-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MD] Credentials security redesign #2253
[MD] Credentials security redesign #2253
Conversation
Signed-off-by: Louis Chu <clingzhi@amazon.com>
f3e8ba2
to
5b62400
Compare
6c930d3
to
190ef93
Compare
src/plugins/data_source/server/saved_objects/data_source_saved_objects_client_wrapper.ts
Show resolved
Hide resolved
src/plugins/data_source/server/saved_objects/data_source_saved_objects_client_wrapper.ts
Outdated
Show resolved
Hide resolved
src/plugins/data_source/server/saved_objects/data_source_saved_objects_client_wrapper.ts
Outdated
Show resolved
Hide resolved
src/plugins/data_source/server/saved_objects/data_source_saved_objects_client_wrapper.ts
Outdated
Show resolved
Hide resolved
src/plugins/data_source/server/saved_objects/data_source_saved_objects_client_wrapper.ts
Outdated
Show resolved
Hide resolved
190ef93
to
228b2b2
Compare
228b2b2
to
dd17e4e
Compare
dd17e4e
to
b060ca9
Compare
Signed-off-by: Louis Chu <clingzhi@amazon.com>
b060ca9
to
ce7005f
Compare
return { | ||
...attributes, | ||
// Drop the credentials attribute for no_auth | ||
credentials: undefined, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the input credentials
in attributes
should be undefined , if the type is a AuthType.NoAuth
? So this line could be removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are adding server-side validation, if there's a save object request comes over, and we don't want to contaminate the existing indexes
If you could, polish the commit message before you merge |
1. Data model changes for data source saved object 2. Server side changes for data source saved object a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption. b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient) c. Fix unit tests accordingly Signed-off-by: Louis Chu <clingzhi@amazon.com>
1. Data model changes for data source saved object 2. Server side changes for data source saved object a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption. b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient) c. Fix unit tests accordingly Signed-off-by: Louis Chu <clingzhi@amazon.com>
1. Data model changes for data source saved object 2. Server side changes for data source saved object a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption. b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient) c. Fix unit tests accordingly Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com>
1. Data model changes for data source saved object 2. Server side changes for data source saved object a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption. b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient) c. Fix unit tests accordingly Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com>
* Instantiate credential management plugin code structure (#1996) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Data source inside stack management setup (#2017) (#2030) Signed-off-by: Kristen Tian <tyarong@amazon.com> * enable CI for feature branch (#2010) Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add empty data source plugin (#2052) Adds empty data source plugin. Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Add initial credential management CRUD pages (#2040) * Add credential management CRUD pages 1. List all credentials 2. Create your saved credential 3. Edit your credential 4. Delete credentials Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Register Data source to savedObject & Update license header (#2037) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Move credential saved object to data source plugin (#2062) Signed-off-by: Louis Chu <clingzhi@amazon.com> Move credential saved object to data source plugin Resolve follow up comments on UI Signed-off-by: Kristen Tian <tyarong@amazon.com> * breadcrumbfix for datasource management (#2066) * breadcrumbfix for datasource management Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * breadcrumbfix for datasource management - refactoring code Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * using services to update breadcrumb on data sources management page Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Changing the license header on breadcrumbs.ts datasource management Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix breadcrumb on listing page and update saved object mapping (#2069) Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add data source step into IndexPattern with Mock switch (#2064) (#2086) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add delete button for credential detailed page (#2067) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Link datasource to indexpattern (#2118) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add encrypt/decrypt module on data source plugin (#2120) Signed-off-by: Louis Chu <clingzhi@amazon.com> 1. Add encrypt/decrypt module with UT 2. Add client factory wrapper for encrypt credential 3. Add encryption config support 4. Bugfix on Jest interpret Buffer Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integrate index pattern with new data client (#2146) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add noAuth to dataSource attributes (#2154) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource Management - creation & listing - UI only (#2128) * data source management - creation & Listing UI only * data source management - creation & Listing UI only * Create/edit data source feature * toggling default value * refactoring code as per review comments * toggling server flag to false Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Apply dataSource plugin as dependent for cm and dsm plugins (#2150) Signed-off-by: Louis Chu <clingzhi@amazon.com> Apply dataSource plugin as dependent for cm and dsm plugins (#2150) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Leverage datasource enablement in index pattern management Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Add client management module and register `getClient()` to route handler context (#2121) * Add client management module and register `getClient()` interface to route handler context Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Make step info in index pattern creation dynamic (#2164) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Refactor for credential listing page & add loading effect (#2142) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integration sequal - replace data client placeholders (#2167) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integrate with crypto module to decrpt password (#2170) Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] noAuth integration, credential & endpoint validation (#2165) * noAuth integration, credential & endpoint validation Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Refactoring validation message Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Adding back accidentally deleted file home/tutorials/haproxy_metrics/index.ts Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Refactor search strategy to conditionally user datasource client (#2171) Signed-off-by: Kristen Tian <tyarong@amazon.com> * adding relation between credential selection and no auth checkbox (#2175) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update getIndicesViaSearch with datasource (#2176) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add null header to child client spawn (#2188) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD][IP]Update button position & Add UT & Add skip option (#2195) * Add UT - index pattern related Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update button position Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add skip option to allow use default os data source Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD]Refactor layout and validate input fields for listing and create pages (#2202) Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Enable datasource link in saveObjectManagement (#2209) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update configure data source per UX input (#2235) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Enable data source audit log to file (#2215) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Refactor of credential editing page layout & refactor backend field validation method (#2222) * Refactor of credential editing page layout & refactor backend field validation method * Resolved the comments & fix the multiple call for one operation Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Tweak fetch data back to original (#2238) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Revamped UX for data source management (#2239) * revamped UX for data source management Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * refactored datasource screens as per PR comments Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Credentials security redesign (#2253) 1. Data model changes for data source saved object 2. Server side changes for data source saved object a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption. b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient) c. Fix unit tests accordingly Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add step data source UI test (#2264) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD]Improve datasource server side error handling (#2236) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource management new API change integrations (#2282) * changing datasource management design to integrate with new API changes Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Update edit_data_source_form.tsx moving masked password to constants Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update stream test to bypass CI env generate domain attribute Signed-off-by: Kristen Tian <tyarong@amazon.com> * Delete credential management Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource Management - Create data source - Unit tests (#2341) * Unit test cases for data source management - create Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * adding tests to utils.ts & changing it to test Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix update data source & block update endpint (#2364) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * MD datasource management-datasource table-UTs (#2350) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * reafctor based on PR 2334 comments to merge to main (#2375) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * removing invalid urls as CI fails on link checker for inavlid urls in git (#2376) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix DS snapshot test Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add https://test.com/ to lychee exclude Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * Remove unnessacry check Signed-off-by: Kristen Tian <tyarong@amazon.com> * Remove not needed check Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Su <szhongna@amazon.com> Co-authored-by: Louis Chu <lingzhichu.clz@gmail.com> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com> Co-authored-by: Manideep Pabba <109986843+mpabba3003@users.noreply.github.com> Co-authored-by: Yibo Wang <109543558+yibow98@users.noreply.github.com>
* Instantiate credential management plugin code structure (opensearch-project#1996) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Data source inside stack management setup (opensearch-project#2017) (opensearch-project#2030) Signed-off-by: Kristen Tian <tyarong@amazon.com> * enable CI for feature branch (opensearch-project#2010) Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add empty data source plugin (opensearch-project#2052) Adds empty data source plugin. Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Add initial credential management CRUD pages (opensearch-project#2040) * Add credential management CRUD pages 1. List all credentials 2. Create your saved credential 3. Edit your credential 4. Delete credentials Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Register Data source to savedObject & Update license header (opensearch-project#2037) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Move credential saved object to data source plugin (opensearch-project#2062) Signed-off-by: Louis Chu <clingzhi@amazon.com> Move credential saved object to data source plugin Resolve follow up comments on UI Signed-off-by: Kristen Tian <tyarong@amazon.com> * breadcrumbfix for datasource management (opensearch-project#2066) * breadcrumbfix for datasource management Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * breadcrumbfix for datasource management - refactoring code Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * using services to update breadcrumb on data sources management page Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Changing the license header on breadcrumbs.ts datasource management Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix breadcrumb on listing page and update saved object mapping (opensearch-project#2069) Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add data source step into IndexPattern with Mock switch (opensearch-project#2064) (opensearch-project#2086) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add delete button for credential detailed page (opensearch-project#2067) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Link datasource to indexpattern (opensearch-project#2118) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add encrypt/decrypt module on data source plugin (opensearch-project#2120) Signed-off-by: Louis Chu <clingzhi@amazon.com> 1. Add encrypt/decrypt module with UT 2. Add client factory wrapper for encrypt credential 3. Add encryption config support 4. Bugfix on Jest interpret Buffer Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integrate index pattern with new data client (opensearch-project#2146) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add noAuth to dataSource attributes (opensearch-project#2154) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource Management - creation & listing - UI only (opensearch-project#2128) * data source management - creation & Listing UI only * data source management - creation & Listing UI only * Create/edit data source feature * toggling default value * refactoring code as per review comments * toggling server flag to false Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Apply dataSource plugin as dependent for cm and dsm plugins (opensearch-project#2150) Signed-off-by: Louis Chu <clingzhi@amazon.com> Apply dataSource plugin as dependent for cm and dsm plugins (opensearch-project#2150) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Leverage datasource enablement in index pattern management Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Add client management module and register `getClient()` to route handler context (opensearch-project#2121) * Add client management module and register `getClient()` interface to route handler context Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Make step info in index pattern creation dynamic (opensearch-project#2164) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Refactor for credential listing page & add loading effect (opensearch-project#2142) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integration sequal - replace data client placeholders (opensearch-project#2167) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integrate with crypto module to decrpt password (opensearch-project#2170) Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] noAuth integration, credential & endpoint validation (opensearch-project#2165) * noAuth integration, credential & endpoint validation Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Refactoring validation message Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Adding back accidentally deleted file home/tutorials/haproxy_metrics/index.ts Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Refactor search strategy to conditionally user datasource client (opensearch-project#2171) Signed-off-by: Kristen Tian <tyarong@amazon.com> * adding relation between credential selection and no auth checkbox (opensearch-project#2175) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update getIndicesViaSearch with datasource (opensearch-project#2176) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add null header to child client spawn (opensearch-project#2188) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD][IP]Update button position & Add UT & Add skip option (opensearch-project#2195) * Add UT - index pattern related Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update button position Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add skip option to allow use default os data source Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD]Refactor layout and validate input fields for listing and create pages (opensearch-project#2202) Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Enable datasource link in saveObjectManagement (opensearch-project#2209) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update configure data source per UX input (opensearch-project#2235) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Enable data source audit log to file (opensearch-project#2215) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Refactor of credential editing page layout & refactor backend field validation method (opensearch-project#2222) * Refactor of credential editing page layout & refactor backend field validation method * Resolved the comments & fix the multiple call for one operation Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Tweak fetch data back to original (opensearch-project#2238) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Revamped UX for data source management (opensearch-project#2239) * revamped UX for data source management Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * refactored datasource screens as per PR comments Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Credentials security redesign (opensearch-project#2253) 1. Data model changes for data source saved object 2. Server side changes for data source saved object a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption. b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient) c. Fix unit tests accordingly Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add step data source UI test (opensearch-project#2264) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD]Improve datasource server side error handling (opensearch-project#2236) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource management new API change integrations (opensearch-project#2282) * changing datasource management design to integrate with new API changes Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Update edit_data_source_form.tsx moving masked password to constants Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update stream test to bypass CI env generate domain attribute Signed-off-by: Kristen Tian <tyarong@amazon.com> * Delete credential management Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource Management - Create data source - Unit tests (opensearch-project#2341) * Unit test cases for data source management - create Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * adding tests to utils.ts & changing it to test Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix update data source & block update endpint (opensearch-project#2364) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * MD datasource management-datasource table-UTs (opensearch-project#2350) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * reafctor based on PR 2334 comments to merge to main (opensearch-project#2375) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * removing invalid urls as CI fails on link checker for inavlid urls in git (opensearch-project#2376) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix DS snapshot test Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add https://test.com/ to lychee exclude Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * Remove unnessacry check Signed-off-by: Kristen Tian <tyarong@amazon.com> * Remove not needed check Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Su <szhongna@amazon.com> Co-authored-by: Louis Chu <lingzhichu.clz@gmail.com> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com> Co-authored-by: Manideep Pabba <109986843+mpabba3003@users.noreply.github.com> Co-authored-by: Yibo Wang <109543558+yibow98@users.noreply.github.com>
* Instantiate credential management plugin code structure (opensearch-project#1996) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Data source inside stack management setup (opensearch-project#2017) (opensearch-project#2030) Signed-off-by: Kristen Tian <tyarong@amazon.com> * enable CI for feature branch (opensearch-project#2010) Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add empty data source plugin (opensearch-project#2052) Adds empty data source plugin. Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Add initial credential management CRUD pages (opensearch-project#2040) * Add credential management CRUD pages 1. List all credentials 2. Create your saved credential 3. Edit your credential 4. Delete credentials Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Register Data source to savedObject & Update license header (opensearch-project#2037) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Move credential saved object to data source plugin (opensearch-project#2062) Signed-off-by: Louis Chu <clingzhi@amazon.com> Move credential saved object to data source plugin Resolve follow up comments on UI Signed-off-by: Kristen Tian <tyarong@amazon.com> * breadcrumbfix for datasource management (opensearch-project#2066) * breadcrumbfix for datasource management Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * breadcrumbfix for datasource management - refactoring code Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * using services to update breadcrumb on data sources management page Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Changing the license header on breadcrumbs.ts datasource management Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix breadcrumb on listing page and update saved object mapping (opensearch-project#2069) Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add data source step into IndexPattern with Mock switch (opensearch-project#2064) (opensearch-project#2086) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add delete button for credential detailed page (opensearch-project#2067) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Link datasource to indexpattern (opensearch-project#2118) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add encrypt/decrypt module on data source plugin (opensearch-project#2120) Signed-off-by: Louis Chu <clingzhi@amazon.com> 1. Add encrypt/decrypt module with UT 2. Add client factory wrapper for encrypt credential 3. Add encryption config support 4. Bugfix on Jest interpret Buffer Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integrate index pattern with new data client (opensearch-project#2146) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add noAuth to dataSource attributes (opensearch-project#2154) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource Management - creation & listing - UI only (opensearch-project#2128) * data source management - creation & Listing UI only * data source management - creation & Listing UI only * Create/edit data source feature * toggling default value * refactoring code as per review comments * toggling server flag to false Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Apply dataSource plugin as dependent for cm and dsm plugins (opensearch-project#2150) Signed-off-by: Louis Chu <clingzhi@amazon.com> Apply dataSource plugin as dependent for cm and dsm plugins (opensearch-project#2150) Signed-off-by: Kristen Tian <tyarong@amazon.com> * Leverage datasource enablement in index pattern management Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Add client management module and register `getClient()` to route handler context (opensearch-project#2121) * Add client management module and register `getClient()` interface to route handler context Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Make step info in index pattern creation dynamic (opensearch-project#2164) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Refactor for credential listing page & add loading effect (opensearch-project#2142) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integration sequal - replace data client placeholders (opensearch-project#2167) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Integrate