Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace usages of ThreadContext.stashContext with pluginSubject.runAs #715

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Replace usages of ThreadContext.stashContext with pluginSubject.runAs #715

wants to merge 9 commits into from

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Jan 28, 2025

Description

This PR replaces usages of ThreadContext.stashContext with a replacement that enforces stricter ownership over system indices. Plugins can use this replacement for system index access and the advantage of this replacement is that it provides context into which plugin is performing privileged actions like system index access.

Related Issues

Resolves opensearch-project/opensearch-plugins#238

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks
Replace usages of ThreadContext.stashContext with pluginSubject.runAs
a6bf69f 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
rearrange
c42aa79 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
Add initialize to Ip2GeoProcessor
4aea21e 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
Add System Index Descriptor
5e48de5 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
Fix test
cb2da89 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
Add wildcard
2e60153 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
fix test
73c80e6 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
Add to CHANGELOG
10d1965 
Signed-off-by: Craig Perkins <[email protected]>
@yizheliu-amazon
Copy link
Contributor

Hi @cwperks , should this change be included in 2.19 release? The code freeze for 2.19 starts at Jan 28th as per: https://opensearch.org/releases.html

@cwperks
Copy link
Member Author

cwperks commented Jan 31, 2025

Hi @cwperks , should this change be included in 2.19 release? The code freeze for 2.19 starts at Jan 28th as per: https://opensearch.org/releases.html

No this does not need to be included. This is part of a larger effort across plugins. I initially looked at geospatial since it was one of the plugins that creates an instance of JobScheduler's LockService and I wanted to demonstrate how to use the instance of LockService provided by job scheduler instead of creating a separate instance. Eventually, I want to remove the public constructor for LockService to enforce that plugins use the instance provided by job scheduler.

The reason for this is a new model for access to system indices instead of the current model of wrapping with ThreadContext.stashContext.

In the current model there are not authz checks that are run in that block so a plugin can perform any action w/o restriction.

In the new model (utilizing pluginSubject.runAs) it provides information at runtime about which plugin is running the action and security uses that information to allow it to access its own system indices, but can forbid other actions.

@yizheliu-amazon
Copy link
Contributor

I see. Thank you for the information.

@cwperks cwperks mentioned this pull request Feb 3, 2025
Merged
5 tasks
@cwperks cwperks marked this pull request as ready for review February 3, 2025 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heemin32 heemin32 Awaiting requested review from heemin32 heemin32 is a code owner

@navneet1v navneet1v Awaiting requested review from navneet1v navneet1v is a code owner

@VijayanB VijayanB Awaiting requested review from VijayanB VijayanB is a code owner

@vamshin vamshin Awaiting requested review from vamshin vamshin is a code owner

@jmazanec15 jmazanec15 Awaiting requested review from jmazanec15 jmazanec15 is a code owner

@naveentatikonda naveentatikonda Awaiting requested review from naveentatikonda naveentatikonda is a code owner

@junqiu-lei junqiu-lei Awaiting requested review from junqiu-lei junqiu-lei is a code owner

@martin-gaievski martin-gaievski Awaiting requested review from martin-gaievski martin-gaievski is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[META] Remove usages of ThreadContext.stashContext and adopt new mechanism for System Index access
2 participants
@cwperks @yizheliu-amazon