Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DRAFT] Resource permissions and sharing #166

Draft
wants to merge 345 commits into
base: main
Choose a base branch
from
Draft

[DRAFT] Resource permissions and sharing #166

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
345 commits
Select commit Hold shift + click to select a range
23fcfba
Fixes license
DarshitChanpura Oct 2, 2024
fba48ab
Adds changelog entry
DarshitChanpura Oct 2, 2024
9cb8d0e
Adds a notion of scope
DarshitChanpura Oct 2, 2024
e7ad37d
Change version checks from CURRENT to 2.18 (#16174)
ltaragi Oct 3, 2024
bf6566e
Add changes to block calls in cat shards, indices and segments based …
sumitasr Oct 3, 2024
5771e81
Separate Remote State and Publication enabled and configured methods …
shiv0408 Oct 3, 2024
6020c58
[Snapshot V2] Remove orphan timestamps post create snapshot completio…
gbbafna Oct 3, 2024
3d7184b
Bump Netty to 4.1.114.Final (#16182)
reta Oct 3, 2024
d1fd47c
Implement phone number analyzer (#15915)
rursprung Oct 3, 2024
f9e0c85
Fix japicmp configuration by treating abstract-to-default method chan…
reta Oct 4, 2024
aef7eca
Add more unit tests for RemoteStoreUtils and RemoteFsTimestampAwareTr…
sachinpkale Oct 4, 2024
ba8f1be
Run queued operations post v2 operations completion (#16179)
gbbafna Oct 4, 2024
b06ddb6
Fix warnings from SLF4J on startup when repository-s3 is installed (#…
cwperks Oct 4, 2024
421a1cc
Fix unknown parameter source_remote_translog_repository bug (#16192)
sachinpkale Oct 4, 2024
848234e
Modifies sharedwith to accomodate scope
DarshitChanpura Oct 4, 2024
eaf0c6e
Adds missing JavaDoc
DarshitChanpura Oct 4, 2024
6a6e6f7
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Oct 4, 2024
566913a
Adds NamedWriteable capability and removes un-needed method
DarshitChanpura Oct 4, 2024
7a58f5e
Mute snapshot v2 flaky tests (#16193)
gbbafna Oct 7, 2024
a81b868
Implementing pagination for _cat/shards (#14641)
gargharsh3134 Oct 7, 2024
146b0f7
Update Apache Lucene to 9.12.0 (#15333)
reta Oct 7, 2024
e885aa9
Latency improvements to Multi Term Aggregations (#14993)
expani Oct 7, 2024
e24b4c9
Add wlm resiliency orchestrator (query group service) (#15925)
kaushalmahi12 Oct 8, 2024
266bdd3
[Tiered Caching] Segmented cache changes (#16047)
sgup432 Oct 8, 2024
1e49aa8
[Star tree] Add date field rounding support in star tree (#15249)
bharath-techie Oct 8, 2024
3696c29
[Star tree] Refactoring builder tests (#16036)
bharath-techie Oct 8, 2024
5279d21
Change successfulSearchShardIndices to Set<Index> (#16110)
dzane17 Oct 8, 2024
e8e041b
Add more concurrent Snapshot V2 Integ Tests (#16207)
gbbafna Oct 8, 2024
aad325f
Bump com.azure:azure-json from 1.1.0 to 1.3.0 in /plugins/repository-…
dependabot[bot] Oct 8, 2024
96082f7
Close RemoteStorePinnedTimestampService on Node.close() (#16228)
sachinpkale Oct 8, 2024
febbc00
Add TLSv1.3 in jdk.tls.client.protocols systemProp in gradle.properti…
cwperks Oct 8, 2024
2ed8ff0
Attempt to delete backport branches only for OpenSearch repo (#16240)
gaiksaya Oct 8, 2024
62b1537
Fix Cache backward compatibility breaking change (#16238)
sgup432 Oct 9, 2024
b5917c5
[Star tree] Moving compositeCodec to composite912Codec and dropping c…
bharath-techie Oct 9, 2024
acf209f
Bump com.google.api-client:google-api-client from 2.2.0 to 2.7.0 in /…
dependabot[bot] Oct 9, 2024
e7757e7
Update Apache Lucene version for 2.18.0 (#16252)
reta Oct 9, 2024
9225aa2
Bump com.squareup.okio:okio from 3.9.0 to 3.9.1 in /test/fixtures/hdf…
dependabot[bot] Oct 9, 2024
ba0ccfa
Bump io.grpc:grpc-api from 1.57.2 to 1.68.0 in /plugins/discovery-gce…
dependabot[bot] Oct 9, 2024
a09750a
Remove redundant force merge - histo rest tests (#16144)
finnegancarroll Oct 9, 2024
68e3e45
The protobuf-java leaks through client library dependencies (#16254)
reta Oct 9, 2024
9e53d9b
Fix Flaky Test org.opensearch.gateway.RecoveryFromGatewayIT.testShard…
kkewwei Oct 10, 2024
d7b0116
Revert remote publication method renaming in DiscoveryNode (#16250)
soosinha Oct 10, 2024
58adc18
BugFix: call listener.onFailure on failure to pin the timestamp (#16248)
sachinpkale Oct 10, 2024
b2253f1
[Workload Management] QueryGroup Stats API Logic (#15777)
ruai0511 Oct 10, 2024
b3b8c9b
Add Integration Tests for Workload Management CRUD APIs (#15955)
ruai0511 Oct 10, 2024
691f725
Reconfigure remote state thread pool count (#16245)
soosinha Oct 10, 2024
942765e
Add snapshot_path prefix to snapshot shards path file on S3 (#16267)
ashking94 Oct 10, 2024
b4f876f
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Oct 10, 2024
9baac32
Updates toXContent implementations
DarshitChanpura Oct 10, 2024
0eb47ac
Fix toString implementation
DarshitChanpura Oct 10, 2024
1e7f6df
Support JDK-23 (build time and runtime) (#16257)
reta Oct 10, 2024
34b794b
Making wlm stats output easier to understand (#16278)
kaushalmahi12 Oct 11, 2024
d6ea8eb
Change remote store restore cluster state priority to URGENT (#16281)
sachinpkale Oct 11, 2024
b3459fd
Update setting API honors cluster's replica setting as default #14810…
chishui Oct 11, 2024
53c9ddf
Remove ApproximateIndexOrDocValuesQuery (#16273)
msfroh Oct 11, 2024
20536ee
Fix IndicesRequestCacheIt flaky tests (#16276)
sgup432 Oct 12, 2024
5d2d392
Skip unnecessary string format in RemoteStoreMigrationAllocationDecid…
imRishN Oct 14, 2024
2166b44
Optimise clone operation for incremental full cluster snapshots (#16296)
ashking94 Oct 14, 2024
55e98ed
Fix multi-search with template doesn't return status code (#16265)
gaobinlong Oct 14, 2024
b5dcde3
[Snapshot V2] Move timestamp pinning before cluster state update (#16…
gbbafna Oct 14, 2024
7065e6b
Bump ch.qos.logback:logback-core from 1.5.8 to 1.5.10 in /test/fixtur…
dependabot[bot] Oct 14, 2024
f4bf0da
Bump me.champeau.gradle.japicmp from 0.4.3 to 0.4.4 in /server (#16309)
dependabot[bot] Oct 14, 2024
0ff0439
Bump com.google.oauth-client:google-oauth-client from 1.35.0 to 1.36.…
dependabot[bot] Oct 14, 2024
32c1a43
Bump lycheeverse/lychee-action from 1.10.0 to 2.0.2 (#16310)
dependabot[bot] Oct 14, 2024
931339e
Bump com.azure:azure-core-http-netty from 1.15.4 to 1.15.5 in /plugin…
dependabot[bot] Oct 14, 2024
783d3e1
Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 in /plugins/repo…
dependabot[bot] Oct 14, 2024
88d13eb
Enable coordinator search.request_stats_enabled by default (#16290)
dzane17 Oct 14, 2024
9ddee61
Flat object field should delegate to keyword field for most query typ…
kkewwei Oct 14, 2024
6c17119
Add new benchmark config for query approximation (#16323)
msfroh Oct 14, 2024
e313071
Allows the ability to list resource permissions
DarshitChanpura Oct 15, 2024
a53e0c6
Update last seen cluster state in commit phase (#16215)
soosinha Oct 15, 2024
35c366d
Add support to dynamically resize threadpools size (#16236)
gbbafna Oct 15, 2024
23d1c7a
Fix deletion permits flow in RemoteFsTimestampAwareTranslog (#16282)
sachinpkale Oct 15, 2024
a853b75
Fix wrong default value when setting index.number_of_routing_shards t…
gaobinlong Oct 16, 2024
d404359
JDK-23: Mitigation for https://bugs.openjdk.org/browse/JDK-8341127 is…
reta Oct 16, 2024
dd5a87a
Bugfix in snapshot V2 restore flow (#16332)
sachinpkale Oct 16, 2024
62081f2
fix cluster not able to spin up issue when disk usage exceeds thresho…
zane-neo Oct 16, 2024
6594516
[Snapshot V2] Use metadata from source snapshot while cloning snapsho…
gbbafna Oct 16, 2024
ec7b652
[Streaming Indexing] Fix intermittent 'The bulk request must be termi…
reta Oct 16, 2024
1a7018a
Fixed inefficient Stream API call chains ending with count() (#15386)
dk2k Oct 17, 2024
74dba3f
Update 10_basic.yml (#16349)
reta Oct 17, 2024
0c3e3c0
Make Remote Publication a dynamic setting (#15937)
shiv0408 Oct 17, 2024
