Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bug where admin can read system index #4774

Merged
merged 3 commits into from
Oct 3, 2024
Merged

Fix bug where admin can read system index #4774

merged 3 commits into from
Oct 3, 2024

Conversation

derek-ho
Copy link
Collaborator

@derek-ho derek-ho commented Oct 3, 2024
edited
Loading

Description

Prevents reads on security system index registered through core

Issues Resolved

Fix: #4755
Is this a backport? If so, please add backport PR # and/or commits #, and remove backport-failed label from the original PR.
No
Do these changes introduce new permission(s) to be displayed in the static dropdown on the front-end? If so, please open a draft PR in the security dashboards plugin and link the draft PR here
No

Testing

Added unit test

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@derek-ho
Fix bug where admin can read system index
c0efd45 
Signed-off-by: Derek Ho <dxho@amazon.com>
@derek-ho
rename file + test
7402adb 
Signed-off-by: Derek Ho <dxho@amazon.com>
@derek-ho
Rename test
7459bc2 
Signed-off-by: Derek Ho <dxho@amazon.com>
@codecov Codecov
Copy link

codecov bot commented Oct 3, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.

Project coverage is 67.96%. Comparing base (830b341) to head (7459bc2).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
...rity/configuration/SystemIndexSearcherWrapper.java 33.33% 0 Missing and 2 partials ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4774      +/-   ##
==========================================
- Coverage   67.98%   67.96%   -0.02%     
==========================================
  Files         310      310              
  Lines       20924    20926       +2     
  Branches     3318     3321       +3     
==========================================
- Hits        14225    14223       -2     
+ Misses       4951     4950       -1     
- Partials     1748     1753       +5
Files with missing lines Coverage Δ
...figuration/SecurityFlsDlsIndexSearcherWrapper.java 91.66% <ø> (ø)
...rity/configuration/SystemIndexSearcherWrapper.java 91.37% <33.33%> (ø)

... and 5 files with indirect coverage changes

@cwperks cwperks added the backport 2.x backport to 2.x branch label Oct 3, 2024
@cwperks cwperks merged commit 5cb4dd2 into opensearch-project:main Oct 3, 2024
41 of 43 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 3, 2024
@github-actions
Fix bug where admin can read system index (#4774)
c4d6309 
Signed-off-by: Derek Ho <dxho@amazon.com>
(cherry picked from commit 5cb4dd2)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 3, 2024
Merged
@cwperks cwperks mentioned this pull request Oct 29, 2024
Merged
5 tasks
derek-ho added a commit to derek-ho/security that referenced this pull request Oct 30, 2024
@derek-ho
Revert "Fix bug where admin can read system index (opensearch-project…
c225740 
…#4774)"

This reverts commit 5cb4dd2.
derek-ho added a commit that referenced this pull request Oct 30, 2024
@derek-ho
Revert "Fix bug where admin can read system index (#4774)" (#4864)
128a304
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willyborankin willyborankin willyborankin approved these changes

@cwperks cwperks cwperks approved these changes

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura is a code owner

@nibix nibix Awaiting requested review from nibix nibix is a code owner

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford

@reta reta Awaiting requested review from reta reta is a code owner

Assignees
No one assigned
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Admin user can search system index registered via SystemIndexPlugin.getSystemIndexDescriptors
3 participants
@derek-ho @willyborankin @cwperks