Fix spotless

Signed-off-by: Peter Nied <petern@amazon.com>

src/main/java/com/amazon/dlic/auth/http/jwt/AbstractHTTPJwtAuthenticator.java

@@ -41,7 +41,6 @@
 import org.opensearch.core.rest.RestStatus;
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.user.AuthCredentials;
 
@@ -241,11 +240,9 @@ public String[] extractRoles(JwtClaims claims) {
 
     @Override
     public Optional<SecurityResponse> reRequestAuthentication(final SecurityRequest request, AuthCredentials authCredentials) {
-        return Optional.of(new SecurityResponse(
-            HttpStatus.SC_UNAUTHORIZED,
-            Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""),
-            ""
-        ));
+        return Optional.of(
+            new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), "")
+        );
     }
 
     public String getRequiredAudience() {

src/main/java/com/amazon/dlic/auth/http/jwt/HTTPJwtAuthenticator.java

@@ -35,7 +35,6 @@
 import org.opensearch.common.util.concurrent.ThreadContext;
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.user.AuthCredentials;
 import org.opensearch.security.util.KeyUtils;
@@ -175,11 +174,9 @@ private AuthCredentials extractCredentials0(final SecurityRequest request) {
 
     @Override
     public Optional<SecurityResponse> reRequestAuthentication(final SecurityRequest channel, AuthCredentials creds) {
-        return Optional.of(new SecurityResponse(
-            HttpStatus.SC_UNAUTHORIZED,
-            Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""),
-            ""
-        ));
+        return Optional.of(
+            new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), "")
+        );
     }
 
     @Override

src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java

@@ -56,7 +56,6 @@
 import org.opensearch.env.Environment;
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.user.AuthCredentials;
 

src/main/java/com/amazon/dlic/auth/http/saml/HTTPSamlAuthenticator.java

@@ -63,7 +63,6 @@
 import org.opensearch.security.auth.Destroyable;
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityRequetChannelUnsupported;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.filter.OpenSearchRequestChannel;
@@ -200,11 +199,9 @@ public Optional<SecurityResponse> reRequestAuthentication(final SecurityRequest
             }
 
             final Saml2Settings saml2Settings = this.saml2SettingsProvider.getCached();
-            return Optional.of(new SecurityResponse(
-                HttpStatus.SC_UNAUTHORIZED,
-                Map.of("WWW-Authenticate", getWwwAuthenticateHeader(saml2Settings)),
-                ""
-            ));
+            return Optional.of(
+                new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", getWwwAuthenticateHeader(saml2Settings)), "")
+            );
         } catch (Exception e) {
             log.error("Error in reRequestAuthentication()", e);
             return Optional.empty();

src/main/java/org/opensearch/security/auth/BackendRegistry.java

@@ -53,9 +53,7 @@
 import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.core.common.transport.TransportAddress;
-import org.opensearch.common.util.concurrent.ThreadContext;
 import org.opensearch.core.rest.RestStatus;
-import org.opensearch.rest.BytesRestResponse;
 import org.opensearch.security.auditlog.AuditLog;
 import org.opensearch.security.auth.blocking.ClientBlockRegistry;
 import org.opensearch.security.auth.internal.NoOpAuthenticationBackend;
@@ -221,7 +219,9 @@ public boolean authenticate(final SecurityRequestChannel request) {
 
         if (!isInitialized()) {
             log.error("Not yet initialized (you may need to run securityadmin)");
-            request.completeWithResponse(new SecurityResponse(HttpStatus.SC_SERVICE_UNAVAILABLE, null, "OpenSearch Security not initialized."));
+            request.completeWithResponse(
+                new SecurityResponse(HttpStatus.SC_SERVICE_UNAVAILABLE, null, "OpenSearch Security not initialized.")
+            );
             return false;
         }
 
