opensearch-project · shikharj05 · Feb 10, 2025 · Feb 10, 2025 · Feb 10, 2025 · Feb 10, 2025
@@ -246,6 +246,7 @@ public final class OpenSearchSecurityPlugin extends OpenSearchSecuritySSLPlugin
     private static final Logger actionTrace = LogManager.getLogger("opendistro_security_action_trace");
     private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(OpenSearchSecurityPlugin.class);
 
+    @Deprecated
     public static final String LEGACY_OPENDISTRO_PREFIX = "_opendistro/_security";
     public static final String PLUGINS_PREFIX = "_plugins/_security";
 

@@ -43,6 +43,8 @@
 import static org.opensearch.security.dlic.rest.api.Responses.badRequestMessage;
 import static org.opensearch.security.dlic.rest.api.Responses.ok;
 import static org.opensearch.security.dlic.rest.api.Responses.response;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 /**
@@ -57,6 +59,13 @@ public class AccountApiAction extends AbstractApiAction {
         ImmutableList.of(new Route(Method.GET, "/account"), new Route(Method.PUT, "/account"))
     );
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(
+            new DeprecatedRoute(Method.GET, "/account", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PUT, "/account", OPENDISTRO_API_DEPRECATION_MESSAGE)
+        )
+    );
+
     public AccountApiAction(
         final ClusterService clusterService,
         final ThreadPool threadPool,
@@ -73,6 +82,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     @Override
     protected CType<?> getConfigType() {
         return CType.INTERNALUSERS;

@@ -40,6 +40,8 @@
 
 import static org.opensearch.security.dlic.rest.api.RequestHandler.methodNotImplementedHandler;
 import static org.opensearch.security.dlic.rest.api.Responses.badRequestMessage;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 public class ActionGroupsApiAction extends AbstractApiAction {
@@ -72,6 +74,22 @@ public class ActionGroupsApiAction extends AbstractApiAction {
         )
     );
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(
+            new DeprecatedRoute(Method.GET, "/actiongroup/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.GET, "/actiongroup", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.DELETE, "/actiongroup/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PUT, "/actiongroup/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+
+            new DeprecatedRoute(Method.GET, "/actiongroups/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.GET, "/actiongroups", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.DELETE, "/actiongroups/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PUT, "/actiongroups/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PATCH, "/actiongroups", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PATCH, "/actiongroups/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE)
+        )
+    );
+
     @Inject
     public ActionGroupsApiAction(
         final ClusterService clusterService,
@@ -87,6 +105,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     @Override
     protected CType<?> getConfigType() {
         return CType.ACTIONGROUPS;

@@ -41,6 +41,8 @@
 import static org.opensearch.security.dlic.rest.api.RequestHandler.methodNotImplementedHandler;
 import static org.opensearch.security.dlic.rest.api.Responses.conflictMessage;
 import static org.opensearch.security.dlic.rest.api.Responses.methodNotImplementedMessage;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 /**
@@ -129,6 +131,14 @@ public class AuditApiAction extends AbstractApiAction {
         )
     );
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(
+            new DeprecatedRoute(RestRequest.Method.GET, "/audit", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(RestRequest.Method.PUT, "/audit/config", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(RestRequest.Method.PATCH, "/audit", OPENDISTRO_API_DEPRECATION_MESSAGE)
+        )
+    );
+
     @VisibleForTesting
     public static final String READONLY_FIELD = "_readonly";
     @VisibleForTesting
@@ -232,6 +242,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     @Override
     protected CType<?> getConfigType() {
         return CType.AUDIT;

@@ -14,18 +14,27 @@
 import java.util.Collections;
 import java.util.List;
 
+import com.google.common.collect.ImmutableList;
+
 import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.inject.Inject;
 import org.opensearch.rest.RestRequest.Method;
 import org.opensearch.security.securityconf.impl.CType;
 import org.opensearch.threadpool.ThreadPool;
 
 import static org.opensearch.security.dlic.rest.api.Responses.ok;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 public class AuthTokenProcessorAction extends AbstractApiAction {
+
     private static final List<Route> routes = addRoutesPrefix(Collections.singletonList(new Route(Method.POST, "/authtoken")));
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(new DeprecatedRoute(Method.POST, "/authtoken", OPENDISTRO_API_DEPRECATION_MESSAGE))
+    );
+
     @Inject
     public AuthTokenProcessorAction(
         final ClusterService clusterService,
@@ -43,6 +52,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     @Override
     protected CType<?> getConfigType() {
         return null;

@@ -62,6 +62,8 @@
 
 import static org.opensearch.security.dlic.rest.api.Responses.badRequestMessage;
 import static org.opensearch.security.dlic.rest.api.Responses.response;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.withIOException;
 
@@ -77,6 +79,13 @@ public class ConfigUpgradeApiAction extends AbstractApiAction {
         ImmutableList.of(new Route(Method.GET, "/_upgrade_check"), new Route(Method.POST, "/_upgrade_perform"))
     );
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(
+            new DeprecatedRoute(Method.GET, "/_upgrade_check", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.POST, "/_upgrade_perform", OPENDISTRO_API_DEPRECATION_MESSAGE)
+        )
+    );
+
     @Inject
     public ConfigUpgradeApiAction(
         final ClusterService clusterService,
@@ -285,6 +294,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     @Override
     protected CType<?> getConfigType() {
         throw new UnsupportedOperationException("This class supports multiple configuration types");

@@ -30,6 +30,8 @@
 
 import static org.opensearch.security.dlic.rest.api.Responses.internalServerError;
 import static org.opensearch.security.dlic.rest.api.Responses.ok;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 public class FlushCacheApiAction extends AbstractApiAction {
@@ -38,6 +40,10 @@ public class FlushCacheApiAction extends AbstractApiAction {
 
     private static final List<Route> routes = addRoutesPrefix(ImmutableList.of(new Route(Method.DELETE, "/cache")));
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(new DeprecatedRoute(Method.DELETE, "/cache", OPENDISTRO_API_DEPRECATION_MESSAGE))
+    );
+
     @Inject
     public FlushCacheApiAction(
         final ClusterService clusterService,
@@ -53,6 +59,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     private void flushCacheApiRequestHandlers(RequestHandler.RequestHandlersBuilder requestHandlersBuilder) {
         requestHandlersBuilder.allMethodsNotImplemented()
             .override(

@@ -47,6 +47,8 @@
 import static org.opensearch.security.dlic.rest.api.Responses.ok;
 import static org.opensearch.security.dlic.rest.api.Responses.payload;
 import static org.opensearch.security.dlic.rest.api.Responses.response;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 public class InternalUsersApiAction extends AbstractApiAction {
@@ -82,6 +84,25 @@ protected void consumeParameters(final RestRequest request) {
         )
     );
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(
+            new DeprecatedRoute(Method.GET, "/user/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.GET, "/user", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.POST, "/user/{name}/authtoken", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.DELETE, "/user/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PUT, "/user/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+
+            // corrected mapping, introduced in OpenSearch Security
+            new DeprecatedRoute(Method.GET, "/internalusers/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.GET, "/internalusers", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.POST, "/internalusers/{name}/authtoken", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.DELETE, "/internalusers/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PUT, "/internalusers/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PATCH, "/internalusers", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PATCH, "/internalusers/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE)
+        )
+    );
+
     UserService userService;
 
     @Inject
@@ -103,6 +124,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     @Override
     protected CType<?> getConfigType() {
         return CType.INTERNALUSERS;

