Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 2.8] Rest admin permissions (#2411) #2807

Merged
merged 8 commits into from
May 30, 2023
Merged

[Backport 2.8] Rest admin permissions (#2411) #2807

merged 8 commits into from
May 30, 2023

Conversation

DarshitChanpura
Copy link
Member

Backports #2411 to 2.8

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

opensearch-trigger-bot bot and others added 5 commits May 29, 2023 14:44
@opensearch-trigger-bot @zhichao-aws
role.yml changes for lron feature (opensearch-project#2789) (opensear…
a70cf42 
…ch-project#2792)

Signed-off-by: zhichao-aws <zhichaog@amazon.com>
(cherry picked from commit a580dfc)

Co-authored-by: zhichao-aws <zhichaog@amazon.com>
@opensearch-trigger-bot @ylwu-amzn
add ml model group system index (opensearch-project#2790) (opensearch…
279c4d9 
…-project#2797)

Signed-off-by: Yaliang Wu <ylwu@amazon.com>
(cherry picked from commit 1bb2ef1)

Co-authored-by: Yaliang Wu <ylwu@amazon.com>
@willyborankin @DarshitChanpura
Rest admin permissions (opensearch-project#2411)
a1fd0ff 
Permissions for REST admin user

Added granular permissions for all REST API actions in OpenSearch to be individually assigned.

Permissions are:
    - 'restapi:admin/actiongroups' - allow full access to actiongroups
    - 'restapi:admin/allowlist' - allow full access to allowlist
    - 'restapi:admin/internalusers'- allow full access to internalusers
    - 'restapi:admin/nodesdn'- allow full access to nodesdn
    - 'restapi:admin/roles' - allow full access to roles
    - 'restapi:admin/rolesmapping' - allow full access to roles mappings
    - 'restapi:admin/ssl/certs/info' - allow full access to certs info
    - 'restapi:admin/ssl/certs/reload' - allow full access to certs reload
    - 'restapi:admin/tenants' - allow full access to tenants

Adds tests for these permissions.

Signed-off-by: Andrey Pleskach <ples@aiven.io>
(cherry picked from commit d676716)
@DarshitChanpura
Fixes CI errors
0813f78 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Fixes HTTP5 imports
cade19f 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
This was referenced May 30, 2023
Merged
Closed
@willyborankin
Copy link
Collaborator

willyborankin commented May 30, 2023
edited
Loading

@DarshitChanpura and @scrawfor99 I need to create a backport for #2605 as well. After this one has been merged.

@DarshitChanpura
Fixes password related changes in tests
1da6f70 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@codecov
Copy link

codecov bot commented May 30, 2023
edited
Loading

Codecov Report

Merging #2807 (5b2b3c1) into 2.8 (a50a0e6) will increase coverage by 0.06%.
The diff coverage is 75.72%.

@@             Coverage Diff              @@
##                2.8    #2807      +/-   ##
============================================
+ Coverage     61.27%   61.34%   +0.06%     
- Complexity     3318     3367      +49     
============================================
  Files           264      264              
  Lines         18507    18631     +124     
  Branches       3265     3283      +18     
============================================
+ Hits          11341    11430      +89     
- Misses         5590     5613      +23     
- Partials       1576     1588      +12
Impacted Files Coverage Δ
...earch/security/dlic/rest/api/AccountApiAction.java 81.15% <0.00%> (-1.20%) ⬇️
...curity/dlic/rest/api/AuthTokenProcessorAction.java 53.33% <0.00%> (-3.81%) ⬇️
...ch/security/dlic/rest/api/FlushCacheApiAction.java 61.29% <0.00%> (-2.05%) ⬇️
...earch/security/dlic/rest/api/MigrateApiAction.java 4.12% <0.00%> (-0.05%) ⬇️
...earch/security/dlic/rest/api/TenantsApiAction.java 36.36% <0.00%> (-3.64%) ⬇️
...arch/security/dlic/rest/api/ValidateApiAction.java 10.25% <0.00%> (-0.27%) ⬇️
...pensearch/security/securityconf/ConfigModelV6.java 0.00% <0.00%> (ø)
...security/dlic/rest/api/SecuritySSLCertsAction.java 71.71% <71.71%> (ø)
.../security/dlic/rest/api/RolesMappingApiAction.java 82.85% <76.92%> (-3.51%) ⬇️
...dlic/rest/api/RestApiAdminPrivilegesEvaluator.java 78.33% <78.33%> (ø)
... and 16 more

... and 10 files with indirect coverage changes

@stephen-crawford
Update ActionGroupsApiTest.java
56f9d02 
Remove unused import
@willyborankin
Copy link
Collaborator

tests passed for at least Linux build

@DarshitChanpura
Incorporates jar hell fix
5b2b3c1 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@cwperks
Copy link
Member

cwperks commented May 30, 2023
edited
Loading

@opensearch-project/engineering-effectiveness We are having to remove a dependency on backports to 2.8 in order to get our CI checks working, but the underlying issue is that there is a stale minimum distribution for OpenSearch core (https://artifacts.opensearch.org/snapshots/core/opensearch/2.8.0-SNAPSHOT/opensearch-min-2.8.0-SNAPSHOT-linux-x64-latest.tar.gz) that does not reflect the code that is on the 2.8 branch.

Can someone help produce a new minimum distribution from the 2.8 branch of core?

Specifically this change is in the 2.x branch of core, but not 2.8: opensearch-project/OpenSearch#7779

The minimum distribution for the 2.8 SNAPSHOT should not include that change.

cwperks
cwperks reviewed May 30, 2023
View reviewed changes
build.gradle
@@ -289,7 +289,6 @@ configurations.all {
}

dependencies {
implementation 'jakarta.annotation:jakarta.annotation-api:1.3.5'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be re-introduced in another PR once a new minimum snapshot distribution of core is available.

@cwperks cwperks merged commit 2ebcfa7 into opensearch-project:2.8 May 30, 2023
@peterzhuamazon peterzhuamazon mentioned this pull request May 31, 2023
Closed
42 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwperks cwperks cwperks approved these changes

@cliu123 cliu123 Awaiting requested review from cliu123 cliu123 is a code owner

@davidlago davidlago Awaiting requested review from davidlago

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@DarshitChanpura @willyborankin @cwperks @stephen-crawford