Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DRAFT] [Feature]Introduces Resource Sharing and Access Control #16030

Draft
wants to merge 43 commits into
base: main
Choose a base branch
from

Conversation

DarshitChanpura
Copy link
Member

@DarshitChanpura DarshitChanpura commented Sep 22, 2024

Work in Progress.

companion PR: opensearch-project/security#4746

Description

This PR introduces a new capability to enable access-control and sharing of resources. This PR introduces:

  1. Interfaces to be extended by security plugin for concrete implementation, and to be used by plugins when authorizing the requested resources.
  2. Adds a No-op implementation when security plugin is not enabled.

At present, plugins have implemented in-house authorization mechanisms to control access to their resources. This framework enables capability to have a centralized resource-authorization framework.

Please review feature proposal here that discusses the problem-statement and design approach. opensearch-project/security#4500

Plugins will leverage the APIs introduced here to check user access to resources.

To-do items:

  • Add integration tests
  • Add end-to-end tests

Documentation website will follow.

Related Issues

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Darshit Chanpura <[email protected]>
Signed-off-by: Darshit Chanpura <[email protected]>
Signed-off-by: Darshit Chanpura <[email protected]>
@opensearch-trigger-bot
Copy link
Contributor

This PR is stalled because it has been open for 30 days with no activity.

@opensearch-trigger-bot opensearch-trigger-bot bot added stalled Issues that have stalled and removed stalled Issues that have stalled labels Nov 14, 2024
Copy link
Contributor

✅ Gradle check result for 37cacf0: SUCCESS

Signed-off-by: Darshit Chanpura <[email protected]>
Copy link
Contributor

github-actions bot commented Dec 3, 2024

❌ Gradle check result for 4107407: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Signed-off-by: Darshit Chanpura <[email protected]>
Copy link
Contributor

github-actions bot commented Dec 4, 2024

✅ Gradle check result for 274c64f: SUCCESS

Copy link
Contributor

github-actions bot commented Dec 5, 2024

✅ Gradle check result for 014be82: SUCCESS

Copy link
Contributor

github-actions bot commented Dec 5, 2024

✅ Gradle check result for e468f91: SUCCESS

Signed-off-by: Darshit Chanpura <[email protected]>
Copy link
Contributor

github-actions bot commented Dec 6, 2024

✅ Gradle check result for 3a0b4b1: SUCCESS

Copy link
Contributor

✅ Gradle check result for 0548fc2: SUCCESS

@DarshitChanpura DarshitChanpura changed the title [DRAFT] [Feature]Introduces ability to control access to and share resources [DRAFT] [Feature]Introduces Resource Sharing and Access Control Dec 11, 2024
… noopRACplugin to defaultRACplugin since we now list all accessible resources and updates comments

Signed-off-by: Darshit Chanpura <[email protected]>
Copy link
Contributor

❌ Gradle check result for d7d1f25: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants