Rename 'Open Distro' to follow open search naming convention (#1149)

README.md

@@ -55,7 +55,7 @@ Please refer to the [technical documentation](https://opendistro.github.io/for-e
 
 ```
 <OpenSearch directory>/bin/opensearch-plugin install \
-  -b com.amazon.opendistroforelasticsearch:opensearch-security:1.0.0.0-beta1
+  -b org.opensearch:opensearch-security:1.0.0.0-beta1
 ```
 
 * ``cd`` into ``<OpenSearch directory>/plugins/opensearch-security/tools``

build.gradle

@@ -41,7 +41,7 @@ ext {
     isSnapshot = "true" == System.getProperty("build.snapshot", "true")
 }
 
-group = "com.amazon.opendistroforelasticsearch"
+group = "org.opensearch"
 // Increment the final digit when there's a new plugin versions for the same opensearch version
 // Reset the final digit to 0 when upgrading to a new opensearch version
 version = "${opensearchVersion}" + (isSnapshot ? "-SNAPSHOT" : "")

legacy/securityconfig_v6/config.yml

@@ -1,4 +1,4 @@
-# This is the main Open Distro Security configuration file where authentication
+# This is the main OpenSearch Security configuration file where authentication
 # and authorization is defined.
 # 
 # You need to configure at least one authentication domain in the authc of this file.

legacy/securityconfig_v6/roles_mapping.yml

@@ -1,5 +1,5 @@
-# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
-# Permissions for Open Distro Security roles are configured in opendistro_security_roles.yml
+# In this file users, backendroles and hosts can be mapped to Security roles.
+# Permissions for Security roles are configured in opendistro_security_roles.yml
 
 opendistro_security_all_access:
   readonly: true

plugin-descriptor.properties

@@ -9,7 +9,7 @@ version=1.0.0.0-beta1
 name=opensearch-security
 #
 # 'classname': the name of the class to load, fully-qualified.
-classname=com.amazon.opendistroforelasticsearch.security.OpenDistroSecurityPlugin
+classname=org.opensearch.security.OpenSearchSecurityPlugin
 #
 # 'java.version' version of java the code is built against
 # use the system property java.specification.version

pom.xml

@@ -31,7 +31,7 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
-    <groupId>com.amazon.opendistroforelasticsearch</groupId>
+    <groupId>org.opensearch</groupId>
     <artifactId>opensearch-security</artifactId>
     <packaging>jar</packaging>
     <version>1.0.0.0-beta1</version>

securityconfig/config.yml

@@ -1,6 +1,6 @@
 ---
 
-# This is the main Open Distro Security configuration file where authentication
+# This is the main OpenSearch Security configuration file where authentication
 # and authorization is defined.
 #
 # You need to configure at least one authentication domain in the authc of this file.

securityconfig/opensearch.yml.example

@@ -1,13 +1,13 @@
-############## Open Distro Security configuration ###############
+############## OpenSearch Security configuration ###############
 
 ###########################################################
 # Add the following settings to your standard opensearch.yml
-# alongside with the Open Distro Security TLS settings.
+# alongside with the OpenSearch Security TLS settings.
 # Settings must always be the same on all nodes in the cluster.
 
 ############## Common configuration settings ##############
 
-# Enable or disable the Open Distro Security advanced modules
+# Enable or disable the OpenSearch Security advanced modules
 # By default advanced modules are enabled, you can switch
 # all advanced features off by setting the following key to false
 opendistro_security.advanced_modules_enabled: true
@@ -37,10 +37,10 @@ opendistro_security.nodes_dn_dynamic_config_enabled: false
 opendistro_security.authcz.admin_dn:
   - "CN=kirk,OU=client,O=client,l=tEst, C=De"
 
