From eb1b7cdadcca4acda32419d015c77c24c7654155 Mon Sep 17 00:00:00 2001 From: Craig Perkins Date: Thu, 26 Mar 2026 09:46:23 -0400 Subject: [PATCH] Modify dashboards-info endpoint to include whether API tokens are enabled Signed-off-by: Craig Perkins --- .../org/opensearch/security/api/DashboardsInfoTest.java | 1 + .../org/opensearch/security/privileges/ApiTokenTest.java | 9 +++++++++ .../opensearch/security/rest/DashboardsInfoAction.java | 9 +++++++++ 3 files changed, 19 insertions(+) diff --git a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java index bf7e810a3d..812b4282d7 100644 --- a/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java +++ b/src/integrationTest/java/org/opensearch/security/api/DashboardsInfoTest.java @@ -46,6 +46,7 @@ public void testDashboardsInfoValidationMessage() throws Exception { assertThat(response, isOk()); assertThat(response.getTextFromJsonBody("/password_validation_error_message"), equalTo(DEFAULT_PASSWORD_MESSAGE)); assertThat(response.getTextFromJsonBody("/password_validation_regex"), equalTo(DEFAULT_PASSWORD_REGEX)); + assertThat(response.getTextFromJsonBody("/api_tokens_enabled"), equalTo("false")); } } } diff --git a/src/integrationTest/java/org/opensearch/security/privileges/ApiTokenTest.java b/src/integrationTest/java/org/opensearch/security/privileges/ApiTokenTest.java index 35d544d4bc..6a37e18e65 100644 --- a/src/integrationTest/java/org/opensearch/security/privileges/ApiTokenTest.java +++ b/src/integrationTest/java/org/opensearch/security/privileges/ApiTokenTest.java @@ -125,6 +125,15 @@ public void testAuthInfoEndpoint() { authenticateWithApiToken(authHeader, HttpStatus.SC_OK); } + @Test + public void testDashboardsInfoReportsApiTokensEnabled() { + try (TestRestClient client = cluster.getRestClient(ADMIN_USER)) { + TestRestClient.HttpResponse response = client.get("_plugins/_security/dashboardsinfo"); + response.assertStatusCode(HttpStatus.SC_OK); + assertThat(response.getTextFromJsonBody("/api_tokens_enabled"), equalTo("true")); + } + } + @Test public void testCallingClusterHealthWithApiToken_success() { String apiToken = generateApiToken(TEST_TOKEN_PAYLOAD); diff --git a/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java b/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java index 61dcd353da..15c08fa9fb 100644 --- a/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java +++ b/src/main/java/org/opensearch/security/rest/DashboardsInfoAction.java @@ -156,6 +156,7 @@ public void accept(RestChannel channel) throws Exception { client.settings().get(ConfigConstants.SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX, DEFAULT_PASSWORD_REGEX) ); builder.field("resource_sharing_enabled", resourceSharingEnabledSetting.getDynamicSettingValue()); + builder.field("api_tokens_enabled", getApiTokensEnabled()); builder.endObject(); response = new BytesRestResponse(RestStatus.OK, builder); @@ -191,4 +192,12 @@ private List getSignInOptions() { } } + private boolean getApiTokensEnabled() { + ConfigV7 generalConfig = configurationRepository.getConfiguration(CType.CONFIG).getCEntry(CType.CONFIG.name()); + if (generalConfig != null && generalConfig.dynamic != null && generalConfig.dynamic.api_tokens != null) { + return Boolean.TRUE.equals(generalConfig.dynamic.api_tokens.getEnabled()); + } + return false; + } + }