Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Command cat/indices will filter results per the Do Not Fail On Forbidden setting #3236

Merged
merged 9 commits into from
Aug 29, 2023

Conversation

derek-ho
Copy link
Collaborator

@derek-ho derek-ho commented Aug 24, 2023

Description

This change allows for DNFOF behavior on the _cat/_indices API. It adds the required index permissions into the DNFOF regex to be picked up in the DNFOF code path. Previously it was being skipped/returning 403, since the index permissions were not in the regex.

Issues Resolved

Fix: #1815

Is this a backport? If so, please add backport PR # and/or commits #

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

  • New functionality includes testing
  • New functionality has been documented
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@derek-ho derek-ho changed the title Cat indices Enable DNFOF on cat indices API Aug 24, 2023
@derek-ho derek-ho marked this pull request as ready for review August 24, 2023 16:11
@codecov
Copy link

codecov bot commented Aug 24, 2023

Codecov Report

Merging #3236 (c12333c) into main (46dfd84) will increase coverage by 0.00%.
Report is 9 commits behind head on main.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##               main    #3236    +/-   ##
==========================================
  Coverage     62.49%   62.49%            
- Complexity     3351     3400    +49     
==========================================
  Files           254      259     +5     
  Lines         19732    20056   +324     
  Branches       3334     3370    +36     
==========================================
+ Hits          12331    12534   +203     
- Misses         5773     5872    +99     
- Partials       1628     1650    +22     
Files Changed Coverage Δ
...earch/security/privileges/PrivilegesEvaluator.java 73.20% <100.00%> (+0.08%) ⬆️

... and 19 files with indirect coverage changes

@peternied peternied changed the title Enable DNFOF on cat indices API Command cat/indices will filter results per the Do Not Fail On Forbidden setting Aug 28, 2023
@RyanL1997 RyanL1997 merged commit 4c095d2 into opensearch-project:main Aug 29, 2023
@stephen-crawford stephen-crawford added the backport 2.x backport to 2.x branch label Aug 29, 2023
@opensearch-trigger-bot
Copy link
Contributor

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-3236-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 4c095d27fd30ec279dd4214e72a831ea9123a693
# Push it to GitHub
git push --set-upstream origin backport/backport-3236-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-3236-to-2.x.

@peternied
Copy link
Member

Backport likely failed due to the integration tests not being backported

derek-ho added a commit to derek-ho/security that referenced this pull request Aug 29, 2023
…idden setting (opensearch-project#3236)

This change allows for DNFOF behavior on the _cat/_indices API. It adds
the required index permissions into the DNFOF regex to be picked up in
the DNFOF code path. Previously it was being skipped/returning 403,
since the index permissions were not in the regex.

Fix: opensearch-project#1815

Is this a backport? If so, please add backport PR # and/or commits #

[Please provide details of testing done: unit testing, integration
testing and manual testing]

- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Derek Ho <[email protected]>
(cherry picked from commit 4c095d2)
Signed-off-by: Derek Ho <[email protected]>
cwperks pushed a commit that referenced this pull request Aug 29, 2023
…ot fail on forbidden setting (#3258)

### Description
Backport 4c095d2 of #3236 

### Check List
- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [X] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Derek Ho <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport 2.x backport to 2.x branch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] do_not_fail_on_forbidden_empty does not work for cat api
5 participants