diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportDeleteTIFSourceConfigAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportDeleteTIFSourceConfigAction.java index 4234c6592..58b1e5bc1 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportDeleteTIFSourceConfigAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportDeleteTIFSourceConfigAction.java @@ -2,34 +2,57 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.opensearch.OpenSearchStatusException; import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; import org.opensearch.common.inject.Inject; +import org.opensearch.common.settings.Settings; +import org.opensearch.commons.authuser.User; import org.opensearch.core.action.ActionListener; +import org.opensearch.core.rest.RestStatus; +import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings; import org.opensearch.securityanalytics.threatIntel.action.SADeleteTIFSourceConfigAction; import org.opensearch.securityanalytics.threatIntel.action.SADeleteTIFSourceConfigRequest; import org.opensearch.securityanalytics.threatIntel.action.SADeleteTIFSourceConfigResponse; import org.opensearch.securityanalytics.threatIntel.service.SATIFSourceConfigManagementService; import org.opensearch.securityanalytics.transport.SecureTransportAction; +import org.opensearch.securityanalytics.util.SecurityAnalyticsException; import org.opensearch.tasks.Task; +import org.opensearch.threadpool.ThreadPool; import org.opensearch.transport.TransportService; public class TransportDeleteTIFSourceConfigAction extends HandledTransportAction implements SecureTransportAction { private static final Logger log = LogManager.getLogger(TransportDeleteTIFSourceConfigAction.class); + private final Settings settings; + private final ThreadPool threadPool; + private volatile Boolean filterByEnabled; private final SATIFSourceConfigManagementService saTifConfigService; @Inject public TransportDeleteTIFSourceConfigAction(TransportService transportService, ActionFilters actionFilters, + Settings settings, + final ThreadPool threadPool, final SATIFSourceConfigManagementService saTifConfigService) { super(SADeleteTIFSourceConfigAction.NAME, transportService, actionFilters, SADeleteTIFSourceConfigRequest::new); + this.settings = settings; + this.threadPool = threadPool; + this.filterByEnabled = SecurityAnalyticsSettings.FILTER_BY_BACKEND_ROLES.get(this.settings); this.saTifConfigService = saTifConfigService; } @Override protected void doExecute(Task task, SADeleteTIFSourceConfigRequest request, ActionListener actionListener) { + User user = readUserFromThreadContext(this.threadPool); + String validateBackendRoleMessage = validateUserBackendRoles(user, this.filterByEnabled); + if (!"".equals(validateBackendRoleMessage)) { + actionListener.onFailure(SecurityAnalyticsException.wrap(new OpenSearchStatusException(validateBackendRoleMessage, RestStatus.FORBIDDEN))); + return; + } + this.threadPool.getThreadContext().stashContext(); + saTifConfigService.deleteTIFSourceConfig(request.getId(), ActionListener.wrap( response -> actionListener.onResponse( new SADeleteTIFSourceConfigResponse( diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetIocFindingsAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetIocFindingsAction.java index c6ab88435..f27472eeb 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetIocFindingsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetIocFindingsAction.java @@ -90,6 +90,8 @@ protected void doExecute(Task task, GetIocFindingsRequest request, ActionListene actionListener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); return; } + this.threadPool.getThreadContext().stashContext(); + Table tableProp = request.getTable(); FieldSortBuilder sortBuilder = SortBuilders .fieldSort(tableProp.getSortString()) diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetTIFSourceConfigAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetTIFSourceConfigAction.java index 240748cd0..51c5a6ad2 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetTIFSourceConfigAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportGetTIFSourceConfigAction.java @@ -60,7 +60,6 @@ protected void doExecute(Task task, SAGetTIFSourceConfigRequest request, ActionL actionListener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); return; } - this.threadPool.getThreadContext().stashContext(); saTifConfigService.getTIFSourceConfig(request.getId(), ActionListener.wrap( diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java index 9b6378cf9..77ea09a4c 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportIndexTIFSourceConfigAction.java @@ -82,6 +82,8 @@ protected void doExecute(final Task task, final SAIndexTIFSourceConfigRequest re listener.onFailure(SecurityAnalyticsException.wrap(new OpenSearchStatusException(validateBackendRoleMessage, RestStatus.FORBIDDEN))); return; } + this.threadPool.getThreadContext().stashContext(); + retrieveLockAndCreateTIFConfig(request, listener, user); } diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportPutTIFJobAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportPutTIFJobAction.java