Closed Its-Ankush closed 1 week ago
[Triage] Hi @Its-Ankush, thank you for filing this issue. OpenSearch follows the JSON Patch RFC (information for which can be found here: https://jsonpatch.com/). As a result, the behavior of replacing the entire config field is expected. Going to close this issue as this is not a Bug but the intended behavior.
Just in case if anyone wants to achieve this -
Change this
curl -k -u "username":"password" -XPATCH "https://IP:9200/_plugins/_security/api/rolesmapping/manage_snapshots" -H 'Content-Type:application/json' -d '[{"op":"add","path":"/backend_roles","value":["ghi"]}]'
To this
curl -k -u "username":"password" -XPATCH "https://IP:9200/_plugins/_security/api/rolesmapping/manage_snapshots" -H 'Content-Type:application/json' -d '[{"op":"add","path":"/backend_roles/-","value":"ghi"}]'
What is the bug? Using the Patch role mapping API, it doesnt actually add
backend_roles
orusers
. The API erases/replaces everything and adds that one role which you mention with the APIHow can one reproduce the bug? Steps to reproduce the behavior:
What is the expected behavior?![Screenshot 2024-06-13 at 1 36 13 PM](https://github.com/opensearch-project/security/assets/68053631/da9cf2f5-25cb-4b0a-99ac-7640d268d690)
The same behaviour is for
"op": "replace/add"
and the backend roles are always erased and then added.The ask is - to actually allow adding and stop erasing the existing backend roles/users. This will eliminate an extra
GET
call to fetch the pre-exisitng backend roles/users.What is your host/environment?
Do you have any screenshots? Yes, attached above
Do you have any additional context? n/a