Skip to content

Commit

Permalink
feat(operations): add explain endpoint for search (#9832)
Browse files Browse the repository at this point in the history
  • Loading branch information
@RyanHolstien
RyanHolstien authored Feb 14, 2024
1 parent 045c76a commit 2c9fdcd
Show file tree
Hide file tree
Showing 13 changed files with 388 additions and 95 deletions.
45 changes: 23 additions & 22 deletions docs/authorization/access-policies-guide.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,28 +93,29 @@ In the second step, we can simply select the Privileges that this Platform Polic

**Platform** Privileges most often provide access to perform administrative functions on the Platform. These include:

| Platform Privileges | Description |
|-------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|
| Manage Policies | Allow actor to create and remove access control policies. Be careful - Actors with this Privilege are effectively super users. |
| Manage Metadata Ingestion | Allow actor to create, remove, and update Metadata Ingestion sources. |
| Manage Secrets | Allow actor to create & remove secrets stored inside DataHub. |
| Manage Users & Groups | Allow actor to create, remove, and update users and groups on DataHub. |
| Manage All Access Tokens | Allow actor to create, remove, and list access tokens for all users on DataHub. |
| Create Domains | Allow the actor to create new Domains |
| Manage Domains | Allow actor to create and remove any Domains. |
| View Analytics | Allow the actor access to the DataHub analytics dashboard. |
| Generate Personal Access Tokens | Allow the actor to generate access tokens for personal use with DataHub APIs. |
| Manage User Credentials | Allow the actor to generate invite links for new native DataHub users, and password reset links for existing native users. |
| Manage Glossaries | Allow the actor to create, edit, move, and delete Glossary Terms and Term Groups |
| Create Tags | Allow the actor to create new Tags |
| Manage Tags | Allow the actor to create and remove any Tags |
| Manage Public Views | Allow the actor to create, edit, and remove any public (shared) Views. |
| Manage Ownership Types | Allow the actor to create, edit, and remove any Ownership Types. |
| Manage Platform Settings | (Acryl DataHub only) Allow the actor to manage global integrations and notification settings |
| Manage Monitors | (Acryl DataHub only) Allow the actor to create, remove, start, or stop any entity assertion monitors |
| Restore Indices API[^1] | Allow the actor to restore indices for a set of entities via API |
| Enable/Disable Writeability API[^1] | Allow the actor to enable or disable GMS writeability for use in data migrations |
| Apply Retention API[^1] | Allow the actor to apply aspect retention via API |
| Platform Privileges | Description |
|---------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Manage Policies | Allow actor to create and remove access control policies. Be careful - Actors with this Privilege are effectively super users. |
| Manage Metadata Ingestion | Allow actor to create, remove, and update Metadata Ingestion sources. |
| Manage Secrets | Allow actor to create & remove secrets stored inside DataHub. |
| Manage Users & Groups | Allow actor to create, remove, and update users and groups on DataHub. |
| Manage All Access Tokens | Allow actor to create, remove, and list access tokens for all users on DataHub. |
| Create Domains | Allow the actor to create new Domains |
| Manage Domains | Allow actor to create and remove any Domains. |
| View Analytics | Allow the actor access to the DataHub analytics dashboard. |
| Generate Personal Access Tokens | Allow the actor to generate access tokens for personal use with DataHub APIs. |
| Manage User Credentials | Allow the actor to generate invite links for new native DataHub users, and password reset links for existing native users. |
| Manage Glossaries | Allow the actor to create, edit, move, and delete Glossary Terms and Term Groups |
| Create Tags | Allow the actor to create new Tags |
| Manage Tags | Allow the actor to create and remove any Tags |
| Manage Public Views | Allow the actor to create, edit, and remove any public (shared) Views. |
| Manage Ownership Types | Allow the actor to create, edit, and remove any Ownership Types. |
| Manage Platform Settings | (Acryl DataHub only) Allow the actor to manage global integrations and notification settings |
| Manage Monitors | (Acryl DataHub only) Allow the actor to create, remove, start, or stop any entity assertion monitors |
| Restore Indices API[^1] | Allow the actor to restore indices for a set of entities via API |
| Enable/Disable Writeability API[^1] | Allow the actor to enable or disable GMS writeability for use in data migrations |
| Apply Retention API[^1] | Allow the actor to apply aspect retention via API |
| Explain ElasticSearch Query API[^1] | Allow actor to explain an ElasticSearch query. |


[^1]: Only active if REST_API_AUTHORIZATION_ENABLED environment flag is enabled
Expand Down
41 changes: 21 additions & 20 deletions docs/authorization/policies.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,26 +94,27 @@ We currently support the following:

**Common metadata privileges** to view & modify any entity within DataHub.

| Common Privileges | Description |
|----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
| View Entity Page | Allow actor to access the entity page for the resource in the UI. If not granted, it will redirect them to an unauthorized page. |
| Edit Tags | Allow actor to add and remove tags to an asset. |
| Edit Glossary Terms | Allow actor to add and remove glossary terms to an asset. |
| Edit Owners | Allow actor to add and remove owners of an entity. |
| Edit Description | Allow actor to edit the description (documentation) of an entity. |
| Edit Links | Allow actor to edit links associated with an entity. |
| Edit Status | Allow actor to edit the status of an entity (soft deleted or not). |
| Edit Domain | Allow actor to edit the Domain of an entity. |
| Edit Deprecation | Allow actor to edit the Deprecation status of an entity. |
| Edit Assertions | Allow actor to add and remove assertions from an entity. |
| Edit Incidents | Allow actor to raise and resolve incidents for an entity. |
| Edit All | Allow actor to edit any information about an entity. Super user privileges. Controls the ability to ingest using API when REST API Authorization is enabled. | |
| Get Timeline API[^1] | Allow actor to get the timeline of an entity via API. |
| Get Entity API[^1] | Allow actor to get an entity via API. |
| Get Timeseries Aspect API[^1] | Allow actor to get a timeseries aspect via API. |
| Get Aspect/Entity Count APIs[^1] | Allow actor to get aspect and entity counts via API. |
| Search API[^1] | Allow actor to search for entities via API. |
| Produce Platform Event API[^1] | Allow actor to ingest a platform event via API. |
| Common Privileges | Description |
|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------|
| View Entity Page | Allow actor to access the entity page for the resource in the UI. If not granted, it will redirect them to an unauthorized page. |
| Edit Tags | Allow actor to add and remove tags to an asset. |
| Edit Glossary Terms | Allow actor to add and remove glossary terms to an asset. |
| Edit Owners | Allow actor to add and remove owners of an entity. |
| Edit Description | Allow actor to edit the description (documentation) of an entity. |
| Edit Links | Allow actor to edit links associated with an entity. |
| Edit Status | Allow actor to edit the status of an entity (soft deleted or not). |
| Edit Domain | Allow actor to edit the Domain of an entity. |
| Edit Deprecation | Allow actor to edit the Deprecation status of an entity. |
| Edit Assertions | Allow actor to add and remove assertions from an entity. |
| Edit Incidents | Allow actor to raise and resolve incidents for an entity. |
| Edit All | Allow actor to edit any information about an entity. Super user privileges. Controls the ability to ingest using API when REST API Authorization is enabled. |
| Get Timeline API[^1] | Allow actor to get the timeline of an entity via API. |
| Get Entity API[^1] | Allow actor to get an entity via API. |
| Get Timeseries Aspect API[^1] | Allow actor to get a timeseries aspect via API. |
| Get Aspect/Entity Count APIs[^1] | Allow actor to get aspect and entity counts via API. |
| Search API[^1] | Allow actor to search for entities via API. |
| Produce Platform Event API[^1] | Allow actor to ingest a platform event via API. |
| Explain ElasticSearch Query API[^1] | Allow actor to explain an ElasticSearch query. |

[^1]: Only active if REST_API_AUTHORIZATION_ENABLED is true

Expand Down
26 changes: 26 additions & 0 deletions ...ata-io/src/main/java/com/linkedin/metadata/search/elasticsearch/ElasticSearchService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import javax.annotation.Nullable;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.opensearch.action.explain.ExplainResponse;
import org.opensearch.action.search.SearchResponse;

@Slf4j
Expand Down Expand Up @@ -291,4 +292,29 @@ public Optional<SearchResponse> raw(@Nonnull String indexName, @Nullable String
public int maxResultSize() {
return ESUtils.MAX_RESULT_SIZE;
}

@Override
public ExplainResponse explain(
@Nonnull String query,
@Nonnull String documentId,
@Nonnull String entityName,
@Nullable Filter postFilters,
@Nullable SortCriterion sortCriterion,
@Nullable SearchFlags searchFlags,
@Nullable String scrollId,
@Nullable String keepAlive,
int size,
@Nullable List<String> facets) {
return esSearchDAO.explain(
query,
documentId,
entityName,
postFilters,
sortCriterion,
searchFlags,
scrollId,
keepAlive,
size,
facets);
}
}
Loading

0 comments on commit 2c9fdcd

Please sign in to comment.