opensearch-project
Add authenticate to IdentityPlugin interface
Description
This PR is a follow-up to https://github.com/opensearch-project/OpenSearch/pull/14630. This PR adds authenticate to the IdentityPlugin interface and mimics how ActionPlugin.getRestHandlerWrapper works. ActionPlugin.getRestHandlerWrapper is an extension point specifically meant for Security to authenticate requests before delegating to the original rest handler. If a request is not authenticated, an unauthorized response is sent back to the client and the original rest handler is never delegated to.
I'm opening this PR as a step to removing the Identity feature flag (but keeping the interface marked as experimental).
I am planning to ask plugin maintainers to remove usages of ThreadContext.stashContext after the experimental feature flag for identity is removed.
This PR has a lot of overlap with https://github.com/opensearch-project/OpenSearch/pull/14630:
- Adds threadPool to the constructor of IdentityService
- Moves IdentityService instantiation to after the ThreadPool is created
Related Issues
Related to https://github.com/opensearch-project/security/issues/4439
Check List
- [X] Functionality includes testing.
- [X] API changes companion pull request created, if applicable.
- [X] Public documentation issue/PR created, if applicable.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.
:x: Gradle check result for e6b82ba19e6c66a83709b5dd6e85b36f299b1146: FAILURE
Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
:x: Gradle check result for bc610a25b581abdb65618625224acb0372fb9161: FAILURE
Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?
:grey_exclamation: Gradle check result for 1abfe9747245c6bcde568a2a67cc3d3d01eaef33: UNSTABLE
- TEST FAILURES:
2 org.opensearch.cluster.MinimumClusterManagerNodesIT.testThreeNodesNoClusterManagerBlock
1 org.opensearch.remotestore.RemoteStoreStatsIT.testNonZeroPrimaryStatsOnNewlyCreatedIndexWithZeroDocs
Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.
Codecov Report
Attention: Patch coverage is 14.28571% with 18 lines in your changes missing coverage. Please review.
Project coverage is 71.95%. Comparing base (
3937ccb) to head (c2d9a3a). Report is 7 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #15430 +/- ##
============================================
+ Coverage 71.90% 71.95% +0.05%
+ Complexity 64392 64376 -16
============================================
Files 5278 5278
Lines 300877 300871 -6
Branches 43478 43475 -3
============================================
+ Hits 216351 216504 +153
+ Misses 66747 66624 -123
+ Partials 17779 17743 -36
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
:grey_exclamation: Gradle check result for cdf1892cd87a554a0b4744db53d520263bc0fdcb: UNSTABLE
Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.
:x: Gradle check result for 97dd9352de6e77ded505230395a27f725a10739e: FAILURE
Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?
:grey_exclamation: Gradle check result for 74818684b1c69c7862921ce271e5eb57c370b164: UNSTABLE
- TEST FAILURES:
1 org.opensearch.search.SearchTimeoutIT.testSimpleTimeout {p0={"search.concurrent_segment_search.enabled":"true"}}
1 org.opensearch.remotestore.RemoteStoreStatsIT.testDownloadStatsCorrectnessSinglePrimarySingleReplica
Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.
:x: Gradle check result for ca65e4bb50bf8fbb3fa97221fe05a767895a018a: FAILURE
Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?
:grey_exclamation: Gradle check result for ca65e4bb50bf8fbb3fa97221fe05a767895a018a: UNSTABLE
Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.
:x: Gradle check result for d9223a976db20ccdc406bd6cc56c469af815e0a4: FAILURE
Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?
:grey_exclamation: Gradle check result for c107601af11052ac8a0b1b52d83e2b520c984f11: UNSTABLE
Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.
:x: Gradle check result for 05dd6ac550c0668d70481ef6942b74284a2d3aab: null
Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?
@reta What do you think of this PR now? Instead of creating a new extension point in the IdentityPlugin, I changed this PR to remove the code from the RestController that is not suitable for the security plugin.
@reta What do you think of this PR now? Instead of creating a new extension point in the IdentityPlugin, I changed this PR to remove the code from the RestController that is not suitable for the security plugin.
Thanks @cwperks , I will take a look in the next few days, sorry about the delay.
@cwperks I think it looks pretty good, a few minor comments but LGTM otherwise, thanks!
:x: Gradle check result for 34bc922d1b2f0cd20826102864a09b427fb94f5a: FAILURE
Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?