index 2c756b3d3..41bad5b1a 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportPutTIFJobAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportPutTIFJobAction.java @@ -15,10 +15,13 @@ import org.opensearch.action.support.HandledTransportAction; import org.opensearch.action.support.master.AcknowledgedResponse; import org.opensearch.common.inject.Inject; +import org.opensearch.common.settings.Settings; +import org.opensearch.commons.authuser.User; import org.opensearch.core.action.ActionListener; import org.opensearch.core.rest.RestStatus; import org.opensearch.index.engine.VersionConflictEngineException; import org.opensearch.jobscheduler.spi.LockModel; +import org.opensearch.securityanalytics.settings.SecurityAnalyticsSettings; import org.opensearch.securityanalytics.threatIntel.action.PutTIFJobAction; import org.opensearch.securityanalytics.threatIntel.action.PutTIFJobRequest; import org.opensearch.securityanalytics.threatIntel.action.ThreatIntelIndicesResponse; @@ -27,6 +30,7 @@ import org.opensearch.securityanalytics.threatIntel.model.TIFJobParameter; import org.opensearch.securityanalytics.threatIntel.service.TIFJobParameterService; import org.opensearch.securityanalytics.threatIntel.service.TIFJobUpdateService; +import org.opensearch.securityanalytics.transport.SecureTransportAction; import org.opensearch.tasks.Task; import org.opensearch.threadpool.ThreadPool; import org.opensearch.transport.TransportService; @@ -40,13 +44,16 @@ /** * Transport action to create job to fetch threat intel feed data and save IoCs */ -public class TransportPutTIFJobAction extends HandledTransportAction { +public class TransportPutTIFJobAction extends HandledTransportAction implements SecureTransportAction { // TODO refactor this into a service class that creates feed updation job. This is not necessary to be a transport action private static final Logger log = LogManager.getLogger(TransportPutTIFJobAction.class); private final TIFJobParameterService tifJobParameterService; private final TIFJobUpdateService tifJobUpdateService; private final TIFLockService lockService; + private final Settings settings; + private final ThreadPool threadPool; + private volatile Boolean filterByEnabled; /** * Default constructor @@ -64,16 +71,29 @@ public TransportPutTIFJobAction( final ThreadPool threadPool, final TIFJobParameterService tifJobParameterService, final TIFJobUpdateService tifJobUpdateService, - final TIFLockService lockService + final TIFLockService lockService, + Settings settings ) { super(PutTIFJobAction.NAME, transportService, actionFilters, PutTIFJobRequest::new); this.tifJobParameterService = tifJobParameterService; this.tifJobUpdateService = tifJobUpdateService; this.lockService = lockService; + this.threadPool = threadPool; + this.settings = settings; + this.filterByEnabled = SecurityAnalyticsSettings.FILTER_BY_BACKEND_ROLES.get(this.settings); } @Override protected void doExecute(final Task task, final PutTIFJobRequest request, final ActionListener listener) { + User user = readUserFromThreadContext(this.threadPool); + + String validateBackendRoleMessage = validateUserBackendRoles(user, this.filterByEnabled); + if (!"".equals(validateBackendRoleMessage)) { + listener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); + return; + } + this.threadPool.getThreadContext().stashContext(); + try { lockService.acquireLock(request.getName(), LOCK_DURATION_IN_SECONDS, ActionListener.wrap(lock -> { if (lock == null) { diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportRefreshTIFSourceConfigAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportRefreshTIFSourceConfigAction.java index de809be45..0c8af386f 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportRefreshTIFSourceConfigAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportRefreshTIFSourceConfigAction.java @@ -60,6 +60,7 @@ protected void doExecute(Task task, SARefreshTIFSourceConfigRequest request, Act actionListener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); return; } + this.threadPool.getThreadContext().stashContext(); saTifSourceConfigManagementService.refreshTIFSourceConfig(request.getId(), user, ActionListener.wrap( r -> actionListener.onResponse( diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportSearchTIFSourceConfigsAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportSearchTIFSourceConfigsAction.java index 9eb47f0a3..877728e31 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportSearchTIFSourceConfigsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/TransportSearchTIFSourceConfigsAction.java @@ -66,8 +66,8 @@ protected void doExecute(Task task, SASearchTIFSourceConfigsRequest request, Act actionListener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); return; } - this.threadPool.getThreadContext().stashContext(); // stash context to make calls as admin client + StepListener defaultTifConfigsLoadedListener; try { defaultTifConfigsLoadedListener = new StepListener<>(); diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportDeleteThreatIntelMonitorAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportDeleteThreatIntelMonitorAction.java index 041a8cd99..1ecebc2e3 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportDeleteThreatIntelMonitorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportDeleteThreatIntelMonitorAction.java @@ -61,6 +61,8 @@ protected void doExecute(Task task, DeleteThreatIntelMonitorRequest request, Act listener.onFailure(SecurityAnalyticsException.wrap(new OpenSearchStatusException(validateBackendRoleMessage, RestStatus.FORBIDDEN))); return; } + this.threadPool.getThreadContext().stashContext(); + AlertingPluginInterface.INSTANCE.deleteMonitor((NodeClient) client, new DeleteMonitorRequest(request.getMonitorId(), WriteRequest.RefreshPolicy.IMMEDIATE), listener); diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportGetThreatIntelAlertsAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportGetThreatIntelAlertsAction.java index 71fb4a71f..ac1afe4f9 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportGetThreatIntelAlertsAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportGetThreatIntelAlertsAction.java @@ -102,6 +102,8 @@ protected void doExecute(Task task, GetThreatIntelAlertsRequest request, ActionL listener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); return; } + this.threadPool.getThreadContext().stashContext(); + //fetch monitors and search SearchRequest threatIntelMonitorsSearchRequest = new SearchRequest(); threatIntelMonitorsSearchRequest.indices(".opendistro-alerting-config"); diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportIndexThreatIntelMonitorAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportIndexThreatIntelMonitorAction.java index c3384b2a0..e0bb438c7 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportIndexThreatIntelMonitorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportIndexThreatIntelMonitorAction.java @@ -107,6 +107,8 @@ protected void doExecute(Task task, IndexThreatIntelMonitorRequest request, Acti listener.onFailure(SecurityAnalyticsException.wrap(new OpenSearchStatusException(validateBackendRoleMessage, RestStatus.FORBIDDEN))); return; } + this.threadPool.getThreadContext().stashContext(); + if(request.getMethod().equals(RestRequest.Method.PUT)) { indexMonitor(request, listener, user); return; diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportSearchThreatIntelMonitorAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportSearchThreatIntelMonitorAction.java index b918e02ec..11a1e1beb 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportSearchThreatIntelMonitorAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportSearchThreatIntelMonitorAction.java @@ -1,5 +1,6 @@ package org.opensearch.securityanalytics.threatIntel.transport.monitor; +import org.opensearch.OpenSearchStatusException; import org.opensearch.action.search.SearchResponse; import org.opensearch.action.support.ActionFilters; import org.opensearch.action.support.HandledTransportAction; @@ -17,6 +18,7 @@ import org.opensearch.commons.authuser.User; import org.opensearch.core.action.ActionListener; import org.opensearch.core.common.bytes.BytesReference; +import org.opensearch.core.rest.RestStatus; import org.opensearch.core.xcontent.NamedXContentRegistry; import org.opensearch.core.xcontent.XContentBuilder; import org.opensearch.core.xcontent.XContentParser; @@ -70,7 +72,11 @@ protected void doExecute(Task task, SearchThreatIntelMonitorRequest request, Act // log.info("Filtering result by: {}", user.getBackendRoles()); // addFilter(user, request.searchRequest().source(), "detector.user.backend_roles.keyword"); // } // TODO - + String validateBackendRoleMessage = validateUserBackendRoles(user, this.filterByEnabled); + if (!"".equals(validateBackendRoleMessage)) { + listener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); + return; + } this.threadPool.getThreadContext().stashContext(); //TODO change search request to fetch threat intel monitors diff --git a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportUpdateThreatIntelAlertStatusAction.java b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportUpdateThreatIntelAlertStatusAction.java index cb8d1d8a4..7902453b9 100644 --- a/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportUpdateThreatIntelAlertStatusAction.java +++ b/src/main/java/org/opensearch/securityanalytics/threatIntel/transport/monitor/TransportUpdateThreatIntelAlertStatusAction.java @@ -96,6 +96,8 @@ protected void doExecute(Task task, UpdateThreatIntelAlertStatusRequest request, listener.onFailure(new OpenSearchStatusException("Do not have permissions to resource", RestStatus.FORBIDDEN)); return; } + this.threadPool.getThreadContext().stashContext(); + //fetch monitors and search SearchRequest threatIntelMonitorsSearchRequest = new SearchRequest(); threatIntelMonitorsSearchRequest.indices(".opendistro-alerting-config");