dc8a435
[Star tree] Performance optimizations during flush flow (#16037)
bharath-techie Oct 17, 2024
e360ceb
Skip media type parsing for known string values (#16358)
andrross Oct 17, 2024
ebcf5e3
Fixed assignment to catch block parameter (#15384)
dk2k Oct 17, 2024
3b004bf
Make query groups persistent across process restarts (#16370)
kaushalmahi12 Oct 18, 2024
4456d55
Removed suspicious call of getClass() on instance of Class, which era…
dk2k Oct 18, 2024
0bded88
Revert #15258 to figure out a better approach to fix the issue. (#16377)
zane-neo Oct 18, 2024
9096aee
Fix bug in snapshot update check for multiple v2 repo (#16379)
gbbafna Oct 18, 2024
f1c98a4
Do orphan timestamp cleanup before completing the snapshot (#16365)
gbbafna Oct 18, 2024
f346788
Add method to return dynamic SecureTransportParameters from SecureTra…
cwperks Oct 18, 2024
0f7d572
Fix array hashCode calculation in ResyncReplicationRequest (#16378)
dk2k Oct 19, 2024
0419e5d
Fix typo super->sb in method toString() of RemoteStoreNodeAttribute (…
dk2k Oct 21, 2024
78d2a4e
Treat last fetch timestamp of pinned timestamp as one of the pinned t…
sachinpkale Oct 21, 2024
c4a9cc1
BugFix - Extract snapshot UUID from pinned entity correctly (#16398)
gbbafna Oct 21, 2024
ad7f9e7
Handle delete cases for star tree (#16380)
bharath-techie Oct 21, 2024
2dfd519
Bump org.jline:jline in /test/fixtures/hdfs-fixture (#16404)
dependabot[bot] Oct 21, 2024
6c7581e
Snapshot _status API: Include in-progress snapshots in total shard co…
ltaragi Oct 21, 2024
e3db742
Bump com.microsoft.azure:msal4j from 1.17.1 to 1.17.2 in /plugins/rep…
dependabot[bot] Oct 21, 2024
322bdc4
[BUG] Add missing fields to resolve Strict Dynamic Mapping issue in .…
inpink Oct 21, 2024
456ca97
[Star Tree] [Search] Support for metric aggregations with/without ter…
sandeshkr419 Oct 21, 2024
1982427
URI path filtering support in cluster stats API (#15938)
SwethaGuptha Oct 22, 2024
20e233e
Fixing inline javadocs usage in PaginationStrategy (#16428)
gargharsh3134 Oct 22, 2024
267c68e
Fix unclosed store references with node-node segrep when primary node…
mch2 Oct 22, 2024
5120efb
Update JDK to 23.0.1 (#16429)
reta Oct 22, 2024
6891267
Improve the rejection logic for soft mode query groups during node du…
kaushalmahi12 Oct 22, 2024
760e676
Wlm create/update REST API bug fix (#16422)
kaushalmahi12 Oct 23, 2024
ca40ba4
Make multiple settings dynamic for tuning on larger clusters (#16347)
rahulkarajgikar Oct 23, 2024
9489a21
Add new parameters to snapshot restore to rename the restored aliases…
mispencer Oct 23, 2024
bb1359f
Disallow snapshot deletion while a v2 snapshot is in progress (#16430)
gbbafna Oct 23, 2024
15607b1
Downgrade version to 2.18.0 for ser/de of new ClusterStatsRequest met…
SwethaGuptha Oct 23, 2024
5941a7e
Fix get index settings API doesn't show number_of_routing_shards when…
gaobinlong Oct 23, 2024
9a476b6
Avoid making further transport calls if paginationStrategy outputs em…
gargharsh3134 Oct 23, 2024
8eccbb5
Add log message if SSL dual mode is enabled (#16437)
cwperks Oct 23, 2024
66f0110
Fix flaky test in `testApproximateRangeWithSizeOverDefault` by adjust…
inpink Oct 23, 2024
9dd1a59
Add support for restoring from snapshot with search replicas (#16111)
vinaykpud Oct 23, 2024
119abaf
Update version to 2.18.0 for CatShards request and response (#16455)
gargharsh3134 Oct 24, 2024
9498793
Update 2.x to 2.19.0 (since 2.18.0 was cut) (#16466)
reta Oct 24, 2024
936cdb9
Change to correct version since this has been backported (#16472)
mispencer Oct 24, 2024
4ad1be3
Revert uploading of manifest using min codec version (#16403)
soosinha Oct 25, 2024
bb45f03
Add Setting to adjust the primary constraint weights (#16471)
Arpit-Bandejiya Oct 25, 2024
b2d537a
Update version check in yaml test file for the bug fix for get index …
gaobinlong Oct 25, 2024
6f1b59e
Add logic in master service to optimize performance and retain detail…
sumitasr Oct 26, 2024
72559bf
create publication repos during join task execution (#16383)
rajiv-kv Oct 28, 2024
0fcb3ab
Bump ch.qos.logback:logback-core from 1.5.10 to 1.5.12 in /test/fixtu…
dependabot[bot] Oct 28, 2024
9f7d3b6
using the routing allocation to cancel existing recoveries (#16468)
rajiv-kv Oct 28, 2024
af7a067
Switch from `buildSrc/version.properties` to Gradle version catalog (…
cwperks Oct 28, 2024
6385ad3
Add 2.18 release notes (#16511)
andrross Oct 28, 2024
08dc3bb
Remove CHANGELOG entry for change that was backported (#16514)
andrross Oct 29, 2024
1e7c122
Ensure index templates are not applied to system indices (#16418)
pyek-bot Oct 29, 2024
1ec5bcb
Bump com.google.apis:google-api-services-compute from v1-rev20240407-…
dependabot[bot] Oct 30, 2024
f57b889
Bump com.azure:azure-storage-common from 12.25.1 to 12.27.1 (#16521)
gaobinlong Oct 30, 2024
4b284c5
Bump com.azure:azure-storage-blob from 12.23.0 to 12.28.1 in /plugins…
dependabot[bot] Oct 30, 2024
80ca32f
remove resource usages object from headers (#16532)
ansjcy Nov 1, 2024
0363aa7
Adds cluster setting to allow caching requests with size>0 in request…
peteralfonsi Nov 1, 2024
a2a01f8
Support retrieving doc values of unsigned long field (#16543)
bugmakerrrrrr Nov 1, 2024
bb131f9
Bump versions in README to 2.19.0 and 2.18.1 (#16554)
cwperks Nov 4, 2024
f32f5c6
Bump org.apache.hadoop:hadoop-minicluster from 3.4.0 to 3.4.1 in /tes…
dependabot[bot] Nov 4, 2024
4c35a2b
fix rollover alias supports restored searchable snapshot index (#16483)
kkewwei Nov 4, 2024
b25e10a
Ensure support of the transport-nio by security plugin (HTTP) (#16474)
reta Nov 5, 2024
e07499a
Improve performance for resolving derived fields (#16564)
robson-glean Nov 5, 2024
bd91162
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Nov 5, 2024
4213cc2
Make cacheEntry.getIndexInput() privileged when fetching blobs from r…
finnegancarroll Nov 5, 2024
034bd2b
Bump com.google.apis:google-api-services-compute from v1-rev20241015-…
dependabot[bot] Nov 6, 2024
9f790ee
Fix non-x64 bwc build targets (#16575)
andrross Nov 6, 2024
aa5c39b
Detect Breaking Changes check does not fail on new method added to an…
reta Nov 7, 2024
9b7681c
Make IndexStoreListener a pluggable interface (#16583)
jed326 Nov 7, 2024
5909e1a
Update dependency org.apache.zookeeper:zookeeper to v3.9.3 (#16593)
mend-for-github-com[bot] Nov 7, 2024
e688388
[AUTO] [main] Add bwc version 2.18.1. (#16573)
opensearch-trigger-bot[bot] Nov 8, 2024
10873f1
Increase segrep pressure checkpoint default limit to 10 (#16577)
gbbafna Nov 11, 2024
607a08e
Bump lycheeverse/lychee-action from 2.0.2 to 2.1.0 (#16610)
dependabot[bot] Nov 11, 2024
6e34a80
Bump me.champeau.gradle.japicmp from 0.4.4 to 0.4.5 in /server (#16614)
dependabot[bot] Nov 11, 2024
46ded36
Adds Integration Tests for Search Pipeline (#16561)
owaiskazi19 Nov 11, 2024
c9edb48
Add a flag in QueryShardContext to differentiate between a normal que…
heemin32 Nov 11, 2024
b9d9729
Bump com.nimbusds:nimbus-jose-jwt from 9.41.1 to 9.46 in /test/fixtur…
dependabot[bot] Nov 12, 2024
7f27ddc
Complete keyword changes for star tree (#16233)
bharath-techie Nov 12, 2024
e9f77e3
Bump org.apache.xmlbeans:xmlbeans from 5.2.1 to 5.2.2 in /plugins/ing…
dependabot[bot] Nov 12, 2024
53d41d3
feat: add vertical scaling and SoftReference for snapshot repository …
inpink Nov 12, 2024
5068fad
Add a new configuration setting `synonym_analyzer` for `synonym_graph…
prudhvigodithi Nov 12, 2024
548a650
Support prefix list for remote repository attributes (#16271)
rajiv-kv Nov 13, 2024
3f18562
Bump google-auth-library-oauth2-http from 1.7.0 to 1.29.0 in /plugin…
gaobinlong Nov 14, 2024
4cce608
Fix stale index deletion in snapshots for hashed prefix path type (#1…
ashking94 Nov 14, 2024
ac3e4ff
Bump com.google.cloud:google-cloud-core-http from 2.23.0 to 2.47.0 in…
dependabot[bot] Nov 14, 2024
3b9ca63
Support installing plugin SNAPSHOTs with SNASPHOT distribution (#16581)
reta Nov 14, 2024
26e6ea1
Update DEVELOPER_GUIDE.md instructions for JDK-11 (#16533)
reta Nov 14, 2024
efef676
Update version check in yaml test file for allowing composite aggrega…
gaobinlong Nov 15, 2024
3b4fa0e
Bump mockito from 5.14.1 to 5.14.2, objenesis from 3.2 to 3.3 and byt…
cwperks Nov 15, 2024
8e097ee
Update to Netty 4.1.115.Final (#16661)
reta Nov 15, 2024
d4d70d8
Search dv only IP masks (#16628)
mkhludnev Nov 15, 2024
dccd40f
Bump org.xerial.snappy:snappy-java from 1.1.10.6 to 1.1.10.7 in /test…
dependabot[bot] Nov 18, 2024
f105e4e
Bump com.gradle.develocity from 3.18.1 to 3.18.2 (#16669)
dependabot[bot] Nov 18, 2024
ac44300
Fix stale cluster state custom file deletion (#16670)
soosinha Nov 19, 2024
9b8b9fd
Update Gradle to 8.11 (#16386)
reta Nov 19, 2024
1d8568e
Update Gradle version for Detect Breaking Changes Github action (#16685)
reta Nov 19, 2024
2ac64a6
Changing request cache size > 0 setting to int threshold (#16570)
peteralfonsi Nov 19, 2024
b17c295
Bump codecov/codecov-action from 4 to 5 (#16667)
dependabot[bot] Nov 19, 2024
05513df
Bump com.google.apis:google-api-services-compute from v1-rev20241021-…
dependabot[bot] Nov 19, 2024
2327258
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Nov 20, 2024
b1a7743
Separating remote download and publication stats (#16682)
himshikha Nov 21, 2024
9388217
Update Gradle to 8.11.1 (#16694)
reta Nov 22, 2024
c82cd2e
[Bugfix] Fix TieredSpilloverCache stats not adding correctly when sha…
peteralfonsi Nov 22, 2024
774a4a1
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Nov 25, 2024
3da97f2
Bump org.apache.logging.log4j:log4j-core from 2.24.1 to 2.24.2 in /bu…
dependabot[bot] Nov 25, 2024
5817710
Removed unused array (#15364)
dk2k Nov 26, 2024
37cacf0
Adds NamedWriteable implementations
DarshitChanpura Nov 27, 2024
ad982c2
Support more than 1024 IP/masks with indexed field (#16391)
mkhludnev Nov 27, 2024
6d3fd37
Library changes for Apache Arrow integration (#16691)
rishabhmaurya Nov 29, 2024
b75f27a
Fix Flaky Test SearchWithRandomExceptionsIT.testRandomExceptions (#16…
kkewwei Nov 29, 2024
d2a1477
Deprecate performing update operation with default pipeline or final …
gaobinlong Dec 2, 2024
ac45643
Update 75_update.yml (#16759)
reta Dec 3, 2024
d6157d6
Fix allowed_warnings takes no effect for the yaml test in 75_update.y…
gaobinlong Dec 3, 2024
80ba41f
Bump ch.qos.logback:logback-classic from 1.2.13 to 1.5.12 in /test/fi…
dependabot[bot] Dec 3, 2024
5b05dcb
Update Jackson to 2.18.2 (#16758)
reta Dec 3, 2024
b1bf72f
Bound the size of cache in deprecation logger (#16724)
andrross Dec 3, 2024
4107407
Adds TODO for Noop Implementation
DarshitChanpura Dec 3, 2024
d199096
Ensure consistency of system flag on IndexMetadata after diff is appl…
cwperks Dec 4, 2024
274c64f
Adds fromValue method to EntityType
DarshitChanpura Dec 4, 2024
42dc22e
Bump com.azure:azure-identity from 1.13.2 to 1.14.2 in /plugins/repos…
cwperks Dec 5, 2024
014be82
Refactors variables from List to Set
DarshitChanpura Dec 5, 2024
75a2fc3
Make entries for dependencies from server/build.gradle to gradle vers…
cwperks Dec 5, 2024
3143796
Updates revokeAccess signature to accept scopes to revoke access from
DarshitChanpura Dec 5, 2024
04a02cb
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Dec 5, 2024
e468f91
Convert sets to lists
DarshitChanpura Dec 5, 2024
3a0b4b1
Upper-case the default scope
DarshitChanpura Dec 5, 2024
98dbc4a
Refactor Docker Compose version detection to predictably pick v2 only…
reta Dec 6, 2024
d12fc32
Bump com.azure:azure-storage-common from 12.27.1 to 12.28.0 in /plugi…
dependabot[bot] Dec 9, 2024
2d18c34
Consolidate cleanup for Azure blob tests (#16789)
