Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Resource Access Control] [Part2] Introduces a client for Resource Access Control and adds concrete implementation via common package #5186

Open
wants to merge 6 commits into
base: feature/resource-permissions
Choose a base branch
from
+6,281 −198
Open

[Resource Access Control] [Part2] Introduces a client for Resource Access Control and adds concrete implementation via common package #5186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ccc5022
Introduces resource sharing and access control SPI
DarshitChanpura Mar 17, 2025
6b83ebf
Introduces a resource sharing client and completes resource access co…
DarshitChanpura Mar 17, 2025
cdd7252
Updates client to handle security disabled scenario
DarshitChanpura Mar 18, 2025
450fcc6
Updates build.gradle files and jarhell references
DarshitChanpura Mar 19, 2025
2df199b
Disables jar for common
DarshitChanpura Mar 19, 2025
f18a530
Removes common package and refactors classes
DarshitChanpura Mar 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
203 changes: 164 additions & 39 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,36 @@ jobs:
run: |
echo "separateTestsNames=$(./gradlew listTasksAsJSON -q --console=plain | tail -n 1)" >> $GITHUB_OUTPUT

publish-components-to-maven-local:
runs-on: ubuntu-latest
steps:
- name: Set up JDK for build and test
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 21

- name: Checkout security
uses: actions/checkout@v4

- name: Publish components to Maven Local
run: |
./gradlew clean \
:opensearch-resource-sharing-spi:publishToMavenLocal \
:opensearch-security-client:publishToMavenLocal \
-Dbuild.snapshot=false

- name: Cache artifacts for dependent jobs
uses: actions/[email protected]
with:
path: ~/.m2/repository/org/opensearch/
key: maven-local-${{ github.run_id }}
restore-keys: |
maven-local-

test:
name: test
needs: generate-test-list
needs: [generate-test-list, publish-components-to-maven-local]
strategy:
fail-fast: false
matrix:
Expand All @@ -53,6 +80,14 @@ jobs:
- name: Checkout security
uses: actions/checkout@v4

- name: Restore Maven Local Cache
uses: actions/[email protected]
with:
path: ~/.m2/repository/org/opensearch/
key: maven-local-${{ github.run_id }}
restore-keys: |
maven-local-

- name: Build and Test
uses: gradle/gradle-build-action@v3
with:
Expand All @@ -68,7 +103,7 @@ jobs:
./build/reports/

report-coverage:
needs: ["test", "integration-tests"]
needs: ["test", "integration-tests", "spi-tests"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
Expand All @@ -91,7 +126,6 @@ jobs:
fail_ci_if_error: true
verbose: true


integration-tests:
name: integration-tests
strategy:
Expand All @@ -111,12 +145,20 @@ jobs:
- name: Checkout security
uses: actions/checkout@v4

- name: Build and Test
- name: Restore Maven Local Cache
uses: actions/[email protected]
with:
path: ~/.m2/repository/org/opensearch/
key: maven-local-${{ github.run_id }}
restore-keys: |
maven-local-

- name: Run Integration Tests
uses: gradle/gradle-build-action@v3
with:
cache-disabled: true
arguments: |
integrationTest -Dbuild.snapshot=false
:integrationTest -Dbuild.snapshot=false

- uses: actions/upload-artifact@v4
if: always()
Expand All @@ -125,10 +167,52 @@ jobs:
path: |
./build/reports/

spi-tests:
name: spi-tests
needs: publish-components-to-maven-local
strategy:
fail-fast: false
matrix:
jdk: [21]
platform: [ubuntu-latest, windows-latest]
runs-on: ${{ matrix.platform }}

steps:
- name: Set up JDK for build and test
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
java-version: ${{ matrix.jdk }}

- name: Checkout security
uses: actions/checkout@v4

- name: Restore Maven Local Cache
uses: actions/[email protected]
with:
path: ~/.m2/repository/org/opensearch/
key: maven-local-${{ github.run_id }}
restore-keys: |
maven-local-

- name: Run SPI Tests
uses: gradle/gradle-build-action@v3
with:
cache-disabled: true
arguments: |
:opensearch-resource-sharing-spi:test -Dbuild.snapshot=false

- uses: actions/upload-artifact@v4
if: always()
with:
name: spi-${{ matrix.platform }}-JDK${{ matrix.jdk }}-reports
path: |
./build/reports/

resource-tests:
env:
CI_ENVIRONMENT: resource-test
needs: publish-components-to-maven-local
strategy:
fail-fast: false
matrix:
Expand All @@ -146,12 +230,20 @@ jobs:
- name: Checkout security
uses: actions/checkout@v4

- name: Build and Test
- name: Restore Maven Local Cache
uses: actions/[email protected]
with:
path: ~/.m2/repository/org/opensearch/
key: maven-local-${{ github.run_id }}
restore-keys: |
maven-local-

- name: Run Resource Tests
uses: gradle/gradle-build-action@v3
with:
cache-disabled: true
arguments: |
integrationTest -Dbuild.snapshot=false --tests org.opensearch.security.ResourceFocusedTests
:integrationTest -Dbuild.snapshot=false --tests org.opensearch.security.ResourceFocusedTests

backward-compatibility-build:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -214,40 +306,73 @@ jobs:
build-artifact-names:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Environment
uses: actions/checkout@v4

- uses: actions/setup-java@v4
- name: Configure Java
uses: actions/setup-java@v4
with:
distribution: temurin # Temurin is a distribution of adoptium
distribution: temurin
java-version: 21

- run: |
security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}')
security_plugin_version_no_snapshot=$(echo $security_plugin_version | sed 's/-SNAPSHOT//g')
security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot | cut -d- -f1)
test_qualifier=alpha2

echo "SECURITY_PLUGIN_VERSION=$security_plugin_version" >> $GITHUB_ENV
echo "SECURITY_PLUGIN_VERSION_NO_SNAPSHOT=$security_plugin_version_no_snapshot" >> $GITHUB_ENV
echo "SECURITY_PLUGIN_VERSION_ONLY_NUMBER=$security_plugin_version_only_number" >> $GITHUB_ENV
echo "TEST_QUALIFIER=$test_qualifier" >> $GITHUB_ENV

- run: |
echo ${{ env.SECURITY_PLUGIN_VERSION }}
echo ${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}
echo ${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}
echo ${{ env.TEST_QUALIFIER }}

- run: ./gradlew clean assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip

- run: ./gradlew clean assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip

- run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip

- run: ./gradlew clean assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip

- run: ./gradlew clean publishPluginZipPublicationToZipStagingRepository && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.pom

- name: List files in the build directory if there was an error
run: ls -al ./build/distributions/
- name: Build and Test Artifacts
run: |
# Set version variables
security_plugin_version=$(./gradlew properties -q | grep -E '^version:' | awk '{print $2}')
security_plugin_version_no_snapshot=$(echo $security_plugin_version | sed 's/-SNAPSHOT//g')
security_plugin_version_only_number=$(echo $security_plugin_version_no_snapshot | cut -d- -f1)
test_qualifier=alpha2

# Debug print versions
echo "Versions:"
echo $security_plugin_version
echo $security_plugin_version_no_snapshot
echo $security_plugin_version_only_number
echo $test_qualifier

# Publish SPI
./gradlew clean :opensearch-resource-sharing-spi:publishToMavenLocal && test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version-all.jar
./gradlew clean :opensearch-resource-sharing-spi:publishToMavenLocal -Dbuild.snapshot=false && test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version_no_snapshot-all.jar
./gradlew clean :opensearch-resource-sharing-spi:publishToMavenLocal -Dbuild.snapshot=false -Dbuild.version_qualifier=$test_qualifier && test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version_only_number-$test_qualifier-all.jar
./gradlew clean :opensearch-resource-sharing-spi:publishToMavenLocal -Dbuild.version_qualifier=$test_qualifier && test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT-all.jar

# Publish Client
./gradlew clean :opensearch-security-client:publishToMavenLocal && test -s ./client/build/libs/opensearch-security-client-$security_plugin_version-all.jar
./gradlew clean :opensearch-security-client:publishToMavenLocal -Dbuild.snapshot=false && test -s ./client/build/libs/opensearch-security-client-$security_plugin_version_no_snapshot-all.jar
./gradlew clean :opensearch-security-client:publishToMavenLocal -Dbuild.snapshot=false -Dbuild.version_qualifier=$test_qualifier && test -s ./client/build/libs/opensearch-security-client-$security_plugin_version_only_number-$test_qualifier-all.jar
./gradlew clean :opensearch-security-client:publishToMavenLocal -Dbuild.version_qualifier=$test_qualifier && test -s ./client/build/libs/opensearch-security-client-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT-all.jar

# Build artifacts
./gradlew clean assemble && \
test -s ./build/distributions/opensearch-security-$security_plugin_version.zip && \
test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version.jar && \
test -s ./client/build/libs/opensearch-security-client-$security_plugin_version.jar


./gradlew clean assemble -Dbuild.snapshot=false && \
test -s ./build/distributions/opensearch-security-$security_plugin_version_no_snapshot.zip && \
test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version_no_snapshot.jar && \
test -s ./client/build/libs/opensearch-security-client-$security_plugin_version_no_snapshot.jar

./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=$test_qualifier && \
test -s ./build/distributions/opensearch-security-$security_plugin_version_only_number-$test_qualifier.zip && \
test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version_only_number-$test_qualifier.jar && \
test -s ./client/build/libs/opensearch-security-client-$security_plugin_version_only_number-$test_qualifier.jar

./gradlew clean assemble -Dbuild.version_qualifier=$test_qualifier && \
test -s ./build/distributions/opensearch-security-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT.zip && \
test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT.jar && \
test -s ./client/build/libs/opensearch-security-client-$security_plugin_version_only_number-$test_qualifier-SNAPSHOT.jar

./gradlew clean publishPluginZipPublicationToZipStagingRepository && \
test -s ./build/distributions/opensearch-security-$security_plugin_version.zip && \
test -s ./build/distributions/opensearch-security-$security_plugin_version.pom && \
test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version-all.jar

./gradlew clean publishShadowPublicationToMavenLocal && \
test -s ./spi/build/libs/opensearch-resource-sharing-spi-$security_plugin_version-all.jar && \
test -s ./client/build/libs/opensearch-security-client-$security_plugin_version-all.jar

- name: List files in build directory on failure
if: failure()
run: ls -al ./*/build/libs/ ./build/distributions/
2 changes: 1 addition & 1 deletion .github/workflows/maven-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,4 @@ jobs:
export SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text)
echo "::add-mask::$SONATYPE_USERNAME"
echo "::add-mask::$SONATYPE_PASSWORD"
./gradlew publishPluginZipPublicationToSnapshotsRepository
./gradlew --no-daemon publishPluginZipPublicationToSnapshotsRepository publishShadowPublicationToSnapshotsRepository
4 changes: 0 additions & 4 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,3 @@ out/
build/
gradle-build/
.gradle/

# nodejs
node_modules/
package-lock.json
Loading
Loading