Open willyborankin opened 1 year ago
Linking related https://github.com/opensearch-project/security/issues/1852
Configuration validation can create some problems for us, in its current form we don't have a required order of declarations - this could create backwards capability trouble
Calling the APIs to create a user, role, and rolemapping the order doesn't matter. However, if we start enforcing this it gets more interesting for our clients. IMO that feels like a optional feature we could enable ?validateReference=true
and then make it the default in a major version bump.
Is your feature request related to a problem? Outcome of this PR https://github.com/opensearch-project/security/pull/3123.
Missing validations in role mappings: -
users
JSON property. There is no validation in place for the list of users that exist in the system. As a result, it is possible to add non-existing users to any role mapping. -hosts
there are not clear rules around this property what it should contain. It looks likehosts
functionality has never been finished since OSD hasnt has possibility to add hosts.What solution would you like?
hosts
should look like and add validation for this property.What alternatives have you considered? If we do not use
hosts
remove this property or re-implement it.