Skip to content

[Backport 2.x] Expanding Authentication with SecurityRequest Abstraction (#3430)#3487

Merged
DarshitChanpura merged 1 commit intoopensearch-project:2.xfrom
peternied:backport/backport-3430-to-2.x
Oct 6, 2023
Merged

[Backport 2.x] Expanding Authentication with SecurityRequest Abstraction (#3430)#3487
DarshitChanpura merged 1 commit intoopensearch-project:2.xfrom
peternied:backport/backport-3430-to-2.x

Conversation

@peternied
Copy link
Copy Markdown
Member

@peternied peternied commented Oct 6, 2023

Description

Backport of f435c05 from #3430

Introduced a new abstraction, SecurityRequest & SecurityRequestChannel, to streamline and secure the authentication process in the OpenSearch Security plugin. By isolating the essential request components needed for authentication, we minimize potential risks associated with previous designs and provide a more maintainable architecture.

Signed-off-by: Peter Nied petern@amazon.com
(cherry picked from commit f435c05)

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@peternied
[Backport 2.x] Expanding Authentication with SecurityRequest Abstract…
106fbc6 
…ion (opensearch-project#3430)

Introduced a new abstraction, SecurityRequest & SecurityRequestChannel,
to streamline and secure the authentication process in the OpenSearch
Security plugin. By isolating the essential request components needed
for authentication, we minimize potential risks associated with previous
designs and provide a more maintainable architecture.

Signed-off-by: Peter Nied <petern@amazon.com>
(cherry picked from commit f435c05)
@codecov
Copy link
Copy Markdown

codecov bot commented Oct 6, 2023
edited
Loading

Codecov Report

Merging #3487 (106fbc6) into 2.x (84d9dd8) will increase coverage by 0.00%.
The diff coverage is 64.83%.

Impacted file tree graph

@@            Coverage Diff            @@
##                2.x    #3487   +/-   ##
=========================================
  Coverage     64.66%   64.66%           
- Complexity     3540     3564   +24     
=========================================
  Files           261      267    +6     
  Lines         19808    19893   +85     
  Branches       3324     3329    +5     
=========================================
+ Hits          12808    12864   +56     
- Misses         5369     5388   +19     
- Partials       1631     1641   +10
Files Coverage Δ
...ava/org/opensearch/security/auditlog/AuditLog.java 100.00% <ø> (ø)
...security/auditlog/AuditLogSslExceptionHandler.java 57.14% <ø> (ø)
...org/opensearch/security/auditlog/NullAuditLog.java 0.00% <ø> (ø)
...earch/security/auditlog/impl/AbstractAuditLog.java 76.59% <ø> (ø)
...pensearch/security/auditlog/impl/AuditLogImpl.java 89.28% <ø> (ø)
...ava/org/opensearch/security/auth/UserInjector.java 90.66% <ø> (ø)
...arch/security/dlic/rest/api/AbstractApiAction.java 88.61% <100.00%> (ø)
...earch/security/dlic/rest/api/NodesDnApiAction.java 89.74% <ø> (ø)
...rity/dlic/rest/api/RestApiPrivilegesEvaluator.java 69.23% <100.00%> (+0.15%) ⬆️
...curity/dlic/rest/validation/EndpointValidator.java 94.20% <ø> (ø)
... and 30 more

... and 4 files with indirect coverage changes

@DarshitChanpura DarshitChanpura merged commit f20cc68 into opensearch-project:2.x Oct 6, 2023
@peternied peternied deleted the backport/backport-3430-to-2.x branch November 8, 2023 16:03
peternied added a commit that referenced this pull request Nov 14, 2023
@peternied
[Backport 1.3] Expanding Authentication with SecurityRequest Abstract…
b0799c1 
…ion (#3487) (#3670)

Backport of f20cc68 from #3430

Introduced a new abstraction, SecurityRequest & SecurityRequestChannel,
to streamline and secure the authentication process in the OpenSearch
Security plugin. By isolating the essential request components needed
for authentication, we minimize potential risks associated with previous
designs and provide a more maintainable architecture.

Signed-off-by: Peter Nied <petern@amazon.com>
(cherry picked from commit f20cc68)

Signed-off-by: Peter Nied <petern@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DarshitChanpura DarshitChanpura DarshitChanpura approved these changes

@cliu123 cliu123 Awaiting requested review from cliu123

@cwperks cwperks Awaiting requested review from cwperks cwperks is a code owner

@davidlago davidlago Awaiting requested review from davidlago

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

@stephen-crawford stephen-crawford Awaiting requested review from stephen-crawford

@reta reta Awaiting requested review from reta reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@peternied @DarshitChanpura