Add permission obo/create for accessing create obo endpoint

Signed-off-by: Ryan Liang <jiallian@amazon.com>
peternied · Aug 22, 2023 · 9103b23 · 9103b23
1 parent 2349213
commit 9103b23
Showing 1 changed file with 14 additions and 2 deletions.
diff --git a/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java b/src/main/java/org/opensearch/security/action/onbehalf/CreateOnBehalfOfTokenAction.java
@@ -28,6 +28,7 @@
 import org.opensearch.core.xcontent.XContentBuilder;
 import org.opensearch.rest.BaseRestHandler;
 import org.opensearch.rest.BytesRestResponse;
+import org.opensearch.rest.NamedRoute;
 import org.opensearch.rest.RestChannel;
 import org.opensearch.rest.RestRequest;
 import org.opensearch.rest.RestRequest.Method;
@@ -39,10 +40,21 @@
 import org.opensearch.security.user.User;
 import org.opensearch.threadpool.ThreadPool;
 
+import static org.opensearch.rest.RestRequest.Method.POST;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 public class CreateOnBehalfOfTokenAction extends BaseRestHandler {
 
+    private static final List<Route> routes = addRoutesPrefix(
+            ImmutableList.of(
+                    new NamedRoute.Builder().method(POST)
+                            .path("/user/onbehalfof")
+                            .uniqueName("security:obo/create")
+                            .build()
+            ),
+            "/_plugins/_security/api"
+    );
+
     private JwtVendor vendor;
     private final ThreadPool threadPool;
     private final ClusterService clusterService;
@@ -85,9 +97,9 @@ public String getName() {
 
     @Override
     public List<Route> routes() {
-        return addRoutesPrefix(ImmutableList.of(new Route(Method.POST, "/user/onbehalfof")));
+        return routes;
     }
-
+    
     @Override
     protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
         switch (request.method()) {