[CSP] add dynamic config tgo csp report only (#10877)

* add dynamic config tgo csp report only

Signed-off-by: Justin Kim <[email protected]>

* Changeset file for PR #10877 created/updated

* mock dynamic config

Signed-off-by: Justin Kim <[email protected]>

* add try/catch

Signed-off-by: Justin Kim <[email protected]>

---------

Signed-off-by: Justin Kim <[email protected]>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>

Author: angle943

changelogs/fragments/10877.yml

@@ -0,0 +1,2 @@
+feat:
+- Add dynamic config support to csp report only ([#10877](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/10877))

src/core/server/core_route_handler_context.ts

@@ -117,6 +117,9 @@ class CoreUiSettingsRouteHandlerContext {
 class CoreDynamicConfigRouteHandlerContext {
   #client?: IDynamicConfigurationClient;
   #asyncLocalStore?: AsyncLocalStorageContext;
+  #createStoreFromRequest?: (
+    req: OpenSearchDashboardsRequest
+  ) => AsyncLocalStorageContext | undefined;
 
   constructor(private readonly dynamicConfigServiceStart: InternalDynamicConfigServiceStart) {}
 
@@ -129,6 +132,11 @@ class CoreDynamicConfigRouteHandlerContext {
     this.#asyncLocalStore = this.dynamicConfigServiceStart.getAsyncLocalStore();
     return this.#asyncLocalStore;
   }
+
+  public createStoreFromRequest(req: OpenSearchDashboardsRequest) {
+    this.#createStoreFromRequest = this.dynamicConfigServiceStart.createStoreFromRequest;
+    return this.#createStoreFromRequest(req);
+  }
 }
 
 export class CoreRouteHandlerContext {

src/core/server/http_resources/http_resources_service.test.ts

@@ -54,6 +54,17 @@ describe('HttpResources service', () => {
       };
       service = new HttpResourcesService(coreContext);
       router = httpServiceMock.createRouter();
+
+      // TODO? createStoreFromRequest was mocked to reject, hence we are overriding that mock
+      // Mock dynamicConfig to prevent unhandled promise rejections
+      const mockDynamicConfigClient = {
+        getConfig: jest.fn().mockResolvedValue({}),
+      };
+      const mockDynamicConfig = {
+        client: mockDynamicConfigClient,
+        createStoreFromRequest: jest.fn().mockResolvedValue(null),
+      };
+      (context.core as any).dynamicConfig = mockDynamicConfig;
     });
 
     describe('register', () => {

src/core/server/http_resources/http_resources_service.ts

@@ -79,26 +79,39 @@ export class HttpResourcesService implements CoreService<InternalHttpResourcesSe
         route: RouteConfig<P, Q, B, 'get'>,
         handler: HttpResourcesRequestHandler<P, Q, B>
       ) => {
-        return router.get<P, Q, B>(route, (context, request, response) => {
+        return router.get<P, Q, B>(route, async (context, request, response) => {
           return handler(context, request, {
             ...response,
-            ...this.createResponseToolkit(deps, context, request, response),
+            ...(await this.createResponseToolkit(deps, context, request, response)),
           });
         });
       },
     };
   }
 
