Skip to content

Commit

Permalink
Support disable permission check on workspace (opensearch-project#228)
Browse files Browse the repository at this point in the history
* support disable permission check for workspace

Signed-off-by: Hailong Cui <[email protected]>

* fix typos

Signed-off-by: Hailong Cui <[email protected]>

---------

Signed-off-by: Hailong Cui <[email protected]>
  • Loading branch information
Hailong-am authored and wanglam committed Oct 17, 2023
1 parent 98d21a6 commit ab8c00e
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 13 deletions.
6 changes: 6 additions & 0 deletions config/opensearch_dashboards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -273,3 +273,9 @@

# Set the value of this setting to true to enable plugin augmentation on Dashboard
# vis_augmenter.pluginAugmentationEnabled: true

# Set the value to true enable workspace feature
# workspace.enabled: false
# Set the value to false to disable permission check on workspace
# Permission check depends on OpenSearch Dashboards has authentication enabled, set it to false if no authentication is configured
# workspace.permission.enabled: true
5 changes: 4 additions & 1 deletion src/plugins/workspace/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ import { schema, TypeOf } from '@osd/config-schema';

export const configSchema = schema.object({
enabled: schema.boolean({ defaultValue: false }),
permission: schema.object({
enabled: schema.boolean({ defaultValue: true }),
}),
});

export type ConfigSchema = TypeOf<typeof configSchema>;
export type WorkspacePluginConfigType = TypeOf<typeof configSchema>;
3 changes: 3 additions & 0 deletions src/plugins/workspace/server/integration_tests/routes.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ describe('workspace service', () => {
osd: {
workspace: {
enabled: true,
permission: {
enabled: false,
},
},
migrations: { skip: false },
},
Expand Down
41 changes: 29 additions & 12 deletions src/plugins/workspace/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/

import { Observable } from 'rxjs';
import { first } from 'rxjs/operators';
import {
PluginInitializerContext,
CoreSetup,
Expand All @@ -20,11 +21,13 @@ import {
SavedObjectsPermissionControl,
SavedObjectsPermissionControlContract,
} from './permission_control/client';
import { WorkspacePluginConfigType } from '../config';

export class WorkspacePlugin implements Plugin<{}, {}> {
private readonly logger: Logger;
private client?: IWorkspaceDBImpl;
private permissionControl?: SavedObjectsPermissionControlContract;
private readonly config$: Observable<WorkspacePluginConfigType>;

private proxyWorkspaceTrafficToRealHandler(setupDeps: CoreSetup) {
/**
Expand All @@ -43,35 +46,49 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
}

constructor(initializerContext: PluginInitializerContext) {
this.logger = initializerContext.logger.get('plugins', 'workspace');
this.logger = initializerContext.logger.get();
this.config$ = initializerContext.config.create<WorkspacePluginConfigType>();
}

public async setup(core: CoreSetup) {
this.logger.debug('Setting up Workspaces service');
const config: WorkspacePluginConfigType = await this.config$.pipe(first()).toPromise();
const isPermissionControlEnabled =
config.permission.enabled === undefined ? true : config.permission.enabled;

this.client = new WorkspaceClientWithSavedObject(core);

await this.client.setup(core);

this.proxyWorkspaceTrafficToRealHandler(core);
this.permissionControl = new SavedObjectsPermissionControl(this.logger);
this.logger.info('Workspace permission control enabled:' + isPermissionControlEnabled);
if (isPermissionControlEnabled) {
this.proxyWorkspaceTrafficToRealHandler(core);
this.permissionControl = new SavedObjectsPermissionControl(this.logger);

const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
this.permissionControl
);
const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
this.permissionControl
);

core.savedObjects.addClientWrapper(
0,
WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
workspaceSavedObjectsClientWrapper.wrapperFactory
);
core.savedObjects.addClientWrapper(
0,
WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
workspaceSavedObjectsClientWrapper.wrapperFactory
);
}

registerRoutes({
http: core.http,
logger: this.logger,
client: this.client as IWorkspaceDBImpl,
});

core.capabilities.registerProvider(() => ({
workspaces: {
enabled: true,
permissionEnabled: isPermissionControlEnabled,
},
}));

return {
client: this.client,
};
Expand Down

0 comments on commit ab8c00e

Please sign in to comment.