@@ -350,11 +350,13 @@ public boolean authenticate(final SecurityRequestChannel request) {
             if (adminDns.isAdmin(authenticatedUser)) {
                 log.error("Cannot authenticate rest user because admin user is not permitted to login via HTTP");
                 auditLog.logFailedLogin(authenticatedUser.getName(), true, null, request);
-                request.completeWithResponse(new SecurityResponse(
-                    HttpStatus.SC_FORBIDDEN,
-                    null,
-                    "Cannot authenticate user because admin user is not permitted to login via HTTP"
-                ));
+                request.completeWithResponse(
+                    new SecurityResponse(
+                        HttpStatus.SC_FORBIDDEN,
+                        null,
+                        "Cannot authenticate user because admin user is not permitted to login via HTTP"
+                    )
+                );
                 return false;
             }
 
@@ -397,7 +399,7 @@ public boolean authenticate(final SecurityRequestChannel request) {
                 }
                 return true;
             }
-            
+
             Optional<SecurityResponse> challengeResponse = Optional.empty();
 
             if (firstChallengingHttpAuthenticator != null) {
@@ -592,15 +594,15 @@ private User impersonate(final SecurityRequestChannel request, final User origin
         }
 
         if (adminDns.isAdminDN(impersonatedUserHeader)) {
-            
+
             throw new OpenSearchSecurityException(
                 "It is not allowed to impersonate as an adminuser  '" + impersonatedUserHeader + "'",
                 RestStatus.FORBIDDEN
             );
         }
 
         if (!adminDns.isRestImpersonationAllowed(originalUser.getName(), impersonatedUserHeader)) {
-            
+
             throw new OpenSearchSecurityException(
                 "'" + originalUser.getName() + "' is not allowed to impersonate as '" + impersonatedUserHeader + "'",
                 RestStatus.FORBIDDEN

src/main/java/org/opensearch/security/auth/HTTPAuthenticator.java

@@ -32,7 +32,6 @@
 import org.opensearch.common.util.concurrent.ThreadContext;
 import org.opensearch.rest.RestRequest;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.user.AuthCredentials;
 

src/main/java/org/opensearch/security/dlic/rest/api/AbstractApiAction.java

@@ -49,7 +49,6 @@
 import org.opensearch.security.dlic.rest.validation.EndpointValidator;
 import org.opensearch.security.dlic.rest.validation.RequestContentValidator;
 import org.opensearch.security.dlic.rest.validation.ValidationResult;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityRequestFactory;
 import org.opensearch.security.securityconf.DynamicConfigFactory;
 import org.opensearch.security.securityconf.impl.CType;
@@ -373,7 +372,7 @@ protected final ValidationResult<SecurityDynamicConfiguration<?>> loadConfigurat
     ) {
         final var configuration = load(cType, logComplianceEvent);
         if (configuration.getSeqNo() < 0) {
-            
+
             return ValidationResult.error(
                 RestStatus.FORBIDDEN,
                 forbiddenMessage(
@@ -414,19 +413,19 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() {
 
             @Override
             public ValidationResult<SecurityConfiguration> onConfigDelete(SecurityConfiguration securityConfiguration) throws IOException {
-                
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
 
             @Override
             public ValidationResult<SecurityConfiguration> onConfigLoad(SecurityConfiguration securityConfiguration) throws IOException {
-                
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
 
             @Override
             public ValidationResult<SecurityConfiguration> onConfigChange(SecurityConfiguration securityConfiguration) throws IOException {
-                
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
 
@@ -564,7 +563,7 @@ protected final RestChannelConsumer prepareRequest(RestRequest request, NodeClie
             securityApiDependencies.auditLog().logGrantedPrivileges(userName, SecurityRequestFactory.from(request));
         }
 
-    final var originalUserAndRemoteAddress = Utils.userAndRemoteAddressFrom(threadPool.getThreadContext());
+        final var originalUserAndRemoteAddress = Utils.userAndRemoteAddressFrom(threadPool.getThreadContext());
         final Object originalOrigin = threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_ORIGIN);
 
         return channel -> threadPool.generic().submit(() -> {

src/main/java/org/opensearch/security/dlic/rest/api/NodesDnApiAction.java

@@ -139,7 +139,7 @@ public RestApiAdminPrivilegesEvaluator restApiAdminPrivilegesEvaluator() {
             public ValidationResult<SecurityConfiguration> isAllowedToChangeImmutableEntity(SecurityConfiguration securityConfiguration)
                 throws IOException {
                 if (STATIC_OPENSEARCH_YML_NODES_DN.equals(securityConfiguration.entityName())) {
-                    
+
                     return ValidationResult.error(
                         RestStatus.FORBIDDEN,
                         forbiddenMessage("Resource '" + STATIC_OPENSEARCH_YML_NODES_DN + "' is read-only.")

