-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OnBehalfOf claims take second duration #10664
OnBehalfOf claims take second duration #10664
Conversation
Compatibility status:Checks if related components are compatible with change 7718a2f Incompatible componentsSkipped componentsCompatible componentsCompatible components: [https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git] |
Gradle Check (Jenkins) Run Completed with:
|
Codecov Report
@@ Coverage Diff @@
## main #10664 +/- ##
============================================
+ Coverage 71.12% 71.15% +0.02%
+ Complexity 58503 58502 -1
============================================
Files 4853 4853
Lines 275915 275660 -255
Branches 40153 40118 -35
============================================
- Hits 196256 196149 -107
+ Misses 63247 63122 -125
+ Partials 16412 16389 -23
|
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
@scrawfor99 looks like there are some merge conflicts |
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
Signed-off-by: Stephen Crawford <[email protected]>
3b06550
to
7718a2f
Compare
Should be all fixed @peternied |
Gradle Check (Jenkins) Run Completed with:
|
OnBehalfOf claims take second duration Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Siddhant Deshmukh <[email protected]>
OnBehalfOf claims take second duration Signed-off-by: Stephen Crawford <[email protected]>
OnBehalfOf claims take second duration Signed-off-by: Stephen Crawford <[email protected]>
#11052) * Implement on behalf of token passing for extensions (#8679) * Provide service accounts tokens to extensions (#9618) This change adds a new transport action which passes the extension a string representation of its service account auth token. This token is created by the TokenManager interface implementation. The token is expected to be an encoded basic auth credential string which can be used by the extension to interact with its own system index. * Cherry pick #10614 and #10664 Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Ryan Liang <[email protected]> Signed-off-by: Peter Nied <[email protected]> Co-authored-by: Stephen Crawford <[email protected]> Co-authored-by: Peter Nied <[email protected]> Co-authored-by: Owais Kazi <[email protected]> Co-authored-by: Peter Nied <[email protected]>
OnBehalfOf claims take second duration Signed-off-by: Stephen Crawford <[email protected]> Signed-off-by: Shivansh Arora <[email protected]>
Description
This change swaps the OnBehalfOf claims provider in core in order to work with external token providers. Without this change, implementing the TokenManager class is not straightforward. We would force users to to provide an expiration time (i.e. system time) when we want them to be able to provide a value in seconds and do the math for them.
Check List
New functionality includes testing.New functionality has been documented.New functionality has javadoc addedPublic documentation issue/PR createdBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.