-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature/Identity] Identity use cases #5513
[Feature/Identity] Identity use cases #5513
Conversation
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These initial scenarios look good. As a follow-up we an add tests that support/validate these scenarios. Great stuff hashing these out @peternied !
|
||
### Scenario 10: | ||
|
||
`GET /identity/whoami` returns the username of the authenticated account |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we support this?. If so, for unauthenticated request, it should return 403, correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There should be some way of identifying who the current user is, and this is more/less what is already in OpenSearch. I think we can dive in on the behavior for other scenarios as well as additional use cases
|
||
### Scenario 8: | ||
|
||
Admin user can create an account via `POST /identity/user/{username}`. The response includes an automatically generated password for this user. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
User should be able to edit their password. Should we add a scenario for password-recovery?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PUT /identity/user/{username}/password
would work for any username
if you had permission, would this cover your recovery scenario?
|
||
All REST API activity returns 403 without passing authentication information in the request | ||
|
||
## Using Admin account |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want this to be the same level bold as the "Identity features enabled" and "Non-use compatibility" headers? Do you think it should be one level smaller to indicate that it is under the "Identity features enabled" group?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this works, but maybe it would make sense to have even more layers of depth. Would you want to re-write with an alternative layout? I'd be happy to accept a pull request
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that if you believe it is good as is, then it is just fine. I was more asking a question to see what you thought then expressing a major opinion one way or the other.
Gradle Check (Jenkins) Run Completed with:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the new changes are beneficial for both the more precise wording and also consistency with the rest of OpenSearch documentation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this document be updated with authorization use-cases in a future iteration?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ty @peternied !
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great!
Signed-off-by: Peter Nied <petern@amazon.com>
Gradle Check (Jenkins) Run Completed with:
|
Description
Adding details uses cases for identity, this is going to get long!
Check List
New functionality includes testing.All tests passNew functionality has been documented.New functionality has javadoc addedCommit changes are listed out in CHANGELOG.md file (See: Changelog)By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.