Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue with jwt attribute parsing of lists #4884

Merged
merged 4 commits into from
Nov 8, 2024
Merged

Fix issue with jwt attribute parsing of lists #4884

merged 4 commits into from
Nov 8, 2024

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Nov 8, 2024

Description

Fixes issue in the JWT authenticator when parsing a claim that contains a list value. The existing parsing logic works as-is, but the problem arises when you try to use the parsed value in a DLS clause using the ${attr.jwt.claim} syntax.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Bug fix

Issues Resolved

Resolves: #4267

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks
Generalize to Collection
69f017b 
Signed-off-by: Craig Perkins <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Nov 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 70.00000% with 6 lines in your changes missing coverage. Please review.

Project coverage is 69.86%. Comparing base (1c898dc) to head (59bb8f7).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...mazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java 70.00% 3 Missing ⚠️
...nsearch/security/http/OnBehalfOfAuthenticator.java 70.00% 3 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4884      +/-   ##
==========================================
- Coverage   69.90%   69.86%   -0.04%     
==========================================
  Files         320      320              
  Lines       21688    21706      +18     
  Branches     3460     3462       +2     
==========================================
+ Hits        15160    15164       +4     
- Misses       4734     4750      +16     
+ Partials     1794     1792       -2
Files with missing lines Coverage Δ
...mazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java 80.32% <70.00%> (-1.09%) ⬇️
...nsearch/security/http/OnBehalfOfAuthenticator.java 89.38% <70.00%> (-1.97%) ⬇️

... and 2 files with indirect coverage changes

RyanL1997
RyanL1997 reviewed Nov 8, 2024
View reviewed changes
Copy link
Collaborator

@RyanL1997 RyanL1997 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @cwperks , thanks for taking this on. I just left some comments. The change is LGTM in general.

src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java Show resolved Hide resolved
src/test/java/org/opensearch/security/http/OnBehalfOfAuthenticatorTest.java Show resolved Hide resolved
@cwperks
Add test with mixed data type
59bb8f7 
Signed-off-by: Craig Perkins <[email protected]>
RyanL1997
RyanL1997 approved these changes Nov 8, 2024
View reviewed changes
Copy link
Collaborator

@RyanL1997 RyanL1997 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@willyborankin willyborankin merged commit ddcecb5 into opensearch-project:main Nov 8, 2024
42 checks passed
@willyborankin willyborankin added the backport 2.x backport to 2.x branch label Nov 8, 2024
opensearch-trigger-bot bot pushed a commit that referenced this pull request Nov 8, 2024
@github-actions
Fix issue with jwt attribute parsing of lists (#4884)
1b374ad 
Signed-off-by: Craig Perkins <[email protected]>
(cherry picked from commit ddcecb5)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Nov 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RyanL1997 RyanL1997 RyanL1997 approved these changes

@willyborankin willyborankin willyborankin approved these changes

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix is a code owner

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@reta reta Awaiting requested review from reta reta is a code owner

Assignees
No one assigned
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] Bad parsing on DLS custom JWT attribute
3 participants
@cwperks @willyborankin @RyanL1997