Support for parsing requested tenant from the thread context transient info (#11)

akbhatta · web-flow · commit 96ef5eb61072 · 2020-11-20T15:31:58.000-08:00
diff --git a/src/main/java/com/amazon/opendistroforelasticsearch/commons/authuser/User.java b/src/main/java/com/amazon/opendistroforelasticsearch/commons/authuser/User.java
@@ -22,9 +22,11 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 
 import org.apache.http.util.EntityUtils;
 import org.elasticsearch.client.Response;
+import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.inject.internal.ToStringBuilder;
 import org.elasticsearch.common.io.stream.StreamInput;
@@ -47,24 +49,43 @@ final public class User implements Writeable, ToXContent {
     public static final String BACKEND_ROLES_FIELD = "backend_roles";
     public static final String ROLES_FIELD = "roles";
     public static final String CUSTOM_ATTRIBUTE_NAMES_FIELD = "custom_attribute_names";
+    public static final String REQUESTED_TENANT_FIELD = "user_requested_tenant";
 
     private final String name;
     private final List<String> backendRoles;
     private final List<String> roles;
     private final List<String> customAttNames;
+    @Nullable
+    private final String requestedTenant;
 
     public User() {
         name = "";
         backendRoles = new ArrayList<>();
         roles = new ArrayList<>();
         customAttNames = new ArrayList<>();
+        requestedTenant = null;
     }
 
     public User(final String name, final List<String> backendRoles, List<String> roles, List<String> customAttNames) {
         this.name = name;
         this.backendRoles = backendRoles;
         this.roles = roles;
         this.customAttNames = customAttNames;
+        this.requestedTenant = null;
+    }
+
+    public User(
+        final String name,
+        final List<String> backendRoles,
+        final List<String> roles,
+        final List<String> customAttNames,
+        @Nullable final String requestedTenant
+    ) {
+        this.name = name;
+        this.backendRoles = backendRoles;
+        this.roles = roles;
+        this.customAttNames = customAttNames;
+        this.requestedTenant = requestedTenant;
     }
 
     /**
@@ -87,20 +108,23 @@ public User(String json) {
         backendRoles = (List<String>) mapValue.get("backend_roles");
         roles = (List<String>) mapValue.get("roles");
         customAttNames = (List<String>) mapValue.get("custom_attribute_names");
+        requestedTenant = (String) mapValue.getOrDefault("user_requested_tenant", null);
     }
 
     public User(StreamInput in) throws IOException {
         name = in.readString();
         backendRoles = in.readStringList();
         roles = in.readStringList();
         customAttNames = in.readStringList();
+        requestedTenant = in.readOptionalString();
     }
 
     public static User parse(XContentParser parser) throws IOException {
         String name = "";
         List<String> backendRoles = new ArrayList<>();
         List<String> roles = new ArrayList<>();
         List<String> customAttNames = new ArrayList<>();
+        String requestedTenant = null;
 
         ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.currentToken(), parser);
         while (parser.nextToken() != XContentParser.Token.END_OBJECT) {
@@ -128,11 +152,14 @@ public static User parse(XContentParser parser) throws IOException {
                         customAttNames.add(parser.text());
                     }
                     break;
+                case REQUESTED_TENANT_FIELD:
+                    requestedTenant = parser.textOrNull();
+                    break;
                 default:
                     break;
             }
         }
-        return new User(name, backendRoles, roles, customAttNames);
+        return new User(name, backendRoles, roles, customAttNames, requestedTenant);
     }
 
     /**
@@ -153,14 +180,18 @@ public static User parse(final String userString) {
         String userName = strs[0].trim();
         List<String> backendRoles = new ArrayList<>();
         List<String> roles = new ArrayList<>();
+        String requestedTenant = null;
 
         if ((strs.length > 1) && !Strings.isNullOrEmpty(strs[1])) {
             backendRoles.addAll(Arrays.asList(strs[1].split(",")));
         }
         if ((strs.length > 2) && !Strings.isNullOrEmpty(strs[2])) {
             roles.addAll(Arrays.asList(strs[2].split(",")));
         }
-        return new User(userName, backendRoles, roles, Arrays.asList());
+        if ((strs.length > 3) && !Strings.isNullOrEmpty(strs[3])) {
+            requestedTenant = strs[3].trim();
+        }
+        return new User(userName, backendRoles, roles, Arrays.asList(), requestedTenant);
     }
 
     @Override
@@ -170,7 +201,8 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
             .field(NAME_FIELD, name)
             .field(BACKEND_ROLES_FIELD, backendRoles)
             .field(ROLES_FIELD, roles)
-            .field(CUSTOM_ATTRIBUTE_NAMES_FIELD, customAttNames);
+            .field(CUSTOM_ATTRIBUTE_NAMES_FIELD, customAttNames)
+            .field(REQUESTED_TENANT_FIELD, requestedTenant);
         return builder.endObject();
     }
 
@@ -180,6 +212,7 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeStringCollection(backendRoles);
         out.writeStringCollection(roles);
         out.writeStringCollection(customAttNames);
+        out.writeOptionalString(requestedTenant);
     }
 
     @Override
@@ -189,16 +222,21 @@ public String toString() {
         builder.add(BACKEND_ROLES_FIELD, backendRoles);
         builder.add(ROLES_FIELD, roles);
         builder.add(CUSTOM_ATTRIBUTE_NAMES_FIELD, customAttNames);
+        builder.add(REQUESTED_TENANT_FIELD, requestedTenant);
         return builder.toString();
     }
 
     @Override
     public boolean equals(Object obj) {
+        if (!(obj instanceof User)) {
+            return false;
+        }
         User that = (User) obj;
         return this.name.equals(that.name)
             && this.getBackendRoles().equals(that.backendRoles)
             && this.getRoles().equals(that.roles)
-            && this.getCustomAttNames().equals(that.customAttNames);
+            && this.getCustomAttNames().equals(that.customAttNames)
+            && (Objects.equals(this.requestedTenant, that.requestedTenant));
     }
 
     public String getName() {
@@ -216,4 +254,9 @@ public List<String> getRoles() {
     public List<String> getCustomAttNames() {
         return customAttNames;
     }
+
+    @Nullable
+    public String getRequestedTenant() {
+        return requestedTenant;
+    }
 }
diff --git a/src/test/java/com/amazon/opendistroforelasticsearch/commons/authuser/UserTest.java b/src/test/java/com/amazon/opendistroforelasticsearch/commons/authuser/UserTest.java
@@ -18,6 +18,7 @@
 import static com.amazon.opendistroforelasticsearch.commons.ConfigConstants.OPENDISTRO_SECURITY_USER_AND_ROLES;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
@@ -32,30 +33,46 @@
 
 public class UserTest {
 
-    User testUser() {
+    User testNoTenantUser() {
         return new User("chip", Arrays.asList("admin", "ops"), Arrays.asList("ops_data"), Arrays.asList("attr1", "attr2"));
     }
 
+    User testTenantUser() {
+        return new User("chip", Arrays.asList("admin", "ops"), Arrays.asList("ops_data"), Arrays.asList("attr1", "attr2"), "__user__");
+    }
+
     @Test
     public void testEmptyConst() {
         User user = new User();
         assertEquals("", user.getName());
         assertEquals(0, user.getBackendRoles().size());
         assertEquals(0, user.getRoles().size());
         assertEquals(0, user.getCustomAttNames().size());
+        assertEquals(null, user.getRequestedTenant());
+    }
+
+    @Test
+    public void testParamsConstForNoTenantUser() {
+        User user = testNoTenantUser();
+        assertFalse(Strings.isNullOrEmpty(user.getName()));
+        assertEquals(2, user.getBackendRoles().size());
+        assertEquals(1, user.getRoles().size());
+        assertEquals(2, user.getCustomAttNames().size());
+        assertNull(user.getRequestedTenant());
     }
 
     @Test
-    public void testParamsConst() {
-        User user = testUser();
+    public void testParamsConstForTenantUser() {
+        User user = testTenantUser();
         assertFalse(Strings.isNullOrEmpty(user.getName()));
         assertEquals(2, user.getBackendRoles().size());
         assertEquals(1, user.getRoles().size());
         assertEquals(2, user.getCustomAttNames().size());
+        assertFalse(Strings.isNullOrEmpty(user.getRequestedTenant()));
     }
 
     @Test
-    public void testJsonConst() throws IOException {
+    public void testNullTenantJsonConst() throws IOException {
         String json =
             "{\"user\":\"User [name=chip, backend_roles=[admin], requestedTenant=null]\",\"user_name\":\"chip\",\"user_requested_tenant\":null,\"remote_address\":\"127.0.0.1:52196\",\"backend_roles\":[\"admin\"],\"custom_attribute_names\":[],\"roles\":[\"alerting_monitor_full\",\"ops_role\",\"own_index\"],\"tenants\":{\"chip\":true},\"principal\":null,\"peer_certificates\":\"0\",\"sso_logout_url\":null}";
 
