[2.x] Adds changes related to OnBehalfOf and Service Accounts feature #10258
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 tasks
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Compatibility status:Checks if related components are compatible with change 71e6c2d Incompatible componentsSkipped componentsCompatible components |
Gradle Check (Jenkins) Run Completed with:
|
…re (opensearch-project#9842) (opensearch-project#9848) (cherry picked from commit e4a1841) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…pensearch-project#9832) (opensearch-project#9844) * introducing zstd compression codec plugin * Moving zstd compression codec as a plugin * introducing zstd compression codec plugin * Adding checks to EngineConfig and fixing tests * incorporating review comments * fixing tests * introducing zstd compression codec plugin * addressing review comments * nit fixes * implementing codec aliases * addressing review comments * review comments * moving codec aliases to custom codec * adding zstd default codec for backward compatibility * renaming to deprecated codec * incorporating review comments * nit fixes --------- (cherry picked from commit 76f1b52) (cherry picked from commit 90310c3) Signed-off-by: Sarthak Aggarwal <sarthagg@amazon.com> Signed-off-by: Prabhakar Sithanandam <backslasht@users.noreply.github.com> Signed-off-by: Andrew Ross <andrross@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Sarthak Aggarwal <sarthagg@amazon.com> Co-authored-by: Prabhakar Sithanandam <backslasht@users.noreply.github.com>
This plugin has been moved to its own [repository][1]. [1]: https://github.com/opensearch-project/custom-codecs Signed-off-by: Andrew Ross <andrross@amazon.com>
…ct#8679) Implement on behalf of token passing for extensions Signed-off-by: Stephen Crawford <steecraw@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Co-authored-by: Ryan Liang <jiallian@amazon.com> Co-authored-by: Peter Nied <peternied@hotmail.com>
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
DarshitChanpura
force-pushed
the
OBOAndService
branch
from
15b4d6a
to
184b7c4
Compare
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
DarshitChanpura
force-pushed
the
OBOAndService
branch
from
184b7c4
to
903f180
Compare
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Gradle Check (Jenkins) Run Completed with:
|
|
@RyanL1997 @scrawfor99 @cwperks Could you please review this? |
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
peternied
changed the title
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
CHANGELOG.md
Outdated
| @@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), | |||
| - Implement Visitor Design pattern in QueryBuilder to enable the capability to traverse through the complex QueryBuilder tree. ([#10110](https://github.com/opensearch-project/OpenSearch/pull/10110)) | |||
| - Add capability to restrict async durability mode for remote indexes ([#10189](https://github.com/opensearch-project/OpenSearch/pull/10189)) | |||
| - Add Doc Status Counter for Indexing Engine ([#4562](https://github.com/opensearch-project/OpenSearch/issues/4562)) | |||
| - Adds changes related On-behalf-Of and Service Accounts feature ([#10258](https://github.com/opensearch-project/OpenSearch/pull/10258)) | |||
There was a problem hiding this comment.
Suggested change
| - Adds changes related On-behalf-Of and Service Accounts feature ([#10258](https://github.com/opensearch-project/OpenSearch/pull/10258)) | |
| - Adds changes related to On-behalf-Of and Service Accounts feature ([#10258](https://github.com/opensearch-project/OpenSearch/pull/10258)) |
There was a problem hiding this comment.
I would recommend putting all logic inside the standard initialize transport action similar to what was done on the main branch.
There was a problem hiding this comment.
Same as above, I think we want to use a single transport action as was done in main.
| @@ -74,8 +83,10 @@ public class ExtensionsManager { | |||
| public static final String REQUEST_EXTENSION_REGISTER_TRANSPORT_ACTIONS = "internal:discovery/registertransportactions"; | |||
| public static final String REQUEST_REST_EXECUTE_ON_EXTENSION_ACTION = "internal:extensions/restexecuteonextensiontaction"; | |||
| public static final String REQUEST_EXTENSION_HANDLE_TRANSPORT_ACTION = "internal:extensions/handle-transportaction"; | |||
| public static final String REQUEST_EXTENSION_ISSUE_SERVICE_ACCOUNT = "internal:extensions/issue-service-account"; | |||
There was a problem hiding this comment.
I believe this was removed from the final implementation--for the changes we actually need you can look at: #9618
There was a problem hiding this comment.
Going to be part of the same initialization request.
DarshitChanpura
changed the title
Provide service accounts tokens to extensions This change adds a new transport action which passes the extension a string representation of its service account auth token. This token is created by the TokenManager interface implementation. The token is expected to be an encoded basic auth credential string which can be used by the extension to interact with its own system index. Signed-off-by: Stephen Crawford <steecraw@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: Peter Nied <petern@amazon.com> Co-authored-by: Owais Kazi <owaiskazi19@gmail.com> Co-authored-by: Peter Nied <petern@amazon.com> (cherry picked from commit 994e115)
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
|
@scrawfor99 @RyanL1997 please review this when you get a chance |
Gradle Check (Jenkins) Run Completed with:
|
35 tasks
|
@scrawfor99 @RyanL1997 please let me know if this needs to be re-opened. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Associated PRs: opensearch-project/security#3416
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.