[Feature] Check for and perform upgrades on security configurations#4102
Merged
DarshitChanpura merged 23 commits intoopensearch-project:mainfrom Mar 20, 2024
Merged
[Feature] Check for and perform upgrades on security configurations#4102DarshitChanpura merged 23 commits intoopensearch-project:mainfrom
DarshitChanpura merged 23 commits intoopensearch-project:mainfrom
Conversation
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
…t-index-on-managed-node' Signed-off-by: Andrey Pleskach <ples@aiven.io> Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <peternied@hotmail.com>
Signed-off-by: Peter Nied <peternied@hotmail.com>
Signed-off-by: Peter Nied <peternied@hotmail.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
peternied
requested review from
DarshitChanpura,
RyanL1997,
cliu123,
cwperks,
davidlago,
reta,
stephen-crawford and
willyborankin
as code owners
peternied
commented
Mar 8, 2024
peternied
changed the title
Signed-off-by: Peter Nied <petern@amazon.com>
4 tasks
Signed-off-by: Peter Nied <petern@amazon.com>
cwperks
reviewed
Mar 14, 2024
src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java
Show resolved
Hide resolved
cwperks
reviewed
Mar 14, 2024
src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java
Show resolved
Hide resolved
cwperks
reviewed
Mar 14, 2024
src/integrationTest/java/org/opensearch/security/DefaultConfigurationTests.java
Show resolved
Hide resolved
cwperks
reviewed
Mar 14, 2024
Member
cwperks
left a comment
cwperks
left a comment
There was a problem hiding this comment.
Thank you @peternied. This PR looks good to me. I left one minor comment on the integration test about strengthening the assertions post upgrade.
stephen-crawford
previously approved these changes
Mar 14, 2024
Contributor
stephen-crawford
left a comment
stephen-crawford
left a comment
There was a problem hiding this comment.
Overall looks good. Just two minor comments
src/test/java/org/opensearch/security/dlic/rest/api/ConfigUpgradeApiActionUnitTest.java
Show resolved
Hide resolved
Signed-off-by: Peter Nied <petern@amazon.com>
cwperks
previously approved these changes
Mar 18, 2024
Member
cwperks
left a comment
cwperks
left a comment
There was a problem hiding this comment.
Thank you for adding an additional assertion. This looks good to me.
Signed-off-by: Peter Nied <petern@amazon.com>
Signed-off-by: Peter Nied <petern@amazon.com>
Member
Author
|
@DarshitChanpura @cwperks @scrawfor99 I've resolved all comment threads, could you take another look? |
cwperks
approved these changes
Mar 19, 2024
DarshitChanpura
approved these changes
Mar 20, 2024
DarshitChanpura
added
backport 2.x
v2.13.0
Contributor
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.13 2.13
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.13
# Create a new branch
git switch --create backport/backport-4102-to-2.13
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 fa877babe3dac13c30bcc2bcbe4d484bcdb6101f
# Push it to GitHub
git push --set-upstream origin backport/backport-4102-to-2.13
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.13Then, create a pull request where the |
Contributor
|
The backport to To backport manually, run these commands in your terminal: # Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-4102-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 fa877babe3dac13c30bcc2bcbe4d484bcdb6101f
# Push it to GitHub
git push --set-upstream origin backport/backport-4102-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.xThen, create a pull request where the |
willyborankin
pushed a commit
to willyborankin/security
that referenced
this pull request
Apr 15, 2024
…pensearch-project#4102) This adds a new API that allows for checking and updating configurations from the default configurations on disk. Initial feature supports only Roles. ``` GET _plugins/_security/api/_upgrade_check 200 { "status": "ok", "upgradeAvailable" : false } ``` ``` GET _plugins/_security/api/_upgrade_check 200 { "status": "ok", "upgradeAvailable" : true, "upgradeActions" : { "roles" : { "add" : [ "flow_framework_full_access" ] } } } ``` ``` GET _plugins/_security/api/_upgrade_check 200 { "status": "ok", "upgradeAvailable" : true, "upgradeActions" : { "roles" : { "add" : [ "flow_framework_full_access" ], "modify" : [ "flow_framework_read_access" ] } } } ``` ``` POST _plugins/_security/api/_upgrade_perform 200 { "status" : "OK", "upgrades" : { "roles" : { "add" : [ "flow_framework_full_access" ], "modify" : [ "flow_framework_read_access" ] } } } ``` ``` POST _plugins/_security/api/_upgrade_perform 400 { "status": "BAD_REQUEST", "message": "Unable to upgrade, no differences found in 'roles' config" } ``` - opensearch-project#2316 New unit test and integration test cases - [X] New functionality includes testing - [ ] New functionality has been documented - [X] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Peter Nied <petern@amazon.com> Signed-off-by: Andrey Pleskach <ples@aiven.io> Signed-off-by: Peter Nied <peternied@hotmail.com> (cherry picked from commit fa877ba)
peternied
added
v2.14.0
dlin2028
pushed a commit
to dlin2028/security
that referenced
this pull request
May 1, 2024
…pensearch-project#4102) ### Description This adds a new API that allows for checking and updating configurations from the default configurations on disk. Initial feature supports only Roles. #### Response when no upgrade is available ``` GET _plugins/_security/api/_upgrade_check 200 { "status": "ok", "upgradeAvailable" : false } ``` #### Response when a new role is available ``` GET _plugins/_security/api/_upgrade_check 200 { "status": "ok", "upgradeAvailable" : true, "upgradeActions" : { "roles" : { "add" : [ "flow_framework_full_access" ] } } } ``` #### Response when a new role + existing role were updated ``` GET _plugins/_security/api/_upgrade_check 200 { "status": "ok", "upgradeAvailable" : true, "upgradeActions" : { "roles" : { "add" : [ "flow_framework_full_access" ], "modify" : [ "flow_framework_read_access" ] } } } ``` #### Perform an upgrade ``` POST _plugins/_security/api/_upgrade_perform 200 { "status" : "OK", "upgrades" : { "roles" : { "add" : [ "flow_framework_full_access" ], "modify" : [ "flow_framework_read_access" ] } } } ``` #### Perform an upgrade when unneeded ``` POST _plugins/_security/api/_upgrade_perform 400 { "status": "BAD_REQUEST", "message": "Unable to upgrade, no differences found in 'roles' config" } ``` ### Issues Resolved - opensearch-project#2316 ### Testing New unit test and integration test cases ### Check List - [X] New functionality includes testing - [ ] New functionality has been documented - [X] Commits are signed per the DCO using --signoff By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Peter Nied <petern@amazon.com> Signed-off-by: Andrey Pleskach <ples@aiven.io> Signed-off-by: Peter Nied <peternied@hotmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This adds a new API that allows for checking and updating configurations from the default configurations on disk. Initial feature supports only Roles.
Response when no upgrade is available
Response when a new role is available
Response when a new role + existing role were updated
Perform an upgrade
Perform an upgrade when unneeded
Issues Resolved
Testing
New unit test and integration test cases
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.