Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Extensions] OpenSearch requests should know the identity of the caller #3846

Open
peternied opened this issue Jul 11, 2022 · 1 comment
Open
Labels
Build Libraries & Interfaces discuss Issues intended to help drive brainstorming and decision making enhancement Enhancement or improvement to existing feature or request extensions Identity PR/Issues associated with Authentication or Authorization Priority-High

Comments

@peternied
Copy link
Member

Is your feature request related to a problem? Please describe.
OpenSearch extensions need to know the identity of the caller and existing architecture requires depending on the security plugin to get identity information. This creates an additional complication dependency or a source of runtime failure. Neither are easy to manage when compared to having these concepts inside of OpenSearch.

Describe the solution you'd like
Extensions should have a dependable identity model and objects from OpenSearch. There should be identity service, objects, and APIs that are codify in this codebase. This would remove the need for additional dependencies like common-utils for these scenarios.

Describe alternatives you've considered
Leave the existing model unchanged, this puts the burden of managing the interface on external repositories

Additional context
Within the extensions features there has been discussion on how identity should be handled, opensearch-project/opensearch-sdk-java#14.

@peternied peternied added enhancement Enhancement or improvement to existing feature or request untriaged labels Jul 11, 2022
@peternied peternied changed the title OpenSearch requests should know the identity of the caller [Extensions] OpenSearch requests should know the identity of the caller Jul 11, 2022
@mch2 mch2 added the discuss Issues intended to help drive brainstorming and decision making label Jul 11, 2022
@peternied
Copy link
Member Author

To support user identity, there needs to be an authentication system that can check with an identity store (local/remote). The identity store would resolve the user identity to a reference that can be passed around within OpenSearch to the request handlers.
image

@peternied peternied self-assigned this Aug 15, 2022
peternied added a commit to peternied/OpenSearch-1 that referenced this issue Sep 14, 2022
Adding a noop implementation of an authentication manager for use
tracking identity information within the OpenSearch systems.

Also see
- opensearch-project#4514
- opensearch-project#3846
- https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md
peternied added a commit to peternied/OpenSearch-1 that referenced this issue Sep 14, 2022
Adding a noop implementation of an authentication manager for use
tracking identity information within the OpenSearch systems.

Also see
- opensearch-project#4514
- opensearch-project#3846
- https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md
peternied added a commit to peternied/OpenSearch-1 that referenced this issue Sep 14, 2022
Adding a noop implementation of an authentication manager for use
tracking identity information within the OpenSearch systems.

Also see
- opensearch-project#4514
- opensearch-project#3846
- https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md

Signed-off-by: Peter Nied <[email protected]>
peternied added a commit to peternied/OpenSearch-1 that referenced this issue Sep 16, 2022
Adding a noop implementation of an authentication manager for use
tracking identity information within the OpenSearch systems.

Also see
- opensearch-project#4514
- opensearch-project#3846
- https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md

Signed-off-by: Peter Nied <[email protected]>
peternied added a commit that referenced this issue Sep 16, 2022
#4515)

* Identity and Auth Manager

Adding a noop implementation of an authentication manager for use
tracking identity information within the OpenSearch systems.

Also see
- #4514
- #3846
- https://github.com/opensearch-project/opensearch-sdk-java/blob/main/SECURITY.md

Signed-off-by: Peter Nied <[email protected]>
@peternied peternied added the Identity PR/Issues associated with Authentication or Authorization label Dec 8, 2022
@peternied peternied removed their assignment May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Build Libraries & Interfaces discuss Issues intended to help drive brainstorming and decision making enhancement Enhancement or improvement to existing feature or request extensions Identity PR/Issues associated with Authentication or Authorization Priority-High
Projects
None yet
Development

No branches or pull requests

3 participants