Skip to content

Refactor JWT Vendor to take a claims builder and rename oboEnabled to enabled#5436

Merged
cwperks merged 5 commits intoopensearch-project:mainfrom
cwperks:obo-enabled
Jun 25, 2025
Merged

Refactor JWT Vendor to take a claims builder and rename oboEnabled to enabled#5436
cwperks merged 5 commits intoopensearch-project:mainfrom
cwperks:obo-enabled

Conversation

@cwperks
Copy link
Copy Markdown
Member

@cwperks cwperks commented Jun 23, 2025

Description

This is a small refactor ahead of cwperks#56 to make the JWTVendor more flexible. Currently the JWTVendor is tailor made for On-Behalf-Of tokens, but will be re-used for API Tokens and needs more flexibility. This PR adds a notion of a JWTClaimsBuilder to build the claims set for different types of tokens issued by the security plugin. This PR adds an OBOJwtClaimsSetBuilder for building the claims set of an OBO token.

It also has a small refactor of onoEnabled -> enabled since its clear in context what the variable is enabling.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Maintenance

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks
Refactor JWT Vender to take a claims builder and rename oboEnabled to…
e688d59 
… enabled

Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks
Add CHANGELOG entry
c3773f9 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@codecov
Copy link
Copy Markdown

codecov bot commented Jun 23, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 92.53731% with 5 lines in your changes missing coverage. Please review.

Project coverage is 72.36%. Comparing base (eedd2a0) to head (da9ed81).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...ecurity/authtoken/jwt/claims/JwtClaimsBuilder.java 90.00% 2 Missing ⚠️
...rity/authtoken/jwt/claims/OBOJwtClaimsBuilder.java 90.00% 0 Missing and 1 partial ⚠️
...search/security/identity/SecurityTokenManager.java 96.55% 0 Missing and 1 partial ⚠️
...search/security/securityconf/impl/v7/ConfigV7.java 66.66% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #5436      +/-   ##
==========================================
- Coverage   72.40%   72.36%   -0.05%     
==========================================
  Files         393      395       +2     
  Lines       24299    24317      +18     
  Branches     3714     3713       -1     
==========================================
+ Hits        17593    17596       +3     
- Misses       4877     4892      +15     
  Partials     1829     1829
Files with missing lines Coverage Δ
...g/opensearch/security/authtoken/jwt/JwtVendor.java 83.33% <100.00%> (-5.76%) ⬇️
...nsearch/security/http/OnBehalfOfAuthenticator.java 85.71% <100.00%> (-0.13%) ⬇️
...rity/authtoken/jwt/claims/OBOJwtClaimsBuilder.java 90.00% <90.00%> (ø)
...search/security/identity/SecurityTokenManager.java 91.80% <96.55%> (+2.44%) ⬆️
...search/security/securityconf/impl/v7/ConfigV7.java 84.17% <66.66%> (ø)
...ecurity/authtoken/jwt/claims/JwtClaimsBuilder.java 90.00% <90.00%> (ø)

... and 5 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

RyanL1997
RyanL1997 previously approved these changes Jun 24, 2025
View reviewed changes
Copy link
Copy Markdown
Collaborator

@RyanL1997 RyanL1997 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@cwperks cwperks changed the title Refactor JWT Vender to take a claims builder and rename oboEnabled to enabled Refactor JWT Vendor to take a claims builder and rename oboEnabled to enabled Jun 24, 2025
@DarshitChanpura
Merge branch 'main' into obo-enabled
e0b7475 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@cwperks
Add javadoc
81f6c03 
Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks cwperks merged commit a670d4c into opensearch-project:main Jun 25, 2025
70 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DarshitChanpura DarshitChanpura DarshitChanpura left review comments

@shikharj05 shikharj05 shikharj05 approved these changes

@RyanL1997 RyanL1997 RyanL1997 approved these changes

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix is a code owner

@peternied peternied Awaiting requested review from peternied

@reta reta Awaiting requested review from reta reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cwperks @shikharj05 @DarshitChanpura @RyanL1997