Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature/Extensions] Supporting cluster_permissions nomenclature #2752

Closed
1 task
Tracked by #2751
DarshitChanpura opened this issue May 9, 2023 · 1 comment
Closed
1 task
Tracked by #2751

[Feature/Extensions] Supporting cluster_permissions nomenclature #2752

DarshitChanpura opened this issue May 9, 2023 · 1 comment
Assignees
@DarshitChanpura
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@DarshitChanpura
Copy link
Member

DarshitChanpura commented May 9, 2023
edited
Loading

Current security roles model uses cluster_permissions to evaluate Transport Layer actions. This is because the plugins run in-process with OS cluster.
With Extensions being out-of-process entities, they can request OS cluster only via REST APIs.
And so there is a need to authorize these requests at REST layer.

This issue covers authorizing REST request against the legacy and new cluster_permissions model.

E.g: For hello-world sample extension, the endpoint /hello should succeed when either of the following roles are mapped to a user.

legacy_hw_greet:
  reserved: true
  cluster_permissions:
    - 'cluster:admin/opensearch/hw/greet'


extension_hw_greet:
  reserved: true
  cluster_permissions:
    - 'hw:greet'

This enables minimal effort for admin to enable use of extensions.

  • Allow registering legacy transport actionName when registering a NamedRoute
@DarshitChanpura DarshitChanpura mentioned this issue May 9, 2023
Closed
1 task
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label May 9, 2023
@DarshitChanpura DarshitChanpura changed the title Supporting cluster permissions nomenclature [Feature/Extensions] Supporting cluster permissions nomenclature May 9, 2023
@DarshitChanpura DarshitChanpura changed the title [Feature/Extensions] Supporting cluster permissions nomenclature [Feature/Extensions] Supporting cluster_permissions nomenclature May 9, 2023
@DarshitChanpura DarshitChanpura mentioned this issue May 9, 2023
Merged
3 tasks
@cwperks cwperks added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels May 15, 2023
This was referenced Jun 7, 2023
Closed
Merged
@MaciejMierzwa MaciejMierzwa mentioned this issue Jun 22, 2023
Merged
3 tasks
@DarshitChanpura
Copy link
Member Author

Done via #2753

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DarshitChanpura DarshitChanpura

Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cwperks @DarshitChanpura