Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make GetTermVersionAction internal #12866

Merged
merged 3 commits into from
Mar 23, 2024

Conversation

peternied
Copy link
Member

Description

GetTermVersion action has been added to check if cluster state needs to be updated as a performance improvement on all cluster state checks. The Authorization systems in the Security Plugin check all actions that do not start with internal: for permissions causing users without cluster:monitor/* permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization check by any security systems since it cannot be called via REST APIs.

Related Issues

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

GetTermVersion action has been added to check if cluster state needs to
be updated as a performance improvement on all cluster state checks.
The Authorization systems in the Security Plugin check all actions that
do not start with `internal:` for permissions causing users without
`cluster:monitor/*` permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization
check by any security systems since it cannot be called via REST APIs.

Signed-off-by: Peter Nied <[email protected]>
Copy link
Contributor

github-actions bot commented Mar 22, 2024

Compatibility status:

Checks if related components are compatible with change 7880a27

Incompatible components

Incompatible components: [https://github.com/opensearch-project/security.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/flow-framework.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/performance-analyzer.git]

Copy link
Contributor

❌ Gradle check result for f1cd937: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Copy link
Contributor

❌ Gradle check result for f4c2e6c:

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Copy link
Contributor

❌ Gradle check result for f4c2e6c: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

Copy link
Contributor

❌ Gradle check result for 7880a27: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@peternied
Copy link
Member Author

The upgrade tests are failing because in 2.x the previous transport action name was in place. I'm backporting the 2.13 change into 2.x that will unblock this PR.

@peternied
Copy link
Member Author

@peternied peternied removed backport 2.x Backport to 2.x branch backport 2.13 v2.13.0 Issues and PRs related to version 2.13.0 labels Mar 22, 2024
Copy link
Contributor

❕ Gradle check result for 7880a27: UNSTABLE

  • TEST FAILURES:
      1 org.opensearch.remotestore.RemoteStoreStatsIT.testDownloadStatsCorrectnessSinglePrimaryMultipleReplicaShards

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

Copy link

codecov bot commented Mar 23, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.38%. Comparing base (b15cb0c) to head (7880a27).
Report is 81 commits behind head on main.

Additional details and impacted files
@@             Coverage Diff              @@
##               main   #12866      +/-   ##
============================================
- Coverage     71.42%   71.38%   -0.04%     
- Complexity    59978    60251     +273     
============================================
  Files          4985     5011      +26     
  Lines        282275   283675    +1400     
  Branches      40946    41117     +171     
============================================
+ Hits         201603   202512     +909     
- Misses        63999    64342     +343     
- Partials      16673    16821     +148     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@reta reta merged commit 5b4b4aa into opensearch-project:main Mar 23, 2024
33 checks passed
@peternied peternied deleted the term-action-name branch March 23, 2024 01:27
shiv0408 pushed a commit to Gaurav614/OpenSearch that referenced this pull request Apr 25, 2024
* Make GetTermVersionAction internal

GetTermVersion action has been added to check if cluster state needs to
be updated as a performance improvement on all cluster state checks.
The Authorization systems in the Security Plugin check all actions that
do not start with `internal:` for permissions causing users without
`cluster:monitor/*` permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization
check by any security systems since it cannot be called via REST APIs.

Signed-off-by: Peter Nied <[email protected]>

* Move TermVerson action outside of admin/cluster namespace

Signed-off-by: Peter Nied <[email protected]>

---------

Signed-off-by: Peter Nied <[email protected]>
Signed-off-by: Shivansh Arora <[email protected]>
harshavamsi pushed a commit to harshavamsi/OpenSearch that referenced this pull request Apr 29, 2024
* Make GetTermVersionAction internal

GetTermVersion action has been added to check if cluster state needs to
be updated as a performance improvement on all cluster state checks.
The Authorization systems in the Security Plugin check all actions that
do not start with `internal:` for permissions causing users without
`cluster:monitor/*` permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization
check by any security systems since it cannot be called via REST APIs.

Signed-off-by: Peter Nied <[email protected]>

* Move TermVerson action outside of admin/cluster namespace

Signed-off-by: Peter Nied <[email protected]>

---------

Signed-off-by: Peter Nied <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants