search

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
180 stars 263 forks source link

Obtain registered system indices from core and add test that shows that core is passing the registered system indices #4471

Open cwperks opened 1 week ago

cwperks commented 1 week ago

Description

The security plugin currently tracks system indices through an OpenSearch Setting. This PR removes the reliance on the setting in favor of getting the registered system indices from core.

Registered System Index - A registered system index is an index pattern that has been reserved by a plugin via the SystemIndexPlugin.getSystemIndexDescriptors extension point. Conventionally, system indices begin with a dot (.).

This PR adds an IT that demonstrates how the security plugin will obtain the list from core.

This is a step towards a solution for https://github.com/opensearch-project/security/issues/4439, but more work needs to be done in core to convey which plugin has stashes the ThreadContext so the security plugin can properly authorize interactions with system indices.

Enhancement

Issues Resolved

Related to https://github.com/opensearch-project/security/issues/4439

Check List

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

cwperks commented 1 week ago

Setting this to Draft until Core PR is finalized and all associated PRs are merged.