Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added dummy search when creating detector on the given indicies #197

Merged
merged 2 commits into from
Jan 5, 2023
Merged

Added dummy search when creating detector on the given indicies #197

merged 2 commits into from
Jan 5, 2023

Conversation

stevanbz
Copy link
Contributor

@stevanbz stevanbz commented Dec 13, 2022
edited
Loading

Description

[Describe what this change achieves]
Checks if user can access the given indices when creating detector

Implemented approach 2 from the issue listed below. Introduced dummy index search before detector creation happens, since once the detector is being created the context is stashed and from that point, the program continues the execution as a super user (which has an access to resources on altering and security analytics side).
That's why, the check has been introduced before the context is being stashed and follows the approach used in alerting.

One general note - security tests will fail because the index privilege action is not introduced for the security_analytics_full_access role

Issues Resolved

[List any issues this PR will resolve]
#182

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@stevanbz stevanbz force-pushed the check-index-access-on-detector-creation branch from 4c070e1 to caf640a Compare December 20, 2022 17:55
@stevanbz stevanbz marked this pull request as ready for review December 22, 2022 19:07
@stevanbz stevanbz requested a review from a team December 22, 2022 19:07
@stevanbz stevanbz force-pushed the check-index-access-on-detector-creation branch 2 times, most recently from f689672 to a4ff0b7 Compare December 26, 2022 20:06
@codecov-commenter
Copy link

codecov-commenter commented Dec 26, 2022
edited
Loading

Codecov Report

Merging #197 (9b56898) into main (d663a79) will decrease coverage by 0.09%.
The diff coverage is 0.00%.

@@             Coverage Diff              @@
##               main     #197      +/-   ##
============================================
- Coverage     38.97%   38.87%   -0.10%     
+ Complexity      892      891       -1     
============================================
  Files           176      176              
  Lines          6746     6758      +12     
  Branches        823      824       +1     
============================================
- Hits           2629     2627       -2     
- Misses         3876     3889      +13     
- Partials        241      242       +1
Impacted Files Coverage Δ
...lytics/transport/TransportIndexDetectorAction.java 0.00% <0.00%> (ø)
...g/opensearch/securityanalytics/model/Detector.java 69.89% <0.00%> (-0.70%) ⬇️
...analytics/transport/TransportSearchRuleAction.java 0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@stevanbz stevanbz force-pushed the check-index-access-on-detector-creation branch from a4ff0b7 to 4a1f986 Compare December 26, 2022 21:05
@stevanbz stevanbz force-pushed the check-index-access-on-detector-creation branch 2 times, most recently from 30ac233 to cb8a613 Compare January 4, 2023 16:27
@stevanbz stevanbz force-pushed the check-index-access-on-detector-creation branch from cb8a613 to 64b4c07 Compare January 5, 2023 21:37
@stevanbz
Removed step listener once the detector is being created used for dum…
142982a 
…my index search. Updated tests

Signed-off-by: Stevan Buzejic <[email protected]>
@stevanbz stevanbz force-pushed the check-index-access-on-detector-creation branch from 9b56898 to 142982a Compare January 5, 2023 22:09
@sbcd90 sbcd90 merged commit 51a176b into opensearch-project:main Jan 5, 2023
opensearch-trigger-bot bot pushed a commit that referenced this pull request Jan 5, 2023
@stevanbz @github-actions
Added dummy search when creating detector on the given indicies (#197)
a96296d 
Signed-off-by: Stevan Buzejic <[email protected]>
(cherry picked from commit 51a176b)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jan 5, 2023
Merged
eirsep pushed a commit to eirsep/security-analytics that referenced this pull request Apr 3, 2023
@stevanbz @eirsep
Added dummy search when creating detector on the given indicies (open…
3a0b8e6 
…search-project#197)

Signed-off-by: Stevan Buzejic <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eirsep eirsep eirsep approved these changes

@sbcd90 sbcd90 sbcd90 approved these changes

Assignees
No one assigned
Labels
backport 2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@stevanbz @codecov-commenter @sbcd90 @eirsep @stevanbuzejic