[Feature/Extension] Rename the term 'extension' into 'on_behalf_of'

src/integrationTest/java/org/opensearch/security/SecurityConfigurationTests.java

@@ -215,7 +215,7 @@ public void shouldUseSecurityAdminTool() throws Exception {
 	}
 
 	@Test
-	public void shouldReloadExtensionsConfigurationFromFile() throws Exception {
+	public void shouldReloadOnBehalfOfConfigurationFromFile() throws Exception {
 		SecurityAdminLauncher securityAdminLauncher = new SecurityAdminLauncher(cluster.getHttpPort(), cluster.getTestCertificates());
 		File config = configurationDirectory.newFile("config.yml");
 		ConfigurationFiles.createConfigFile(config);
@@ -228,7 +228,7 @@ public void shouldReloadExtensionsConfigurationFromFile() throws Exception {
 							{
 								HttpResponse httpResponse = client.get("_plugins/_security/api/securityconfig");
 								JsonNode jsonNode = DefaultObjectMapper.objectMapper.readTree(httpResponse.getBody());
-								return jsonNode.get("config").get("dynamic").get("extensions");
+								return jsonNode.get("config").get("dynamic").get("on_behalf_of");
 
 							}, jsonNode -> jsonNode.get("encryption_key").asText().equals("encryption key") && jsonNode.get("signing_key").asText().equals("signing key")
 					);

src/integrationTest/resources/config.yml

@@ -15,6 +15,6 @@ config:
         authentication_backend:
           type: "internal"
           config: {}
-    extensions:
+    on_behalf_of:
       signing_key: "signing key"
       encryption_key: "encryption key"

src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java

@@ -838,7 +838,7 @@ public Collection<Object> createComponents(Client localClient, ClusterService cl
 
         securityRestHandler = new SecurityRestFilter(backendRegistry, auditLog, threadPool,
                 principalExtractor, settings, configPath, compatConfig);
-        //TODO: CREATE A INSTANCE OF HTTPExtensionAuthenticationBackend
+                
         HTTPOnBehalfOfJwtAuthenticator acInstance = new HTTPOnBehalfOfJwtAuthenticator();
 
         final DynamicConfigFactory dcf = new DynamicConfigFactory(cr, settings, configPath, localClient, threadPool, cih);

src/main/java/org/opensearch/security/securityconf/DynamicConfigModel.java

@@ -81,7 +81,7 @@ public abstract class DynamicConfigModel {
     public abstract Multimap<String, AuthFailureListener> getAuthBackendFailureListeners();
     public abstract List<ClientBlockRegistry<InetAddress>> getIpClientBlockRegistries();
     public abstract Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRegistries();
-    public abstract Settings getDynamicExtensionsSettings();
+    public abstract Settings getDynamicOnBehalfOfSettings();
     protected final Map<String, String> authImplMap = new HashMap<>();
 
     public DynamicConfigModel() {

src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV6.java

@@ -190,7 +190,7 @@ public Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRe
     }
 
     @Override
-    public Settings getDynamicExtensionsSettings() {
+    public Settings getDynamicOnBehalfOfSettings() {
         return Settings.EMPTY;
     }
 

src/main/java/org/opensearch/security/securityconf/DynamicConfigModelV7.java

@@ -190,9 +190,9 @@ public Multimap<String, ClientBlockRegistry<String>> getAuthBackendClientBlockRe
     }
 
     @Override
-    public Settings getDynamicExtensionsSettings() {
+    public Settings getDynamicOnBehalfOfSettings() {
         return Settings.builder()
-                .put(Settings.builder().loadFromSource(config.dynamic.extensions.configAsJson(), XContentType.JSON).build())
+                .put(Settings.builder().loadFromSource(config.dynamic.on_behalf_of.configAsJson(), XContentType.JSON).build())
                 .build();
     }
 

src/main/java/org/opensearch/security/securityconf/impl/v6/ConfigV6.java

@@ -72,12 +72,14 @@ public static class Dynamic {
         public String hosts_resolver_mode = "ip-only";
         public String transport_userrname_attribute;
         public boolean do_not_fail_on_forbidden_empty;
-        public Extensions extensions = new Extensions();
+        public OnBehalfOf on_behalf_of = new OnBehalfOf() {
+
+        };
 
         @Override
         public String toString() {
             return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz="
-                    + authz + ", extensions=" + extensions + "]";
+                    + authz + ", on_behalf_of=" + on_behalf_of + "]";
         }
     }
 
@@ -322,7 +324,7 @@ public String toString() {
 
     }
 
-    public static class Extensions {
+    public static class OnBehalfOf {
         @JsonProperty("signing_key")
         private String signingKey;
         @JsonProperty("encryption_key")
@@ -346,7 +348,7 @@ public void setEncryptionKey(String encryptionKey) {
 
