Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make GetTermVersionAction internal #12866

Merged
merged 3 commits into from
Mar 23, 2024
Merged

Make GetTermVersionAction internal #12866

merged 3 commits into from
Mar 23, 2024

Conversation

peternied
Copy link
Member

Description

GetTermVersion action has been added to check if cluster state needs to be updated as a performance improvement on all cluster state checks. The Authorization systems in the Security Plugin check all actions that do not start with internal: for permissions causing users without cluster:monitor/* permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization check by any security systems since it cannot be called via REST APIs.

Related Issues

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@peternied
Make GetTermVersionAction internal
f1cd937 
GetTermVersion action has been added to check if cluster state needs to
be updated as a performance improvement on all cluster state checks.
The Authorization systems in the Security Plugin check all actions that
do not start with `internal:` for permissions causing users without
`cluster:monitor/*` permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization
check by any security systems since it cannot be called via REST APIs.

Signed-off-by: Peter Nied <[email protected]>
@github-actions github-actions bot added the backport 2.x Backport to 2.x branch label Mar 22, 2024
@peternied peternied added v2.13.0 Issues and PRs related to version 2.13.0 backport 2.13 labels Mar 22, 2024
@cwperks cwperks mentioned this pull request Mar 22, 2024
Closed
3 tasks
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 22, 2024
edited
Loading

Compatibility status:

Checks if related components are compatible with change 7880a27

Incompatible components

Incompatible components: [https://github.com/opensearch-project/security.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/flow-framework.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/performance-analyzer.git]

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for f1cd937: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for f4c2e6c:

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for f4c2e6c: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for 7880a27: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@peternied
Copy link
Member Author

The upgrade tests are failing because in 2.x the previous transport action name was in place. I'm backporting the 2.13 change into 2.x that will unblock this PR.

@peternied
Copy link
Member Author

@peternied peternied removed backport 2.x Backport to 2.x branch backport 2.13 v2.13.0 Issues and PRs related to version 2.13.0 labels Mar 22, 2024
@github-actions GitHub Actions
Copy link
Contributor

❕ Gradle check result for 7880a27: UNSTABLE

  • TEST FAILURES:
      1 org.opensearch.remotestore.RemoteStoreStatsIT.testDownloadStatsCorrectnessSinglePrimaryMultipleReplicaShards

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

@codecov Codecov
Copy link

codecov bot commented Mar 23, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.38%. Comparing base (b15cb0c) to head (7880a27).
Report is 81 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main   #12866      +/-   ##
============================================
- Coverage     71.42%   71.38%   -0.04%     
- Complexity    59978    60251     +273     
============================================
  Files          4985     5011      +26     
  Lines        282275   283675    +1400     
  Branches      40946    41117     +171     
============================================
+ Hits         201603   202512     +909     
- Misses        63999    64342     +343     
- Partials      16673    16821     +148

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@reta reta merged commit 5b4b4aa into opensearch-project:main Mar 23, 2024
33 checks passed
@peternied peternied deleted the term-action-name branch March 23, 2024 01:27
shiv0408 pushed a commit to Gaurav614/OpenSearch that referenced this pull request Apr 25, 2024
@peternied @shiv0408
Make GetTermVersionAction internal (opensearch-project#12866)
a49ba08 
* Make GetTermVersionAction internal

GetTermVersion action has been added to check if cluster state needs to
be updated as a performance improvement on all cluster state checks.
The Authorization systems in the Security Plugin check all actions that
do not start with `internal:` for permissions causing users without
`cluster:monitor/*` permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization
check by any security systems since it cannot be called via REST APIs.

Signed-off-by: Peter Nied <[email protected]>

* Move TermVerson action outside of admin/cluster namespace

Signed-off-by: Peter Nied <[email protected]>

---------

Signed-off-by: Peter Nied <[email protected]>
Signed-off-by: Shivansh Arora <[email protected]>
harshavamsi pushed a commit to harshavamsi/OpenSearch that referenced this pull request Apr 29, 2024
@peternied @harshavamsi
Make GetTermVersionAction internal (opensearch-project#12866)
d493bb3 
* Make GetTermVersionAction internal

GetTermVersion action has been added to check if cluster state needs to
be updated as a performance improvement on all cluster state checks.
The Authorization systems in the Security Plugin check all actions that
do not start with `internal:` for permissions causing users without
`cluster:monitor/*` permissions to start getting 403 exceptions.

This change signals that this action does not require an authorization
check by any security systems since it cannot be called via REST APIs.

Signed-off-by: Peter Nied <[email protected]>

* Move TermVerson action outside of admin/cluster namespace

Signed-off-by: Peter Nied <[email protected]>

---------

Signed-off-by: Peter Nied <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stephen-crawford stephen-crawford stephen-crawford approved these changes

@cwperks cwperks cwperks approved these changes

@reta reta reta approved these changes

@abbashus abbashus Awaiting requested review from abbashus

@adnapibar adnapibar Awaiting requested review from adnapibar

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@andrross andrross Awaiting requested review from andrross andrross is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@dreamer-89 dreamer-89 Awaiting requested review from dreamer-89

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@ryanbogan ryanbogan Awaiting requested review from ryanbogan

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@tlfeng tlfeng Awaiting requested review from tlfeng

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
skip-changelog
Projects
None yet
Milestone
No milestone
4 participants
@peternied @reta @cwperks @stephen-crawford