Read Only Tenant Mode #4498
Read Only Tenant Mode #4498
Conversation
Signed-off-by: jakubp-eliatra <jakub.przybylski@theworkingroup.net>
jakubp-eliatra
force-pushed
the
read-only-mode-for-tenants
branch
from
e3252fe
to
b5fd84b
Compare
|
@jakubp-eliatra Can you as a part of this change also tackle #2575? Since you are modifying the capabilities service, it would also be nice to know how it is being used, including how to use the new flag :) |
|
@ashwin-pc Yes, we will document how the capabilities are used to achieve read only mode. Outside of that, I would suggest to leave #2575 as a separate issue still, due to capabilities not being really used in plugins (outside of read only mode logic) and due to enlarging the current scope of PR. |
Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl>
Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl>
…nants Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl>
kajetan-nobel
force-pushed
the
read-only-mode-for-tenants
branch
from
58459a9
to
39a08e6
Compare
|
@jakubp-eliatra Thats okay, the goal here is to document the change that you are making and add any additional context you have about the capabilities service too. Its a part of the PR checklist for that reason. It does not have to be a comprehensive doc on the capabilities service as a whole, that can be covered in #2575. The problem is that we may never get to it otherwise and kinda have to rely on changes like this to slowly tackle away at the documentation gaps. Imagine how it would have benefitted you if the last person who touched the capabilities service had documented it well. |
…nants Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl>
Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl>
jakubp-eliatra
requested review from
ananzh,
kavilla,
seanneumann,
AMoo-Miki,
ashwin-pc,
joshuarrrr,
abbyhu2000,
zengyan-amazon,
kristenTian,
zhongnansu,
manasvinibs,
ZilongX,
Flyingliuhub and
BSFishy
as code owners
|
Hey @ashwin-pc, I've taken this task over from @jakubp-eliatra. I've added docs (please let me know if there is any lack there), also integration tests have been prepared here: |
…nants Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
@joshuarrrr I added :) |
|
@kajetan-nobel how can i validate these changes? can you add some instructions to run this change locally and make sure it works as expected? |
|
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
|
Note: @ashwin-pc gonna pick it up right after 2.11's crunch time |
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| * | ||
| * Any modifications Copyright OpenSearch Contributors. See | ||
| * GitHub history for details. | ||
| */ | ||
|
|
||
| /* | ||
| * Licensed to Elasticsearch B.V. under one or more contributor | ||
| * license agreements. See the NOTICE file distributed with | ||
| * this work for additional information regarding copyright | ||
| * ownership. Elasticsearch B.V. licenses this file to you under | ||
| * the Apache License, Version 2.0 (the "License"); you may | ||
| * not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ |
There was a problem hiding this comment.
The license header is not correct I suppose.
There was a problem hiding this comment.
Yeah this is the right license header
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
The same goes for all the license headers in this PR
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| * | ||
| * Any modifications Copyright OpenSearch Contributors. See | ||
| * GitHub history for details. | ||
| */ | ||
|
|
||
| /* | ||
| * Licensed to Elasticsearch B.V. under one or more contributor | ||
| * license agreements. See the NOTICE file distributed with | ||
| * this work for additional information regarding copyright | ||
| * ownership. Elasticsearch B.V. licenses this file to you under | ||
| * the Apache License, Version 2.0 (the "License"); you may | ||
| * not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ |
There was a problem hiding this comment.
The license header is not correct I suppose.
| /* | ||
| * SPDX-License-Identifier: Apache-2.0 | ||
| * | ||
| * The OpenSearch Contributors require contributions made to | ||
| * this file be licensed under the Apache-2.0 license or a | ||
| * compatible open source license. | ||
| * | ||
| * Any modifications Copyright OpenSearch Contributors. See | ||
| * GitHub history for details. | ||
| */ | ||
|
|
||
| /* | ||
| * Licensed to Elasticsearch B.V. under one or more contributor | ||
| * license agreements. See the NOTICE file distributed with | ||
| * this work for additional information regarding copyright | ||
| * ownership. Elasticsearch B.V. licenses this file to you under | ||
| * the Apache License, Version 2.0 (the "License"); you may | ||
| * not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ |
There was a problem hiding this comment.
Yeah this is the right license header
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/
The same goes for all the license headers in this PR
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com>
|
@ashwin-pc @SuZhou-Joe license headers have been changed. Ready to review. |
| @@ -36,6 +36,15 @@ import { searchSavedObjectType } from './saved_objects'; | |||
| export class DiscoverServerPlugin implements Plugin<object, object> { | |||
| public setup(core: CoreSetup) { | |||
| core.capabilities.registerProvider(capabilitiesProvider); | |||
| core.capabilities.registerSwitcher(async (request, capabilites) => { | |||
There was a problem hiding this comment.
