Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds a sample resource plugin to demonstrate resource access control in action #4893

Draft
wants to merge 16 commits into
base: feature/resource-permissions
Choose a base branch
from
Draft

Adds a sample resource plugin to demonstrate resource access control in action #4893

wants to merge 16 commits into from

Conversation

DarshitChanpura
Copy link
Member

Description

This PR introduces a sample plugin aimed at demonstrating the usage of resource access control in action. Resource access control is introduced in #4746

Issues Resolved

[TBD]

Testing

Automated + Manual

Check List

  • New functionality includes testing
    - [ ] New functionality has been documented
    - [ ] New Roles/Permissions have a corresponding security dashboards plugin PR
    - [ ] API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@DarshitChanpura DarshitChanpura mentioned this pull request Nov 11, 2024
Draft
5 tasks
@codecov Codecov
Copy link

codecov bot commented Nov 11, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.43%. Comparing base (9dfd5a0) to head (8845812).
Report is 15 commits behind head on feature/resource-permissions.

Additional details and impacted files

Impacted file tree graph

@@                       Coverage Diff                        @@
##           feature/resource-permissions    #4893      +/-   ##
================================================================
+ Coverage                         71.42%   71.43%   +0.01%     
================================================================
  Files                               334      334              
  Lines                             22517    22552      +35     
  Branches                           3586     3590       +4     
================================================================
+ Hits                              16082    16110      +28     
- Misses                             4641     4646       +5     
- Partials                           1794     1796       +2

see 12 files with indirect coverage changes

cwperks
cwperks reviewed Nov 11, 2024
View reviewed changes
...e-resource-plugin/src/main/resources/META-INF/services/org.opensearch.plugins.ResourcePlugin
@@ -0,0 +1 @@
org.opensearch.sample.SampleResourcePlugin
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a SPI that this file is associated with?

cwperks
cwperks reviewed Nov 11, 2024
View reviewed changes
...in/src/main/java/org/opensearch/sample/transport/ListAccessibleResourcesTransportAction.java Outdated
protected void doExecute(Task task, ListAccessibleResourcesRequest request, ActionListener<ListAccessibleResourcesResponse> listener) {
try {
ResourceService rs = SampleResourcePlugin.GuiceHolder.getResourceService();
List<String> resourceIds = rs.getResourceAccessControlPlugin().listAccessibleResourcesInPlugin(RESOURCE_INDEX_NAME);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we consider giving back resource objects here?

@cwperks
Copy link
Member

cwperks commented Nov 11, 2024

Is there any way we can add tests and run them as a CI check for the sample plugin? (preferably w/o relying on core-side changes bc its not clear when core-side changes can be merged)

@DarshitChanpura
Adds a sample resource plugin to demonstrate resource access control …
561e294 
…in action

Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Cleans up create action
57661e7 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Fixes create API
d68f349 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Adds Revoke API and cleans up existing APIs
0460549 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Adds delete API and refactors package structure
46960ea 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Updates Revoke request
bc67926 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Convert sets to lists
ccd5d07 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Adds default scopes to validation list
bfc39ad 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Fixes ClassCastException
acc22c4 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Adds plugin specific exception class
4dc7597 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Fixes NPE
0349537 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Updates method name to corresponding to changes in core
334b50d 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Updates API route
0f60c91 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Adds README
5ca5dec 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Returns actual resource when listing the resource
ca377f6 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
@DarshitChanpura
Updates SampleResource class structure
8845812 
Signed-off-by: Darshit Chanpura <dchanp@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwperks cwperks cwperks left review comments

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho will be requested when the pull request is marked ready for review derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix will be requested when the pull request is marked ready for review nibix is a code owner

@peternied peternied Awaiting requested review from peternied peternied will be requested when the pull request is marked ready for review peternied is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 will be requested when the pull request is marked ready for review RyanL1997 is a code owner

@reta reta Awaiting requested review from reta reta will be requested when the pull request is marked ready for review reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin will be requested when the pull request is marked ready for review willyborankin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DarshitChanpura @cwperks