-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Backport 2.x] Service accounts and on-behalf-of authentication in 2.x #11052
[Backport 2.x] Service accounts and on-behalf-of authentication in 2.x #11052
Conversation
…ct#8679) Implement on behalf of token passing for extensions Signed-off-by: Stephen Crawford <steecraw@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Co-authored-by: Ryan Liang <jiallian@amazon.com> Co-authored-by: Peter Nied <peternied@hotmail.com>
Gradle Check (Jenkins) Run Completed with:
|
Compatibility status:Checks if related components are compatible with change 64504cb Incompatible componentsIncompatible components: [https://github.com/opensearch-project/performance-analyzer.git] Skipped componentsCompatible componentsCompatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/neural-search.git] |
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Gradle Check (Jenkins) Run Completed with:
|
Codecov Report
@@ Coverage Diff @@
## 2.x #11052 +/- ##
============================================
+ Coverage 70.86% 70.97% +0.11%
- Complexity 58864 58876 +12
============================================
Files 4850 4851 +1
Lines 277900 277932 +32
Branches 40735 40736 +1
============================================
+ Hits 196937 197272 +335
+ Misses 64238 63881 -357
- Partials 16725 16779 +54
|
Provide service accounts tokens to extensions This change adds a new transport action which passes the extension a string representation of its service account auth token. This token is created by the TokenManager interface implementation. The token is expected to be an encoded basic auth credential string which can be used by the extension to interact with its own system index. Signed-off-by: Stephen Crawford <steecraw@amazon.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: Peter Nied <petern@amazon.com> Co-authored-by: Owais Kazi <owaiskazi19@gmail.com> Co-authored-by: Peter Nied <petern@amazon.com>
Signed-off-by: Ryan Liang <jiallian@amazon.com>
Gradle Check (Jenkins) Run Completed with:
|
1b2b65d
to
354de07
Compare
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
Signed-off-by: Ryan Liang <jiallian@amazon.com>
354de07
to
64504cb
Compare
Gradle Check (Jenkins) Run Completed with:
|
Implement on behalf of token passing for extensions
Description
This is a manual backport of feature Service Accounts and On-behalf-of Authentication for security plugin
Related Issues
PRs
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.