Add additional sendRequestDecorate cases (#3920)

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
opensearch-project · Feb 1, 2024 · 9187da1 · 9187da1
1 parent c06365c
commit 9187da1
Show file tree

Hide file tree

Showing 3 changed files with 231 additions and 54 deletions.
diff --git a/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java b/src/main/java/org/opensearch/security/OpenSearchSecurityPlugin.java
@@ -251,6 +251,7 @@ public final class OpenSearchSecurityPlugin extends OpenSearchSecuritySSLPlugin
     private volatile OpensearchDynamicSetting<Boolean> transportPassiveAuthSetting;
 
     public static boolean isActionTraceEnabled() {
+
         return actionTrace.isTraceEnabled();
     }
 
@@ -1108,7 +1109,8 @@ public Collection<Object> createComponents(
             cs,
             Objects.requireNonNull(sslExceptionHandler),
             Objects.requireNonNull(cih),
-            SSLConfig
+            SSLConfig,
+            OpenSearchSecurityPlugin::isActionTraceEnabled
         );
         components.add(principalExtractor);
 

diff --git a/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java b/src/main/java/org/opensearch/security/transport/SecurityInterceptor.java
@@ -31,6 +31,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
+import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
 import com.google.common.collect.Maps;
@@ -71,8 +72,6 @@
 import org.opensearch.transport.TransportRequestOptions;
 import org.opensearch.transport.TransportResponseHandler;
 
-import static org.opensearch.security.OpenSearchSecurityPlugin.isActionTraceEnabled;
-
 public class SecurityInterceptor {
 
     protected final Logger log = LogManager.getLogger(getClass());
@@ -86,6 +85,7 @@ public class SecurityInterceptor {
     private final SslExceptionHandler sslExceptionHandler;
     private final ClusterInfoHolder clusterInfoHolder;
     private final SSLConfig SSLConfig;
+    private final Supplier<Boolean> actionTraceEnabled;
 
     public SecurityInterceptor(
         final Settings settings,
@@ -97,7 +97,8 @@ public SecurityInterceptor(
         final ClusterService cs,
         final SslExceptionHandler sslExceptionHandler,
         final ClusterInfoHolder clusterInfoHolder,
-        final SSLConfig SSLConfig
+        final SSLConfig SSLConfig,
+        final Supplier<Boolean> actionTraceSupplier
     ) {
         this.backendRegistry = backendRegistry;
         this.auditLog = auditLog;
@@ -109,6 +110,7 @@ public SecurityInterceptor(
         this.sslExceptionHandler = sslExceptionHandler;
         this.clusterInfoHolder = clusterInfoHolder;
         this.SSLConfig = SSLConfig;
+        this.actionTraceEnabled = actionTraceSupplier;
     }
 
     public <T extends TransportRequest> SecurityRequestHandler<T> getHandler(String action, TransportRequestHandler<T> actualHandler) {
@@ -247,7 +249,7 @@ && getThreadContext().getHeader(ConfigConstants.OPENDISTRO_SECURITY_INJECTED_ROL
                 useJDKSerialization
             );
 
-            if (isActionTraceEnabled()) {
+            if (actionTraceEnabled.get()) {
                 getThreadContext().putHeader(
                     "_opendistro_security_trace" + System.currentTimeMillis() + "#" + UUID.randomUUID().toString(),
                     Thread.currentThread().getName()
@@ -407,5 +409,4 @@ public String executor() {
             return innerHandler.executor();
         }
     }
-
 }