[Extensions] Add a internal user provider interface #2713
Conversation
|
|
||
| String authToken = ""; | ||
| try { | ||
| if (request.uri().contains("/internalusers/" + username + "/authtoken")) { |
There was a problem hiding this comment.
Do you think we should create a separate handler for this API? It may get confusing that the same handler is used for multiple endpoints.
Can you also add more description to the PR about the API being introduced?
There was a problem hiding this comment.
The InternalUsersApiAction already includes several endpoints so I thought it was appropriate to add this here. It is just a special instance of the GET functionality.
I will add some extra documentation.
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
…n of fields Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
stephen-crawford
force-pushed
the
ServiceListenerInterface
branch
from
10dc5fe to
b47a802
Compare
| */ | ||
| public interface InternalUserProvider { | ||
|
|
||
| public void putInternalUser(String userInfo) throws java.io.IOException; |
There was a problem hiding this comment.
I'd recommend against throwing IOException, can we try /catch where this is coming from or if you think its needed throw specific exceptions?
| * This interface will be defined in core following these changes. For now this is used for testing in the Security Plugin. | ||
| * | ||
| */ | ||
| public interface InternalUserProvider { |
There was a problem hiding this comment.
What do you think about making this a 'ServiceAccountManager'?
Then it would have only the use cases needed in OpenSearch core, during extensions registration for find or create with enable / disable?
|
|
||
| public void putInternalUser(String userInfo) throws java.io.IOException; | ||
|
|
||
| public SecurityDynamicConfiguration<?> getInternalUser(String userInfo); |
There was a problem hiding this comment.
SecurityDynamicConfiguration shouldn't be part of the interface, we should return a public interface/class instead
|
|
||
| public void removeInternalUser(String userInfo); | ||
|
|
||
| public String getInternalUserAuthToken(String userInfo) throws IOException; |
There was a problem hiding this comment.
I don't think this return type should be a string in OpenSearch, it should be some kind of interface around the auth token. @cwperks Did you have ideas about how we would pass refresh token in the java ecosystem?
|
Hi @peternied, sorry for the late reply. This is more of a testing area than anything else at the moment. I appreciate you leaving early feedback though. I will certainly address your concerns once I start narrowing down on this work. |
Description
This PR introduces an internal user provider interface and a security internal user provider which implements this interface. The purpose of this interface is to let us build the plugin-side handler for the extension installation listener in core. Once this PR is merged, we can make changes in core to add the actual interface there that the provider will implement. That will then let us listen to core for extension registration events.
Issues Resolved
This PR is 1/2 of the solution to #2667.
Testing
Adds isolated tests for the provider functionality.
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.