Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature/Extension] Add integration test case to that ip based role mapping are not part of OBO authentication tokens #3222

Closed
RyanL1997 opened this issue Aug 21, 2023 · 1 comment · Fixed by #3270
Closed

[Feature/Extension] Add integration test case to that ip based role mapping are not part of OBO authentication tokens #3222

RyanL1997 opened this issue Aug 21, 2023 · 1 comment · Fixed by #3270
Assignees
@RyanL1997
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@RyanL1997
Copy link
Collaborator

RyanL1997 commented Aug 21, 2023
edited
Loading

Is your feature request related to a problem?
In issue #3000 with PR #3161, we decided to not consider IP-based rolemapping into the scope of OBO authentication. According to this, we should have an integration test case to capture this design.

What solution would you like?
A potential place to implement this is at the existed integration tests suite of OBO auth (source code)

Good state for closing this issue
This test case should specifically assess whether the OBO auth remains unaffected by host mappings, particularly IP-based roles mapping. After setting up the test environment, we can issue a token and evaluate its functionality, ensuring it operates independently of any preceding host mapping configurations.
@RyanL1997 RyanL1997 added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Aug 21, 2023
@peternied peternied changed the title [Feature/Extension] Add integration test case to test ip based role mapping for OBO authentication [Feature/Extension] Add integration test case to that ip based role mapping are not part of OBO authentication tokens Aug 21, 2023
@stephen-crawford
Copy link
Contributor

[Triage] Hi @RyanL1997, thank you for filing this issue. This item appears actionable with the completion criteria being a PR which adds an IT to confirm Ip-based roles are not passed in OBO tokens.

@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Aug 21, 2023
@RyanL1997 RyanL1997 self-assigned this Aug 29, 2023
@RyanL1997 RyanL1997 mentioned this issue Aug 30, 2023
Merged
3 tasks
RyanL1997 added a commit that referenced this issue Sep 7, 2023
@RyanL1997
[Feature/Extension] Add integration test case for OBO hostmapping (#3270
7e1b786 
)

### Description
Add integration test case for OBO hostmapping

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)
Test Enhancement

### Issues Resolved
* Resolve #3222

### Check List
- [x] New functionality includes testing
- [ ] New functionality has been documented
- [x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Ryan Liang <jiallian@amazon.com>
stephen-crawford pushed a commit to stephen-crawford/security that referenced this issue Sep 14, 2023
@RyanL1997 @stephen-crawford
[Feature/Extension] Add integration test case for OBO hostmapping (op…
4bbbc37 
…ensearch-project#3270)

Add integration test case for OBO hostmapping

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)
Test Enhancement

* Resolve opensearch-project#3222

- [x] New functionality includes testing
- [ ] New functionality has been documented
- [x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Ryan Liang <jiallian@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RyanL1997 RyanL1997

Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Feature/Extension] Add integration test case for OBO hostmapping RyanL1997/security
2 participants
@stephen-crawford @RyanL1997