@@ -29,6 +29,7 @@
 import org.opensearch.common.settings.Settings;
 import org.opensearch.core.xcontent.ToXContent;
 import org.opensearch.rest.RestChannel;
+import org.opensearch.rest.RestRequest;
 import org.opensearch.security.dlic.rest.validation.EndpointValidator;
 import org.opensearch.security.dlic.rest.validation.RequestContentValidator;
 import org.opensearch.security.dlic.rest.validation.RequestContentValidator.DataType;
@@ -45,6 +46,8 @@
 import static org.opensearch.rest.RestRequest.Method.PUT;
 import static org.opensearch.security.dlic.rest.api.Responses.ok;
 import static org.opensearch.security.dlic.rest.api.Responses.response;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 public class MultiTenancyConfigApiAction extends AbstractApiAction {
@@ -58,6 +61,13 @@ public class MultiTenancyConfigApiAction extends AbstractApiAction {
         ImmutableList.of(new Route(GET, "/tenancy/config"), new Route(PUT, "/tenancy/config"))
     );
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(
+            new DeprecatedRoute(RestRequest.Method.GET, "/tenancy/config", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(RestRequest.Method.PUT, "/tenancy/config", OPENDISTRO_API_DEPRECATION_MESSAGE)
+        )
+    );
+
     private final static Set<String> ACCEPTABLE_DEFAULT_TENANTS = Set.of(
         ConfigConstants.TENANCY_GLOBAL_TENANT_DEFAULT_NAME,
         ConfigConstants.TENANCY_GLOBAL_TENANT_NAME,
@@ -74,6 +84,11 @@ public List<Route> routes() {
         return ROUTES;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     public MultiTenancyConfigApiAction(
         final ClusterService clusterService,
         final ThreadPool threadPool,

@@ -39,6 +39,8 @@
 import org.opensearch.threadpool.ThreadPool;
 
 import static org.opensearch.security.dlic.rest.api.Responses.forbiddenMessage;
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 /**
@@ -70,6 +72,17 @@ public class NodesDnApiAction extends AbstractApiAction {
         )
     );
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(
+            new DeprecatedRoute(Method.GET, "/nodesdn/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.GET, "/nodesdn", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.DELETE, "/nodesdn/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PUT, "/nodesdn/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PATCH, "/nodesdn", OPENDISTRO_API_DEPRECATION_MESSAGE),
+            new DeprecatedRoute(Method.PATCH, "/nodesdn/{name}", OPENDISTRO_API_DEPRECATION_MESSAGE)
+        )
+    );
+
     @Inject
     public NodesDnApiAction(
         final ClusterService clusterService,
@@ -89,6 +102,14 @@ public List<Route> routes() {
         return Collections.emptyList();
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        if (securityApiDependencies.settings().getAsBoolean(ConfigConstants.SECURITY_NODES_DN_DYNAMIC_CONFIG_ENABLED, false)) {
+            return deprecatedRoutes;
+        }
+        return Collections.emptyList();
+    }
+
     @Override
     protected CType<?> getConfigType() {
         return CType.NODESDN;

@@ -43,14 +43,21 @@
 import org.opensearch.transport.client.Client;
 import org.opensearch.transport.client.node.NodeClient;
 
+import static org.opensearch.security.dlic.rest.support.Utils.OPENDISTRO_API_DEPRECATION_MESSAGE;
+import static org.opensearch.security.dlic.rest.support.Utils.addLegacyRoutesPrefix;
 import static org.opensearch.security.dlic.rest.support.Utils.addRoutesPrefix;
 
 /**
  * Provides the evaluated REST API permissions for the currently logged in user
  */
 public class PermissionsInfoAction extends BaseRestHandler {
+
     private static final List<Route> routes = addRoutesPrefix(Collections.singletonList(new Route(Method.GET, "/permissionsinfo")));
 
+    private static final List<DeprecatedRoute> deprecatedRoutes = addLegacyRoutesPrefix(
+        ImmutableList.of(new DeprecatedRoute(Method.GET, "/permissionsinfo", OPENDISTRO_API_DEPRECATION_MESSAGE))
+    );
+
     private final RestApiPrivilegesEvaluator restApiPrivilegesEvaluator;
     private final ThreadPool threadPool;
     private final PrivilegesEvaluator privilegesEvaluator;
@@ -93,6 +100,11 @@ public List<Route> routes() {
         return routes;
     }
 
+    @Override
+    public List<DeprecatedRoute> deprecatedRoutes() {
+        return deprecatedRoutes;
+    }
+
     @Override
     protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
         switch (request.method()) {