@@ -64,11 +81,36 @@ public void testJsonConst() throws IOException {
         assertEquals(1, user.getBackendRoles().size());
         assertEquals(3, user.getRoles().size());
         assertEquals(0, user.getCustomAttNames().size());
+        assertNull(user.getRequestedTenant());
+    }
+
+    @Test
+    public void testNonNullTenantJsonConst() throws IOException {
+        String json =
+            "{\"user\":\"User [name=chip, backend_roles=[admin], requestedTenant=__user__]\",\"user_name\":\"chip\",\"user_requested_tenant\":\"__user__\",\"remote_address\":\"127.0.0.1:52196\",\"backend_roles\":[\"admin\"],\"custom_attribute_names\":[],\"roles\":[\"alerting_monitor_full\",\"ops_role\",\"own_index\"],\"tenants\":{\"chip\":true},\"principal\":null,\"peer_certificates\":\"0\",\"sso_logout_url\":null}";
+
+        User user = new User(json);
+        assertEquals("chip", user.getName());
+        assertEquals(1, user.getBackendRoles().size());
+        assertEquals(3, user.getRoles().size());
+        assertEquals(0, user.getCustomAttNames().size());
+        assertEquals("__user__", user.getRequestedTenant());
+    }
+
+    @Test
+    public void testStreamConstForNoTenantUser() throws IOException {
+        User user = testNoTenantUser();
+        BytesStreamOutput out = new BytesStreamOutput();
+        user.writeTo(out);
+        StreamInput in = StreamInput.wrap(out.bytes().toBytesRef().bytes);
+        User newUser = new User(in);
+        assertEquals("Round tripping User doesn't work", user.toString(), newUser.toString());
+        assertEquals("Round tripping User doesn't work", user, newUser);
     }
 
     @Test
-    public void testStreamConst() throws IOException {
-        User user = testUser();
+    public void testStreamConstForTenantUser() throws IOException {
+        User user = testTenantUser();
         BytesStreamOutput out = new BytesStreamOutput();
         user.writeTo(out);
         StreamInput in = StreamInput.wrap(out.bytes().toBytesRef().bytes);
@@ -80,7 +122,7 @@ public void testStreamConst() throws IOException {
     @Test
     public void testParseUserString() {
         ThreadContext tc = new ThreadContext(Settings.EMPTY);
-        tc.putTransient("user_roles_string", "myuser|bckrole1,bckrol2|role1,role2");
+        tc.putTransient("user_roles_string", "myuser|bckrole1,bckrol2|role1,role2|myTenant");
         String str = tc.getTransient("user_roles_string");
         User user = User.parse(str);
 
@@ -89,6 +131,7 @@ public void testParseUserString() {
         assertEquals(2, user.getRoles().size());
         assertTrue(user.getRoles().contains("role1"));
         assertTrue(user.getRoles().contains("role2"));
+        assertEquals("myTenant", user.getRequestedTenant());
     }
 
     @Test
@@ -111,6 +154,19 @@ public void testParseUserStringName() {
         assertEquals(0, user.getRoles().size());
     }
 
+    @Test
+    public void testParseUserStringNameWithTenant() {
+        ThreadContext tc = new ThreadContext(Settings.EMPTY);
+        tc.putTransient(OPENDISTRO_SECURITY_USER_AND_ROLES, "myuser|||myTenant");
+        String str = tc.getTransient(OPENDISTRO_SECURITY_USER_AND_ROLES);
+        User user = User.parse(str);
+
+        assertEquals("myuser", user.getName());
+        assertEquals(0, user.getBackendRoles().size());
+        assertEquals(0, user.getRoles().size());
+        assertEquals("myTenant", user.getRequestedTenant());
+    }
+
     @Test
     public void testParseUserStringNobackendRoles() {
         ThreadContext tc = new ThreadContext(Settings.EMPTY);
@@ -135,6 +191,19 @@ public void testParseUserStringNoRoles() {
         assertEquals(0, user.getRoles().size());
     }
 
+    @Test
+    public void testParseUserStringNoRolesWithTenant() {
+        ThreadContext tc = new ThreadContext(Settings.EMPTY);
+        tc.putTransient(OPENDISTRO_SECURITY_USER_AND_ROLES, "myuser|brole1,brole2||myTenant");
+        String str = tc.getTransient(OPENDISTRO_SECURITY_USER_AND_ROLES);
+        User user = User.parse(str);
+
+        assertEquals("myuser", user.getName());
+        assertEquals(2, user.getBackendRoles().size());
+        assertEquals(0, user.getRoles().size());
+        assertEquals("myTenant", user.getRequestedTenant());
+    }
+
     @Test
     public void testParseUserStringMalformed() {
         ThreadContext tc = new ThreadContext(Settings.EMPTY);