As there is no consumer under the line of await, I'd recommend removing the async / await in this function, not a big concern.
There was a problem hiding this comment.
@SuZhou-Joe hideForReadonly is async and it's needed to be due to implementation from security plugin site
There was a problem hiding this comment.
Actually because there is no consumer following the await, so it's the same to make it from async / await to a simple () => core.security.readonlyService.... because both will return a promise to the function caller. but still, not a big concern.
There was a problem hiding this comment.
I would rather keep it as it is
| import { IReadOnlyService } from './types'; | ||
|
|
||
| export class ReadonlyService implements IReadOnlyService { | ||
| async isReadonly(request: OpenSearchDashboardsRequest): Promise<boolean> { |
There was a problem hiding this comment.
What do you think of changing the output from being boolean to be an enum that has values like ReadOnly, ReadWrite, Unknown?
I think this would better describe results for inline reading especially in the controllers where its hard to 'see' what the impact of a true vs false will be.
There was a problem hiding this comment.
@peternied then it wouldn't be a ReadonlyService but TenantCapabilityService or something like that. As long as it has an impact only on capabilities I suggest keeping it as it is right now and extending that in the next PR :) Especially as long capabilities are only boolean and will not contain enum values.
| import { IReadOnlyService } from './types'; | ||
|
|
||
| export class ReadonlyService implements IReadOnlyService { | ||
| async isReadonly(request: OpenSearchDashboardsRequest): Promise<boolean> { |
There was a problem hiding this comment.
Seems isReadonly method currently always returns false and the hideForReadonly method will always return the capabilites argument as-is, without merging it with hideCapabilities. Seems to me that these functions are redundant or unnecessary. Is the current isReadonly method a placeholder, intended to be overridden or expanded upon in the future? should we add a comment on them?
There was a problem hiding this comment.
@ananzh purpose is to keep working even without security-plugin (btw. here is an extension of the implementation https://github.com/opensearch-project/security-dashboards-plugin/pull/14720). For more context please follow opensearch-project/security#2701 (comment)
Co-authored-by: Anan Zhuang <ananzh@amazon.com> Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl>
* merge conflict resolved * Restore config/opensearch_dashboards.yml * Fix capabilities tsc * docs: read only tenant mode * feat: introduce security service in core and readonly service * fix: adds securityServiceMock * feat: adds tests and default default readonly service * docs: fill up docs for read only tenant mode --------- Signed-off-by: jakubp-eliatra <jakub.przybylski@theworkingroup.net> Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl> Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com> Co-authored-by: jakubp-eliatra <jakub.przybylski@theworkingroup.net> Co-authored-by: Kajetan Nobel <k.nobel@routegroup.pl> Co-authored-by: Peter Nied <peternied@hotmail.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Kajetan Nobel <kajetan.nobel@eliatra.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit abc97ea) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md
* merge conflict resolved * Restore config/opensearch_dashboards.yml * Fix capabilities tsc * docs: read only tenant mode * feat: introduce security service in core and readonly service * fix: adds securityServiceMock * feat: adds tests and default default readonly service * docs: fill up docs for read only tenant mode --------- Signed-off-by: jakubp-eliatra <jakub.przybylski@theworkingroup.net> Signed-off-by: Kajetan Nobel <k.nobel@routegroup.pl> Signed-off-by: Kajetan Nobel <kajetan.nobel@eliatra.com> Co-authored-by: jakubp-eliatra <jakub.przybylski@theworkingroup.net> Co-authored-by: Kajetan Nobel <k.nobel@routegroup.pl> Co-authored-by: Peter Nied <peternied@hotmail.com> Co-authored-by: Ashwin P Chandran <ashwinpc@amazon.com> Co-authored-by: Kajetan Nobel <kajetan.nobel@eliatra.com> Co-authored-by: Anan Zhuang <ananzh@amazon.com> (cherry picked from commit abc97ea) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> # Conflicts: # CHANGELOG.md Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Description
Adds a proper read only mode support for read only tenants.
A new capability hide_for_read_only as array is utilized to recognize the capabilities which should be disable in read only mode. If a read only tenant is recognized the capabilities associated with writing access such as 'createNew' and 'saveQuery' are then set to false.
Issues Resolved
This is a complementary PR for: opensearch-project/security-dashboards-plugin#1472, related with issues here: opensearch-project/security#2701
Check List
yarn test:jestyarn test:jest_integrationyarn test:ftr