-# Define how backend roles should be mapped to Open Distro Security roles
+# Define how backend roles should be mapped to Security roles
 # MAPPING_ONLY - mappings must be configured explicitely in roles_mapping.yml (default)
-# BACKENDROLES_ONLY - backend roles are mapped to Open Distro Security rules directly. Settings in roles_mapping.yml have no effect.
-# BOTH - backend roles are mapped to Open Distro Security roles mapped directly and via roles_mapping.yml in addition
+# BACKENDROLES_ONLY - backend roles are mapped to Security roles directly. Settings in roles_mapping.yml have no effect.
+# BOTH - backend roles are mapped to Security roles mapped directly and via roles_mapping.yml in addition
 opendistro_security.roles_mapping_resolution: MAPPING_ONLY
 
 ############## REST Management API configuration settings ##############
@@ -158,7 +158,7 @@ opendistro_security.audit.type: internal_opensearch
 #    - steve
 #    - martin
 
-# If this is set to true Open Distro Security will automatically initialize the configuration index
+# If this is set to true OpenSearch Security will automatically initialize the configuration index
 # with the files in the config directory if the index does not exist.
 # WARNING: This will use well-known default passwords.
 #          Use only in a private network/environment.
@@ -184,7 +184,7 @@ opendistro_security.audit.type: internal_opensearch
 ############## Expert settings ##############
 # WARNING: Expert settings, do only use if you know what you are doing
 # If you set wrong values here this this could be a security risk
-# or make Open Distro Security stop working
+# or make OpenSearch Security stop working
 
 # Name of the index where .opendistro_security stores its configuration.
 
@@ -193,11 +193,11 @@ opendistro_security.audit.type: internal_opensearch
 # This defines the OID of server node certificates
 #opendistro_security.cert.oid: '1.2.3.4.5.5'
 
-# This specifies the implementation of com.amazon.opendistroforelasticsearch.security.transport.InterClusterRequestEvaluator
+# This specifies the implementation of org.opensearch.security.transport.InterClusterRequestEvaluator
 # that is used to determine inter-cluster request.
-# Instances of com.amazon.opendistroforelasticsearch.security.transport.InterClusterRequestEvaluator must implement a single argument
+# Instances of org.opensearch.security.transport.InterClusterRequestEvaluator must implement a single argument
 # constructor that takes an org.opensearch.common.settings.Settings
-#opendistro_security.cert.intercluster_request_evaluator_class: com.amazon.opendistroforelasticsearch.security.transport.DefaultInterClusterRequestEvaluator
+#opendistro_security.cert.intercluster_request_evaluator_class: org.opensearch.security.transport.DefaultInterClusterRequestEvaluator
 
 # By default, normal users can restore snapshots if they have the priviliges 'cluster:admin/snapshot/restore', 
 # 'indices:admin/create', and 'indices:data/write/index' for the indices to be restored.
@@ -211,7 +211,7 @@ opendistro_security.audit.type: internal_opensearch
 # Authentication cache timeout in minutes (A value of 0 disables caching, default is 60)
 #opendistro_security.cache.ttl_minutes: 60
 
-# Disable Open Distro Security
+# Disable OpenSearch Security
 # WARNING: This can expose your configuration (including passwords) to the public.
 #opendistro_security.disabled: false
 

securityconfig/roles_mapping.yml

@@ -1,6 +1,6 @@
 ---
-# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
-# Permissions for Opendistro roles are configured in roles.yml
+# In this file users, backendroles and hosts can be mapped to Security roles.
+# Permissions for OpenSearch roles are configured in roles.yml
 
 _meta:
   type: "rolesmapping"

src/main/assemblies/securityadmin-standalone.xml

@@ -36,7 +36,7 @@
       <useProjectArtifact>true</useProjectArtifact>
       <unpack>false</unpack>
       <excludes>
-        <exclude>com.amazon.opendistroforelasticsearch:dlic*</exclude>
+        <exclude>org.opensearch:dlic*</exclude>
       </excludes>
     </dependencySet>
   </dependencySets>

src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java

@@ -41,8 +41,8 @@
 import com.amazon.dlic.auth.http.jwt.keybyoidc.BadCredentialsException;
 import com.amazon.dlic.auth.http.jwt.keybyoidc.JwtVerifier;
 import com.amazon.dlic.auth.http.jwt.keybyoidc.KeyProvider;
-import com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
+import org.opensearch.security.auth.HTTPAuthenticator;
+import org.opensearch.security.user.AuthCredentials;
 