         @Override
         public String toString() {
-            return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
+            return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
         }
     }
 }

src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java

@@ -126,12 +126,12 @@ public static class Dynamic {
         public String hosts_resolver_mode = "ip-only";
         public String transport_userrname_attribute;
         public boolean do_not_fail_on_forbidden_empty;
-        public Extensions extensions = new Extensions();
+        public OnBehalfOf on_behalf_of = new OnBehalfOf();
 
         @Override
         public String toString() {
             return "Dynamic [filtered_alias_mode=" + filtered_alias_mode + ", kibana=" + kibana + ", http=" + http + ", authc=" + authc + ", authz="
-                    + authz + ", extensions=" + extensions + "]";
+                    + authz + ", on_behalf_of=" + on_behalf_of + "]";
         }
     }
 
@@ -466,7 +466,7 @@ public String toString() {
 
     }
 
-    public static class Extensions {
+    public static class OnBehalfOf {
         @JsonProperty("signing_key")
         private String signingKey;
         @JsonProperty("encryption_key")
@@ -499,7 +499,7 @@ public void setEncryptionKey(String encryptionKey) {
 
         @Override
         public String toString() {
-            return "Extensions [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
+            return "OnBehalfOf [signing_key=" + signingKey + ", encryption_key=" + encryptionKey +"]";
         }
     }
 }

src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java

@@ -47,7 +47,7 @@ public void testCreateJwkFromSettingsWithoutSigningKey() throws Exception{
     public void testCreateJwtWithRoles() throws Exception {
         String issuer = "cluster_0";
         String subject = "admin";
-        String audience = "extension_0";
+        String audience = "audience_0";
         List<String> roles = List.of("IT", "HR");
         String expectedRoles = "IT,HR";
         Integer expirySeconds = 300;
@@ -64,7 +64,7 @@ public void testCreateJwtWithRoles() throws Exception {
 
         Assert.assertEquals("cluster_0", jwt.getClaim("iss"));
         Assert.assertEquals("admin", jwt.getClaim("sub"));
-        Assert.assertEquals("extension_0", jwt.getClaim("aud"));
+        Assert.assertEquals("audience_0", jwt.getClaim("aud"));
         Assert.assertNotNull(jwt.getClaim("iat"));
         Assert.assertNotNull(jwt.getClaim("exp"));
         Assert.assertEquals(expectedExp, jwt.getClaim("exp"));
@@ -76,7 +76,7 @@ public void testCreateJwtWithRoles() throws Exception {
     public void testCreateJwtWithBadExpiry() throws Exception {
         String issuer = "cluster_0";
         String subject = "admin";
-        String audience = "extension_0";
+        String audience = "audience_0";
         List <String> roles = List.of("admin");
         Integer expirySeconds = -300;
         String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16);
@@ -91,7 +91,7 @@ public void testCreateJwtWithBadExpiry() throws Exception {
     public void testCreateJwtWithBadEncryptionKey() throws Exception {
         String issuer = "cluster_0";
         String subject = "admin";
-        String audience = "extension_0";
+        String audience = "audience_0";
         List <String> roles = List.of("admin");
         Integer expirySeconds = 300;
 
@@ -105,7 +105,7 @@ public void testCreateJwtWithBadEncryptionKey() throws Exception {
     public void testCreateJwtWithBadRoles() throws Exception {
         String issuer = "cluster_0";
         String subject = "admin";
-        String audience = "extension_0";
+        String audience = "audience_0";
         List <String> roles = null;
         Integer expirySecond = 300;
         String claimsEncryptionKey = RandomStringUtils.randomAlphanumeric(16);

src/test/resources/config.yml

@@ -96,6 +96,6 @@ config:
     multi_rolespan_enabled: false
     hosts_resolver_mode: "ip-only"
     transport_userrname_attribute: null
-    extensions:
+    on_behalf_of:
       signing_key: "signing key"
       encryption_key: "encryption key"

src/test/resources/restapi/securityconfig.json

@@ -154,7 +154,7 @@
     "multi_rolespan_enabled":false,
     "hosts_resolver_mode":"ip-only",
     "do_not_fail_on_forbidden_empty":false,
-    "extensions": {
+    "on_behalf_of": {
     }
   }
 

src/test/resources/restapi/securityconfig_nondefault.json

@@ -171,7 +171,7 @@
     "multi_rolespan_enabled" : true,
     "hosts_resolver_mode" : "ip-only",
     "do_not_fail_on_forbidden_empty" : false,
-    "extensions": {
+    "on_behalf_of": {
       "signing_key": "signing key",
       "encryption_key": "encryption key"
     }