Merge branch 'main' into feature/extensions

.github/CODEOWNERS

@@ -1 +1 @@
-* @cliu123 @cwperks @DarshitChanpura @davidlago @peternied @RyanL1997 @scrawfor99
+* @cliu123 @cwperks @DarshitChanpura @davidlago @peternied @RyanL1997 @scrawfor99 @reta

MAINTAINERS.md

@@ -21,6 +21,7 @@ This document contains a list of maintainers in this repo. See [opensearch-proje
 | Craig Perkins    | [cwperks](https://github.com/cwperks)                 | Amazon      |
 | Ryan Liang       | [RyanL1997](https://github.com/RyanL1997)             | Amazon      |
 | Stephen Crawford | [scrawfor99](https://github.com/scrawfor99)           | Amazon      |
+| Andriy Redko     | [reta](https://github.com/reta)                       | Aiven       |
 
 ## Practices
 

README.md

@@ -1,5 +1,10 @@
 [![CI](https://github.com/opensearch-project/security/workflows/CI/badge.svg?branch=main)](https://github.com/opensearch-project/security/actions) [![](https://img.shields.io/github/issues/opensearch-project/security/untriaged?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"untriaged") [![](https://img.shields.io/github/issues/opensearch-project/security/security%20vulnerability?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"security%20vulnerability") [![](https://img.shields.io/github/issues/opensearch-project/security)](https://github.com/opensearch-project/security/issues) [![](https://img.shields.io/github/issues-pr/opensearch-project/security)](https://github.com/opensearch-project/security/pulls) 
 [![](https://img.shields.io/codecov/c/gh/opensearch-project/security)](https://app.codecov.io/gh/opensearch-project/security) [![](https://img.shields.io/github/issues/opensearch-project/security/v2.4.0)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"v2.4.0") [![](https://img.shields.io/github/issues/opensearch-project/security/v3.0.0)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"v3.0.0")
+[![Slack](https://img.shields.io/badge/Slack-4A154B?&logo=slack&logoColor=white)](https://opensearch.slack.com/archives/C051Y637FKK)
+
+
+
+## Announcement: The Slack workspace is live! Please join the [conversation](https://opensearch.slack.com/archives/C051Y637FKK). 
 
 <img src="https://opensearch.org/assets/img/opensearch-logo-themed.svg" height="64px">
 

build.gradle

@@ -52,12 +52,12 @@ plugins {
     id 'idea'
     id 'jacoco'
     id 'maven-publish'
-    id 'com.diffplug.spotless' version '6.16.0'
+    id 'com.diffplug.spotless' version '6.18.0'
     id 'checkstyle'
-    id 'com.netflix.nebula.ospackage' version "11.0.0"
+    id 'com.netflix.nebula.ospackage' version "11.1.0"
     id "org.gradle.test-retry" version "1.5.2"
     id 'eclipse'
-    id "com.github.spotbugs" version "5.0.13"
+    id "com.github.spotbugs" version "5.0.14"
     id "com.google.osdetector" version "1.7.3"
 }
 
@@ -404,7 +404,7 @@ dependencies {
     implementation 'commons-lang:commons-lang:2.4'
     implementation 'commons-collections:commons-collections:3.2.2'
     implementation 'com.jayway.jsonpath:json-path:2.4.0'
-    implementation 'net.minidev:json-smart:2.4.7'
+    implementation 'net.minidev:json-smart:2.4.10'
     runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.10.8'
     runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.10.8'
     runtimeOnly 'com.google.guava:failureaccess:1.0.1'
@@ -462,7 +462,7 @@ dependencies {
     testCompileOnly 'org.apiguardian:apiguardian-api:1.0.0'
     // Kafka test execution
     testRuntimeOnly 'org.springframework.retry:spring-retry:1.3.3'
-    testRuntimeOnly ('org.springframework:spring-core:5.3.21') {
+    testRuntimeOnly ('org.springframework:spring-core:5.3.26') {
         exclude(group:'org.springframework', module: 'spring-jcl' )
     }
     testRuntimeOnly 'org.scala-lang:scala-library:2.13.9'