 public abstract class AbstractHTTPJwtAuthenticator implements HTTPAuthenticator {
     private final static Logger log = LogManager.getLogger(AbstractHTTPJwtAuthenticator.class);
@@ -227,7 +227,7 @@ protected String[] extractRoles(JwtClaims claims) {
     @Override
     public boolean reRequestAuthentication(RestChannel channel, AuthCredentials authCredentials) {
         final BytesRestResponse wwwAuthenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED, "");
-        wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Bearer realm=\"Open Distro Security\"");
+        wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\"");
         channel.sendResponse(wwwAuthenticateResponse);
         return true;
     }

src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java

@@ -40,8 +40,8 @@
 import org.opensearch.rest.RestRequest;
 import org.opensearch.rest.RestStatus;
 
-import com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
+import org.opensearch.security.auth.HTTPAuthenticator;
+import org.opensearch.security.user.AuthCredentials;
 
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.JwtParser;
@@ -200,7 +200,7 @@ private AuthCredentials extractCredentials0(final RestRequest request) {
     @Override
     public boolean reRequestAuthentication(final RestChannel channel, AuthCredentials creds) {
         final BytesRestResponse wwwAuthenticateResponse = new BytesRestResponse(RestStatus.UNAUTHORIZED,"");
-        wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Bearer realm=\"Open Distro Security\"");
+        wwwAuthenticateResponse.addHeader("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\"");
         channel.sendResponse(wwwAuthenticateResponse);
         return true;
     }

src/main/java/com/amazon/dlic/auth/http/jwt/keybyoidc/KeySetRetriever.java

@@ -17,7 +17,7 @@
 
 import java.io.IOException;
 
-import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
+import org.opensearch.security.DefaultObjectMapper;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
 import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 import org.apache.http.HttpEntity;

src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java

@@ -56,8 +56,8 @@
 
 import com.amazon.dlic.auth.http.kerberos.util.JaasKrbUtil;
 import com.amazon.dlic.auth.http.kerberos.util.KrbConstants;
-import com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
+import org.opensearch.security.auth.HTTPAuthenticator;
+import org.opensearch.security.user.AuthCredentials;
 import com.google.common.base.Strings;
 
 public class HTTPSpnegoAuthenticator implements HTTPAuthenticator {

src/main/java/com/amazon/dlic/auth/http/saml/AuthTokenProcessorHandler.java

@@ -29,7 +29,7 @@
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.xpath.XPathExpressionException;
 
-import com.amazon.opendistroforelasticsearch.security.DefaultObjectMapper;
+import org.opensearch.security.DefaultObjectMapper;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
@@ -55,7 +55,7 @@
 import org.joda.time.DateTime;
 import org.xml.sax.SAXException;
 
-import com.amazon.opendistroforelasticsearch.security.dlic.rest.api.AuthTokenProcessorAction;
+import org.opensearch.security.dlic.rest.api.AuthTokenProcessorAction;
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;

src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java

@@ -43,11 +43,11 @@
 import com.amazon.dlic.auth.http.jwt.keybyoidc.AuthenticatorUnavailableException;
 import com.amazon.dlic.auth.http.jwt.keybyoidc.BadCredentialsException;
 import com.amazon.dlic.auth.http.jwt.keybyoidc.KeyProvider;
-import com.amazon.opendistroforelasticsearch.security.auth.Destroyable;
-import com.amazon.opendistroforelasticsearch.security.auth.HTTPAuthenticator;
-import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
-import com.amazon.opendistroforelasticsearch.security.support.PemKeyReader;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
+import org.opensearch.security.auth.Destroyable;
+import org.opensearch.security.auth.HTTPAuthenticator;
+import org.opensearch.security.support.ConfigConstants;
+import org.opensearch.security.support.PemKeyReader;
+import org.opensearch.security.user.AuthCredentials;
 import com.google.common.base.Strings;
 import com.onelogin.saml2.authn.AuthnRequest;
 import com.onelogin.saml2.logout.LogoutRequest;
@@ -186,7 +186,7 @@ public boolean reRequestAuthentication(RestChannel restChannel, AuthCredentials
     private String getWwwAuthenticateHeader(Saml2Settings saml2Settings) throws Exception {
         AuthnRequest authnRequest = this.buildAuthnRequest(saml2Settings);
 
