Handle attributes when impersonating user (#23)

turettn · shivangdoshi07 · commit 4487bf45e275 · 2019-04-18T11:06:50.000-07:00
* unit-test: make sure attributes work after REST impersonation See #22 for details. * Preserve attributes when impersonating user. When impersonating a user over the REST interface, attributes were being lost. This handles them the same way roles are handled.
diff --git a/src/main/java/com/amazon/opendistroforelasticsearch/security/auth/internal/InternalAuthenticationBackend.java b/src/main/java/com/amazon/opendistroforelasticsearch/security/auth/internal/InternalAuthenticationBackend.java
@@ -35,6 +35,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 
 import org.bouncycastle.crypto.generators.OpenBSDBCrypt;
@@ -88,6 +89,17 @@ public boolean exists(User user) {
             user.addRoles(roles);
         }
         
+        final Settings customAttributes = cfg.getAsSettings(user.getName() + ".attributes");
+        HashMap<String, String> attributeMap = new HashMap<String, String>();
+
+        if(customAttributes != null) {
+            for(String attributeName: customAttributes.names()) {
+                attributeMap.put("attr.internal."+attributeName, customAttributes.get(attributeName));
+            }
+        }
+
+        user.addAttributes(attributeMap);
+
         return true;
     }
     
diff --git a/src/test/java/com/amazon/opendistroforelasticsearch/security/HttpIntegrationTests.java b/src/test/java/com/amazon/opendistroforelasticsearch/security/HttpIntegrationTests.java
@@ -248,6 +248,7 @@ public void testHTTPBasic() throws Exception {
             res = rh.executeGetRequest("/_opendistro/_security/authinfo", new BasicHeader("opendistro_security_impersonate_as","knuddel"), encodeBasicHeader("worf", "worf"));
             Assert.assertEquals(HttpStatus.SC_OK, res.getStatusCode());
             Assert.assertTrue(res.getBody().contains("name=knuddel"));
+            Assert.assertTrue(res.getBody().contains("attr.internal.test1"));
             Assert.assertFalse(res.getBody().contains("worf"));
             
             res = rh.executeGetRequest("/_opendistro/_security/authinfo", new BasicHeader("opendistro_security_impersonate_as","nonexists"), encodeBasicHeader("worf", "worf"));
diff --git a/src/test/resources/internal_users.yml b/src/test/resources/internal_users.yml
@@ -106,6 +106,8 @@ logstash:
   
 knuddel:
   hash: _imponly_
+  attributes:
+    test1: test2
 
 twitter:
   hash: $2a$12$n5nubfWATfQjSYHiWtUyeOxMIxFInUHOAx8VMmGmxFNPGpaBmeB.m
