitenancy_enabled/update";
+
+    protected MultiTenancyUpdateAction() {
+        super(NAME, BooleanSettingRetrieveResponse::new);
+    }
+}