-        return "X-Security-IdP realm=\"Open Distro Security\" location=\""
+        return "X-Security-IdP realm=\"OpenSearch Security\" location=\""
                 + StringEscapeUtils.escapeJava(getSamlRequestRedirectBindingLocation(IdpEndpointType.SSO, saml2Settings,
                         authnRequest.getEncodedAuthnRequest(true)))
                 + "\" requestId=\"" + StringEscapeUtils.escapeJava(authnRequest.getId()) + "\"";

src/main/java/com/amazon/dlic/auth/http/saml/Saml2SettingsProvider.java

@@ -172,7 +172,7 @@ private void initIdpEndpoints(IDPSSODescriptor idpSsoDescriptor, HashMap<String,
                     singleLogoutService.getBinding());
         } else {
             log.warn(
-                    "The IdP does not provide a Single Logout Service. In order to ensure that users have to re-enter their password after logging out, Open Distro Security will issue all SAML authentication requests with a mandatory password input (ForceAuthn=true)");
+                    "The IdP does not provide a Single Logout Service. In order to ensure that users have to re-enter their password after logging out, OpenSearch Security will issue all SAML authentication requests with a mandatory password input (ForceAuthn=true)");
         }
     }
 

src/main/java/com/amazon/dlic/auth/ldap/LdapUser.java

@@ -23,9 +23,9 @@
 import org.ldaptive.LdapEntry;
 
 import com.amazon.dlic.auth.ldap.util.Utils;
-import com.amazon.opendistroforelasticsearch.security.support.WildcardMatcher;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
-import com.amazon.opendistroforelasticsearch.security.user.User;
+import org.opensearch.security.support.WildcardMatcher;
+import org.opensearch.security.user.AuthCredentials;
+import org.opensearch.security.user.User;
 
 public class LdapUser extends User {
 

src/main/java/com/amazon/dlic/auth/ldap/backend/LDAPAuthenticationBackend.java

@@ -42,10 +42,10 @@
 import com.amazon.dlic.auth.ldap.util.ConfigConstants;
 import com.amazon.dlic.auth.ldap.util.LdapHelper;
 import com.amazon.dlic.auth.ldap.util.Utils;
-import com.amazon.opendistroforelasticsearch.security.auth.AuthenticationBackend;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
-import com.amazon.opendistroforelasticsearch.security.user.User;
-import com.amazon.opendistroforelasticsearch.security.support.WildcardMatcher;
+import org.opensearch.security.auth.AuthenticationBackend;
+import org.opensearch.security.user.AuthCredentials;
+import org.opensearch.security.user.User;
+import org.opensearch.security.support.WildcardMatcher;
 
 public class LDAPAuthenticationBackend implements AuthenticationBackend {
 

src/main/java/com/amazon/dlic/auth/ldap/backend/LDAPAuthorizationBackend.java

@@ -73,12 +73,12 @@
 import com.amazon.dlic.auth.ldap.util.ConfigConstants;
 import com.amazon.dlic.auth.ldap.util.LdapHelper;
 import com.amazon.dlic.auth.ldap.util.Utils;
-import com.amazon.opendistroforelasticsearch.security.auth.AuthorizationBackend;
-import com.amazon.opendistroforelasticsearch.security.ssl.util.SSLConfigConstants;
-import com.amazon.opendistroforelasticsearch.security.support.PemKeyReader;
-import com.amazon.opendistroforelasticsearch.security.support.WildcardMatcher;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
-import com.amazon.opendistroforelasticsearch.security.user.User;
+import org.opensearch.security.auth.AuthorizationBackend;
+import org.opensearch.security.ssl.util.SSLConfigConstants;
+import org.opensearch.security.support.PemKeyReader;
+import org.opensearch.security.support.WildcardMatcher;
+import org.opensearch.security.user.AuthCredentials;
+import org.opensearch.security.user.User;
 import com.google.common.collect.HashMultimap;
 
