🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
The security plugin currently tracks system indices through an OpenSearch Setting. This PR removes the reliance on the setting in favor of getting the registered system indices from core.
Registered System Index - A registered system index is an index pattern that has been reserved by a plugin via the SystemIndexPlugin.getSystemIndexDescriptors extension point. Conventionally, system indices begin with a dot (.).
This PR adds an IT that demonstrates how the security plugin will obtain the list from core.
This is a step towards a solution for https://github.com/opensearch-project/security/issues/4439, but more work needs to be done in core to convey which plugin has stashes the ThreadContext so the security plugin can properly authorize interactions with system indices.
[X] Commits are signed per the DCO using --signoff
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.
Description
The security plugin currently tracks system indices through an OpenSearch Setting. This PR removes the reliance on the setting in favor of getting the registered system indices from core.
Registered System Index - A registered system index is an index pattern that has been reserved by a plugin via the SystemIndexPlugin.getSystemIndexDescriptors extension point. Conventionally, system indices begin with a dot (
.
).This PR adds an IT that demonstrates how the security plugin will obtain the list from core.
This is a step towards a solution for https://github.com/opensearch-project/security/issues/4439, but more work needs to be done in core to convey which plugin has stashes the ThreadContext so the security plugin can properly authorize interactions with system indices.
Enhancement
Issues Resolved
Related to https://github.com/opensearch-project/security/issues/4439
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.