src/main/java/org/opensearch/security/dlic/rest/api/Responses.java

@@ -73,7 +73,7 @@ public static void response(RestChannel channel, RestStatus status, String messa
     public static void response(final RestChannel channel, final RestStatus status, final ToXContent toXContent) {
         try (final var builder = channel.newBuilder()) {
             toXContent.toXContent(builder, ToXContent.EMPTY_PARAMS);
-            
+
             channel.sendResponse(new BytesRestResponse(status, builder));
         } catch (final IOException ioe) {
             throw ExceptionsHelper.convertToOpenSearchException(ioe);

src/main/java/org/opensearch/security/dlic/rest/validation/EndpointValidator.java

@@ -55,7 +55,7 @@ default boolean isCurrentUserAdmin() {
 
     default ValidationResult<String> withRequiredEntityName(final String entityName) {
         if (entityName == null) {
-            
+
             return ValidationResult.error(RestStatus.BAD_REQUEST, badRequestMessage("No " + resourceName() + " specified."));
         }
         return ValidationResult.success(entityName);
@@ -105,7 +105,7 @@ default ValidationResult<SecurityConfiguration> entityStatic(final SecurityConfi
         final var configuration = securityConfiguration.configuration();
         final var entityName = securityConfiguration.entityName();
         if (configuration.isStatic(entityName)) {
-            
+
             return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Resource '" + entityName + "' is static."));
         }
         return ValidationResult.success(securityConfiguration);
@@ -124,7 +124,7 @@ default ValidationResult<SecurityConfiguration> entityHidden(final SecurityConfi
         final var configuration = securityConfiguration.configuration();
         final var entityName = securityConfiguration.entityName();
         if (configuration.isHidden(entityName)) {
-            
+
             return ValidationResult.error(RestStatus.NOT_FOUND, notFoundMessage("Resource '" + entityName + "' is not available."));
         }
         return ValidationResult.success(securityConfiguration);
@@ -152,7 +152,7 @@ default ValidationResult<SecurityConfiguration> isAllowedToChangeEntityWithRestA
             final var configuration = securityConfiguration.configuration();
             final var existingEntity = configuration.getCEntry(securityConfiguration.entityName());
             if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(existingEntity)) {
-                
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
         } else {
@@ -162,7 +162,7 @@ default ValidationResult<SecurityConfiguration> isAllowedToChangeEntityWithRestA
                 configuration.getImplementingClass()
             );
             if (restApiAdminPrivilegesEvaluator().containsRestApiAdminPermissions(configEntityContent)) {
-                
+
                 return ValidationResult.error(RestStatus.FORBIDDEN, forbiddenMessage("Access denied"));
             }
         }

src/main/java/org/opensearch/security/filter/OpenSearchRequestChannel.java

@@ -1,6 +1,5 @@
 package org.opensearch.security.filter;
 
-import java.util.Map;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import org.apache.logging.log4j.LogManager;
@@ -29,7 +28,7 @@ public boolean hasCompleted() {
 
     @Override
     public boolean completeWithResponse(final SecurityResponse response) {
-        
+
         if (underlyingChannel == null) {
             throw new UnsupportedOperationException("Channel was not defined");
         }

src/main/java/org/opensearch/security/filter/SecurityFilter.java

@@ -464,7 +464,7 @@ public void onFailure(Exception e) {
                         : String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user);
                 }
                 log.debug(err);
-                
+
                 listener.onFailure(new OpenSearchSecurityException(err, RestStatus.FORBIDDEN));
             }
         } catch (OpenSearchException e) {
@@ -515,7 +515,7 @@ private boolean checkImmutableIndices(Object request, ActionListener listener) {
             || request instanceof IndicesAliasesRequest;
 
         if (isModifyIndexRequest && isRequestIndexImmutable(request)) {
-            
+
             listener.onFailure(new OpenSearchSecurityException("Index is immutable", RestStatus.FORBIDDEN));
             return true;
         }

src/main/java/org/opensearch/security/filter/SecurityRestFilter.java

@@ -206,7 +206,7 @@ private void authorizeRequest(RestHandler original, SecurityRequestChannel reque
                     err = String.format("no permissions for %s and %s", pres.getMissingPrivileges(), user);
                 }
                 log.debug(err);
-                
+
                 request.completeWithResponse(new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, null, err));
                 return;
             }
@@ -220,7 +220,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
             final OpenSearchException exception = ExceptionUtils.createBadHeaderException();
             log.error(exception.toString());
             auditLog.logBadHeaders(requestChannel);
-            
+
             requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString()));
             return;
         }
@@ -229,7 +229,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
             final OpenSearchException exception = ExceptionUtils.createBadHeaderException();
             log.error(exception.toString());
             auditLog.logBadHeaders(requestChannel);
-            
+
             requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, exception.toString()));
             return;
         }
@@ -250,7 +250,7 @@ public void checkAndAuthenticateRequest(SecurityRequestChannel requestChannel) t
         } catch (SSLPeerUnverifiedException e) {
             log.error("No ssl info", e);
             auditLog.logSSLException(requestChannel, e);
-            
+
             requestChannel.completeWithResponse(new SecurityResponse(HttpStatus.SC_FORBIDDEN, null, null));
             return;
         }

src/main/java/org/opensearch/security/http/HTTPBasicAuthenticator.java

@@ -38,7 +38,6 @@
 import org.opensearch.common.util.concurrent.ThreadContext;
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.support.HTTPHelper;
 import org.opensearch.security.user.AuthCredentials;
@@ -68,11 +67,9 @@ public AuthCredentials extractCredentials(final SecurityRequest request, final T
 
     @Override
     public Optional<SecurityResponse> reRequestAuthentication(final SecurityRequest request, AuthCredentials creds) {
-        return Optional.of(new SecurityResponse(
-            HttpStatus.SC_UNAUTHORIZED,
-            Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""),
-            ""
-        ));
+        return Optional.of(
+            new SecurityResponse(HttpStatus.SC_UNAUTHORIZED, Map.of("WWW-Authenticate", "Bearer realm=\"OpenSearch Security\""), "")
+        );
     }
 
     @Override

src/main/java/org/opensearch/security/http/HTTPClientCertAuthenticator.java

@@ -44,7 +44,6 @@
 import org.opensearch.core.common.Strings;
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.security.user.AuthCredentials;

src/main/java/org/opensearch/security/http/HTTPProxyAuthenticator.java

@@ -40,7 +40,6 @@
 import org.opensearch.core.common.Strings;
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.security.user.AuthCredentials;

src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java

@@ -37,7 +37,6 @@
 import org.opensearch.security.auth.HTTPAuthenticator;
 import org.opensearch.security.authtoken.jwt.EncryptionDecryptionUtil;
 import org.opensearch.security.filter.SecurityRequest;
-import org.opensearch.security.filter.SecurityRequestChannel;
 import org.opensearch.security.filter.SecurityResponse;
 import org.opensearch.security.ssl.util.ExceptionUtils;
 import org.opensearch.security.user.AuthCredentials;

src/main/java/org/opensearch/security/rest/SecurityConfigUpdateAction.java

@@ -81,7 +81,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
             SSLRequestHelper.SSLInfo sslInfo = SSLRequestHelper.getSSLInfo(settings, configPath, securityRequest, principalExtractor);
 
             if (sslInfo == null) {
-                
+
                 channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, ""));
                 return;
             }
@@ -90,7 +90,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
 
             // only allowed for admins
             if (user == null || !adminDns.isAdmin(user)) {
-                
+
                 channel.sendResponse(new BytesRestResponse(RestStatus.FORBIDDEN, ""));
                 return;
             } else {