config/config.yml

@@ -68,6 +68,8 @@ config:
     #kibana:
     # Kibana multitenancy
     #multitenancy_enabled: true
+    #private_tenant_enabled: true
+    #default_tenant: ""
     #server_username: kibanaserver
     #index: '.kibana'
     http:

legacy/securityconfig_v6/config.yml

@@ -60,6 +60,7 @@ opendistro_security:
     #filtered_alias_mode: warn
     #kibana:
       #multitenancy_enabled: true
+
       #server_username: kibanaserver
       #index: '.kibana'
       #do_not_fail_on_forbidden: false

release-notes/opensearch-security.release-notes-2.6.0.0.md

@@ -7,6 +7,7 @@ Compatible with OpenSearch 2.6.0
 * Add actions cluster:admin/component_template/* to cluster_manage_index_templates ([#2409](https://github.com/opensearch-project/security/pull/2409))
 * Publish snapshots to maven ([#2438](https://github.com/opensearch-project/security/pull/2438))
 * Integrate k-NN functionality with security plugin ([#2274](https://github.com/opensearch-project/security/pull/2274))
+* Flatten response times ([#2471](https://github.com/opensearch-project/security/pull/2471))
 
 ### Maintenance
 

release-notes/opensearch-security.release-notes-2.7.0.0.md

@@ -0,0 +1,43 @@
+## 2023-04-25 Version 2.7.0.0
+
+Compatible with OpenSearch 2.7.0
+
+### Features
+
+* Dynamic tenancy configurations ([#2607](https://github.com/opensearch-project/security/pull/2607))
+
+### Bug Fixes
+
+* Support multitenancy for the anonymous user ([#2459](https://github.com/opensearch-project/security/pull/2459))
+* Fix error message when system index is blocked ([#2525](https://github.com/opensearch-project/security/pull/2525))
+* Fix of OpenSSLTest is not using the OpenSSL Provider ([#2301](https://github.com/opensearch-project/security/pull/2301))
+* Add chmod 0600 to install_demo_configuration bash script ([#2550](https://github.com/opensearch-project/security/pull/2550))
+* Fix SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder" ([#2564](https://github.com/opensearch-project/security/pull/2564))
+* Fix lost privileges during auto initializing of the index ([#2498](https://github.com/opensearch-project/security/pull/2498))
+* Fix NPE and add additional graceful error handling ([#2687](https://github.com/opensearch-project/security/pull/2687))
+
+### Enhancements
+
+* Clock skew tolerance for oidc token validation ([#2482](https://github.com/opensearch-project/security/pull/2482))
+* Adding index template permissions to kibana_server role ([#2503](https://github.com/opensearch-project/security/pull/2503))
+* Add a test in order to catch incorrect handling of index parsing during Snapshot Restoration ([#2384](https://github.com/opensearch-project/security/pull/2384))
+* Expand Dls Tests for easier verification of functionality ([#2634](https://github.com/opensearch-project/security/pull/2634))
+* New system index[.ql-datasources] for ppl/sql datasource configurations ([#2650](https://github.com/opensearch-project/security/pull/2650))
+* Allows for configuration of LDAP referral following ([#2135](https://github.com/opensearch-project/security/pull/2135))
+
+### Maintenance
+
+* Update kafka client to 3.4.0 ([#2484](https://github.com/opensearch-project/security/pull/2484))
+* Update to gradle 8.0.2 ([#2520](https://github.com/opensearch-project/security/pull/2520))
+* XContent Refactor ([#2598](https://github.com/opensearch-project/security/pull/2598))
+* Update json-smart to 2.4.10 and update spring-core to 5.3.26 ([#2630](https://github.com/opensearch-project/security/pull/2630))
+* Update certs for SecuritySSLReloadCertsActionTests ([#2679](https://github.com/opensearch-project/security/pull/2679))
+
+### Infrastructure
+
+* Add auto github release workflow ([#2450](https://github.com/opensearch-project/security/pull/2450))
+* Use correct format for push trigger ([#2474](https://github.com/opensearch-project/security/pull/2474))
+
+### Documentation
+
+* Fix the format of the codeowners file ([#2469](https://github.com/opensearch-project/security/pull/2469))