-
Notifications
You must be signed in to change notification settings - Fork 280
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separated DLS/FLS privilege evaluation from action privilege evaluation #4490
Conversation
Signed-off-by: Nils Bandener <[email protected]>
Signed-off-by: Nils Bandener <[email protected]>
Signed-off-by: Nils Bandener <[email protected]>
Signed-off-by: Nils Bandener <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4490 +/- ##
==========================================
- Coverage 65.27% 65.22% -0.05%
==========================================
Files 313 314 +1
Lines 22058 22090 +32
Branches 3563 3563
==========================================
+ Hits 14398 14408 +10
- Misses 5889 5906 +17
- Partials 1771 1776 +5
|
src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java
Show resolved
Hide resolved
src/main/java/org/opensearch/security/filter/SecurityFilter.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/security/filter/SecurityFilter.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/security/privileges/PrivilegesEvaluationContext.java
Show resolved
Hide resolved
src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java
Show resolved
Hide resolved
src/main/java/org/opensearch/security/filter/SecurityFilter.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java
Show resolved
Hide resolved
…TRO_SECURITY_INJECTED_ROLES_VALIDATION handling back to evaluate() Signed-off-by: Nils Bandener <[email protected]>
Signed-off-by: Nils Bandener <[email protected]>
Signed-off-by: Nils Bandener <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The new changes look good. Let's capture the role re-assignment for the injected roles validation set in an issue to discuss further.
src/main/java/org/opensearch/security/privileges/PrivilegesEvaluationContext.java
Show resolved
Hide resolved
@cwperks @scrawfor99 this is blocked by each of your un-resolved conversations. Would you mind going through them and closing as needed? |
…on (#4490) Signed-off-by: Nils Bandener <[email protected]> (cherry picked from commit dabff35) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…on (opensearch-project#4490) Signed-off-by: Nils Bandener <[email protected]> Signed-off-by: Prabhas Kurapati <[email protected]>
Description
This change is in preparation for #3870 and #4380 .
This cuts off some parts from the quite big and monolithic method
PrivilegesEvaluator.evaluate()
into separate methods and modules.This achieves several things:
PrivilegesEvaluationContext
combines commonly needed information for privilege evaluation and thus allows to shorten the parameter lists of many methods in this context. For this PR, only thePrivilegesEvaluator.evaluate()
method itself is changed, but further adaptions will follow up when due.Issues Resolved
Contributes to #3870
Testing
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.