Project plan for anomaly detection features #43
Conversation
Signed-off-by: Peter Nied <petern@amazon.com>
|
@opensearch-project/security Could I get a review of this set of changes as well? |
|
|
||
| #### Delayed action API [sdk#42](https://github.com/opensearch-project/opensearch-sdk/issues/42) | ||
| When actions are triggered without an interactive user session OpenSearch will need to permit the action to occur or not. Create an API for these background tasks to get an identity associated with the session. |
There was a problem hiding this comment.
Probably want to mention Principal identities here.
There was a problem hiding this comment.
What do you think about moving this detail into the associated issue? Its a great requirement that should be part of use cases and acceptance criteria.
Signed-off-by: Peter Nied <petern@amazon.com> Co-authored-by: Daniel Widdis <widdis@gmail.com>
| Additional background avaliable from [Security#1895](https://github.com/opensearch-project/security/issues/1895) | ||
|
|
||
| ### User identity [OpenSearch#3846](https://github.com/opensearch-project/OpenSearch/issues/3846) :negative_squared_cross_mark: |
There was a problem hiding this comment.
AD exposes a bunch of actions.
For example: cluster:admin/opensearch/ad/detector/delete[1] is a Transport Action API exposed by AD.
How do we plan to support authorization of user for extensions?
There was a problem hiding this comment.
With the existing security plugin in place, no additional action is needed as these are already filtered. The assumption is that the security plugins hooks will still execute before the extensions hooks are triggered so the API calls can be intercepted as is already implemented.
If/When we rewrite the permissions evaluation system I think part of the backwards compatibility story will need to account for scenarios like this where no/minimal action is needed by plugin authors.
Signed-off-by: Peter Nied <petern@amazon.com>
There was a problem hiding this comment.
Thanks @peternied for this.
Excited to see these pieces in action.
|
@dbwiddis / @owaiskazi19 I'd like to get this change merged, any thing you'd like to see updated beforehand? |
* Project plan for anomaly detection features Signed-off-by: Peter Nied <petern@amazon.com> Co-authored-by: Daniel Widdis <widdis@gmail.com>
Description
Project plan for anomaly detection features
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.