Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove support for v6 configuration #4546

Merged
merged 9 commits into from
Oct 2, 2024

Conversation

nibix
Copy link
Collaborator

@nibix nibix commented Jul 11, 2024

Description

This solves #4493 and removes support for v6 configuration. On master, v6 configuration is not usable any more anyway, see #4745 for the verification.

As an additional benefit, this makes it possible to use SecurityDynamicConfiguration<> instances in a generically type-safe manner. So far, one usually needs to use SecurityDynamicConfiguration<?> instances and do unsafe casts.

If it is desired to continue supporting v6 configuration for OpenSearch 2.x, there's the PR #4753 for that.

  • Category: Refactoring
  • Why these changes are required? - Minimize duplicate logic for privilege evaluation, remove unnecessary code
  • What is the old behavior before changes and new behavior after changes? - Any try to use v6 configuration is now fail-fast

Issues Resolved

Check List

  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@nibix nibix changed the title Auto-convert V6 configuration instances into V7 configuration instaces Auto-convert V6 configuration instances into V7 configuration instances Jul 11, 2024
@nibix nibix marked this pull request as draft July 11, 2024 16:01
Copy link
Member

@DarshitChanpura DarshitChanpura left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good to me @nibix. Could you please check and resolve the conflict?

@nibix
Copy link
Collaborator Author

nibix commented Jul 12, 2024

BTW, I felt that I should describe the idea of the change a bit more in detail. See the updated description of this PR.

@nibix nibix force-pushed the config-improvements branch from 0ab5f5f to 6bb6de4 Compare July 12, 2024 08:35
@nibix nibix mentioned this pull request Jul 17, 2024
3 tasks
@cwperks
Copy link
Member

cwperks commented Sep 6, 2024

With this change, would a user still be able to use the Migrate API to change the documents stored in the security index to the V7 format?

If a user uses securityadmin to export the security index, what format will the generated yml files be in?

@nibix
Copy link
Collaborator Author

nibix commented Sep 10, 2024

@cwperks

With this change, would a user still be able to use the Migrate API to change the documents stored in the security index to the V7 format?
If a user uses securityadmin to export the security index, what format will the generated yml files be in?

In the end, it is up to us to define these behaviors. I would expect that both functionalities remain unaffected. Thus, exporting the configuratin will yield v6/v1 configuration files. Also, the migrate API and the migrate command continue to work as before.

@cwperks
Copy link
Member

cwperks commented Sep 18, 2024

In the end, it is up to us to define these behaviors. I would expect that both functionalities remain unaffected. Thus, exporting the configuratin will yield v6/v1 configuration files. Also, the migrate API and the migrate command continue to work as before.

Sounds good. What work is remaining on this PR in order to flip it from Draft?

@nibix
Copy link
Collaborator Author

nibix commented Sep 19, 2024

@cwperks

What work is remaining on this PR in order to flip it from Draft?

Mainly reviewing test failures and reviewing the special cases, like migration and API - as mentioned above.

So, I would then focus on this again?

@cwperks
Copy link
Member

cwperks commented Sep 19, 2024

If its an enabler for #4380, then IMO I think we should move this forward

@nibix nibix force-pushed the config-improvements branch from 950c447 to 1540e23 Compare September 21, 2024 06:48
@nibix nibix force-pushed the config-improvements branch from 14fdac9 to 5631248 Compare September 24, 2024 07:54
@nibix nibix changed the title Auto-convert V6 configuration instances into V7 configuration instances Remove support for v6 configuration Sep 24, 2024
@nibix nibix marked this pull request as ready for review September 24, 2024 08:04
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
@nibix nibix force-pushed the config-improvements branch from f4e59b0 to 7f5bc7d Compare September 25, 2024 05:08
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Copy link

codecov bot commented Sep 25, 2024

Codecov Report

Attention: Patch coverage is 66.51376% with 73 lines in your changes missing coverage. Please review.

Project coverage is 67.97%. Comparing base (a62e99a) to head (5ebe500).
Report is 6 commits behind head on main.

Files with missing lines Patch % Lines
...a/org/opensearch/security/tools/SecurityAdmin.java 23.07% 30 Missing and 10 partials ⚠️
...ch/security/securityconf/DynamicConfigFactory.java 60.00% 10 Missing and 6 partials ⚠️
...a/org/opensearch/security/DefaultObjectMapper.java 0.00% 6 Missing ⚠️
...earch/security/configuration/ConfigurationMap.java 84.00% 2 Missing and 2 partials ⚠️
...g/opensearch/security/securityconf/impl/CType.java 92.30% 2 Missing and 1 partial ⚠️
...ecurityconf/impl/SecurityDynamicConfiguration.java 84.21% 0 Missing and 3 partials ⚠️
...ecurity/configuration/ConfigurationRepository.java 93.33% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4546      +/-   ##
==========================================
+ Coverage   65.59%   67.97%   +2.38%     
==========================================
  Files         319      310       -9     
  Lines       22470    20924    -1546     
  Branches     3604     3318     -286     
==========================================
- Hits        14739    14224     -515     
+ Misses       5921     4952     -969     
+ Partials     1810     1748      -62     
Files with missing lines Coverage Δ
...ty/configuration/ConfigurationLoaderSecurity7.java 70.00% <100.00%> (+0.70%) ⬆️
...arch/security/dlic/rest/api/AbstractApiAction.java 83.33% <ø> (ø)
...earch/security/dlic/rest/api/AccountApiAction.java 60.56% <ø> (ø)
.../security/dlic/rest/api/ActionGroupsApiAction.java 78.18% <ø> (ø)
...rch/security/dlic/rest/api/AllowlistApiAction.java 89.47% <ø> (ø)
...nsearch/security/dlic/rest/api/AuditApiAction.java 90.76% <ø> (-3.08%) ⬇️
...curity/dlic/rest/api/AuthTokenProcessorAction.java 90.90% <ø> (ø)
.../security/dlic/rest/api/CertificatesApiAction.java 35.13% <ø> (ø)
...security/dlic/rest/api/ConfigUpgradeApiAction.java 72.97% <100.00%> (ø)
...ch/security/dlic/rest/api/FlushCacheApiAction.java 64.00% <100.00%> (-1.39%) ⬇️
... and 30 more

... and 13 files with indirect coverage changes

willyborankin
willyborankin previously approved these changes Sep 25, 2024
cwperks
cwperks previously approved these changes Oct 1, 2024
Copy link
Member

@cwperks cwperks left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left one minor comment. This change LGTM!

Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
@nibix nibix dismissed stale reviews from cwperks and willyborankin via 5ebe500 October 2, 2024 07:10
@nibix
Copy link
Collaborator Author

nibix commented Oct 2, 2024

@willyborankin @cwperks I did one more minor commit: 5ebe500 ... could you please re-approve?

@cwperks
Copy link
Member

cwperks commented Oct 2, 2024

@willyborankin @cwperks I did one more minor commit: 5ebe500 ... could you please re-approve?

Done

@cwperks cwperks merged commit 830b341 into opensearch-project:main Oct 2, 2024
42 checks passed
terryquigleysas pushed a commit to terryquigleysas/security that referenced this pull request Oct 3, 2024
Signed-off-by: Nils Bandener <nils.bandener@eliatra.com>
Signed-off-by: Terry Quigley <terry.quigley@sas.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants