opensearch-project · derek-ho · Aug 15, 2024
@@ -83,6 +83,7 @@ export enum ResourceType {
   tenantsConfigureTab = 'tenantsConfigureTab',
   auth = 'auth',
   auditLogging = 'auditLogging',
+  authFailureListeners = 'authFailureListeners',
 }
 
 /**

@@ -41,6 +41,7 @@
 import { buildHashUrl, buildUrl } from './utils/url-builder';
 import { CrossPageToast } from './cross-page-toast';
 import { getDataSourceFromUrl, LocalCluster } from '../../utils/datasource-utils';
+import { AuthFailureListeners } from './panels/auth-failure-listeners';
 
 const LANDING_PAGE_URL = '/getstarted';
 
@@ -77,6 +78,10 @@
     name: 'Audit logs',
     href: buildUrl(ResourceType.auditLogging),
   },
+  [ResourceType.authFailureListeners]: {
+    name: 'Rate limiting',
+    href: buildUrl(ResourceType.authFailureListeners),
+  },
 };
 
 const getRouteList = (multitenancyEnabled: boolean) => {
@@ -262,6 +267,13 @@
                   return <GetStarted {...props} />;
                 }}
               />
+              <Route
+                path={ROUTE_MAP.authFailureListeners.href}
+                render={() => {
+                  setGlobalBreadcrumbs();
+                  return <AuthFailureListeners {...props} />;
+                }}
+              />
               {multitenancyEnabled && (
                 <Route
                   path={ROUTE_MAP.tenants.href}

@@ -20,6 +20,7 @@ export const API_ENDPOINT = API_PREFIX + '/configuration';
 export const API_ENDPOINT_ROLES = API_ENDPOINT + '/roles';
 export const API_ENDPOINT_ROLESMAPPING = API_ENDPOINT + '/rolesmapping';
 export const API_ENDPOINT_ACTIONGROUPS = API_ENDPOINT + '/actiongroups';
+export const API_ENDPOINT_AUTHFAILURELISTENERS = API_ENDPOINT + '/authfailurelisteners';
 export const API_ENDPOINT_TENANTS = API_ENDPOINT + '/tenants';
 export const API_ENDPOINT_MULTITENANCY = API_PREFIX + '/multitenancy/tenant';
 export const API_ENDPOINT_TENANCY_CONFIGS = API_ENDPOINT + '/tenancy/config';

@@ -0,0 +1,125 @@
+/*
+ *   Copyright OpenSearch Contributors
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License").
+ *   You may not use this file except in compliance with the License.
+ *   A copy of the License is located at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   or in the "license" file accompanying this file. This file is distributed
+ *   on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *   express or implied. See the License for the specific language governing
+ *   permissions and limitations under the License.
+ */
+
+import { EuiButton, EuiInMemoryTable, EuiIcon } from '@elastic/eui';
+import React, { useContext, useState } from 'react';
+import { AppDependencies } from '../../types';
+import { API_ENDPOINT_AUTHFAILURELISTENERS } from '../constants';
+import { createRequestContextWithDataSourceId } from '../utils/request-utils';
+import { SecurityPluginTopNavMenu } from '../top-nav-menu';
+import { DataSourceContext } from '../app-router';
+import { getResourceUrl } from '../utils/resource-utils';
+
+export function AuthFailureListeners(props: AppDependencies) {
+  const dataSourceEnabled = !!props.depsStart.dataSource?.dataSourceEnabled;
+  const { dataSource, setDataSource } = useContext(DataSourceContext)!;
+
+  const [listeners, setListeners] = useState([]);
+
+  const fetchData = async () => {
+    const data = await createRequestContextWithDataSourceId(dataSource.id).httpGet<any>({
+      http: props.coreStart.http,
+      url: API_ENDPOINT_AUTHFAILURELISTENERS,
+    });
+    setListeners(data.data);
+  };
+
+  const handleDelete = async (name: string) => {
+    await createRequestContextWithDataSourceId(dataSource.id).httpDelete<any>({
+      http: props.coreStart.http,
+      url: getResourceUrl(API_ENDPOINT_AUTHFAILURELISTENERS, name),
+    });
+  };
+
+  const createDummyAuthFailureListener = async () => {
+    await createRequestContextWithDataSourceId(dataSource.id).httpPost<any>({
+      http: props.coreStart.http,
+      url: getResourceUrl(API_ENDPOINT_AUTHFAILURELISTENERS, 'test'),
+      body: {
+        type: 'ip',
+        authentication_backend: 'test',
+        allowed_tries: 10,
+        time_window_seconds: 3600,
+        block_expiry_seconds: 600,
+        max_blocked_clients: 100000,
+        max_tracked_clients: 100000,
+      },
+    });
+  };
+
+  const columns = [
+    {
+      field: 'name',
+      name: 'Name',
+    },
+    {
+      field: 'type',
+      name: 'Type',
+    },
+    {
+      field: 'authentication_backend',
+      name: 'Authentication backend',
+    },
+    {
+      field: 'allowed_tries',
+      name: 'Allowed tries',
+    },
+    {
+      field: 'time_window_seconds',
+      name: 'Time window (sec)',
+    },
+    {
+      field: 'block_expiry_seconds',
+      name: 'Block expiry (sec)',
+    },
+    {
+      field: 'max_blocked_clients',
+      name: 'Max blocked clients',
+    },
+    {
+      field: 'max_tracked_clients',
+      name: 'Max tracked clients',
+    },
+    {
+      field: 'name',
+      name: 'Actions',
+      render: (name) => <EuiIcon type="trash" onClick={() => handleDelete(name)} />,
+    },
+  ];
+
+  return (
+    <>
+      <div className="panel-restrict-width">
+        <SecurityPluginTopNavMenu
+          {...props}
+          dataSourcePickerReadOnly={false}
+          setDataSource={setDataSource}
+          selectedDataSource={dataSource}
+        />
+      </div>
+      <EuiButton onClick={fetchData}>GET</EuiButton>
+      <EuiInMemoryTable
+        tableLayout={'auto'}
+        columns={columns}
+        items={listeners}
+        itemId={'domain_name'}
+        pagination={true}
+        sorting={true}
+      />
+
+      <EuiButton onClick={createDummyAuthFailureListener}>CREATE</EuiButton>
+    </>
+  );
+}
@@ -484,6 +484,10 @@ exports[`SecurityPluginTopNavMenu renders DataSourceMenu when dataSource is enab
             path="/getstarted"
             render={[Function]}
           />
+          <Route
+            path="/authFailureListeners"
+            render={[Function]}
+          />
           <Route
             path="/tenants"
             render={[Function]}

@@ -220,4 +220,14 @@ export default function (Client: any, config: any, components: any) {
       fmt: '/_plugins/_security/api/audit/config',
     },
   });
+
+  /**
+   * Gets auth failure listeners.
+   */
+  Client.prototype.opensearch_security.prototype.getAuthFailureListeners = ca({
+    method: 'GET',
+    url: {
+      fmt: '/_plugins/_security/api/authfailurelisteners',
+    },
+  });
 }
@@ -67,13 +67,24 @@ export function defineRoutes(router: IRouter, dataSourceEnabled: boolean) {
     current_password: schema.string(),
   });
 
+  const authFailureListenersSchema = schema.object({
+    allowed_tries: schema.number(),
+    authentication_backend: schema.string(),
+    block_expiry_seconds: schema.number(),
+    max_blocked_clients: schema.number(),
+    max_tracked_clients: schema.number(),
+    time_window_seconds: schema.number(),
+    type: schema.string(),
+  });
+
   const schemaMap: any = {
     internalusers: internalUserSchema,
     actiongroups: actionGroupSchema,
     rolesmapping: roleMappingSchema,
     roles: roleSchema,
     tenants: tenantSchema,
     account: accountSchema,
+    authfailurelisteners: authFailureListenersSchema,
   };
 
   function validateRequestBody(resourceName: string, requestBody: any): any {
@@ -694,6 +705,52 @@ export function defineRoutes(router: IRouter, dataSourceEnabled: boolean) {
     }
   );
 
+  /**
+   * Gets auth failure listeners。
+   *
+   * Sample payload:
+   * [
+   * { ??? }
+   *
+   * ]
+   */
+  router.get(
+    {
+      path: `${API_PREFIX}/configuration/authfailurelisteners`,
+      validate: {
+        query: schema.object({
+          dataSourceId: schema.maybe(schema.string()),
+        }),
+      },
+    },
+    async (
+      context,
+      request,
+      response
+    ): Promise<IOpenSearchDashboardsResponse<any | ResponseError>> => {
+      try {
+        const esResp = await wrapRouteWithDataSource(
+          dataSourceEnabled,
+          context,
+          request,
+          'opensearch_security.getAuthFailureListeners'
+        );
+
+        return response.ok({
+          body: {
+            total: Object.keys(esResp).length,
+            data: esResp,
+          },
+        });
+      } catch (error) {
+        return response.custom({
+          statusCode: error.statusCode,
+          body: parseEsErrorResponse(error),
+        });
+      }
+    }
+  );
+
   /**
    * Update audit log configuration。
    *