reta Dec 9, 2024
5ba909a
Overflow prevention (#16812)
prudhvigodithi Dec 9, 2024
da6eda7
Skip remote-repositories validations for node-joins when Repositories…
Pranshu-S Dec 10, 2024
336bb5f
Added release notes for 1.3.20 (#16824)
bshien Dec 11, 2024
c5f3818
Bump com.nimbusds:nimbus-jose-jwt from 9.46 to 9.47 in /test/fixtures…
dependabot[bot] Dec 11, 2024
5aa6509
Update opensearch.release-notes-1.3.20.md (#16825)
dbwiddis Dec 11, 2024
0056807
Adds concrete implementation of getResources in Noop RAC plugin
DarshitChanpura Dec 11, 2024
0548fc2
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Dec 11, 2024
2b402ec
Fixing _list/shards API for closed indices (#16606)
gargharsh3134 Dec 12, 2024
b67cdf4
Added support for search replica to return segrep stats (#16678)
vinaykpud Dec 12, 2024
193112b
Updates the ResourceAccessControlPlugin to have noop actions, renames…
DarshitChanpura Dec 13, 2024
cbbefa6
Adds ReflectPermissions for DefaultResourceAccessControlPlugin
DarshitChanpura Dec 13, 2024
d7d1f25
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Dec 13, 2024
b359dd8
Fix remote shards balance (#15335)
bugmakerrrrrr Dec 13, 2024
d37cc9b
Handle version during repository registration for prefix mode verific…
ashking94 Dec 16, 2024
e46d4bc
introduce a setting to disable full cluster state from remote on term…
rajiv-kv Dec 16, 2024
ef44e86
Bump com.gradle.develocity from 3.18.2 to 3.19 (#16855)
dependabot[bot] Dec 16, 2024
bc4f44b
Update Apache Lucene to 9.12.1 (#16846)
reta Dec 17, 2024
d676592
Bump org.apache.logging.log4j:log4j-core from 2.24.2 to 2.24.3 in /bu…
dependabot[bot] Dec 17, 2024
231c6d6
Bump org.apache.xmlbeans:xmlbeans from 5.2.2 to 5.3.0 in /plugins/ing…
dependabot[bot] Dec 17, 2024
d947df0
Bump org.jline:jline from 3.27.1 to 3.28.0 in /test/fixtures/hdfs-fix…
dependabot[bot] Dec 17, 2024
a44b06a
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Dec 17, 2024
57a6605
Bump com.azure:azure-core from 1.51.0 to 1.54.1 in /plugins/repositor…
dependabot[bot] Dec 17, 2024
b58308e
Adds missing package-info
DarshitChanpura Dec 17, 2024
8aa3185
Change Remote state read thread pool to Fixed type (#16850)
soosinha Dec 18, 2024
b5f651f
[Backport] [2.18] Update Apache Lucene to 9.12.1 (#16846) (#16870) (#…
reta Dec 18, 2024
b25a9a7
Adds unit and integration tests
DarshitChanpura Dec 18, 2024
eb43578
Adds missing experimental annotations
DarshitChanpura Dec 18, 2024
bcd0f2b
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Dec 18, 2024
686f037
Uses jackson object-mapper to read resource class and updates the int…
DarshitChanpura Dec 18, 2024
0bf9fd1
Completes the integrations tests
DarshitChanpura Dec 18, 2024
4a073f1
Updates SHAs
DarshitChanpura Dec 18, 2024
34f160c
Comment and code cleanup
DarshitChanpura Dec 19, 2024
1df8e11
Fixes tests
DarshitChanpura Dec 19, 2024
e6d71d2
Changes to support IP field in star tree indexing (#16641)
bharath-techie Dec 19, 2024
f4fd707
Remove the events-correlation-engine plugin (#16885)
andrross Dec 19, 2024
7050ecf
Fix Flaky Test SearchTimeoutIT.testSimpleTimeout (#16828)
kkewwei Dec 19, 2024
eee5ce1
Merge remote-tracking branch 'upstream/main' into resource-permissions
DarshitChanpura Dec 20, 2024
77c56be
Adds integration tests for non-default RAC plugin
DarshitChanpura Dec 20, 2024
bb584bb
Removes unused dependency licenses
DarshitChanpura Dec 20, 2024
448307b
Adds missing license headers
DarshitChanpura Dec 20, 2024
d9f5262
Adds type bounding to Resource
DarshitChanpura Dec 20, 2024
1aff350
Updates Resource to be a serializable
DarshitChanpura Dec 20, 2024
f90b165
Adds getResourceName as API contract for Resource
DarshitChanpura Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions server/src/main/java/org/opensearch/accesscontrol/resources/CreatedBy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.accesscontrol.resources;

import org.opensearch.core.xcontent.ToXContentFragment;
import org.opensearch.core.xcontent.XContentBuilder;

import java.io.IOException;

/**
* This class contains information on the creator of a resource.
* Creator can either be a user or a backend_role.
*
* @opensearch.experimental
*/
public class CreatedBy implements ToXContentFragment {

private String user;

private String backendRole;

public CreatedBy(String user, String backendRole) {
this.user = user;
this.backendRole = backendRole;
}

public String getBackendRole() {
return backendRole;
}

public void setBackendRole(String backendRole) {
this.backendRole = backendRole;
}

public String getUser() {
return user;
}

public void setUser(String user) {
this.user = user;
}

@Override
public String toString() {
return "CreatedBy {" + "user='" + user + '\'' + ", backendRole='" + backendRole + '\'' + '}';
}

@Override
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
return builder.startObject().field("user", user).field("backend_role", backendRole).endObject();
}
}
23 changes: 23 additions & 0 deletions server/src/main/java/org/opensearch/accesscontrol/resources/EntityType.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.accesscontrol.resources;

/**
* This enum contains the type of entities a resource can be shared with.
*
* @opensearch.experimental
*/
public enum EntityType {

USERS,

ROLES,

BACKEND_ROLES,
}
59 changes: 59 additions & 0 deletions server/src/main/java/org/opensearch/accesscontrol/resources/ResourceService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
/*
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/

package org.opensearch.accesscontrol.resources;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchException;
import org.opensearch.plugins.NoOpResourceAccessControlPlugin;
import org.opensearch.plugins.ResourceAccessControlPlugin;
import org.opensearch.plugins.ResourcePlugin;

import java.util.List;
import java.util.stream.Collectors;

/**
* Resource access control for OpenSearch
*
* @opensearch.experimental
* */
public class ResourceService {
private static final Logger log = LogManager.getLogger(ResourceService.class);

private final ResourceAccessControlPlugin resourceACPlugin;
private final List<ResourcePlugin> resourcePlugins;

public ResourceService(final List<ResourceAccessControlPlugin> resourceACPlugins, List<ResourcePlugin> resourcePlugins) {
this.resourcePlugins = resourcePlugins;

if (resourceACPlugins.isEmpty()) {
log.info("Security plugin disabled: Using NoOpResourceAccessControlPlugin");
resourceACPlugin = new NoOpResourceAccessControlPlugin();
} else if (resourceACPlugins.size() == 1) {
log.info("Security plugin enabled: Using OpenSearchSecurityPlugin");
resourceACPlugin = resourceACPlugins.get(0);
} else {
throw new OpenSearchException(
"Multiple resource access control plugins are not supported, found: "
+ resourceACPlugins.stream().map(Object::getClass).map(Class::getName).collect(Collectors.joining(","))
);
}
}

/**
* Gets the current ResourcePlugin to perform authorization
*/
public ResourceAccessControlPlugin getResourceAccessControlPlugin() {
return resourceACPlugin;
}

