Disable private tenant for read only users#844
Disable private tenant for read only users#844giocollina wants to merge 2 commits intoopensearch-project:mainfrom
Conversation
Signed-off-by: David Bennett <david.bennett@eliatra.com>
Signed-off-by: David Bennett <david.bennett@eliatra.com>
Codecov Report
@@ Coverage Diff @@
## main #844 +/- ##
==========================================
+ Coverage 71.98% 72.10% +0.11%
==========================================
Files 87 87
Lines 1906 1914 +8
Branches 242 249 +7
==========================================
+ Hits 1372 1380 +8
Misses 480 480
Partials 54 54
Continue to review full report at Codecov.
|
|
Tested on local cluster and the fix is working However, we can only merge this after following tasks are done:
Note that you will need to add signoff message to all commits as following: Check the message on this commit for reference: a48786e |
| const isGlobalEnabled = props.config.multitenancy.tenants.enable_global; | ||
| const isPrivateEnabled = props.config.multitenancy.tenants.enable_private; | ||
|
|
||
| const DEFAULT_READONLY_ROLES = ['kibana_read_only']; |
There was a problem hiding this comment.
Is this the right scope for this constant?
| config: SecurityPluginConfigType, | ||
| cookie: SecuritySessionCookie | ||
| ): string | undefined { | ||
| const DEFAULT_READONLY_ROLES = ['kibana_read_only']; |
There was a problem hiding this comment.
here is the same constant defined again. is there a common scope for this constant that could be referenced in these two files?
|
Closing in favor of #868 |
4 participants
Signed-off-by: David Bennett david.bennett@eliatra.com
opensearch-project/security-dashboards-plugin pull request intake form
Bug fix
#812
If a user has a role that is configured as "read only" in opensearch_dashboards.yml, or if a user has the default read only role "kibana_read_only", make Dashboards behave as if the private tenant is disabled. You cannot choose "Private" in the tenant switch panel anymore, and a descriptive text is displayed in the tenant switch panel.
If a user has a read only role, offering the possibility to use the private tenant does not make much sense. The read only role implies that only read operations are allowed. Since no one other as the current user is able to access the private tenant, but due to read only the current user is also not allowed to make any changes, selecting the private tenant in this situation is useless.
If a user has a read only role, the tenant switch panel would still allow to choose the private tenant.
Added additional tests to password-reset-panel.test.tsx. Manual testing for different combinations of roles and read only roles.
None.
No.
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.