-  private createResponseToolkit(
+  private async createResponseToolkit(
     deps: SetupDeps,
     context: RequestHandlerContext,
     request: OpenSearchDashboardsRequest,
     response: OpenSearchDashboardsResponseFactory
-  ): HttpResourcesServiceToolkit {
+  ): Promise<HttpResourcesServiceToolkit> {
     const cspHeader = deps.http.csp.header;
-
     const cspReportOnly = deps.http.cspReportOnly;
-    const cspReportOnlyHeaders = cspReportOnly.isEmitting
+
+    let cspReportOnlyIsEmitting: boolean;
+    try {
+      const dynamicConfigClient = context.core.dynamicConfig.client;
+      const dynamicConfigStore = context.core.dynamicConfig.createStoreFromRequest(request);
+      const cspReportOnlyDynamicConfig = await dynamicConfigClient.getConfig(
+        { pluginConfigPath: 'csp-report-only' },
+        dynamicConfigStore ? { asyncLocalStorageContext: dynamicConfigStore } : undefined
+      );
+      cspReportOnlyIsEmitting = cspReportOnlyDynamicConfig?.isEmitting ?? cspReportOnly.isEmitting;
+    } catch (e) {
+      cspReportOnlyIsEmitting = cspReportOnly.isEmitting;
+    }
+
+    const cspReportOnlyHeaders = cspReportOnlyIsEmitting
       ? {
           'content-security-policy-report-only': cspReportOnly.cspReportOnlyHeader,
           'reporting-endpoints': cspReportOnly.reportingEndpointsHeader,

src/core/server/index.ts

@@ -58,7 +58,7 @@ import {
   OpenSearchServiceStart,
   IScopedClusterClient,
 } from './opensearch';
-import { HttpServiceSetup, HttpServiceStart } from './http';
+import { HttpServiceSetup, HttpServiceStart, OpenSearchDashboardsRequest } from './http';
 import { HttpResources } from './http_resources';
 
 import { PluginsServiceSetup, PluginsServiceStart, PluginOpaqueId } from './plugins';
@@ -451,6 +451,9 @@ export interface RequestHandlerContext {
     dynamicConfig: {
       client: IDynamicConfigurationClient;
       asyncLocalStore: AsyncLocalStorageContext | undefined;
+      createStoreFromRequest: (
+        req: OpenSearchDashboardsRequest
+      ) => AsyncLocalStorageContext | undefined;
     };
     auditor: Auditor;
   };

src/core/server/mocks.ts

@@ -253,6 +253,8 @@ function createCoreRequestHandlerContextMock() {
     dynamicConfig: {
       client: dynamicConfigServiceMock.createInternalStartContract().getClient(),
       asyncLocalStore: dynamicConfigServiceMock.createInternalStartContract().getAsyncLocalStore(),
+      createStoreFromRequest: dynamicConfigServiceMock.createInternalStartContract()
+        .createStoreFromRequest,
     },
   };
 }

src/legacy/ui/ui_render/ui_render_mixin.js

@@ -306,6 +306,7 @@ export function uiRenderMixin(osdServer, server, config) {
 
   async function renderApp(h) {
     const { http } = osdServer.newPlatform.setup.core;
+    const { dynamicConfig } = osdServer.newPlatform.start.core;
     const { savedObjects } = osdServer.newPlatform.start.core;
     const { rendering } = osdServer.newPlatform.__internals;
     const req = OpenSearchDashboardsRequest.from(h.request);
@@ -325,7 +326,21 @@ export function uiRenderMixin(osdServer, server, config) {
       .type('text/html')
       .header('content-security-policy', http.csp.header);
 
-    if (http.cspReportOnly.isEmitting) {
+    let cspReportOnlyIsEmitting;
+    try {
+      const dynamicConfigClient = dynamicConfig.getClient();
+      const dynamicConfigStore = dynamicConfig.createStoreFromRequest(req);
+      const cspReportOnlyDynamicConfig = await dynamicConfigClient.getConfig(
+        { pluginConfigPath: 'csp-report-only' },
+        dynamicConfigStore ? { asyncLocalStorageContext: dynamicConfigStore } : undefined
+      );
+      cspReportOnlyIsEmitting =
+        cspReportOnlyDynamicConfig.isEmitting ?? http.cspReportOnly.isEmitting;
+    } catch (e) {
+      cspReportOnlyIsEmitting = http.cspReportOnly.isEmitting;
+    }
+
+    if (cspReportOnlyIsEmitting) {
       output.header('content-security-policy-report-only', http.cspReportOnly.cspReportOnlyHeader);
 
       if (http.cspReportOnly.reportingEndpointsHeader) {