-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[2.x] Adds changes related to OnBehalfOf and Service Accounts feature #10258
[2.x] Adds changes related to OnBehalfOf and Service Accounts feature #10258
Conversation
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Compatibility status:Checks if related components are compatible with change 71e6c2d Incompatible componentsSkipped componentsCompatible components |
Gradle Check (Jenkins) Run Completed with:
|
…re (opensearch-project#9842) (opensearch-project#9848) (cherry picked from commit e4a1841) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…pensearch-project#9832) (opensearch-project#9844) * introducing zstd compression codec plugin * Moving zstd compression codec as a plugin * introducing zstd compression codec plugin * Adding checks to EngineConfig and fixing tests * incorporating review comments * fixing tests * introducing zstd compression codec plugin * addressing review comments * nit fixes * implementing codec aliases * addressing review comments * review comments * moving codec aliases to custom codec * adding zstd default codec for backward compatibility * renaming to deprecated codec * incorporating review comments * nit fixes --------- (cherry picked from commit 76f1b52) (cherry picked from commit 90310c3) Signed-off-by: Sarthak Aggarwal <[email protected]> Signed-off-by: Prabhakar Sithanandam <[email protected]> Signed-off-by: Andrew Ross <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Sarthak Aggarwal <[email protected]> Co-authored-by: Prabhakar Sithanandam <[email protected]>
This plugin has been moved to its own [repository][1]. [1]: https://github.com/opensearch-project/custom-codecs Signed-off-by: Andrew Ross <[email protected]>
…ct#8679) Implement on behalf of token passing for extensions Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Ryan Liang <[email protected]> Co-authored-by: Ryan Liang <[email protected]> Co-authored-by: Peter Nied <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Ryan Liang <[email protected]>
15b4d6a
to
184b7c4
Compare
Signed-off-by: Darshit Chanpura <[email protected]>
184b7c4
to
903f180
Compare
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Darshit Chanpura <[email protected]>
Gradle Check (Jenkins) Run Completed with:
|
@RyanL1997 @scrawfor99 @cwperks Could you please review this? |
Signed-off-by: Darshit Chanpura <[email protected]>
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
CHANGELOG.md
Outdated
@@ -11,6 +11,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), | |||
- Implement Visitor Design pattern in QueryBuilder to enable the capability to traverse through the complex QueryBuilder tree. ([#10110](https://github.com/opensearch-project/OpenSearch/pull/10110)) | |||
- Add capability to restrict async durability mode for remote indexes ([#10189](https://github.com/opensearch-project/OpenSearch/pull/10189)) | |||
- Add Doc Status Counter for Indexing Engine ([#4562](https://github.com/opensearch-project/OpenSearch/issues/4562)) | |||
- Adds changes related On-behalf-Of and Service Accounts feature ([#10258](https://github.com/opensearch-project/OpenSearch/pull/10258)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Adds changes related On-behalf-Of and Service Accounts feature ([#10258](https://github.com/opensearch-project/OpenSearch/pull/10258)) | |
- Adds changes related to On-behalf-Of and Service Accounts feature ([#10258](https://github.com/opensearch-project/OpenSearch/pull/10258)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would recommend putting all logic inside the standard initialize transport action similar to what was done on the main branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above, I think we want to use a single transport action as was done in main.
@@ -74,8 +83,10 @@ public class ExtensionsManager { | |||
public static final String REQUEST_EXTENSION_REGISTER_TRANSPORT_ACTIONS = "internal:discovery/registertransportactions"; | |||
public static final String REQUEST_REST_EXECUTE_ON_EXTENSION_ACTION = "internal:extensions/restexecuteonextensiontaction"; | |||
public static final String REQUEST_EXTENSION_HANDLE_TRANSPORT_ACTION = "internal:extensions/handle-transportaction"; | |||
public static final String REQUEST_EXTENSION_ISSUE_SERVICE_ACCOUNT = "internal:extensions/issue-service-account"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this was removed from the final implementation--for the changes we actually need you can look at: #9618
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Going to be part of the same initialization request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above.
Provide service accounts tokens to extensions This change adds a new transport action which passes the extension a string representation of its service account auth token. This token is created by the TokenManager interface implementation. The token is expected to be an encoded basic auth credential string which can be used by the extension to interact with its own system index. Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Peter Nied <[email protected]> Co-authored-by: Owais Kazi <[email protected]> Co-authored-by: Peter Nied <[email protected]> (cherry picked from commit 994e115)
Signed-off-by: Darshit Chanpura <[email protected]>
Signed-off-by: Darshit Chanpura <[email protected]>
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Darshit Chanpura <[email protected]>
@scrawfor99 @RyanL1997 please review this when you get a chance |
Gradle Check (Jenkins) Run Completed with:
|
@scrawfor99 @RyanL1997 please let me know if this needs to be re-opened. |
Associated PRs: opensearch-project/security#3416
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.