Add runAs to Subject interface and introduce IdentityAwarePlugin extension point #14630
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
…stHandling Signed-off-by: Craig Perkins <[email protected]>
3 tasks
|
❌ Gradle check result for 444fde7: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
cwperks
requested review from
anasalkouz,
andrross,
ashking94,
Bukhtawar,
CEHENKLE,
dblock,
dbwiddis,
gbbafna,
kotwanikunal,
mch2,
msfroh,
nknize,
owaiskazi19,
reta,
Rishikesh1159,
sachinpkale,
saratvemulapalli,
shwetathareja and
sohami
as code owners
5 tasks
dblock
pushed a commit
that referenced
this pull request
Aug 29, 2024
…nsion point (#14630) (#15477) * Create ExecutionContext and show example with ActionPluginProxy * Only allow core to set the ExecutionContext * WIP on plugin aware thread context * Plugin Aware API Handling * Add test to verify that ExecutionContext is being populated during RestHandling * Clear context in a finally block * Create switchContext method in ThreadContext and make pluginExecutionStack a stack * WIP on plugin aware stash context * Create class called PluginAwareNodeClient that provides a method called switchContext * Remove ExecutionContext class * Update javadoc * Change createComponents to take in PluginAwareNodeClient * Update all instances of createComponents * Initialize clients * Remove casting * WIP on notion of ContextSwitcher * Make stashContext package-private * Make markAsSystemContext package-private * Add javadoc on param * Remove SystemContextSwitcher * Merge with main * Cleanup * Remove SystemIndexFilter * Add notion of Forbidden Headers to the ThreadContext * Fix tests * Fix test * Add method to initialize plugins * Create concept of pluginNodeClient that can be used for executing transport actions as the plugin * Add test * Add another test for setPluginNodeClient * Remove newline * Add another test * Subject.runAs and introduce PluginSubject * Do nothing when runAs is called for ShiroSubject and NoopSubject * Remove extraneous changes * Test all methods in PluginSubject * Pass a Callable to runAs * Update import * Simplify PR, make NoopPluginSubject and introduce IdentityAwarePlugin * Add final * Remove server dependency * Remove AbstractSubject * Remove unnecessary changes * Add javadoc to NoopPluginSubject * Rename to assignSubject * Add experimental label * Add getPluginSubject(plugin) to IdentityPlugin * Make runAs generic * package-private constructor * Move IdentityAwarePlugin initialization * Create separate PluginSubject interface * Remove authenticate method * Remove import * Separate UserSubject and PluginSubject * Terminate TestThreadPool * mock ThreadPool in RestSendToExtensionActionTests * Fix Thread leak * Add to CHANGELOG * Rename to getCurrentSubject * Add type check * Rename to pluginSubject * Add runAs to ActionRequest and surround doExecute in AbstractClient * Return this * Switch back to void * Revert change to ActionRequest --------- (cherry picked from commit ee17eca) Signed-off-by: Craig Perkins <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Ankit Jain <[email protected]>
This was referenced Aug 29, 2024
Merged
5 tasks
3 tasks
This was referenced Sep 6, 2024
akolarkunnu
pushed a commit
to akolarkunnu/OpenSearch
that referenced
this pull request
Sep 10, 2024
…nsion point (opensearch-project#14630) * Create ExecutionContext and show example with ActionPluginProxy Signed-off-by: Craig Perkins <[email protected]> * Only allow core to set the ExecutionContext Signed-off-by: Craig Perkins <[email protected]> * WIP on plugin aware thread context Signed-off-by: Craig Perkins <[email protected]> * Plugin Aware API Handling Signed-off-by: Craig Perkins <[email protected]> * Add test to verify that ExecutionContext is being populated during RestHandling Signed-off-by: Craig Perkins <[email protected]> * Clear context in a finally block Signed-off-by: Craig Perkins <[email protected]> * Create switchContext method in ThreadContext and make pluginExecutionStack a stack Signed-off-by: Craig Perkins <[email protected]> * WIP on plugin aware stash context Signed-off-by: Craig Perkins <[email protected]> * Create class called PluginAwareNodeClient that provides a method called switchContext Signed-off-by: Craig Perkins <[email protected]> * Remove ExecutionContext class Signed-off-by: Craig Perkins <[email protected]> * Update javadoc Signed-off-by: Craig Perkins <[email protected]> * Change createComponents to take in PluginAwareNodeClient Signed-off-by: Craig Perkins <[email protected]> * Update all instances of createComponents Signed-off-by: Craig Perkins <[email protected]> * Initialize clients Signed-off-by: Craig Perkins <[email protected]> * Remove casting Signed-off-by: Craig Perkins <[email protected]> * WIP on notion of ContextSwitcher Signed-off-by: Craig Perkins <[email protected]> * Make stashContext package-private Signed-off-by: Craig Perkins <[email protected]> * Make markAsSystemContext package-private Signed-off-by: Craig Perkins <[email protected]> * Add javadoc on param Signed-off-by: Craig Perkins <[email protected]> * Remove SystemContextSwitcher Signed-off-by: Craig Perkins <[email protected]> * Merge with main Signed-off-by: Craig Perkins <[email protected]> * Cleanup Signed-off-by: Craig Perkins <[email protected]> * Remove SystemIndexFilter Signed-off-by: Craig Perkins <[email protected]> * Add notion of Forbidden Headers to the ThreadContext Signed-off-by: Craig Perkins <[email protected]> * Fix tests Signed-off-by: Craig Perkins <[email protected]> * Fix test Signed-off-by: Craig Perkins <[email protected]> * Add method to initialize plugins Signed-off-by: Craig Perkins <[email protected]> * Create concept of pluginNodeClient that can be used for executing transport actions as the plugin Signed-off-by: Craig Perkins <[email protected]> * Add test Signed-off-by: Craig Perkins <[email protected]> * Add another test for setPluginNodeClient Signed-off-by: Craig Perkins <[email protected]> * Remove newline Signed-off-by: Craig Perkins <[email protected]> * Add another test Signed-off-by: Craig Perkins <[email protected]> * Subject.runAs and introduce PluginSubject Signed-off-by: Craig Perkins <[email protected]> * Do nothing when runAs is called for ShiroSubject and NoopSubject Signed-off-by: Craig Perkins <[email protected]> * Remove extraneous changes Signed-off-by: Craig Perkins <[email protected]> * Test all methods in PluginSubject Signed-off-by: Craig Perkins <[email protected]> * Pass a Callable to runAs Signed-off-by: Craig Perkins <[email protected]> * Update import Signed-off-by: Craig Perkins <[email protected]> * Simplify PR, make NoopPluginSubject and introduce IdentityAwarePlugin Signed-off-by: Craig Perkins <[email protected]> * Add final Signed-off-by: Craig Perkins <[email protected]> * Remove server dependency Signed-off-by: Craig Perkins <[email protected]> * Remove AbstractSubject Signed-off-by: Craig Perkins <[email protected]> * Remove unnecessary changes Signed-off-by: Craig Perkins <[email protected]> * Add javadoc to NoopPluginSubject Signed-off-by: Craig Perkins <[email protected]> * Rename to assignSubject Signed-off-by: Craig Perkins <[email protected]> * Add experimental label Signed-off-by: Craig Perkins <[email protected]> * Add getPluginSubject(plugin) to IdentityPlugin Signed-off-by: Craig Perkins <[email protected]> * Make runAs generic Signed-off-by: Craig Perkins <[email protected]> * package-private constructor Signed-off-by: Craig Perkins <[email protected]> * Move IdentityAwarePlugin initialization Signed-off-by: Craig Perkins <[email protected]> * Create separate PluginSubject interface Signed-off-by: Craig Perkins <[email protected]> * Remove authenticate method Signed-off-by: Craig Perkins <[email protected]> * Remove import Signed-off-by: Craig Perkins <[email protected]> * Separate UserSubject and PluginSubject Signed-off-by: Craig Perkins <[email protected]> * Terminate TestThreadPool Signed-off-by: Craig Perkins <[email protected]> * mock ThreadPool in RestSendToExtensionActionTests Signed-off-by: Craig Perkins <[email protected]> * Fix Thread leak Signed-off-by: Craig Perkins <[email protected]> * Add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Rename to getCurrentSubject Signed-off-by: Craig Perkins <[email protected]> * Add type check Signed-off-by: Craig Perkins <[email protected]> * Rename to pluginSubject Signed-off-by: Craig Perkins <[email protected]> * Add runAs to ActionRequest and surround doExecute in AbstractClient Signed-off-by: Craig Perkins <[email protected]> * Return this Signed-off-by: Craig Perkins <[email protected]> * Switch back to void Signed-off-by: Craig Perkins <[email protected]> * Revert change to ActionRequest Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
This was referenced Sep 11, 2024
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Companion Security PR: opensearch-project/security#4665
This PR adds new method to the Subject interface called
runAsand introduces a new extension point calledIdentityAwarePlugin. This new method can be utilized to run a callable block of code in the context of the subject.This PR also introduces the notion of an IdentityAwarePlugin which contains a single method to initialize the plugin. The IdentityPlugin will get to define which subject is passed to IdentityAwarePlugins on initialization. Practically, the Security Plugin is the IdentityPlugin and the subject passed to IdentityAwarePlugins is a special pluginSystemSubject which can be utilized to perform transport actions in the plugin system context and outside of the authenticated user context.
Subject.runAs()is intended to be an abstraction and replacement on the current pattern of System index interaction in which plugins will utilize the ThreadContext class and stash the context before performing transport actions on system indices.With the changes in this PR, the
NoopIdentityPluginwill assign aNoopPluginSubjecttoIdentityAwarePlugins. When usingNoopPluginSubject.runAs(() -> { ... })it runs the Callable within a block where the ThreadContext is stashed which is the same behavior plugins use today so its a direct replacement totry (ThreadContext.StoredContext ctx = threadContext.stashContext()) { ... }.By itself, this PR is not very interesting, but with the changes in this PR it enables the Security plugin (the IdentityPlugin) to define an implementation for PluginSubject. If you look at the companion PR, the Security implementation of PluginSubject injects a pluginUser into the ThreadContext so that we can start using the existing security authz mechanisms to gate way plugins can do within the runAs block.
Related Issues
Related to: opensearch-project/security#4439
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.