Disable private tenant for read only users#868
Merged
peternied merged 2 commits intoopensearch-project:mainfrom Jun 9, 2022
Merged
Disable private tenant for read only users#868peternied merged 2 commits intoopensearch-project:mainfrom
peternied merged 2 commits intoopensearch-project:mainfrom
Conversation
hsiang9431-amzn
force-pushed
the
812-disable-readonly-private
branch
2 times, most recently
from
aa49c8d to
a38b892
Compare
davidlago
changed the title
davidlago
changed the title
peternied
requested changes
Apr 27, 2022
Member
peternied
left a comment
peternied
left a comment
There was a problem hiding this comment.
Thanks for the new functional test, could you please add unit test for the behavior in tenant_resolver.ts so your change in that file gets test coverage?
Signed-off-by: Gio Collina <gio.collina@eliatra.com>
Signed-off-by: Gio Collina <gio.collina@eliatra.com>
cliu123
force-pushed
the
812-disable-readonly-private
branch
from
a38b892 to
d20d292
Compare
Codecov Report
@@ Coverage Diff @@
## main #868 +/- ##
==========================================
+ Coverage 72.10% 72.21% +0.11%
==========================================
Files 87 87
Lines 1907 1915 +8
Branches 247 249 +2
==========================================
+ Hits 1375 1383 +8
Misses 478 478
Partials 54 54
Continue to review full report at Codecov.
|
cliu123
approved these changes
Jun 9, 2022
Member
|
I've rebased this PR against |
spartan2015
pushed a commit
to spartan2015/security-dashboards-plugin
that referenced
this pull request
Aug 8, 2022
* Disable private tenant for read only users Signed-off-by: Gio Collina <gio.collina@eliatra.com> Signed-off-by: Vasile Negru <vasile@eosfintek.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
opensearch-project/security-dashboards-plugin pull request intake form
Please provide as much details as possible to get feedback/acceptance on your PR quickly
Bug fix
#812
If a user has a role that is configured as "read only" in opensearch_dashboards.yml, or if a user has the default read only role "kibana_read_only", make Dashboards behave as if the private tenant is disabled. You cannot choose "Private" in the tenant switch panel anymore, and a descriptive text is displayed in the tenant switch panel.
If a user has a read only role, offering the possibility to use the private tenant does not make much sense. The read only role implies that only read operations are allowed. Since no one other as the current user is able to access the private tenant, but due to read only the current user is also not allowed to make any changes, selecting the private tenant in this situation is useless.
If a user has a read only role, the tenant switch panel would still allow to choose the private tenant.
Added additional tests to password-reset-panel.test.tsx. Manual testing for different combinations of roles and read only roles.
None.
No.
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.