Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix tenant label for custom tenant when both Global and Private tenan… #1277

Merged
merged 3 commits into from
Dec 22, 2022
Merged

Fix tenant label for custom tenant when both Global and Private tenan… #1277

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
770a26a
Fix tenant label for custom tenant when both Global and Private tenan…
RyanL1997 Dec 20, 2022
56dd695
Update the distribution version for Prerequisite test
RyanL1997 Dec 21, 2022
627e2f2
Rename test cases
RyanL1997 Dec 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 13 additions & 3 deletions server/multitenancy/tenant_resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import { isEmpty, findKey, cloneDeep } from 'lodash';
import { OpenSearchDashboardsRequest } from '../../../../src/core/server';
import { SecuritySessionCookie } from '../session/security_cookie';
import { SecurityPluginConfigType } from '..';
import { GLOBAL_TENANT_SYMBOL, PRIVATE_TENANT_SYMBOL } from '../../common';
import { GLOBAL_TENANT_SYMBOL, PRIVATE_TENANT_SYMBOL, globalTenantName } from '../../common';

export const PRIVATE_TENANTS: string[] = [PRIVATE_TENANT_SYMBOL, 'private'];
export const GLOBAL_TENANTS: string[] = ['global', GLOBAL_TENANT_SYMBOL];
Expand Down Expand Up @@ -79,7 +79,7 @@ export function resolveTenant(
);
}

function resolve(
export function resolve(
username: string,
requestedTenant: string | undefined,
preferredTenants: string[] | undefined,
Expand Down Expand Up @@ -143,7 +143,17 @@ function resolve(
return PRIVATE_TENANT_SYMBOL;
}

// fall back to the first tenant in the available tenants
/**
* Fall back to the first tenant in the available tenants
* Under the condition of enabling multitenancy, if the user has disabled both 'Global' and 'Private' tenants:
* it will remove the default global tenant key for custom tenant.
*/
if (
Object.keys(availableTenantsClone).length > 1 &&
availableTenantsClone.hasOwnProperty(globalTenantName)
) {
delete availableTenantsClone[globalTenantName];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will work, but it's a bit confusing why global_tenant is in this data structure in the first place. I went over to the security plugin to find where its coming from and it looks like its being added here: https://github.com/opensearch-project/security/blob/main/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java#L1135-L1140

I'm finding that block hard to follow and not sure what the reason for it is.

This PR looks good to me overall. I will approve when the test descriptions are updated.

Copy link
Collaborator Author

@RyanL1997 RyanL1997 Dec 21, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this global_tenant is basically functioning as the 'Global' tenant. Just for the case that user doesn't have any custom tenants with multi-tenancy enabled but disable both 'Global' and 'Private' tenants.

Referencing to the information from @cliu123, I also left a comment in the original issue: #1248 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cwperks Yes, global_tenant comes from there.
@RyanL1997 You're right. global_tenant is global tenant.

}
return findKey(availableTenantsClone, () => true);
}

Expand Down
57 changes: 57 additions & 0 deletions server/multitenancy/test/tenant_resolver.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
/*
* Copyright OpenSearch Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

import { resolve } from '../tenant_resolver';

describe("Resolve tenants when multitenancy is enabled and both 'Global' and 'Private' tenants are disabled", () => {
function resolveWithConfig(config: any) {
return resolve(
config.username,
config.requestedTenant,
config.preferredTenants,
config.availableTenants,
config.globalTenantEnabled,
config.privateTenantEnabled
);
}

it('Resolve tenants list for admin user', () => {
const adminConfig = {
username: 'admin',
requestedTenant: 'admin_tenant',
preferredTenants: undefined,
availableTenants: { global_tenant: true, admin_tenant: true, test_tenant: true, admin: true },
globalTenantEnabled: false,
privateTenantEnabled: false,
};

const adminResult = resolveWithConfig(adminConfig);
expect(adminResult).toEqual('admin_tenant');
});

it('Resolve tenants list for non-admin user', () => {
RyanL1997 marked this conversation as resolved.
Show resolved Hide resolved
const nonadminConfig = {
username: 'testuser',
requestedTenant: undefined,
preferredTenants: undefined,
availableTenants: { global_tenant: true, testuser: true },
globalTenantEnabled: false,
privateTenantEnabled: false,
};

const nonadminResult = resolveWithConfig(nonadminConfig);
expect(nonadminResult).toEqual('global_tenant');
});
});