-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Meta][FEATURE] Release extensions as experimental feature #139
Comments
From the Identity roadmap [1] the minimum viable system includes
As roadmap items are completed more details will be added to the roadmap document [1]. Staging feature integrationIt sounds like there are two options for accessing the features that extensions and the anomaly detection extension will rely on: A) I think I would prefer option A for identity to be handled on its own merge to main and then is backported into the next minor release, it will be a smaller change to get reviewed and approved. The disadvantages is that it needs to complete this process first, and the two features areas might arrive at different times impacting the amount of time to integrate the components. Alternatively with option B moving into main together, integration between components will happen earlier providing more time to iron out missing functionality. Detailed integration listIn order to prepare for the integration window between both features, I suggest we chart out the user scenarios that are required to support the extension release - @minalsha can you help us build up this list of scenarios? [1] https://github.com/opensearch-project/OpenSearch/blob/feature/identity/IDENTITY_ROADMAP.md#minimal-viable-system |
I'd like a little bit more specificity between these two bullets:
I'll repeat my "identity and access are different things" autoreply and add that we're considering two different types of access tied to identity:
|
[Use Case 1] Anomaly Detection extension checks if the current user is the same as the user that created a detector object. Extension will receive a PrincipalIdentifierToken [1] with every OS->Extension request that is an encrypted representation of the user. The naïve algorithm is already in the extension feature branch, and our feature branch has a cryptographically secure algorithm. Are there other scenarios that need identity information such as a display name?
[Use Case 2] Anomaly Detection extension only allows users that have been granted permissions to retrieve, describe, modify, delete detectors. This should be set for all registered actions in Anomaly Detection. Before actions are executed permissions are checked based on the action name. When classes extend ActionType the name passed to the constructor is the permission name, for GetAnomalyDetectorAction [2] the name is Note: I'll codify these in our documents |
Is your feature request related to a problem?
Release extensions support as an experimental release in OpenSearch 2.x line.
feature/extensions
tomain
and2.x
The text was updated successfully, but these errors were encountered: