Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Forwardport main] Switch to supportsImpersonation check for http auth backend and add Privileged Action for JwtParserBuilder #3579

Merged

Conversation

RyanL1997
Copy link
Collaborator

@RyanL1997 RyanL1997 commented Oct 19, 2023

Description

Switch to supportsImpersonation check for http auth backend + wrap JwtParserBuilder with doPrivileged

Reference to @cwperks's comment:

As a default implementation the authDomain could have:

default boolean supportsImpersonation() { return true; }

and any authDomain that does not support it can override:

@Override
public boolean supportsImpersonation() { return false; }
  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
    Enhancement

Issues Resolved

Is this a backport? If so, please add backport PR # and/or commits #
It has already been included in 2.x

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@codecov
Copy link

codecov bot commented Oct 19, 2023

Codecov Report

Merging #3579 (3cbc910) into main (40588e6) will increase coverage by 0.01%.
Report is 1 commits behind head on main.
The diff coverage is 77.77%.

Impacted file tree graph

@@             Coverage Diff              @@
##               main    #3579      +/-   ##
============================================
+ Coverage     64.99%   65.01%   +0.01%     
- Complexity     3644     3648       +4     
============================================
  Files           282      283       +1     
  Lines         20613    20619       +6     
  Branches       3391     3392       +1     
============================================
+ Hits          13398    13405       +7     
  Misses         5535     5535              
+ Partials       1680     1679       -1     
Files Coverage Δ
...rg/opensearch/security/auth/HTTPAuthenticator.java 100.00% <100.00%> (ø)
.../org/opensearch/security/auth/BackendRegistry.java 62.54% <0.00%> (ø)
...nsearch/security/http/OnBehalfOfAuthenticator.java 95.04% <85.71%> (-0.79%) ⬇️

... and 1 file with indirect coverage changes

@RyanL1997 RyanL1997 changed the title [Forwardport main] Switch to supportsImpersonation check for http auth backend [Forwardport main] The OBO changes in 2.x Oct 19, 2023
Signed-off-by: Ryan Liang <[email protected]>
@cwperks
Copy link
Member

cwperks commented Oct 20, 2023

@RyanL1997 Can you update the name of this PR to something more pertinent to the content of the changes that could be placed in release notes?

@RyanL1997 RyanL1997 changed the title [Forwardport main] The OBO changes in 2.x [Forwardport main] Switch to supportsImpersonation check for http auth backend and add Privileged Action for JwtParserBuilder Oct 20, 2023
@RyanL1997
Copy link
Collaborator Author

Sure @cwperks, I just updated that.

@stephen-crawford stephen-crawford merged commit ccc3e34 into opensearch-project:main Oct 24, 2023
59 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants