Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DRAFT] [Feature]Introduces ability to control access to and share resources #16030

Draft
wants to merge 31 commits into
base: main
Choose a base branch
from

Conversation

DarshitChanpura
Copy link
Member

@DarshitChanpura DarshitChanpura commented Sep 22, 2024

Work in Progress.

companion PR: opensearch-project/security#4746

Description

This PR introduces a new capability to enable access-control and sharing of resources. This PR introduces:

  1. Interfaces to be extended by security plugin for concrete implementation, and to be used by plugins when authorizing the requested resources.
  2. Adds a No-op implementation when security plugin is not enabled.

At present, plugins have implemented in-house authorization mechanisms to control access to their resources. This framework enables capability to have a centralized resource-authorization framework.

Please review feature proposal here that discusses the problem-statement and design approach. opensearch-project/security#4500

Plugins will leverage the APIs introduced here to check user access to resources.

To-do items:

  • Add integration tests
  • Add end-to-end tests

Documentation website will follow.

Related Issues

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
…urceService

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Copy link
Contributor

github-actions bot commented Oct 2, 2024

❌ Gradle check result for fba48ab: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Copy link
Contributor

github-actions bot commented Oct 4, 2024

❌ Gradle check result for 6a6e6f7: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Copy link
Contributor

github-actions bot commented Oct 4, 2024

✅ Gradle check result for 566913a: SUCCESS

Copy link

codecov bot commented Oct 4, 2024

Codecov Report

Attention: Patch coverage is 5.24017% with 217 lines in your changes missing coverage. Please review.

Project coverage is 72.04%. Comparing base (c82cd2e) to head (37cacf0).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
...earch/accesscontrol/resources/SharedWithScope.java 0.00% 78 Missing ⚠️
...earch/accesscontrol/resources/ResourceSharing.java 0.00% 68 Missing ⚠️
.../opensearch/accesscontrol/resources/ShareWith.java 0.00% 25 Missing ⚠️
.../opensearch/accesscontrol/resources/CreatedBy.java 0.00% 24 Missing ⚠️
...opensearch/accesscontrol/resources/EntityType.java 0.00% 8 Missing ⚠️
...earch/accesscontrol/resources/ResourceService.java 42.85% 7 Missing and 1 partial ⚠️
...earch/plugins/NoOpResourceAccessControlPlugin.java 14.28% 6 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##               main   #16030      +/-   ##
============================================
- Coverage     72.51%   72.04%   -0.48%     
+ Complexity    65562    65225     -337     
============================================
  Files          5318     5325       +7     
  Lines        303945   304173     +228     
  Branches      43976    44010      +34     
============================================
- Hits         220413   219143    -1270     
- Misses        65798    67082    +1284     
- Partials      17734    17948     +214     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Copy link
Contributor

❌ Gradle check result for 0eb47ac: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Copy link
Contributor

✅ Gradle check result for e313071: SUCCESS

@opensearch-trigger-bot
Copy link
Contributor

This PR is stalled because it has been open for 30 days with no activity.

@opensearch-trigger-bot opensearch-trigger-bot bot added stalled Issues that have stalled and removed stalled Issues that have stalled labels Nov 14, 2024
Copy link
Contributor

✅ Gradle check result for 37cacf0: SUCCESS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants