search

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
180 stars 264 forks source link

Add cat/alias support for DNFOF #4436

Closed derek-ho closed 3 weeks ago

derek-ho commented 3 weeks ago

Description

This adds DNFOF support for Cat Aliases API. The behavior prior to this change is that cat alias API would fail with error: no permissions for [indices:admin/aliases/get], even with DNFOF is enabled. Now the behavior is that cat alias API will return the aliases with indices that you have access to. I added a DNFOF test show casing this behavior.

Issues Resolved

Fix: #4413 Is this a backport? If so, please add backport PR # and/or commits # No

Testing

Manual testing, added a test case, fixed a unit test

Check List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

codecov[bot] commented 3 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 65.47%. Comparing base (0aed8f9) to head (75877b7). Report is 5 commits behind head on main.

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/opensearch-project/security/pull/4436/graphs/tree.svg?width=650&height=150&src=pr&token=rBpySfQXMt&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project)](https://app.codecov.io/gh/opensearch-project/security/pull/4436?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) ```diff @@ Coverage Diff @@ ## main #4436 +/- ## ========================================== + Coverage 65.42% 65.47% +0.05% ========================================== Files 310 312 +2 Lines 22013 22042 +29 Branches 3556 3559 +3 ========================================== + Hits 14401 14431 +30 + Misses 5841 5837 -4 - Partials 1771 1774 +3 ``` | [Files](https://app.codecov.io/gh/opensearch-project/security/pull/4436?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | Coverage Δ | | |---|---|---| | [...earch/security/privileges/PrivilegesEvaluator.java](https://app.codecov.io/gh/opensearch-project/security/pull/4436?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fprivileges%2FPrivilegesEvaluator.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9wcml2aWxlZ2VzL1ByaXZpbGVnZXNFdmFsdWF0b3IuamF2YQ==) | `72.12% <ø> (ø)` | | ... and [5 files with indirect coverage changes](https://app.codecov.io/gh/opensearch-project/security/pull/4436/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project)