with crypto module to decrpt password (opensearch-project#2170) Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] noAuth integration, credential & endpoint validation (opensearch-project#2165) * noAuth integration, credential & endpoint validation Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Refactoring validation message Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Adding back accidentally deleted file home/tutorials/haproxy_metrics/index.ts Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Refactor search strategy to conditionally user datasource client (opensearch-project#2171) Signed-off-by: Kristen Tian <tyarong@amazon.com> * adding relation between credential selection and no auth checkbox (opensearch-project#2175) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update getIndicesViaSearch with datasource (opensearch-project#2176) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add null header to child client spawn (opensearch-project#2188) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD][IP]Update button position & Add UT & Add skip option (opensearch-project#2195) * Add UT - index pattern related Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update button position Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add skip option to allow use default os data source Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD]Refactor layout and validate input fields for listing and create pages (opensearch-project#2202) Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Enable datasource link in saveObjectManagement (opensearch-project#2209) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update configure data source per UX input (opensearch-project#2235) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Enable data source audit log to file (opensearch-project#2215) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Refactor of credential editing page layout & refactor backend field validation method (opensearch-project#2222) * Refactor of credential editing page layout & refactor backend field validation method * Resolved the comments & fix the multiple call for one operation Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Tweak fetch data back to original (opensearch-project#2238) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Revamped UX for data source management (opensearch-project#2239) * revamped UX for data source management Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * refactored datasource screens as per PR comments Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Credentials security redesign (opensearch-project#2253) 1. Data model changes for data source saved object 2. Server side changes for data source saved object a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption. b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient) c. Fix unit tests accordingly Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add step data source UI test (opensearch-project#2264) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD]Improve datasource server side error handling (opensearch-project#2236) Signed-off-by: Su <szhongna@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource management new API change integrations (opensearch-project#2282) * changing datasource management design to integrate with new API changes Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * Update edit_data_source_form.tsx moving masked password to constants Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Update stream test to bypass CI env generate domain attribute Signed-off-by: Kristen Tian <tyarong@amazon.com> * Delete credential management Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * [MD] Datasource Management - Create data source - Unit tests (opensearch-project#2341) * Unit test cases for data source management - create Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> * adding tests to utils.ts & changing it to test Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix update data source & block update endpint (opensearch-project#2364) Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * MD datasource management-datasource table-UTs (opensearch-project#2350) Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * reafctor based on PR 2334 comments to merge to main (opensearch-project#2375) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * removing invalid urls as CI fails on link checker for inavlid urls in git (opensearch-project#2376) Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * Fix DS snapshot test Signed-off-by: Kristen Tian <tyarong@amazon.com> * Add https://test.com/ to lychee exclude Signed-off-by: Kristen Tian <tyarong@amazon.com> * Address comments Signed-off-by: Kristen Tian <tyarong@amazon.com> * Remove unnessacry check Signed-off-by: Kristen Tian <tyarong@amazon.com> * Remove not needed check Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Kristen Tian <tyarong@amazon.com> Signed-off-by: Zhongnan Su <szhongna@amazon.com> Signed-off-by: Louis Chu <clingzhi@amazon.com> Signed-off-by: Yibo Wang <yibow@amazon.com> Signed-off-by: mpabba3003 <amazonmanideep@gmail.com> Signed-off-by: Su <szhongna@amazon.com> Co-authored-by: Louis Chu <lingzhichu.clz@gmail.com> Co-authored-by: Zhongnan Su <szhongna@amazon.com> Co-authored-by: Yan Zeng <46499415+zengyan-amazon@users.noreply.github.com> Co-authored-by: Manideep Pabba <109986843+mpabba3003@users.noreply.github.com> Co-authored-by: Yibo Wang <109543558+yibow98@users.noreply.github.com> Signed-off-by: Sergey V. Osipov <sipopo@yandex.ru>
Description
The old design had a security flaw when credentials are shared. An attacker could create a datasource with their own http endpoint but use someone else's credential. In the basic authentication scenario, this will expose any user's username and plaintext password.
Issues Resolved
a. Implement data_source_saved_objects_client_wrapper to integrate with CryptographyClient for password encryption / decryption.
b. Change data_source_service to fetch credentials directly from data source (still decrypt via CryptographyClient)
c. Fix unit tests accordingly
Check List
yarn test:jest