Remove permission handler

Signed-off-by: Stephen Crawford <[email protected]>
opensearch-project · Jan 24, 2023 · 000c138 · 000c138
1 parent 03b6e6e
commit 000c138
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 172 deletions.
diff --git a/sandbox/libs/authn/src/main/java/org/opensearch/authn/Permission.java b/sandbox/libs/authn/src/main/java/org/opensearch/authn/Permission.java
@@ -21,17 +21,16 @@ abstract class Permission {
     // If using string-object permissions, you use the invalid characters for ensuring formatting
     String[] INVALID_CHARACTERS;
 
-    // An array of the valid operations which a permission can grant the privilege to perform.
-    String[] QUALIFIED_OPERATIONS;
+    // An array of the valid actions which a permission can grant the privilege to perform.
+    String[] QUALIFIED_ACTIONS;
 
-    // An array of the available resources which a permission can grant some operation to act upon.
+    // An array of the available resources which a permission can grant some action to act upon.
     String[] QUALIFIED_RESOURCES;
 
     String permissionString;
 
-    // Every permissionString must be resolvable to its constituent parts: <principal>.<resource>.<action>
+    // Every permissionString must be resolvable to its constituent parts: <resource>.<action>
     // These are then stored separately to avoid costly String manipulation.
-    String principal;
 
     String resource;
 

diff --git a/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionHandler.java b/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionHandler.java
diff --git a/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionManager.java b/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionManager.java
diff --git a/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionStorage.java b/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionStorage.java
@@ -19,30 +19,30 @@ public class PermissionStorage implements PermissionStore {
     public HashMap<String, ArrayList<Permission>> permissionStore = new HashMap<>();
 
     @Override
-    public void put(String eventIdentifier, ArrayList<Permission> permissions) {
+    public void put(String principalString, ArrayList<Permission> permissions) {
 
-        permissionStore.put(eventIdentifier, permissions);
+        permissionStore.put(principalString, permissions);
     }
 
     @Override
-    public ArrayList<Permission> get(String eventIdentifier) {
+    public ArrayList<Permission> get(String principalString) {
 
-        return permissionStore.get(eventIdentifier);
+        return permissionStore.get(principalString);
     }
 
     @Override
-    public void delete(String eventIdentifier, Permission[] permissions) {
+    public void delete(String principalString, Permission[] permissions) {
 
         for (Permission permission : permissions) {
-            permissionStore.remove(eventIdentifier, permission);
+            permissionStore.remove(principalString, permission);
         }
     }
 
     // Allow for using a String regex expression to delete an entire pair from the map.
-    public void delete(String eventIdentifier, String regex) {
+    public void delete(String principalString, String regex) {
 
         if (regex.equals("*")) {
-            permissionStore.remove(eventIdentifier);
+            permissionStore.remove(principalString);
         }
     }
 }
diff --git a/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionStore.java b/sandbox/libs/authn/src/main/java/org/opensearch/authn/PermissionStore.java
@@ -25,23 +25,22 @@
 public interface PermissionStore {
 
     /**
-     * This function adds a new grant permissions event to the permissions store. The eventIdentifier is a unique string that
-     * represents the event (it does not need to be encrypted and should not be deterministic unless time is a factor of the generation).
-     * The ArrayList is a list of all permissions that are being granted during the associated event and should be referencable
-     * by the eventIdentifier.
+     * This function adds a set of permissions to the permission store. The principalString is a unique string that
+     * corresponds to the subject which the permissions are being granted to.
+     * The ArrayList is a list of all permissions that are being granted.
      */
-    public void put(String eventIdentifier, ArrayList<Permission> permissions);
+    public void put(String principalString, ArrayList<Permission> permissions);
 
     /**
-     * This function returns the ArrayList of permissions added to the permission store during the provided permission grant event.
+     * This function returns the ArrayList of permissions associated with the provided principalString.
      * If permissions are modified during storage they must be reverted back to their original state during get().
      */
-    public ArrayList<Permission> get(String eventIdentifier);
+    public ArrayList<Permission> get(String principalString);
 
     /**
-     * This function in-place deletes all targeted permissions associated with a given permission grant event.
+     * This function in-place deletes all targeted permissions associated with a given principalString.
      * This function should be implemented such that '*' means that all permissions associated with the grant event are deleted.
      */
-    public void delete(String eventIdentifier, Permission[] permissions);
+    public void delete(String principalString, Permission[] permissions);
 
 }
diff --git a/sandbox/libs/authn/src/main/java/org/opensearch/authn/Permissions.java b/sandbox/libs/authn/src/main/java/org/opensearch/authn/Permissions.java
@@ -31,7 +31,6 @@ public class Permissions extends Permission {
 
     public String[] permissionSegments;
 
-    public String principal;
     public String resource;
 
     public String action;
@@ -41,25 +40,21 @@ public void Permission(String permission) {
 
         this.permissionString = permission;
         this.permissionSegments = permissionString.split(PERMISSION_DELIMITER);
-        this.principal = permissionSegments[0];
-        this.resource = permissionSegments[1];
-        this.action = permissionSegments[2];
+        this.resource = permissionSegments[0];
+        this.action = permissionSegments[1];
     }
 
     /**
      * Check that the permission does not contain any forbidden strings.
-     * This set implementation does so in O(n).
-     * Assumes that the permission is formatted as <principal>.<resource>.<action>
+     * Assumes that the permission is formatted as <resource>.<action>
      * The principal should already be verified before the permission is created.
      */
     @Override
     public boolean isValidFormat() {
 
         // Check for illegal characters in any of the permission segments O(3n)
         for (int i = 0; i < INVALID_CHARACTERS.length; i++) {
-            if (this.principal.contains(INVALID_CHARACTERS[i])
-                || this.resource.contains(INVALID_CHARACTERS[i])
-                || this.action.contains(INVALID_CHARACTERS[i])) {
+            if (this.resource.contains(INVALID_CHARACTERS[i]) || this.action.contains(INVALID_CHARACTERS[i])) {
                 return false;
             }
         }