/**
* List active plugins that define resources
*/
public List<ResourcePlugin> listResourcePlugins() {
return resourcePlugins;
}
}
115 changes: 115 additions & 0 deletions server/src/main/java/org/opensearch/accesscontrol/resources/ResourceSharing.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.accesscontrol.resources;

import org.opensearch.core.xcontent.ToXContentFragment;
import org.opensearch.core.xcontent.XContentBuilder;

import java.io.IOException;
import java.util.Objects;

/**
* A document in .resource_sharing index.
* Holds information about the resource (obtained from defining plugin's meta-data),
* the index which defines the resources, the creator of the resource,
* and the information on whom this resource is shared with.
*
* @opensearch.experimental
*/
public class ResourceSharing implements ToXContentFragment {

private String sourceIdx;

private String resourceId;

private CreatedBy createdBy;

private ShareWith shareWith;

public ResourceSharing(String sourceIdx, String resourceId, CreatedBy createdBy, ShareWith shareWith) {
this.sourceIdx = sourceIdx;
this.resourceId = resourceId;
this.createdBy = createdBy;
this.shareWith = shareWith;
}

public String getSourceIdx() {
return sourceIdx;
}

public void setSourceIdx(String sourceIdx) {
this.sourceIdx = sourceIdx;
}

public String getResourceId() {
return resourceId;
}

public void setResourceId(String resourceId) {
this.resourceId = resourceId;
}

public CreatedBy getCreatedBy() {
return createdBy;
}

public void setCreatedBy(CreatedBy createdBy) {
this.createdBy = createdBy;
}

public ShareWith getShareWith() {
return shareWith;
}

public void setShareWith(ShareWith shareWith) {
this.shareWith = shareWith;
}

@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
ResourceSharing resourceSharing = (ResourceSharing) o;
return Objects.equals(getSourceIdx(), resourceSharing.getSourceIdx())
&& Objects.equals(getResourceId(), resourceSharing.getResourceId())
&& Objects.equals(getCreatedBy(), resourceSharing.getCreatedBy())
&& Objects.equals(getShareWith(), resourceSharing.getShareWith());
}

@Override
public int hashCode() {
return Objects.hash(getSourceIdx(), getResourceId(), getCreatedBy(), getShareWith());
}

@Override
public String toString() {
return "Resource {"
+ "sourceIdx='"
+ sourceIdx
+ '\''
+ ", resourceId='"
+ resourceId
+ '\''
+ ", createdBy="
+ createdBy
+ ", sharedWith="
+ shareWith
+ '}';
}

@Override
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
return builder.startObject()
.field("source_idx", sourceIdx)
.field("resource_id", resourceId)
.field("created_by", createdBy)
.field("share_with", shareWith)
.endObject();
}
}
70 changes: 70 additions & 0 deletions server/src/main/java/org/opensearch/accesscontrol/resources/ShareWith.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

package org.opensearch.accesscontrol.resources;

import org.opensearch.core.xcontent.ToXContentFragment;
import org.opensearch.core.xcontent.XContentBuilder;

import java.io.IOException;
import java.util.List;

/**
* This class contains information about whom a resource is shared with.
* It could be a user-name, a role or a backend_role.
*
* @opensearch.experimental
*/
public class ShareWith implements ToXContentFragment {

private List<String> users;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can see pushback on introducing these concepts into the core. Is there a way to make this generic and let a plugin define an implementation?


private List<String> roles;

private List<String> backendRoles;

public ShareWith(List<String> users, List<String> roles, List<String> backendRoles) {
this.users = users;
this.roles = roles;
this.backendRoles = backendRoles;
}

public List<String> getUsers() {
return users;
}

public void setUsers(List<String> users) {
this.users = users;
}

public List<String> getRoles() {
return roles;
}

public void setRoles(List<String> roles) {
this.roles = roles;
}

public List<String> getBackendRoles() {
return backendRoles;
}

public void setBackendRoles(List<String> backendRoles) {
this.backendRoles = backendRoles;
}

@Override
public String toString() {
return "ShareWith {" + "users=" + users + ", roles=" + roles + ", backendRoles=" + backendRoles + '}';
}

@Override
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
return builder.startObject().field("users", users).field("roles", roles).field("backend_roles", backendRoles).endObject();
}
}
39 changes: 39 additions & 0 deletions server/src/main/java/org/opensearch/accesscontrol/resources/package-info.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/

/*
* Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

/**
* Actions that OpenSearch can take either on the data stored on disk or on other nodes.
*/
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/

/**
* This package defines all classes required for Resource Sharing and Access Control
*/
package org.opensearch.accesscontrol.resources;
Loading
Loading