 import io.netty.util.internal.PlatformDependent;

src/main/java/com/amazon/dlic/auth/ldap2/LDAPAuthenticationBackend2.java

@@ -43,11 +43,11 @@
 import com.amazon.dlic.auth.ldap.util.ConfigConstants;
 import com.amazon.dlic.auth.ldap.util.Utils;
 import com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfigException;
-import com.amazon.opendistroforelasticsearch.security.auth.AuthenticationBackend;
-import com.amazon.opendistroforelasticsearch.security.auth.Destroyable;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
-import com.amazon.opendistroforelasticsearch.security.user.User;
-import com.amazon.opendistroforelasticsearch.security.support.WildcardMatcher;
+import org.opensearch.security.auth.AuthenticationBackend;
+import org.opensearch.security.auth.Destroyable;
+import org.opensearch.security.user.AuthCredentials;
+import org.opensearch.security.user.User;
+import org.opensearch.security.support.WildcardMatcher;
 
 public class LDAPAuthenticationBackend2 implements AuthenticationBackend, Destroyable {
 

src/main/java/com/amazon/dlic/auth/ldap2/LDAPAuthorizationBackend2.java

@@ -51,11 +51,11 @@
 import com.amazon.dlic.auth.ldap.util.LdapHelper;
 import com.amazon.dlic.auth.ldap.util.Utils;
 import com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfigException;
-import com.amazon.opendistroforelasticsearch.security.auth.AuthorizationBackend;
-import com.amazon.opendistroforelasticsearch.security.auth.Destroyable;
-import com.amazon.opendistroforelasticsearch.security.support.WildcardMatcher;
-import com.amazon.opendistroforelasticsearch.security.user.AuthCredentials;
-import com.amazon.opendistroforelasticsearch.security.user.User;
+import org.opensearch.security.auth.AuthorizationBackend;
+import org.opensearch.security.auth.Destroyable;
+import org.opensearch.security.support.WildcardMatcher;
+import org.opensearch.security.user.AuthCredentials;
+import org.opensearch.security.user.User;
 import com.google.common.collect.HashMultimap;
 
 public class LDAPAuthorizationBackend2 implements AuthorizationBackend, Destroyable {

src/main/java/com/amazon/dlic/util/SettingsBasedSSLConfigurator.java

@@ -49,8 +49,8 @@
 import org.apache.logging.log4j.Logger;
 import org.opensearch.common.settings.Settings;
 
-import com.amazon.opendistroforelasticsearch.security.ssl.util.SSLConfigConstants;
-import com.amazon.opendistroforelasticsearch.security.support.PemKeyReader;
+import org.opensearch.security.ssl.util.SSLConfigConstants;
+import org.opensearch.security.support.PemKeyReader;
 import com.google.common.collect.ImmutableList;
 
 public class SettingsBasedSSLConfigurator {

src/main/java/com/amazon/opendistroforelasticsearch/security/DefaultObjectMapper.java → src/main/java/org/opensearch/security/DefaultObjectMapper.java

@@ -28,7 +28,7 @@
  * permissions and limitations under the License.
  */
 
-package com.amazon.opendistroforelasticsearch.security;
+package org.opensearch.security;
 
 import java.io.IOException;
 import java.security.AccessController;

src/main/java/com/amazon/opendistroforelasticsearch/security/NonValidatingObjectMapper.java → src/main/java/org/opensearch/security/NonValidatingObjectMapper.java

@@ -28,7 +28,7 @@
  * permissions and limitations under the License.
  */
 
-package com.amazon.opendistroforelasticsearch.security;
+package org.opensearch.security;
 
 import java.io.IOException;
 import java.security.AccessController;