Add permissions field to the mapping only if the permission control i…

…s enabled Signed-off-by: gaobinlong <gbinlong@amazon.com>
gaobinlong · Feb 29, 2024 · 04fcc8f · 04fcc8f
1 parent db34803
commit 04fcc8f
Show file tree

Hide file tree

Showing 11 changed files with 143 additions and 264 deletions.
diff --git a/...ore/server/saved_objects/migrations/core/__snapshots__/build_active_mappings.test.ts.snap b/...ore/server/saved_objects/migrations/core/__snapshots__/build_active_mappings.test.ts.snap
diff --git a/src/core/server/saved_objects/migrations/core/build_active_mappings.test.ts b/src/core/server/saved_objects/migrations/core/build_active_mappings.test.ts
@@ -30,6 +30,7 @@
 
 import { IndexMapping, SavedObjectsTypeMappingDefinitions } from './../../mappings';
 import { buildActiveMappings, diffMappings } from './build_active_mappings';
+import { configMock } from '../../../config/mocks';
 
 describe('buildActiveMappings', () => {
   test('creates a strict mapping', () => {
@@ -91,6 +92,12 @@ describe('buildActiveMappings', () => {
     expect(hashes.aaa).toEqual(hashes.bbb);
     expect(hashes.aaa).not.toEqual(hashes.ccc);
   });
+
+  test('permissions field is added when permission control flag is enabled', () => {
+    const rawConfig = configMock.create();
+    rawConfig.get.mockReturnValue(true);
+    expect(buildActiveMappings({}, rawConfig)).toHaveProperty('properties.permissions');
+  });
 });
 
 describe('diffMappings', () => {

diff --git a/src/core/server/saved_objects/migrations/core/build_active_mappings.ts b/src/core/server/saved_objects/migrations/core/build_active_mappings.ts
@@ -34,6 +34,7 @@
 
 import crypto from 'crypto';
 import { cloneDeep, mapValues } from 'lodash';
+import { Config } from 'packages/osd-config/target';
 import {
   IndexMapping,
   SavedObjectsFieldMapping,
@@ -48,11 +49,36 @@ import {
  * @param typeDefinitions - the type definitions to build mapping from.
  */
 export function buildActiveMappings(
-  typeDefinitions: SavedObjectsTypeMappingDefinitions | SavedObjectsMappingProperties
+  typeDefinitions: SavedObjectsTypeMappingDefinitions | SavedObjectsMappingProperties,
+  opensearchDashboardsRawConfig?: Config
 ): IndexMapping {
   const mapping = defaultMapping();
 
-  const mergedProperties = validateAndMerge(mapping.properties, typeDefinitions);
+  let mergedProperties = validateAndMerge(mapping.properties, typeDefinitions);
+  // if permission control for saved objects is enabled, the permissions field should be added to the mapping
+  if (opensearchDashboardsRawConfig?.get('savedObjects.permission.enabled')) {
+    const principals: SavedObjectsFieldMapping = {
+      properties: {
+        users: {
+          type: 'keyword',
+        },
+        groups: {
+          type: 'keyword',
+        },
+      },
+    };
+    mergedProperties = validateAndMerge(mapping.properties, {
+      permissions: {
+        properties: {
+          read: principals,
+          write: principals,
+          management: principals,
+          library_read: principals,
+          library_write: principals,
+        },
+      },
+    });
+  }
 
   return cloneDeep({
     ...mapping,
@@ -138,16 +164,6 @@ function findChangedProp(actual: any, expected: any) {
  * @returns {IndexMapping}
  */
 function defaultMapping(): IndexMapping {
-  const principals: SavedObjectsFieldMapping = {
-    properties: {
-      users: {
-        type: 'keyword',
-      },
-      groups: {
-        type: 'keyword',
-      },
-    },
-  };
   return {
     dynamic: 'strict',
     properties: {
@@ -186,15 +202,6 @@ function defaultMapping(): IndexMapping {
           },
         },
       },
-      permissions: {
-        properties: {
-          read: principals,
-          write: principals,
-          management: principals,
-          library_read: principals,
-          library_write: principals,
-        },
-      },
     },
   };
 }