Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Resource Access Control] [Part1] Introduces SPI for resource access control #5185

Open
wants to merge 1 commit into
base: feature/resource-permissions
Choose a base branch
from
Open

[Resource Access Control] [Part1] Introduces SPI for resource access control #5185

wants to merge 1 commit into from

Conversation

DarshitChanpura
Copy link
Member

@DarshitChanpura DarshitChanpura commented Mar 17, 2025
edited
Loading

#5016 is being broken down into smaller pieces. This is part 1.

Description

Introduces an SPI to implement Resource Access Control in OpenSearch. This will allow plugins to declare itself as Resource Plugins to leverage the access control methods to be provided by Security plugin.

  • Category - New feature
  • Why these changes are required?
    • At present, plugins have implemented in-house authorization mechanisms for a lack of centralized framework. This PR introduces a centralized way to offload resource permissions check to security plugin.

Issues Resolved

Related to #4500

Testing

  • automated tests

Check List

- [ ] New functionality includes testing
- [ ] New functionality has been documented
~- [ ] New Roles/Permissions have a corresponding security dashboards plugin PR
- [ ] API changes companion pull request created

  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@DarshitChanpura DarshitChanpura changed the title [Resource Access Control] Introduces SPI for resource access control [Resource Access Control] [Part1] Introduces SPI for resource access control Mar 17, 2025
@DarshitChanpura DarshitChanpura mentioned this pull request Mar 17, 2025
Open
4 tasks
@codecov Codecov
Copy link

codecov bot commented Mar 17, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.

Project coverage is 71.71%. Comparing base (00204dd) to head (ccc5022).

Files with missing lines Patch % Lines
.../opensearch/security/OpenSearchSecurityPlugin.java 66.66% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@                       Coverage Diff                        @@
##           feature/resource-permissions    #5185      +/-   ##
================================================================
+ Coverage                         71.68%   71.71%   +0.02%     
================================================================
  Files                               337      337              
  Lines                             22785    22786       +1     
  Branches                           3605     3605              
================================================================
+ Hits                              16333    16340       +7     
+ Misses                             4651     4646       -5     
+ Partials                           1801     1800       -1
Files with missing lines Coverage Δ
...g/opensearch/security/support/ConfigConstants.java 95.23% <ø> (ø)
.../opensearch/security/OpenSearchSecurityPlugin.java 83.72% <66.66%> (-0.12%) ⬇️

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@DarshitChanpura DarshitChanpura force-pushed the resource-sharing-spi-only branch from a98b1dc to d076506 Compare March 17, 2025 21:14
@DarshitChanpura DarshitChanpura force-pushed the resource-sharing-spi-only branch from d076506 to ccc5022 Compare March 17, 2025 21:21
@DarshitChanpura DarshitChanpura changed the base branch from feature/resource-permissions to main March 17, 2025 21:23
@DarshitChanpura DarshitChanpura changed the base branch from main to feature/resource-permissions March 17, 2025 21:23
@DarshitChanpura DarshitChanpura mentioned this pull request Mar 17, 2025
Draft
3 tasks
@DarshitChanpura DarshitChanpura marked this pull request as ready for review March 17, 2025 22:42
This was referenced Mar 17, 2025
Closed
Draft
@DarshitChanpura DarshitChanpura added the resource-permissions Label to track all items related to resource permissions label Mar 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix is a code owner

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@reta reta Awaiting requested review from reta reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

Assignees
No one assigned
Labels
resource-permissions Label to track all items related to resource permissions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DarshitChanpura